When Squid consistently shows TCP_MISS in access logs, it indicates the proxy isn't caching content as expected. Let's analyze the key configuration elements that affect caching behavior:
# Critical caching parameters in squid.conf
cache_dir ufs /var/spool/squid3 100 16 256
refresh_pattern . 0 20% 4320
http_port 3128 accel defaultsite=cona-proxy vhost
From your configuration, several potential issues stand out:
- The
accelmode withvhostrequires special handling of Host headers - Cache directory permissions (already checked) and available disk space
- Missing or too restrictive refresh_pattern rules
- Upstream server sending no-cache headers
First, let's modify your refresh_pattern rules to be more permissive:
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 1440 50% 40320 ignore-reload
refresh_pattern -i \.(css|js|html)$ 60 20% 1440
refresh_pattern . 20 40% 1440 override-expire override-lastmod
Then adjust your cache_peer configuration:
cache_peer 192.168.122.11 parent 80 0 no-query originserver login=PAS name=webserver
cache_peer_access webserver allow all
The HTTP response from your Apache server shows:
HTTP/1.1 202 OK
Date Mon, 02 Jul 2012 05:48:50 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Tue, 19 Jun 2012 23:04:25 GMT
ETag: "27389-b1-4c2db4dc2c182"
Add these directives to your Apache configuration to ensure cache-friendly headers:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 hour"
</IfModule>
Use these commands to verify cache operations:
# Check cache manager
squidclient mgr:info
# Verify storage
squidclient mgr:storedir
# Check refresh pattern matching
squidclient mgr:refresh
Since you're using accel mode, these additional settings are crucial:
# Properly handle Host headers
http_port 3128 accel defaultsite=cona-proxy vhost
# Cache even when requests vary by Host header
vary_ignore_expire on
# Special handling for accelerated domains
acl accelerated dstdomain cona-proxy
cache_peer_access webserver allow accelerated
After making these changes, check your access logs for cache hits:
tail -f /var/log/squid/access.log | grep TCP_
You should start seeing TCP_HIT, TCP_MEM_HIT, and TCP_REFRESH_HIT entries alongside TCP_MISS.
When configuring Squid as a reverse proxy (accelerator mode) for an Apache web server, seeing constant TCP_MISS entries in access logs typically indicates one of these fundamental issues:
# Sample problematic log entry
1467342932.005 23 192.168.122.22 TCP_MISS/200 177 GET http://cona-proxy/ - DIRECT/192.168.122.11 text/html
Based on your setup, here are the key elements needing verification:
# Essential Squid directives for caching
http_port 3128 accel defaultsite=cona-proxy vhost
cache_peer 192.168.122.11 parent 80 0 no-query originserver login=PAS name=webserver
cache_dir ufs /var/spool/squid3 100 16 256
refresh_pattern . 0 20% 4320
1. Cache-Control Headers: Your Apache response shows missing Cache-Control headers. Add this to Apache config:
# Apache configuration for cacheable content
<FilesMatch "\.(html|css|js)$">
Header set Cache-Control "max-age=86400, public"
</FilesMatch>
2. Vary Headers: The "Vary: Accept-Encoding" header might prevent caching unless properly handled:
# Squid configuration addition
acl vary_accept_encoding rep_header Vary Accept-Encoding
storeurl_rewrite_program /usr/lib/squid/storeurl_rewrite
Check Squid's cache manager interface for real-time monitoring:
squidclient -p 3128 mgr:objects | grep cona-proxy
squidclient -p 3128 mgr:store_digest
Verify cache directory initialization:
squid -Nz # Create cache directories
chown -R squid:squid /var/spool/squid3
Here's a corrected squid.conf configuration:
# Revised cache_peer directive
cache_peer 192.168.122.11 parent 80 0 no-query originserver name=webserver
login=PAS
proxy-only=off
connect-timeout=5
ttl=3600
# Enhanced refresh patterns
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 1440 50% 10080 override-expire
refresh_pattern -i \.(css|js)$ 1440 40% 40320 override-lastmod
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern . 0 20% 4320 override-lastmod
Remember to test with cacheable content and verify with:
curl -v -x http://192.168.122.21:3128 http://cona-proxy/test.html