Monday, April 28, 2008
I. Membuat Partisi Harddisk
Dalam membuat proxy server setidaknya dibuat beberapa partisi HDD
Contoh berikut untuk HDD berkapasitas 40 GB
Partisi Kapasitas
SWAP 512 MB
/ 7 GB
/home 4 GB
/usr/local/mysql/var 4 GB
/tmp 2 GB
/var/log 2 GB
/var/spool 2 GB
/usr/local/squid 2 GB
/usr/local/var/cache1 5 GB
/usr/local/var/cache2 5 GB
/usr/local/var/cache3 5 GB
/mnt/data 3 GB
II. Linux diinstall full distro
III. Download soure squid yang terbaru à squid-*.tar.gz, contoh : ftp://squid.cbn.net.id/pub/squid/squid-3/STABLE/squid-3.0.STABLE13.tar.gz atau yang terbaru.
IV. Install source squid :
- root@net:/# tar –xzvf squid-3.0.STABLE13.tar.gz
- root@net:/# cd squid-3.0.STABLE13
- root@net: /squid-3.0.STABLE13/#./configure –prefix=/usr/local/squid –enable-delay-pools –enable-cache-diggest –enable-pool –disable-ident-lookup –enable-async-io=16 –with-aufs-threads=16 –with-pthreads –enable-storeio=diskd,ufs,aufs –disable-auth-modules –enable-removal-policies=heap –enable-snmp
- root@net:/squid-3.0.STABLE13# make all
- root@net:/squid-3.0.STABLE13# make install
V. Konfigurasi SQUID :
- root@net:/# cd /usr/local/squid/etc
- root@net:/ /usr/local/squid/etc # pico squid.conf
- Konfigurasi sbb :
http port 8080 transparent
icp_port 3130
cache_peer
cache_peer
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
cache_mem 256 MB
cache_swap_low 98
cache_swap_high 99
ipcache_size 4096
ipcache_low 98
ipcache_high 99
reply_header_max_size 40 KB
maximum_object_size 150240 KB
maximum_object_size_in_memory 32 KB
cache_dir_
cache_dir_
cache_dir_
dns_nameservers
access_log /usr/local/squid/var/logs/access.log squid
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
log_ip_on_direct on
debug_options ALL,1
client_netmask 255.255.255.255
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern -i .gif 4320 50% 129600
override-lastmod reload-into-ims
refresh_pattern -i .bmp 4320 50% 129600
override-lastmod reload-into-ims
refresh_pattern -i .jpg 4320 50% 129600
override-lastmod reload-into-ims
refresh_pattern -i .tif 4320 50% 129600
override-lastmod reload-into-ims
refresh_pattern -i .png 4320 50% 129600
override-lastmod reload-into-ims
refresh_pattern -i .jpeg 4320 50% 129600
override-lastmod reload-into-ims
refresh_pattern -i ^http://*.friendster.com/.* 720 100% 10080
refresh_pattern -i ^http://*.facebook.com/.* 720 100% 10080
refresh_pattern -i ^http://*.hi5.com/.* 720 100% 10080
refresh_pattern -i ^http://*.microsoft.*/.* 720 100% 10080
refresh_pattern -i ^http://*.live.*/.* 720 100% 10080
refresh_pattern -i ^http://*.msn.*/.* 720 100% 10080
refresh_pattern -i ^http://*.hotmail.*/.* 720 100% 10080
refresh_pattern -i ^http://*.inbox.*/.* 720 100% 10080
refresh_pattern -i ^http://*.multiply.*/.* 720 100% 7200
refresh_pattern -i ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern -i ^http://*.google.*/.* 720 100% 10080
refresh_pattern -i ^http://*.wikipedia.*/.* 720 80% 10080
refresh_pattern -i ^http://*.lycos.*/.* 720 80% 10080
refresh_pattern -i ^http://*.blogspot.*/.* 720 80% 10080
refresh_pattern -i ^http://*.wordpress.*/.* 720 80% 10080
refresh_pattern -i ^http://*.telkom.*/.* 720 90% 2880
refresh_pattern -i ^http://*.plasa.*/.* 720 90% 2880
refresh_pattern -i ^http://*.bhinneka.*/.* 720 90% 2880
refresh_pattern -i ^http://*.fastncheap.*/.* 720 90% 2880
refresh_pattern -i ^http://*.glodokshop.*/.* 720 90% 2880
refresh_pattern -i ^http://*.blogger.*/.* 720 90% 2880
refresh_pattern -i ^http://*.detik.*/.* 720 90% 2880
refresh_pattern -i ^http://*.astaga.*/.* 720 90% 2880
refresh_pattern -i ^http://*.okezone.*/.* 720 90% 2880
refresh_pattern -i ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern -i ^http://*.google-analytics.*/.* 720 100% 4320
refresh_pattern -i ^http://*.windowsupdate.com/.*.(cab|exe) 4320 100% 43200
refresh_pattern -i ^http://*.download.microsoft.com/.*.(cab|exe) 4320 100% 43200
refresh_pattern -i ^http://*.myspace.*/.* 720 100% 4320
refresh_pattern -i ^http://*.youtube.*/.* 720 100% 4320
refresh_pattern -i ^http://*.ytimg.com.*/.* 720 100% 4320
refresh_pattern -i ^http://*.ads.adbrite.com/.* 720 100% 4320
refresh_pattern ^ftp: 14400 90% 43200 reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|?) 0 0% 0
refresh_pattern . 0 20% 4320 reload-into-ims
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECTacl CONNECT method CONNECT
#acl nama src IP/netmask
acl
acl
acl
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny_CONNECT !SSL_ports
http_access allow
http_access allow
http_access allow
http_access deny all
http_reply_access allow all
icp_access allow all
cache manager
cache_effective_user squid
cache_effective_grup squid
logfile_rotate 4
log_fqdn off
log_icp_queries off
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 98
negative_ttl 5 minute
positive_dns_ttl 6 hour
negative_dns_ttl 5 minute
range_offset_limit 0 KB
connect_timeout 2 minute
peer_connect_timeout 30 seconds
read_timeout 15 minute
request_timeout 30 second
client_lifetime 1 day
pconn_timeout 120 second
ident_timeout 10 seconds
shutdown_lifetime 10 seconds
memory_pools off
icp_hit_stale on
query_icmp on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
delay_pools 1
delay_class 1
delay_parameters 1 100000/100000 32000/32000
delay_access 1 allow download
delay_access 1 deny all
snmp_port 3401
snmp_access allow snmppublic
snmp_access deny all
coredump_dir /usr/local/squid/var/cache1
VI. Menambah user squid :
- root@net:/usr/local/squid/etc # useradd squid
- root@net:/usr/local/squid/etc # pico /etc/passwd :
squid:x:1005:100:user squid,,,:/nohome:/noshell
VII. Edit FSTAB :
- root@net:/usr/local/squid/etc # pico /etc/fstab
/usr/local/squid/var/cache1 reiserfs default noatime 1 2
/usr/local/squid/var/cache2 reiserfs default noatime 1 2
/usr/local/squid/var/cache3 reiserfs default noatime 1 2
VIII. Ganti kpemilikan :
- root@net:/usr/local/squid/etc # chown –R squid.squid /usr/local/squid
IX. Membuat Swap
- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –z
X. Tes Squid pertama kali
- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –NCd1
XI. Jalankan Squid
- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid start
untuk mematikan squid
- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –k shutdown
untuk restart squid
- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –k reconfigure
XII. Jika berhasil lihat log yang berjalan
- root@net:/usr/local/squid/etc # tail –f /usr/local/squid/var/logs/access.log