My NoteBook: 04/01/2008 - 05/01/2008

Monday, April 28, 2008

INSTALASI PROXY SERVER

0 comments Posted by Dimas Said at 2:55 PM

I. Membuat Partisi Harddisk

Dalam membuat proxy server setidaknya dibuat beberapa partisi HDD

Contoh berikut untuk HDD berkapasitas 40 GB

Partisi Kapasitas

SWAP 512 MB

/ 7 GB

/home 4 GB

/usr/local/mysql/var 4 GB

/tmp 2 GB

/var/log 2 GB

/var/spool 2 GB

/usr/local/squid 2 GB

/usr/local/var/cache1 5 GB

/usr/local/var/cache2 5 GB

/usr/local/var/cache3 5 GB

/mnt/data 3 GB

II. Linux diinstall full distro

III. Download soure squid yang terbaru à squid-*.tar.gz, contoh : ftp://squid.cbn.net.id/pub/squid/squid-3/STABLE/squid-3.0.STABLE13.tar.gz atau yang terbaru.

IV. Install source squid :

- root@net:/# tar –xzvf squid-3.0.STABLE13.tar.gz

- root@net:/# cd squid-3.0.STABLE13

- root@net: /squid-3.0.STABLE13/#./configure –prefix=/usr/local/squid –enable-delay-pools –enable-cache-diggest –enable-pool –disable-ident-lookup –enable-async-io=16 –with-aufs-threads=16 –with-pthreads –enable-storeio=diskd,ufs,aufs –disable-auth-modules –enable-removal-policies=heap –enable-snmp

- root@net:/squid-3.0.STABLE13# make all

- root@net:/squid-3.0.STABLE13# make install

V. Konfigurasi SQUID :

- root@net:/# cd /usr/local/squid/etc

- root@net:/ /usr/local/squid/etc # pico squid.conf

- Konfigurasi sbb :

http port 8080 transparent

icp_port 3130

cache_peer sibling 8080 3130 #jika sibling

cache_peer parent 8080 3130 default #jika ada parent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin ?

no_cache deny QUERY

cache_mem 256 MB

cache_swap_low 98

cache_swap_high 99

ipcache_size 4096

ipcache_low 98

ipcache_high 99

reply_header_max_size 40 KB

maximum_object_size 150240 KB

maximum_object_size_in_memory 32 KB

cache_dir_ /usr/local/squid/var/cache1 3500 16 256

cache_dir_ /usr/local/squid/var/cache2 3500 16 256

cache_dir_ /usr/local/squid/var/cache3 3500 16 256

dns_nameservers

access_log /usr/local/squid/var/logs/access.log squid

cache_access_log /usr/local/squid/var/logs/access.log

cache_log /usr/local/squid/var/logs/cache.log

cache_store_log /usr/local/squid/var/logs/store.log

log_ip_on_direct on

debug_options ALL,1

client_netmask 255.255.255.255

auth_param basic children 5

auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 2 hours

refresh_pattern -i .gif 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .bmp 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .jpg 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .tif 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .png 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i .jpeg 4320 50% 129600

override-lastmod reload-into-ims

refresh_pattern -i ^http://*.friendster.com/.* 720 100% 10080

refresh_pattern -i ^http://*.facebook.com/.* 720 100% 10080

refresh_pattern -i ^http://*.hi5.com/.* 720 100% 10080

refresh_pattern -i ^http://*.microsoft.*/.* 720 100% 10080

refresh_pattern -i ^http://*.live.*/.* 720 100% 10080

refresh_pattern -i ^http://*.msn.*/.* 720 100% 10080

refresh_pattern -i ^http://*.hotmail.*/.* 720 100% 10080

refresh_pattern -i ^http://*.inbox.*/.* 720 100% 10080

refresh_pattern -i ^http://*.multiply.*/.* 720 100% 7200

refresh_pattern -i ^http://*.yahoo.*/.* 720 100% 7200

refresh_pattern -i ^http://*.google.*/.* 720 100% 10080

refresh_pattern -i ^http://*.wikipedia.*/.* 720 80% 10080

refresh_pattern -i ^http://*.lycos.*/.* 720 80% 10080

refresh_pattern -i ^http://*.blogspot.*/.* 720 80% 10080

refresh_pattern -i ^http://*.wordpress.*/.* 720 80% 10080

refresh_pattern -i ^http://*.telkom.*/.* 720 90% 2880

refresh_pattern -i ^http://*.plasa.*/.* 720 90% 2880

refresh_pattern -i ^http://*.bhinneka.*/.* 720 90% 2880

refresh_pattern -i ^http://*.fastncheap.*/.* 720 90% 2880

refresh_pattern -i ^http://*.glodokshop.*/.* 720 90% 2880

refresh_pattern -i ^http://*.blogger.*/.* 720 90% 2880

refresh_pattern -i ^http://*.detik.*/.* 720 90% 2880

refresh_pattern -i ^http://*.astaga.*/.* 720 90% 2880

refresh_pattern -i ^http://*.okezone.*/.* 720 90% 2880

refresh_pattern -i ^http://*.googlesyndication.*/.* 720 100% 4320

refresh_pattern -i ^http://*.google-analytics.*/.* 720 100% 4320

refresh_pattern -i ^http://*.windowsupdate.com/.*.(cab|exe) 4320 100% 43200

refresh_pattern -i ^http://*.download.microsoft.com/.*.(cab|exe) 4320 100% 43200

refresh_pattern -i ^http://*.myspace.*/.* 720 100% 4320

refresh_pattern -i ^http://*.youtube.*/.* 720 100% 4320

refresh_pattern -i ^http://*.ytimg.com.*/.* 720 100% 4320

refresh_pattern -i ^http://*.ads.adbrite.com/.* 720 100% 4320

refresh_pattern ^ftp: 14400 90% 43200 reload-into-ims

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern (cgi-bin|?) 0 0% 0

refresh_pattern . 0 20% 4320 reload-into-ims

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECTacl CONNECT method CONNECT

#acl nama src IP/netmask

acl src /

acl src /

acl src / acl download url_regex -i .a0*$ .a1*$ .arj$ .asf$ .js$ .avi$ .bin$ .bz$ .bz2$ .exe$ .gz$ .gzip$ .iso$ .lzh$ .mp3$ .mpg$ .mpeg$ .mov$ .pdf$ .plj$ .qt$ .r0*$ .r1*$ .ram$ .rar$ .rmi$ .rpm$ .tar$ .tgz$ .tif$ .tiff$ .wav$ .wmv$ .wma$ .zip$ .z$

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny_CONNECT !SSL_ports

http_access allow

http_access allow

http_access allow

http_access deny all

http_reply_access allow all

icp_access allow all

cache manager

cache_effective_user squid

cache_effective_grup squid

logfile_rotate 4

log_fqdn off

log_icp_queries off

quick_abort_min 16 KB

quick_abort_max 16 KB

quick_abort_pct 98

negative_ttl 5 minute

positive_dns_ttl 6 hour

negative_dns_ttl 5 minute

range_offset_limit 0 KB

connect_timeout 2 minute

peer_connect_timeout 30 seconds

read_timeout 15 minute

request_timeout 30 second

client_lifetime 1 day

pconn_timeout 120 second

ident_timeout 10 seconds

shutdown_lifetime 10 seconds

memory_pools off

icp_hit_stale on

query_icmp on

reload_into_ims on

pipeline_prefetch on

vary_ignore_expire on

delay_pools 1

delay_class 1

delay_parameters 1 100000/100000 32000/32000

delay_access 1 allow download

delay_access 1 deny all

snmp_port 3401

snmp_access allow snmppublic

snmp_access deny all

coredump_dir /usr/local/squid/var/cache1

VI. Menambah user squid :

- root@net:/usr/local/squid/etc # useradd squid

- root@net:/usr/local/squid/etc # pico /etc/passwd :

squid:x:1005:100:user squid,,,:/nohome:/noshell

VII. Edit FSTAB :

- root@net:/usr/local/squid/etc # pico /etc/fstab

/usr/local/squid/var/cache1 reiserfs default noatime 1 2

/usr/local/squid/var/cache2 reiserfs default noatime 1 2

/usr/local/squid/var/cache3 reiserfs default noatime 1 2

VIII. Ganti kpemilikan :

- root@net:/usr/local/squid/etc # chown –R squid.squid /usr/local/squid

IX. Membuat Swap

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –z

X. Tes Squid pertama kali

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –NCd1

XI. Jalankan Squid

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid start

untuk mematikan squid

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –k shutdown

untuk restart squid

- root@net:/usr/local/squid/etc # /usr/local/squid/sbin/squid –k reconfigure

XII. Jika berhasil lihat log yang berjalan

- root@net:/usr/local/squid/etc # tail –f /usr/local/squid/var/logs/access.log

Subscribe to: Posts (Atom)