My Community

Ajang saling berbagi segala informasi
 
IndeksFAQPencarianPendaftaranLogin
Share | 
 

 MEMBUAT PROXY DI UBUNTU SERVER

Topik sebelumnya Topik selanjutnya Go down 
PengirimMessage
zoky



Jumlah posting: 18
Join date: 25.11.10

PostSubyek: MEMBUAT PROXY DI UBUNTU SERVER   Fri Dec 17, 2010 10:53 am

UBUNTU 10.10 64 BIT + LUSCA_HEAD + DNS UNBOUND

Paket yang Dibutuhkan :

untuk lusca r14809 : http://untuk-kita-semua.googlecode.com/files/SQUID%202%20LUSCA.zip

Untuk lusca FMI : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip

Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/...rver-amd64.iso

Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB

1. Partisi HDD

Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache

2. Install Paket

OPTIMALKAN partisi btrfs nya :

# lsmod |grep -i btrfs

# nano /etc/fstab

/cache btrfs noatime,compress,noacl 0 2

OPTIMALKAN juga kernelnya :

default FD 1024
cek di console

# ulimit -n

cara merubah :
# ulimit -HSn 65536

# echo "root soft nofile 65536" >> /etc/security/limits.conf
# echo "root hard nofile 65536" >> /etc/security/limits.conf

# nano /etc/pam.d/common-session

session required pam_limits.so

# modprobe ip_conntrack

kemudian tambahkan ip_contrack di /etc/modules

# nano /etc/modules

Tambahkan kalimat berikut :

ip_conntrack

DNS Unbound High Performance

apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*

sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)

# nano

Quote :
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0

outgoing-range: 512
num-queries-per-thread: 1024

msg-cache-size: 16m
rrset-cache-size: 32m

msg-cache-slabs: 4
rrset-cache-slabs: 4

cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120

infra-cache-numhosts: 10000
infra-cache-lame-size: 10k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse

chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"

identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

#zone zoky.net
local-zone: "zoky.net." static
local-data: "zoky.net. 86400 IN NS ns1.zoky.net."
local-data: "zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604800 86400"
local-data: "zoky.net. 86400 IN A 192.168.2.2"
local-data: "www.zoky.net. 86400 IN A 192.168.2.2"
local-data: "ns1.zoky.net. 86400 IN A 192.168.2.2"

local-data: "mail.zoky.net. 86400 IN A 192.168.2.2"
local-data: "zoky.net. 86400 IN MX 10 mail.zoky.net."
local-data: "zoky.net. 86400 IN TXT v=spf1 a mx ~all"

local-zone: "2.168.192.in-addr.arpa." static
local-data: "2.168.192.in-addr.arpa. 10800 IN NS zoky.net."
local-data: "2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000"
local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net."

forward-zone:
name: "."
forward-addr: 192.168.2.1
forward-addr: 116.254.99.254
forward-addr: 202.134.0.155
forward-addr: 203.130.196.5
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
lalu save di /etc/unbound/unbound.conf

forward-zone: sesuaikan dengan DNS ISP anda

cek configure unbound :

# unbound-checkconf /etc/unbound/unbound.conf

edit file di /etc/resolv.conf :

# nano /etc/resolv.conf

nameserver 127.0.0.1

edit file /etc/network/interfaces

# nano /etc/network/interfaces

iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1

untuk cek apakah d jalan :

# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53

2.2.168.192.in-addr.arpa name = zoky.net

# nslookup zoky.net
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: Q.net
Address: 192.168.2.2

Untuk monitor :

# unbound-control stats

# sudo unbound-control stats | tail -16


# sudo apt-get update
# sudo apt-get install squid

# nano /etc/default/squid

SQUID_MAXFD=8192

# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc

# grep -E "#define\W+__FD_SETSIZE" /usr/include/*.h /usr/include/*/*.h

# nano /usr/include/linux/posix_types.h

#define __FD_SETSIZE 65536

# nano /usr/include/bits/typesizes.h

#define __FD_SETSIZE 65536

# nano /etc/pam.d/login

Session required /lib/security/pam_limits.so

# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9

3.Download Lusca

download lusca r14809 lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz

download lusca FMI lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_FMI.tar.gz


lalu ekstrak :masuk ke foldernya :
jika memakai lusca r14809 :

# tar xzvf LUSCA_HEAD-r14809.tar.gz

jika memakai lusca FMI :

# tar tar xzvf LUSCA_FMI.tar.gz

jika menggunakan lusca r14809 :
copy file imr.diff ke /home/proxyku dengan menggunakan winscp..
winscp bisa didownload di : http://www.4shared.com4shared.com/file/KlAfa3dQ/winscp428.html

kemudian copy dengan menggunakan putty…
putty bisa didownload di : http://www.4shared.com4shared.com/file/16tJyvlq/putty.html

# sudo cp /home/proxyku/imr.diff /home/proxyku/LUSCA_HEAD-r14809


masuk ke foldernya :
jika menggunakan lusca r14809 :

# cd LUSCA_HEAD-r14809/

@ patch dulo revalidate dgn cara : patch -p0 < imr.diff

jika menggunakan lusca FMI :

# cd LUSCA_FMI/

jika menggunakan lusca FMI di unbuntu 64 sebelum compile lakukan perintah ini didalam folder lusca FMI :

# make distclean

ok..!! sekarang dimulai tahap compile nya :

cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai

Link untuk mengetahui CHOST dan CFLAGS ;
# untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
# untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
sebagai contoh saya menggunakan amd x2 7750 BE :


CHOST="x86_64-pc-linux-gnu" \
CFLAGS="-march=amdfam10 -msse3 -O2 -pipe" \
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536

selanjutnya, ketik perintah berikut di terminal ubuntu :

# make
# sudo make install

Edit squid.conf

agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10
#copy file squid yg di download tadi ke /etc/init.d/

# sudo cp /home/proxyku/squid /etc/init.d/

jgn lupa di :
#sudo chmod +x /etc/init.d/squid

# stop dulu squidnya :
sudo /etc/init.d/squid stop

#copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid ----> edit sesuai network juragan

sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid

4. Langkah selanjutnya

# Memberikan permission pada folder cache

chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl

# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :

squid -f /etc/squid/squid.conf -z

# Restart squid
sudo /etc/init.d/squid restart

# nano /etc/sysctl.conf


Quote :
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 16777216

net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
setelah di save, baru di sysctl -p

catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja


Reboot CPU nya...

tambahan :

Menghitung memory yang sedang digunakan oleh aplikasi di Linux :

# wget http://www.pixelbeat.org/scripts/ps_mem.py

# chmod +x ps_mem.py

# ./ps_mem.py

Install Squidmon :

# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py

untuk monitor squid :

# cat /var/log/squid/access.log | ./squidmon.py

# cat /var/log/squid/access.log | python squidmon.py


MEMBUAT SQUIDSTATS

1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e 'install Config::IniFiles'
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :

snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all

9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi

Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80

Untuk memonitor SQUID :

sudo /etc/init.d/squid stop

sudo /etc/init.d/squid restart

/etc/init.d/unbound restart

unbound-control stats

sudo unbound-control stats | tail -16

squidclient mgr:info

squidclient mgr:client_list

tail -f /var/log/squid/access.log

tail -f /var/log/squid/cache.log

tail -n 80 /var/log/squid/cache.log

squidclient mgr:storedir

cat /var/log/squid/access.log | ./squidmon.py

cat /var/log/squid/access.log | python squidmon.py

http://192.168.2.2/squidstats/graph-summary.cgi

./ps_mem.py


UBUNTU 10.10 64 BIT + SQUID 2.7stable9 + DNS UNBOUND

Paket yang Dibutuhkan : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip

Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/...rver-amd64.iso

Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB

1. Partisi HDD

Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache

2. Install Paket

OPTIMALKAN partisi btrfs nya :

# lsmod |grep -i btrfs

# nano /etc/fstab

/cache btrfs noatime,compress,noacl 0 2

OPTIMALKAN juga kernelnya :

default FD 1024
cek di console

# ulimit -n

cara merubah :
# ulimit -HSn 65536

# echo "root soft nofile 65536" >> /etc/security/limits.conf
# echo "root hard nofile 65536" >> /etc/security/limits.conf

# nano /etc/pam.d/common-session

session required pam_limits.so

# modprobe ip_conntrack

kemudian tambahkan ip_contrack di /etc/modules

# nano /etc/modules

Tambahkan kalimat berikut :

ip_conntrack

DNS Unbound High Performance

apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*

sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)

# nano

Quote :
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0

outgoing-range: 512
num-queries-per-thread: 1024

msg-cache-size: 16m
rrset-cache-size: 32m

msg-cache-slabs: 4
rrset-cache-slabs: 4

cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120

infra-cache-numhosts: 10000
infra-cache-lame-size: 10k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse

chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"

identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

#zone zoky.net
local-zone: "zoky.net." static
local-data: "zoky.net. 86400 IN NS ns1.zoky.net."
local-data: "zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604800 86400"
local-data: "zoky.net. 86400 IN A 192.168.2.2"
local-data: "www.zoky.net. 86400 IN A 192.168.2.2"
local-data: "ns1.zoky.net. 86400 IN A 192.168.2.2"

local-data: "mail.zoky.net. 86400 IN A 192.168.2.2"
local-data: "zoky.net. 86400 IN MX 10 mail.zoky.net."
local-data: "zoky.net. 86400 IN TXT v=spf1 a mx ~all"

local-zone: "2.168.192.in-addr.arpa." static
local-data: "2.168.192.in-addr.arpa. 10800 IN NS zoky.net."
local-data: "2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000"
local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net."

forward-zone:
name: "."
forward-addr: 116.254.99.254
forward-addr: 202.134.0.155
forward-addr: 203.130.196.5
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
lalu save di /etc/unbound/unbound.conf

forward-zone: sesuaikan dengan DNS ISP anda

cek configure unbound :

# unbound-checkconf /etc/unbound/unbound.conf

edit file di /etc/resolv.conf :

# nano /etc/resolv.conf

nameserver 127.0.0.1

edit file /etc/network/interfaces

# nano /etc/network/interfaces

iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1

untuk cek apakah d jalan :

# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53

2.2.168.192.in-addr.arpa name = zoky.net

# nslookup zoky.net
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: Q.net
Address: 192.168.2.2

Untuk monitor :

# unbound-control stats

# sudo unbound-control stats | tail -16


# sudo apt-get update

# sudo apt-get install squid squidclient squid-cgi

# nano /etc/default/squid

SQUID_MAXFD=8192

# sudo apt-get install gcc

# grep -E "#define\W+__FD_SETSIZE" /usr/include/*.h /usr/include/*/*.h

# nano /usr/include/linux/posix_types.h

#define __FD_SETSIZE 65536

# nano /usr/include/bits/typesizes.h

#define __FD_SETSIZE 65536

# nano /etc/pam.d/login

Session required /lib/security/pam_limits.so

# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9

3.Download SQUID

# wget http://untuk-kita-semua.googlecode.com/files/squid-2.7.STABLE9%2Bpatch.tar.gz


lalu ekstrak :masuk ke foldernya :

# tar xvf squid-2.7.STABLE9+patch.tar.gz

# cd squid-2.7.STABLE9

ok..!! sekarang dimulai tahap compile nya :

cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai

Link untuk mengetahui CHOST dan CFLAGS ;
# untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
# untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
sebagai contoh saya menggunakan amd x2 7750 BE :


./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536


selanjutnya, ketik perintah berikut di terminal ubuntu :

# make
# sudo make install

Edit squid.conf

agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10
#copy file squid yg di download tadi ke /etc/init.d/

# sudo cp /home/proxyku/squid /etc/init.d/

jgn lupa di :
#sudo chmod +x /etc/init.d/squid

# stop dulu squidnya :
sudo /etc/init.d/squid stop

#copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid ----> edit sesuai network juragan

sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid

4. Langkah selanjutnya

# Memberikan permission pada folder cache

chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl

# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :

squid -f /etc/squid/squid.conf -z

# Restart squid
sudo /etc/init.d/squid restart

# nano /etc/sysctl.conf


Quote :
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 16777216

net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

setelah di save, baru di sysctl -p

catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja


Reboot CPU nya...[

tambahan :

Menghitung memory yang sedang digunakan oleh aplikasi di Linux :

# wget http://www.pixelbeat.org/scripts/ps_mem.py

# chmod +x ps_mem.py

# ./ps_mem.py

Install Squidmon :

# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py

untuk monitor squid :

# cat /var/log/squid/access.log | ./squidmon.py

# cat /var/log/squid/access.log | python squidmon.py


MEMBUAT SQUIDSTATS

1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e 'install Config::IniFiles'
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :

snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all

9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi

Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80

Untuk memonitor SQUID :

sudo /etc/init.d/squid stop

sudo /etc/init.d/squid restart

/etc/init.d/unbound restart

unbound-control stats

sudo unbound-control stats | tail -16

squidclient mgr:info

squidclient mgr:client_list

tail -f /var/log/squid/access.log

tail -f /var/log/squid/cache.log

tail -n 80 /var/log/squid/cache.log

squidclient mgr:storedir

cat /var/log/squid/access.log | ./squidmon.py

cat /var/log/squid/access.log | python squidmon.py

http://192.168.2.2/squidstats/graph-summary.cgi

./ps_mem.py


credit to teukurizal
http://forummikrotik.com


Terakhir diubah oleh zoky tanggal Thu Feb 03, 2011 8:43 pm, total 2 kali diubah
Kembali Ke Atas Go down
wadooke



Jumlah posting: 3
Join date: 31.01.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Mon Jan 31, 2011 7:31 pm

mantabs tutorialnya...
tak coba dulu gan
Kembali Ke Atas Go down
zoky



Jumlah posting: 18
Join date: 25.11.10

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Tue Feb 01, 2011 11:26 am

wadooke wrote:
mantabs tutorialnya...
tak coba dulu gan

monggo... Very Happy

cm bs copas gan tp pas aq praktekin lmyn bagus,hampir sama ma jasa2 teknisi yg berbayar....tp try n error supaya lebih maksimal.....
Kembali Ke Atas Go down
wadooke



Jumlah posting: 3
Join date: 31.01.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Wed Feb 02, 2011 3:25 am

dah tak coba kemaren...
spek komputer:
cpu: intel P4 2,4Ghz
ram: 1 Gb
Hd: 60 Gb

soft:
Mikrotik RB750 LoadBalancing 2 Speedy
Ubuntu 10.10 32bit
Lusca FMI

Client: 25 user + 1 Operator

sampe hari ini masih lancar lancar aja...
Facebook, Poker, Point Blank..... sementara lancar...
Kembali Ke Atas Go down
zoky



Jumlah posting: 18
Join date: 25.11.10

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Thu Feb 03, 2011 7:35 pm

wadooke wrote:
dah tak coba kemaren...
spek komputer:
cpu: intel P4 2,4Ghz
ram: 1 Gb
Hd: 60 Gb

soft:
Mikrotik RB750 LoadBalancing 2 Speedy
Ubuntu 10.10 32bit
Lusca FMI

Client: 25 user + 1 Operator

sampe hari ini masih lancar lancar aja...
Facebook, Poker, Point Blank..... sementara lancar...

senang bs berbagi ilmu... Very Happy
Kembali Ke Atas Go down
widodo



Jumlah posting: 1
Join date: 13.05.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Fri May 13, 2011 4:58 pm

pendatang baru ...masi belajar total..izin nyoba yaa... Basketball Basketball bounce tapi di bimbing lol! lol!
Kembali Ke Atas Go down
zirdy



Jumlah posting: 3
Join date: 24.06.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Fri Jun 24, 2011 5:01 am

file "imr.diff" nya mana ya gan?
Question
Kembali Ke Atas Go down
tyoiuk



Jumlah posting: 8
Join date: 02.06.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Mon Jun 27, 2011 1:33 pm

ok gan..
harus ditambahim,,
mungkin setting isp yg pling marak ini gan...
trims cheers cheers cheers Razz Razz Razz Razz
Kembali Ke Atas Go down
 

MEMBUAT PROXY DI UBUNTU SERVER

Topik sebelumnya Topik selanjutnya Kembali Ke Atas 
Halaman 1 dari 1

 Similar topics

-
» [Tutorial Membuat Clan di Server Battle.net Indomedia]
» Cara Merubah Repository Linux Ubuntu Desktop 12.04 LTS
» Membuat Keyloger Sendiri
» cara membuat BOT mirc
» Membuat subdomain Gratis di domain go.id

Permissions in this forum:Anda tidak dapat menjawab topik
My Community ::  :: -