My Community

Ajang saling berbagi segala informasi
 
IndeksFAQPencarianPendaftaranLogin

Share | 
 

 MEMBUAT PROXY DI UBUNTU SERVER

Topik sebelumnya Topik selanjutnya Go down 
PengirimMessage
zoky



Jumlah posting : 18
Join date : 25.11.10

PostSubyek: MEMBUAT PROXY DI UBUNTU SERVER   Fri Dec 17, 2010 10:53 am

UBUNTU 10.10 64 BIT + LUSCA_HEAD + DNS UNBOUND

Paket yang Dibutuhkan :

untuk lusca r14809 : http://untuk-kita-semua.googlecode.com/files/SQUID%202%20LUSCA.zip

Untuk lusca FMI : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip

Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/...rver-amd64.iso

Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB

1. Partisi HDD

Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache

2. Install Paket

OPTIMALKAN partisi btrfs nya :

# lsmod |grep -i btrfs

# nano /etc/fstab

/cache btrfs noatime,compress,noacl 0 2

OPTIMALKAN juga kernelnya :

default FD 1024
cek di console

# ulimit -n

cara merubah :
# ulimit -HSn 65536

# echo "root soft nofile 65536" >> /etc/security/limits.conf
# echo "root hard nofile 65536" >> /etc/security/limits.conf

# nano /etc/pam.d/common-session

session required pam_limits.so

# modprobe ip_conntrack

kemudian tambahkan ip_contrack di /etc/modules

# nano /etc/modules

Tambahkan kalimat berikut :

ip_conntrack

DNS Unbound High Performance

apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*

sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)

# nano

Quote :
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0

outgoing-range: 512
num-queries-per-thread: 1024

msg-cache-size: 16m
rrset-cache-size: 32m

msg-cache-slabs: 4
rrset-cache-slabs: 4

cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120

infra-cache-numhosts: 10000
infra-cache-lame-size: 10k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse

chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"

identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

#zone zoky.net
local-zone: "zoky.net." static
local-data: "zoky.net. 86400 IN NS ns1.zoky.net."
local-data: "zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604800 86400"
local-data: "zoky.net. 86400 IN A 192.168.2.2"
local-data: "www.zoky.net. 86400 IN A 192.168.2.2"
local-data: "ns1.zoky.net. 86400 IN A 192.168.2.2"

local-data: "mail.zoky.net. 86400 IN A 192.168.2.2"
local-data: "zoky.net. 86400 IN MX 10 mail.zoky.net."
local-data: "zoky.net. 86400 IN TXT v=spf1 a mx ~all"

local-zone: "2.168.192.in-addr.arpa." static
local-data: "2.168.192.in-addr.arpa. 10800 IN NS zoky.net."
local-data: "2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000"
local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net."

forward-zone:
name: "."
forward-addr: 192.168.2.1
forward-addr: 116.254.99.254
forward-addr: 202.134.0.155
forward-addr: 203.130.196.5
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
lalu save di /etc/unbound/unbound.conf

forward-zone: sesuaikan dengan DNS ISP anda

cek configure unbound :

# unbound-checkconf /etc/unbound/unbound.conf

edit file di /etc/resolv.conf :

# nano /etc/resolv.conf

nameserver 127.0.0.1

edit file /etc/network/interfaces

# nano /etc/network/interfaces

iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1

untuk cek apakah d jalan :

# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53

2.2.168.192.in-addr.arpa name = zoky.net

# nslookup zoky.net
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: Q.net
Address: 192.168.2.2

Untuk monitor :

# unbound-control stats

# sudo unbound-control stats | tail -16


# sudo apt-get update
# sudo apt-get install squid

# nano /etc/default/squid

SQUID_MAXFD=8192

# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc

# grep -E "#define\W+__FD_SETSIZE" /usr/include/*.h /usr/include/*/*.h

# nano /usr/include/linux/posix_types.h

#define __FD_SETSIZE 65536

# nano /usr/include/bits/typesizes.h

#define __FD_SETSIZE 65536

# nano /etc/pam.d/login

Session required /lib/security/pam_limits.so

# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9

3.Download Lusca

download lusca r14809 lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz

download lusca FMI lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_FMI.tar.gz


lalu ekstrak :masuk ke foldernya :
jika memakai lusca r14809 :

# tar xzvf LUSCA_HEAD-r14809.tar.gz

jika memakai lusca FMI :

# tar tar xzvf LUSCA_FMI.tar.gz

jika menggunakan lusca r14809 :
copy file imr.diff ke /home/proxyku dengan menggunakan winscp..
winscp bisa didownload di : http://www.4shared.com/file/KlAfa3dQ/winscp428.html

kemudian copy dengan menggunakan putty…
putty bisa didownload di : http://www.4shared.com/file/16tJyvlq/putty.html

# sudo cp /home/proxyku/imr.diff /home/proxyku/LUSCA_HEAD-r14809


masuk ke foldernya :
jika menggunakan lusca r14809 :

# cd LUSCA_HEAD-r14809/

@ patch dulo revalidate dgn cara : patch -p0 < imr.diff

jika menggunakan lusca FMI :

# cd LUSCA_FMI/

jika menggunakan lusca FMI di unbuntu 64 sebelum compile lakukan perintah ini didalam folder lusca FMI :

# make distclean

ok..!! sekarang dimulai tahap compile nya :

cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai

Link untuk mengetahui CHOST dan CFLAGS ;
# untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
# untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
sebagai contoh saya menggunakan amd x2 7750 BE :


CHOST="x86_64-pc-linux-gnu" \
CFLAGS="-march=amdfam10 -msse3 -O2 -pipe" \
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536

selanjutnya, ketik perintah berikut di terminal ubuntu :

# make
# sudo make install

Edit squid.conf

agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10
#copy file squid yg di download tadi ke /etc/init.d/

# sudo cp /home/proxyku/squid /etc/init.d/

jgn lupa di :
#sudo chmod +x /etc/init.d/squid

# stop dulu squidnya :
sudo /etc/init.d/squid stop

#copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid ----> edit sesuai network juragan

sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid

4. Langkah selanjutnya

# Memberikan permission pada folder cache

chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl

# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :

squid -f /etc/squid/squid.conf -z

# Restart squid
sudo /etc/init.d/squid restart

# nano /etc/sysctl.conf


Quote :
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 16777216

net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
setelah di save, baru di sysctl -p

catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja


Reboot CPU nya...

tambahan :

Menghitung memory yang sedang digunakan oleh aplikasi di Linux :

# wget http://www.pixelbeat.org/scripts/ps_mem.py

# chmod +x ps_mem.py

# ./ps_mem.py

Install Squidmon :

# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py

untuk monitor squid :

# cat /var/log/squid/access.log | ./squidmon.py

# cat /var/log/squid/access.log | python squidmon.py


MEMBUAT SQUIDSTATS

1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e 'install Config::IniFiles'
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :

snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all

9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi

Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80

Untuk memonitor SQUID :

sudo /etc/init.d/squid stop

sudo /etc/init.d/squid restart

/etc/init.d/unbound restart

unbound-control stats

sudo unbound-control stats | tail -16

squidclient mgr:info

squidclient mgr:client_list

tail -f /var/log/squid/access.log

tail -f /var/log/squid/cache.log

tail -n 80 /var/log/squid/cache.log

squidclient mgr:storedir

cat /var/log/squid/access.log | ./squidmon.py

cat /var/log/squid/access.log | python squidmon.py

http://192.168.2.2/squidstats/graph-summary.cgi

./ps_mem.py


UBUNTU 10.10 64 BIT + SQUID 2.7stable9 + DNS UNBOUND

Paket yang Dibutuhkan : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip

Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/...rver-amd64.iso

Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB

1. Partisi HDD

Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache

2. Install Paket

OPTIMALKAN partisi btrfs nya :

# lsmod |grep -i btrfs

# nano /etc/fstab

/cache btrfs noatime,compress,noacl 0 2

OPTIMALKAN juga kernelnya :

default FD 1024
cek di console

# ulimit -n

cara merubah :
# ulimit -HSn 65536

# echo "root soft nofile 65536" >> /etc/security/limits.conf
# echo "root hard nofile 65536" >> /etc/security/limits.conf

# nano /etc/pam.d/common-session

session required pam_limits.so

# modprobe ip_conntrack

kemudian tambahkan ip_contrack di /etc/modules

# nano /etc/modules

Tambahkan kalimat berikut :

ip_conntrack

DNS Unbound High Performance

apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*

sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)

# nano

Quote :
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0

outgoing-range: 512
num-queries-per-thread: 1024

msg-cache-size: 16m
rrset-cache-size: 32m

msg-cache-slabs: 4
rrset-cache-slabs: 4

cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120

infra-cache-numhosts: 10000
infra-cache-lame-size: 10k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse

chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"

identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

#zone zoky.net
local-zone: "zoky.net." static
local-data: "zoky.net. 86400 IN NS ns1.zoky.net."
local-data: "zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604800 86400"
local-data: "zoky.net. 86400 IN A 192.168.2.2"
local-data: "www.zoky.net. 86400 IN A 192.168.2.2"
local-data: "ns1.zoky.net. 86400 IN A 192.168.2.2"

local-data: "mail.zoky.net. 86400 IN A 192.168.2.2"
local-data: "zoky.net. 86400 IN MX 10 mail.zoky.net."
local-data: "zoky.net. 86400 IN TXT v=spf1 a mx ~all"

local-zone: "2.168.192.in-addr.arpa." static
local-data: "2.168.192.in-addr.arpa. 10800 IN NS zoky.net."
local-data: "2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000"
local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net."

forward-zone:
name: "."
forward-addr: 116.254.99.254
forward-addr: 202.134.0.155
forward-addr: 203.130.196.5
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
lalu save di /etc/unbound/unbound.conf

forward-zone: sesuaikan dengan DNS ISP anda

cek configure unbound :

# unbound-checkconf /etc/unbound/unbound.conf

edit file di /etc/resolv.conf :

# nano /etc/resolv.conf

nameserver 127.0.0.1

edit file /etc/network/interfaces

# nano /etc/network/interfaces

iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1

untuk cek apakah d jalan :

# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53

2.2.168.192.in-addr.arpa name = zoky.net

# nslookup zoky.net
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: Q.net
Address: 192.168.2.2

Untuk monitor :

# unbound-control stats

# sudo unbound-control stats | tail -16


# sudo apt-get update

# sudo apt-get install squid squidclient squid-cgi

# nano /etc/default/squid

SQUID_MAXFD=8192

# sudo apt-get install gcc

# grep -E "#define\W+__FD_SETSIZE" /usr/include/*.h /usr/include/*/*.h

# nano /usr/include/linux/posix_types.h

#define __FD_SETSIZE 65536

# nano /usr/include/bits/typesizes.h

#define __FD_SETSIZE 65536

# nano /etc/pam.d/login

Session required /lib/security/pam_limits.so

# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9

3.Download SQUID

# wget http://untuk-kita-semua.googlecode.com/files/squid-2.7.STABLE9%2Bpatch.tar.gz


lalu ekstrak :masuk ke foldernya :

# tar xvf squid-2.7.STABLE9+patch.tar.gz

# cd squid-2.7.STABLE9

ok..!! sekarang dimulai tahap compile nya :

cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai

Link untuk mengetahui CHOST dan CFLAGS ;
# untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
# untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
sebagai contoh saya menggunakan amd x2 7750 BE :


./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536


selanjutnya, ketik perintah berikut di terminal ubuntu :

# make
# sudo make install

Edit squid.conf

agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10
#copy file squid yg di download tadi ke /etc/init.d/

# sudo cp /home/proxyku/squid /etc/init.d/

jgn lupa di :
#sudo chmod +x /etc/init.d/squid

# stop dulu squidnya :
sudo /etc/init.d/squid stop

#copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid ----> edit sesuai network juragan

sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid

4. Langkah selanjutnya

# Memberikan permission pada folder cache

chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl

# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :

squid -f /etc/squid/squid.conf -z

# Restart squid
sudo /etc/init.d/squid restart

# nano /etc/sysctl.conf


Quote :
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 16777216

net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

setelah di save, baru di sysctl -p

catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja


Reboot CPU nya...[

tambahan :

Menghitung memory yang sedang digunakan oleh aplikasi di Linux :

# wget http://www.pixelbeat.org/scripts/ps_mem.py

# chmod +x ps_mem.py

# ./ps_mem.py

Install Squidmon :

# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py

untuk monitor squid :

# cat /var/log/squid/access.log | ./squidmon.py

# cat /var/log/squid/access.log | python squidmon.py


MEMBUAT SQUIDSTATS

1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e 'install Config::IniFiles'
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :

snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all

9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi

Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80

Untuk memonitor SQUID :

sudo /etc/init.d/squid stop

sudo /etc/init.d/squid restart

/etc/init.d/unbound restart

unbound-control stats

sudo unbound-control stats | tail -16

squidclient mgr:info

squidclient mgr:client_list

tail -f /var/log/squid/access.log

tail -f /var/log/squid/cache.log

tail -n 80 /var/log/squid/cache.log

squidclient mgr:storedir

cat /var/log/squid/access.log | ./squidmon.py

cat /var/log/squid/access.log | python squidmon.py

http://192.168.2.2/squidstats/graph-summary.cgi

./ps_mem.py


credit to teukurizal
http://forummikrotik.com


Terakhir diubah oleh zoky tanggal Thu Feb 03, 2011 8:43 pm, total 2 kali diubah
Kembali Ke Atas Go down
wadooke



Jumlah posting : 3
Join date : 31.01.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Mon Jan 31, 2011 7:31 pm

mantabs tutorialnya...
tak coba dulu gan
Kembali Ke Atas Go down
zoky



Jumlah posting : 18
Join date : 25.11.10

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Tue Feb 01, 2011 11:26 am

wadooke wrote:
mantabs tutorialnya...
tak coba dulu gan

monggo... Very Happy

cm bs copas gan tp pas aq praktekin lmyn bagus,hampir sama ma jasa2 teknisi yg berbayar....tp try n error supaya lebih maksimal.....
Kembali Ke Atas Go down
wadooke



Jumlah posting : 3
Join date : 31.01.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Wed Feb 02, 2011 3:25 am

dah tak coba kemaren...
spek komputer:
cpu: intel P4 2,4Ghz
ram: 1 Gb
Hd: 60 Gb

soft:
Mikrotik RB750 LoadBalancing 2 Speedy
Ubuntu 10.10 32bit
Lusca FMI

Client: 25 user + 1 Operator

sampe hari ini masih lancar lancar aja...
Facebook, Poker, Point Blank..... sementara lancar...
Kembali Ke Atas Go down
zoky



Jumlah posting : 18
Join date : 25.11.10

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Thu Feb 03, 2011 7:35 pm

wadooke wrote:
dah tak coba kemaren...
spek komputer:
cpu: intel P4 2,4Ghz
ram: 1 Gb
Hd: 60 Gb

soft:
Mikrotik RB750 LoadBalancing 2 Speedy
Ubuntu 10.10 32bit
Lusca FMI

Client: 25 user + 1 Operator

sampe hari ini masih lancar lancar aja...
Facebook, Poker, Point Blank..... sementara lancar...

senang bs berbagi ilmu... Very Happy
Kembali Ke Atas Go down
widodo



Jumlah posting : 1
Join date : 13.05.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Fri May 13, 2011 4:58 pm

pendatang baru ...masi belajar total..izin nyoba yaa... Basketball Basketball bounce tapi di bimbing lol! lol!
Kembali Ke Atas Go down
zirdy



Jumlah posting : 3
Join date : 24.06.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Fri Jun 24, 2011 5:01 am

file "imr.diff" nya mana ya gan?
Question
Kembali Ke Atas Go down
tyoiuk



Jumlah posting : 8
Join date : 02.06.11

PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Mon Jun 27, 2011 1:33 pm

ok gan..
harus ditambahim,,
mungkin setting isp yg pling marak ini gan...
trims cheers cheers cheers Razz Razz Razz Razz
Kembali Ke Atas Go down
Sponsored content




PostSubyek: Re: MEMBUAT PROXY DI UBUNTU SERVER   Today at 7:21 am

Kembali Ke Atas Go down
 
MEMBUAT PROXY DI UBUNTU SERVER
Topik sebelumnya Topik selanjutnya Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» Cara Browsing lewat ubuntu server
» [Private Server] Zodiac Ragnarok
» Hal-Hal yang dapat membuat kaum lelaki menangis
» [Tutorial] Cara membuat forum forumotion
» Cara membuat pendataan&list list barang menjadi seperti di sini?

Permissions in this forum:Anda tidak dapat menjawab topik
My Community :: Computer :: SQUID Proxy-
Navigasi: