High Performance Cache HTTPS Proxy Lusca on Ubuntu Server

Cara Install Proxy + Squid Cache

Berikut ini saya akan menuliskan tentang setting squid3 di ubuntu server 12.xx / 13.xx
Langkah - langkahnya tidak jauh berbeda dengan postingan sebelumnya, cuman ada sedikit penambahan.

1. Paket Install yang di Butuhkan:

apt-get update
apt-get install devscripts
apt-get install build-essential
apt-get install openssl
apt-get install libssl-dev
apt-get install fakeroot
apt-get install libcppunit-dev
apt-get install libsasl2-dev
apt-get install cdbs
apt-get install ccze
apt-get install libfile-readbackwards-perl
apt-get install libcap2
apt-get install libcap-dev
apt-get install libcap2-dev
apt-get install sysv-rc-conf

2. Download File squid-3.HEAD-20130412-r12755.tar.gz dengan cara sebagai berikut:

Download “Wget http://pakmin.googlecode.com/files/squid-3.HEAD-20130412-r12755.tar.gz”
Extract “tar xzvf squid-3.HEAD-20130412-r12755.tar.gz”
Masuk ke direktori “cd squid-3.HEAD-20130412-r12755″

3. Perintah Install Compile File squid-3.HEAD-20130412-r12755:

./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --datadir=/usr/share/squid --infodir=/usr/share/info --mandir=/usr/share/man --disable-dependency-tracking --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --enable-icmp --enable-esi --enable-icap-client --disable-wccp --disable-wccpv2 --enable-kill-parent-hack --enable-cache-digests --enable-follow-x-forwarded-for --enable-x-accelerator-vary --enable-zph-qos --with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid --with-large-files --enable-ltdl-convenience --with-filedescriptors=65536 --enable-ssl --enable-ssl-crtd --disable-auth --build=i486-linux-gnu build_alias=i486-linux-gnu && make && make install

4. Setelah Compile File squid-3.HEAD-20130412-r12755 Buatlah Direktori Cache:

root@proxy:~# mkdir cache-1
root@proxy:~# mkdir cache-2

5. Kemudian diberi lebel proxy:proxy dan di beri permision:

root@proxy:~# chown proxy:proxy /cache-1
root@proxy:~# chown proxy:proxy /cache-2

6. Kemudain di beri permision:

root@proxy:~# chmod 777 /cache-1
root@proxy:~# chmod 777 /cache-2

7. Setelah selesai anda Download File >>--> squid.conf

root@proxy:~# chown proxy:proxy /etc/squid/squid.conf
root@proxy:~# chmod 777 /etc/squid/squid.conf

8. Kemudian Buat Listing File storeurl Sebelumnya Download File >>--> storeurl.pl

root@proxy:~# touch /etc/squid/storeurl.pl
root@proxy:~# chown proxy:proxy /etc/squid/storeurl.pl
root@proxy:~# chmod 777 /etc/squid/storeurl.pl

9. Buka storeurl.pl dengan winscp dan isikan dengan Script storeurl.pl yang telah anda download

Copy Paste script squid ke ke folder: /etc/init.d/
Kemudian pada menu Terminal pada software putty ketik " /etc/init.d/squid stop "
Masih pada menu Terminal pada software , copy-paste perintah di bawah satu-persatu

root@proxy:~# /etc/init.d/squid restart

10. Restart Komputer Kamu

Monitoring Squid access.log :

root@proxy:~# tail -f /var/log/squid/access.log | ccze

=========================
PAKET INSTALL TAMBAHAN
=========================

Di mikrotik add bari di bawah ini
eth2 interface from client
eth3 interface from tproxy

/ip firewall mangle add action=mark-routing chain=prerouting disabled=no dst-port=80 \ in-interface=ether2 new-routing-mark=proxy passthrough=no protocol=tcp add action=mark-connection chain=prerouting disabled=no dst-port=80 \ in-interface=ether3 new-connection-mark=tproxy passthrough=yes protocol=\ tcp src-address=!172.16.1.2 add action=mark-routing chain=prerouting connection-mark=tproxy disabled=no \ in-interface=!ether3 new-routing-mark=proxy passthrough=no

# Di mesin Proxy Masukkan saja baris di bawah ini ke rc.local atau file untuk startup

modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

# Ganti saja ip dengan ip proxy

iptables -t mangle -A PREROUTING -d 172.16.1.2/32 -p tcp --dport 80 -j ACCEPT
iptables -t mangle -A PREROUTING -d 172.16.1.2/32 -p tcp --dport 3128 -j ACCEPT
iptables -t mangle -A PREROUTING ! -d 172.16.1.2/32 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129

/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward

# don't forget to add option "tproxy" to http_port on your squid

Setting /etc/init.d/squid on squid3

#! /bin/sh
#
# squid32012                Startup script for the SQUID HTTP proxy-cache.
#
# Version:      @(#)squid3.rc 1.0 07-Jul-2006 luigi@debian.org
#
### BEGIN INIT INFO
# Provides:          Squid 3.X
# File-Location:     /etc/init.d/squid3
# Required-Start:    $network $remote_fs $syslog
# Required-Stop:     $network $remote_fs $syslog
# Should-Start:      $named
# Should-Stop:       $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Squid HTTP Proxy version 3.2.0.12
### END INIT INFO

NAME=squid
DESC="Squid HTTP Proxy 3.X"
DAEMON=/usr/sbin/squid
PIDFILE=/var/run/$NAME.pid
CONFIG=/etc/squid/squid.conf
SQUID_ARGS="-YC -f $CONFIG"
# RAMFS=/scripts/ramcache

[ ! -f /etc/default/squid ] || . /etc/default/squid

. /lib/lsb/init-functions

PATH=/bin:/usr/bin:/sbin:/usr/sbin

[ -x $DAEMON ] || exit 0

ulimit -n 65535

find_cache_dir () {
        w="     " # space tab
        res=`sed -ne '
                s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+$[^'"$w"']\+$.*$/\1/p;
                t end;
                d;
                :end q' < $CONFIG`
        [ -n "$res" ] || res=$2
        echo "$res"
}

find_cache_type () {
        w="     " # space tab
        res=`sed -ne '
                s/^'$1'['"$w"']\+$[^'"$w"']\+$.*$/\1/p;
                t end;
                d;
                :end q' < $CONFIG`
        [ -n "$res" ] || res=$2
        echo "$res"
}

start () {
#        $RAMFS clean
#        $RAMFS mount
#        $RAMFS restore

        cache_dir=`find_cache_dir cache_dir /var/spool/squid/cache`
        cache_type=`find_cache_type cache_dir ufs`

        #
    # Create spool dirs if they don't exist.
    #
        if [ "$cache_type" = "coss" -a -d "$cache_dir" -a ! -f "$cache_dir/stripe" ] || [ "$cache_type" != "coss" -a -d "$cache_dir" -a ! -d "$cache_dir/00" ]
        then
                log_warning_msg "Creating $DESC cache structure"
                $DAEMON -z
        fi

        umask 027
        ulimit -n 65535


        cd $cache_dir
        start-stop-daemon --quiet --start \
                --pidfile $PIDFILE \
                --exec $DAEMON -- $SQUID_ARGS < /dev/null
        return $?
}

stop () {

        PID=`cat $PIDFILE 2>/dev/null`
        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
        #
        #       Now we have to wait until squid has _really_ stopped.
        #
        sleep 2
        if test -n "$PID" && kill -0 $PID 2>/dev/null
        then
                log_action_begin_msg " Waiting"
                cnt=0
                while kill -0 $PID 2>/dev/null
                do
                        cnt=`expr $cnt + 1`
                        if [ $cnt -gt 24 ]
                        then
                                log_action_end_msg 1
                                return 1
                        fi
                        sleep 5
                        log_action_cont_msg ""
                done
                log_action_end_msg 0
                return 0
        else
                return 0
        fi
}

case "$1" in
    start)
        log_daemon_msg "Starting $DESC" "$NAME"
        if start ; then
                log_end_msg $?
        else
                log_end_msg $?
        fi
        ;;
    stop)
        log_daemon_msg "Stopping $DESC" "$NAME"

        if stop ; then
                log_end_msg $?
        else
                log_end_msg $?
        fi
#        $RAMFS dump
#        $RAMFS umount
#        $RAMFS clean

        ;;
    reload|force-reload)
        log_action_msg "Reloading $DESC configuration files"
        start-stop-daemon --stop --signal 1 \
                --pidfile $PIDFILE --quiet --exec $DAEMON
        log_action_end_msg 0
        ;;
    restart)
        log_daemon_msg "Restarting $DESC" "$NAME"
        stop
        if start ; then
                log_end_msg $?
        else
                log_end_msg $?
        fi
        ;;
    *)
        echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart}"
        exit 3
        ;;
esac

exit 0

Teknologi Komputer Dan Jaringan

List

Senin, 23 November 2015

Setting /etc/init.d/squid on squid3

Setting /etc/init.d/squid on squid3

Tidak ada komentar:

Posting Komentar