<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d17253534\x26blogName\x3dMe+Ordinary+People\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://metabe.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://metabe.blogspot.com/\x26vt\x3d1493338880194554238', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>
Tuesday, March 13, 2007
:: Instalasi Squid ::

1. Sebelum instalasi squid tarball, kita stop dulu daemon squid default linux, atau bisa kita lakukan setup daemon tsb, melalui command setup disitu kita bisa nonaktifkan daemon yang jalan secara otomatis saat BOX di aktif/reboot.

[root@proxy ~]# /etc/init.d/squid stop

2. Setelah itu kita sedot squid versi stable dari squid-cache.org, disini daku coba download squid versi 2.5..

[root@proxy~]# wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE14.tar.gz

3. Kita lakukan Extract packet Tarball squid tsb..

[root@proxy~]# tar -xvzf squid-2.5.STABLE14.tar.gz

4. Kemudian kita masuk ke direktori squid

[root@proxy~]# cd squid-2.5.STABLE14/

5. Kita buat user dan group yang nantinya akan menjalankan squid..

[root@proxy~]# /usr/sbin/groupadd squid
[root@proxy~]# /usr/sbin/adduser -d /dev/null -s /bin/false -g squid squid

Note : Artinya membuat user dengan nama squid yang masuk di group squid, agar box lebih aman kita tidak memberikan access user squid ini untuk login ke sistem ( -s /bin/false ) untuk keterangan opsi-opsi adduser silahkan baca di manual. " man adduser "

6. Kita mulai melakukan configure squid atau menyesuaikan packet squid tsb dan preffix yang kita butuhkan, dengan system dan library yang sudah available.. Bahasa yg nge trend sekarang sih namanya "Compile"

[root@proxy~]# ./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid \
--enable-delay-pools --enable-cache-diggests --enable-poll \
--disable-ident-lookups --enable-async-io=16 \
--enable-auth-modules --enable-removal-policies --enable-snmp

7. Setelah selesai compile, kita mulai melakukan instalasi..

[root@proxy~]# make all
[root@proxy~]# make install

Note : Kakak" yg baca ini agak lama nih proses installnya, mendingan tinggal makan or ngapain kek..heuheuhe..

8. Setelah selesai install kita mulai konfigurasi squid, untuk hal ini lebih baik baca" or cari" di om google, supaya bisa optimalkan squid.. Bahasa yg nge trend sekarang sih namanya "Tunning"

Berikut ini adalah contoh konfigurasi sederhana Made in daku .. Silakan dicontek..

###################################################################

http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 128000 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
memory_pools off
cache_dir aufs /cache1 40000 32 256
cache_dir aufs /cache2 40000 32 256
cache_dir aufs /cache3 700000 32 256
cache_dir aufs /cache4 700000 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern -i \.gif$ 10080 90% 43200
refresh_pattern -i \.jpg$ 10080 90% 43200
refresh_pattern -i \.com\.gov\.au 30 20% 120
refresh_pattern -i \.html$ 480 50% 22160
refresh_pattern -i \.htm$ 480 50% 22160
refresh_pattern -i \.class$ 10080 90% 43200
refresh_pattern -i \.zip$ 10080 90% 43200
refresh_pattern -i \.jpeg$ 10080 90% 43200
refresh_pattern -i \.mid$ 10080 90% 43200
refresh_pattern -i \.shtml$ 480 50% 22160
refresh_pattern -i \.exe$ 10080 90% 43200
refresh_pattern -i \.thm$ 10080 90% 43200
refresh_pattern -i \.wav$ 10080 90% 43200
refresh_pattern -i \.txt$ 10080 90% 43200
refresh_pattern -i \.cab$ 10080 90% 43200
refresh_pattern -i \.au$ 10080 90% 43200
refresh_pattern -i \.mov$ 10080 90% 43200
refresh_pattern -i \.xbm$ 10080 90% 43200
refresh_pattern -i \.ram$ 10080 90% 43200
refresh_pattern -i \.avi$ 10080 90% 43200
refresh_pattern -i \.chtml$ 480 50% 22160
refresh_pattern -i \.thb$ 10080 90% 43200
refresh_pattern -i \.dcr$ 10080 90% 43200
refresh_pattern -i \.bmp$ 10080 90% 43200
refresh_pattern -i \.phtml$ 480 50% 22160
refresh_pattern -i \.mpg$ 10080 90% 43200
refresh_pattern -i \.pdf$ 10080 90% 43200
refresh_pattern -i \.art$ 10080 90% 43200
refresh_pattern -i \.swf$ 10080 90% 43200
refresh_pattern -i \.mp3$ 10080 90% 43200
refresh_pattern -i \.ra$ 10080 90% 43200
refresh_pattern -i \.spl$ 10080 90% 43200
refresh_pattern -i \.viv$ 10080 90% 43200
refresh_pattern -i \.doc$ 10080 90% 43200
refresh_pattern -i \.gz$ 10080 90% 43200
refresh_pattern -i \.Z$ 10080 90% 43200
refresh_pattern -i \.tgz$ 10080 90% 43200
refresh_pattern -i \.tar$ 10080 90% 43200
refresh_pattern -i \.vrm$ 10080 90% 43200
refresh_pattern -i \.vrml$ 10080 90% 43200
refresh_pattern -i \.aif$ 10080 90% 43200
refresh_pattern -i \.aifc$ 10080 90% 43200
refresh_pattern -i \.aiff$ 10080 90% 43200
refresh_pattern -i \.arj$ 10080 90% 43200
refresh_pattern -i \.c$ 10080 90% 43200
refresh_pattern -i \.cpt$ 10080 90% 43200
refresh_pattern -i \.dir$ 10080 90% 43200
refresh_pattern -i \.dxr$ 10080 90% 43200
refresh_pattern -i \.hqx$ 10080 90% 43200
refresh_pattern -i \.jpe$ 10080 90% 43200
refresh_pattern -i \.lha$ 10080 90% 43200
refresh_pattern -i \.lzh$ 10080 90% 43200
refresh_pattern -i \.midi$ 10080 90% 43200
refresh_pattern -i \.movie$ 10080 90% 43200
refresh_pattern -i \.mp2$ 10080 90% 43200
refresh_pattern -i \.mpe$ 10080 90% 43200
refresh_pattern -i \.mpeg$ 10080 90% 43200
refresh_pattern -i \.mpga$ 10080 90% 43200
refresh_pattern -i \.pl$ 10080 90% 43200
refresh_pattern -i \.ppt$ 10080 90% 43200
refresh_pattern -i \.ps$ 10080 90% 43200
refresh_pattern -i \.qt$ 10080 90% 43200
refresh_pattern -i \.qtm$ 10080 90% 43200
refresh_pattern -i \.ras$ 10080 90% 43200
refresh_pattern -i \.sea$ 10080 90% 43200
refresh_pattern -i \.sit$ 10080 90% 43200
refresh_pattern -i \.tif$ 10080 90% 43200
refresh_pattern -i \.tiff$ 10080 90% 43200
refresh_pattern -i \.snd$ 10080 90% 43200
refresh_pattern -i \.wrl$ 10080 90% 43200
#################access list###################
acl all src 0.0.0.0/0.0.0.0
acl linux_iqbal src 192.168.0.5/255.255.255.255
acl laptop_iqbal src 192.168.0.10/255.255.255.255
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl limit urlpath_regex [-i] \.EXE$ \.exe$ \.cab$ \.dll$ \.tar.gz$ \.gz$ \.tgz$ \.rpm$ \.zip$ \.tar$ \.iso$ \.doc$ \.xls$

\.mpeg$ \.avi$ \.mp3$ \.wav$ \.iso$ \.rm$ \.mwv$ \.dat$ \.pdf$ \.rar$ \.psf$ \.asf$
################access control#################
http_access allow manager localhost
http_access deny manager
http_access allow linux_iqbal
http_access allow laptop_iqbal
http_access allow limit
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all

##############Delay_pools###############
delay_pools 3
delay_class 1 3
delay_parameters 1 -1/-1 -1/-1 -1/-1
delay_access 1 allow linux_iqbal
delay_access 1 deny all

delay_class 2 2
delay_parameters 2 -1/-1 8000/16000
delay_access 2 allow laptop_iqbal
delay_access 2 deny all

delay_class 3 3
delay_parameters 3 32000/32000 8000/8000 700/8000
delay_access 3 allow limit
delay_access 3 deny all

coredump_dir /var/spool/squid


Note : Kalau ada yg kurang paham konfigurasi ini, silakan tanya daku PM langsung hueheue..insya4JJI dijawab kalau bisa

dijawab..

9. Setelah itu kita masuk tahap menjalankan squid..
Dibawah ini adalah partisi HD di box daku..Di bawah bisa dilihat daku buat partisi untuk cache ada 4 partisi..That's My Style biar lebih optimal squidnya.. "Keunceng" insya4JJI :D

[root@proxy~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 2.0G 116M 1.8G 7% /
/dev/hda1 587M 20M 538M 4% /boot
/dev/hda5 66G 117M 62G 1% /cache1
/dev/hda3 66G 117M 62G 1% /cache2
/dev/hdb1 111G 16G 90G 15% /cache3
/dev/hdb2 115G 16G 94G 14% /cache4
none 506M 0 506M 0% /dev/shm
/dev/hda7 2.9G 37M 2.7G 2% /home
/dev/hda10 190M 5.6M 175M 4% /tmp
/dev/hda6 5.8G 1.1G 4.4G 20% /usr
/dev/hda8 2.0G 59M 1.8G 4% /usr/local
/dev/hda9 2.0G 319M 1.6G 18% /var

Sekarang kita buat direktori untuk partisi cache tersebut

[root@proxy~]# mkdir /cache1
[root@proxy~]# mkdir /cache2
[root@proxy~]# mkdir /cache3
[root@proxy~]# mkdir /cache4

Kemudian memberi hak direktori tsb..

[root@proxy~]# chown -R squid.squid /cache*

Setelah itu kita aktifkan cache squid..

[root@proxy~]# /usr/local/squid/sbin/squid -z

Kemudian jalankan daemon squid, and finally insya4JJI jalan..heuehue..

[root@proxy~]# /usr/local/squid/sbin/squid


 
posted by -MuHaMaD IqBaL- at 11:26 PM | Permalink |


1 Comments:


  • At 5:05 PM, Blogger n

    kereeeeeeeeen

    sekalian sama keamanannya

     
Post a Comment ~ back home