UBUNTU 10.10 64 BIT + LUSCA_HEAD + DNS UNBOUND
Paket yang Dibutuhkan :
untuk lusca r14809 : http://untuk-kita-semua.googlecode.com/files/SQUID%202%20LUSCA.zip
Untuk lusca FMI : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip
Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/...rver-amd64.iso
Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB
1. Partisi HDD
Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache
2. Install Paket
OPTIMALKAN partisi btrfs nya :
# lsmod |grep -i btrfs
# nano /etc/fstab
/cache btrfs noatime,compress,noacl 0 2
OPTIMALKAN juga kernelnya :
default FD 1024
cek di console
# ulimit -n
cara merubah :
# ulimit -HSn 65536
# echo "root soft nofile 65536" >> /etc/security/limits.conf
# echo "root hard nofile 65536" >> /etc/security/limits.conf
# nano /etc/pam.d/common-session
session required pam_limits.so
# modprobe ip_conntrack
kemudian tambahkan ip_contrack di /etc/modules
# nano /etc/modules
Tambahkan kalimat berikut :
ip_conntrack
DNS Unbound High Performance
apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*
sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)
# nano
Paket yang Dibutuhkan :
untuk lusca r14809 : http://untuk-kita-semua.googlecode.com/files/SQUID%202%20LUSCA.zip
Untuk lusca FMI : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip
Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/...rver-amd64.iso
Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB
1. Partisi HDD
Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache
2. Install Paket
OPTIMALKAN partisi btrfs nya :
# lsmod |grep -i btrfs
# nano /etc/fstab
/cache btrfs noatime,compress,noacl 0 2
OPTIMALKAN juga kernelnya :
default FD 1024
cek di console
# ulimit -n
cara merubah :
# ulimit -HSn 65536
# echo "root soft nofile 65536" >> /etc/security/limits.conf
# echo "root hard nofile 65536" >> /etc/security/limits.conf
# nano /etc/pam.d/common-session
session required pam_limits.so
# modprobe ip_conntrack
kemudian tambahkan ip_contrack di /etc/modules
# nano /etc/modules
Tambahkan kalimat berikut :
ip_conntrack
DNS Unbound High Performance
apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*
sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)
# nano
| server: verbosity: 1 statistics-interval: 120 statistics-cumulative: yes num-threads: 1 interface: 0.0.0.0 outgoing-range: 512 num-queries-per-thread: 1024 msg-cache-size: 16m rrset-cache-size: 32m msg-cache-slabs: 4 rrset-cache-slabs: 4 cache-max-ttl: 86400 infra-host-ttl: 60 infra-lame-ttl: 120 infra-cache-numhosts: 10000 infra-cache-lame-size: 10k do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes do-daemonize: yes #access-control: 0.0.0.0/0 allow access-control: 192.168.0.0/16 allow access-control: 172.16.0.0/12 allow access-control: 10.0.0.0/8 allow access-control: 127.0.0.0/8 allow access-control: 0.0.0.0/0 refuse chroot: "/etc/unbound" username: "unbound" directory: "/etc/unbound" #logfile: "/etc/unbound/unbound.log" #use-syslog: yes logfile: "" use-syslog: no pidfile: "/etc/unbound/unbound.pid" root-hints: "/etc/unbound/named.cache" identity: "DNS" version: "1.4" hide-identity: yes hide-version: yes harden-glue: yes do-not-query-address: 127.0.0.1/8 do-not-query-localhost: yes module-config: "iterator" #zone localhost local-zone: "localhost." static local-data: "localhost. 10800 IN NS localhost." local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local-data: "localhost. 10800 IN A 127.0.0.1" local-zone: "127.in-addr.arpa." static local-data: "127.in-addr.arpa. 10800 IN NS localhost." local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800" local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost." #zone zoky.net local-zone: "zoky.net." static local-data: "zoky.net. 86400 IN NS ns1.zoky.net." local-data: "zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604800 86400" local-data: "zoky.net. 86400 IN A 192.168.2.2" local-data: "www.zoky.net. 86400 IN A 192.168.2.2" local-data: "ns1.zoky.net. 86400 IN A 192.168.2.2" local-data: "mail.zoky.net. 86400 IN A 192.168.2.2" local-data: "zoky.net. 86400 IN MX 10 mail.zoky.net." local-data: "zoky.net. 86400 IN TXT v=spf1 a mx ~all" local-zone: "2.168.192.in-addr.arpa." static local-data: "2.168.192.in-addr.arpa. 10800 IN NS zoky.net." local-data: "2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000" local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net." forward-zone: name: "." forward-addr: 192.168.2.1 forward-addr: 116.254.99.254 forward-addr: 202.134.0.155 forward-addr: 203.130.196.5 forward-addr: 8.8.8.8 forward-addr: 8.8.4.4 forward-addr: 208.67.222.222 forward-addr: 208.67.220.220 remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: "/etc/unbound/unbound_server.key" server-cert-file: "/etc/unbound/unbound_server.pem" control-key-file: "/etc/unbound/unbound_control.key" control-cert-file: "/etc/unbound/unbound_control.pem" |
lalu save di /etc/unbound/unbound.conf
forward-zone: sesuaikan dengan DNS ISP anda
cek configure unbound :
# unbound-checkconf /etc/unbound/unbound.conf
edit file di /etc/resolv.conf :
# nano /etc/resolv.conf
nameserver 127.0.0.1
edit file /etc/network/interfaces
# nano /etc/network/interfaces
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
untuk cek apakah d jalan :
# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53
2.2.168.192.in-addr.arpa name = zoky.net
# nslookup zoky.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: Q.net
Address: 192.168.2.2
Untuk monitor :
# unbound-control stats
# sudo unbound-control stats | tail -16
# sudo apt-get update
# sudo apt-get install squid
# nano /etc/default/squid
SQUID_MAXFD=8192
# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc
# grep -E "#define\W+__FD_SETSIZE" /usr/include/*.h /usr/include/*/*.h
# nano /usr/include/linux/posix_types.h
#define __FD_SETSIZE 65536
# nano /usr/include/bits/typesizes.h
#define __FD_SETSIZE 65536
# nano /etc/pam.d/login
Session required /lib/security/pam_limits.so
# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9
3.Download Lusca
download lusca r14809 lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
download lusca FMI lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_FMI.tar.gz
lalu ekstrak :masuk ke foldernya :
jika memakai lusca r14809 :
# tar xzvf LUSCA_HEAD-r14809.tar.gz
jika memakai lusca FMI :
# tar tar xzvf LUSCA_FMI.tar.gz
jika menggunakan lusca r14809 :
copy file imr.diff ke /home/proxyku dengan menggunakan winscp..
winscp bisa didownload di : 4shared.com /file/KlAfa3dQ/winscp428.html
kemudian copy dengan menggunakan putty…
putty bisa didownload di : 4shared.com /file/16tJyvlq/putty.html
# sudo cp /home/proxyku/imr.diff /home/proxyku/LUSCA_HEAD-r14809
masuk ke foldernya :
jika menggunakan lusca r14809 :
# cd LUSCA_HEAD-r14809/
@ patch dulo revalidate dgn cara : patch -p0 < imr.diff
jika menggunakan lusca FMI :
# cd LUSCA_FMI/
jika menggunakan lusca FMI di unbuntu 64 sebelum compile lakukan perintah ini didalam folder lusca FMI :
# make distclean
ok..!! sekarang dimulai tahap compile nya :
cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai
Link untuk mengetahui CHOST dan CFLAGS ;
# untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
# untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
sebagai contoh saya menggunakan amd x2 7750 BE :
CHOST="x86_64-pc-linux-gnu" \
CFLAGS="-march=amdfam10 -msse3 -O2 -pipe" \
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536
selanjutnya, ketik perintah berikut di terminal ubuntu :
# make
# sudo make install
Edit squid.conf
agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10
#copy file squid yg di download tadi ke /etc/init.d/
# sudo cp /home/proxyku/squid /etc/init.d/
jgn lupa di :
#sudo chmod +x /etc/init.d/squid
# stop dulu squidnya :
sudo /etc/init.d/squid stop
#copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid ----> edit sesuai network juragan
sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid
4. Langkah selanjutnya
# Memberikan permission pada folder cache
chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :
squid -f /etc/squid/squid.conf -z
# Restart squid
sudo /etc/init.d/squid restart
# nano /etc/sysctl.conf
| Quote: |
| fs.file-max=65536 vm.drop_caches = 3 vm.swappiness = 3 net.netfilter.nf_conntrack_acct= 1 net.ipv4.netfilter.ip_conntrack_max = 16777216 net.ipv4.tcp_keepalive_time = 60 net.ipv4.tcp_keepalive_intvl = 10 net.ipv4.tcp_keepalive_probes = 6 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_sack = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_max_tw_buckets = 1440000 net.ipv4.ip_local_port_range = 16384 65535 net.core.rmem_max=16777216 net.core.wmem_max=16777216 net.ipv4.tcp_rmem=4096 87380 16777216 net.ipv4.tcp_wmem=4096 65536 16777216 net.ipv4.tcp_fin_timeout = 3 net.core.netdev_max_backlog = 30000 net.ipv4.tcp_no_metrics_save=1 net.core.somaxconn = 262144 net.ipv4.tcp_syncookies = 0 net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 4294967295 kernel.shmall = 268435456 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 |
setelah di save, baru di sysctl -p
catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja
Reboot CPU nya...
tambahan :
Menghitung memory yang sedang digunakan oleh aplikasi di Linux :
# wget http://www.pixelbeat.org/scripts/ps_mem.py
# chmod +x ps_mem.py
# ./ps_mem.py
Install Squidmon :
# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py
untuk monitor squid :
# cat /var/log/squid/access.log | ./squidmon.py
# cat /var/log/squid/access.log | python squidmon.py
MEMBUAT SQUIDSTATS
1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e 'install Config::IniFiles'
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi
Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80
Untuk memonitor SQUID :
sudo /etc/init.d/squid stop
sudo /etc/init.d/squid restart
/etc/init.d/unbound restart
unbound-control stats
sudo unbound-control stats | tail -16
squidclient mgr:info
squidclient mgr:client_list
tail -f /var/log/squid/access.log
tail -f /var/log/squid/cache.log
tail -n 80 /var/log/squid/cache.log
squidclient mgr:storedir
cat /var/log/squid/access.log | ./squidmon.py
cat /var/log/squid/access.log | python squidmon.py
http://192.168.2.2/squidstats/graph-summary.cgi
./ps_mem.py
UBUNTU 10.10 64 BIT + SQUID 2.7stable9 + DNS UNBOUND
Paket yang Dibutuhkan : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip
Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/...rver-amd64.iso
Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB
1. Partisi HDD
Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache
2. Install Paket
OPTIMALKAN partisi btrfs nya :
# lsmod |grep -i btrfs
# nano /etc/fstab
/cache btrfs noatime,compress,noacl 0 2
OPTIMALKAN juga kernelnya :
default FD 1024
cek di console
# ulimit -n
cara merubah :
# ulimit -HSn 65536
# echo "root soft nofile 65536" >> /etc/security/limits.conf
# echo "root hard nofile 65536" >> /etc/security/limits.conf
# nano /etc/pam.d/common-session
session required pam_limits.so
# modprobe ip_conntrack
kemudian tambahkan ip_contrack di /etc/modules
# nano /etc/modules
Tambahkan kalimat berikut :
ip_conntrack
DNS Unbound High Performance
apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*
sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)
# nano
| Quote: |
| server: verbosity: 1 statistics-interval: 120 statistics-cumulative: yes num-threads: 1 interface: 0.0.0.0 outgoing-range: 512 num-queries-per-thread: 1024 msg-cache-size: 16m rrset-cache-size: 32m msg-cache-slabs: 4 rrset-cache-slabs: 4 cache-max-ttl: 86400 infra-host-ttl: 60 infra-lame-ttl: 120 infra-cache-numhosts: 10000 infra-cache-lame-size: 10k do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes do-daemonize: yes #access-control: 0.0.0.0/0 allow access-control: 192.168.0.0/16 allow access-control: 172.16.0.0/12 allow access-control: 10.0.0.0/8 allow access-control: 127.0.0.0/8 allow access-control: 0.0.0.0/0 refuse chroot: "/etc/unbound" username: "unbound" directory: "/etc/unbound" #logfile: "/etc/unbound/unbound.log" #use-syslog: yes logfile: "" use-syslog: no pidfile: "/etc/unbound/unbound.pid" root-hints: "/etc/unbound/named.cache" identity: "DNS" version: "1.4" hide-identity: yes hide-version: yes harden-glue: yes do-not-query-address: 127.0.0.1/8 do-not-query-localhost: yes module-config: "iterator" #zone localhost local-zone: "localhost." static local-data: "localhost. 10800 IN NS localhost." local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local-data: "localhost. 10800 IN A 127.0.0.1" local-zone: "127.in-addr.arpa." static local-data: "127.in-addr.arpa. 10800 IN NS localhost." local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800" local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost." #zone zoky.net local-zone: "zoky.net." static local-data: "zoky.net. 86400 IN NS ns1.zoky.net." local-data: "zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604800 86400" local-data: "zoky.net. 86400 IN A 192.168.2.2" local-data: "www.zoky.net. 86400 IN A 192.168.2.2" local-data: "ns1.zoky.net. 86400 IN A 192.168.2.2" local-data: "mail.zoky.net. 86400 IN A 192.168.2.2" local-data: "zoky.net. 86400 IN MX 10 mail.zoky.net." local-data: "zoky.net. 86400 IN TXT v=spf1 a mx ~all" local-zone: "2.168.192.in-addr.arpa." static local-data: "2.168.192.in-addr.arpa. 10800 IN NS zoky.net." local-data: "2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000" local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net." forward-zone: name: "." forward-addr: 116.254.99.254 forward-addr: 202.134.0.155 forward-addr: 203.130.196.5 forward-addr: 8.8.8.8 forward-addr: 8.8.4.4 forward-addr: 208.67.222.222 forward-addr: 208.67.220.220 remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: "/etc/unbound/unbound_server.key" server-cert-file: "/etc/unbound/unbound_server.pem" control-key-file: "/etc/unbound/unbound_control.key" control-cert-file: "/etc/unbound/unbound_control.pem" |
lalu save di /etc/unbound/unbound.conf
forward-zone: sesuaikan dengan DNS ISP anda
cek configure unbound :
# unbound-checkconf /etc/unbound/unbound.conf
edit file di /etc/resolv.conf :
# nano /etc/resolv.conf
nameserver 127.0.0.1
edit file /etc/network/interfaces
# nano /etc/network/interfaces
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
untuk cek apakah d jalan :
# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53
2.2.168.192.in-addr.arpa name = zoky.net
# nslookup zoky.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: Q.net
Address: 192.168.2.2
Untuk monitor :
# unbound-control stats
# sudo unbound-control stats | tail -16
# sudo apt-get update
# sudo apt-get install squid squidclient squid-cgi
# nano /etc/default/squid
SQUID_MAXFD=8192
# sudo apt-get install gcc
# grep -E "#define\W+__FD_SETSIZE" /usr/include/*.h /usr/include/*/*.h
# nano /usr/include/linux/posix_types.h
#define __FD_SETSIZE 65536
# nano /usr/include/bits/typesizes.h
#define __FD_SETSIZE 65536
# nano /etc/pam.d/login
Session required /lib/security/pam_limits.so
# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9
3.Download SQUID
# wget http://untuk-kita-semua.googlecode.com/files/squid-2.7.STABLE9%2Bpatch.tar.gz
lalu ekstrak :masuk ke foldernya :
# tar xvf squid-2.7.STABLE9+patch.tar.gz
# cd squid-2.7.STABLE9
ok..!! sekarang dimulai tahap compile nya :
cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai
Link untuk mengetahui CHOST dan CFLAGS ;
# untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
# untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
sebagai contoh saya menggunakan amd x2 7750 BE :
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536
selanjutnya, ketik perintah berikut di terminal ubuntu :
# make
# sudo make install
Edit squid.conf
agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10
#copy file squid yg di download tadi ke /etc/init.d/
# sudo cp /home/proxyku/squid /etc/init.d/
jgn lupa di :
#sudo chmod +x /etc/init.d/squid
# stop dulu squidnya :
sudo /etc/init.d/squid stop
#copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid ----> edit sesuai network juragan
sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid
4. Langkah selanjutnya
# Memberikan permission pada folder cache
chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :
squid -f /etc/squid/squid.conf -z
# Restart squid
sudo /etc/init.d/squid restart
# nano /etc/sysctl.conf
| Quote: |
| fs.file-max=65536 vm.drop_caches = 3 vm.swappiness = 3 net.netfilter.nf_conntrack_acct= 1 net.ipv4.netfilter.ip_conntrack_max = 16777216 net.ipv4.tcp_keepalive_time = 60 net.ipv4.tcp_keepalive_intvl = 10 net.ipv4.tcp_keepalive_probes = 6 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_sack = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_max_tw_buckets = 1440000 net.ipv4.ip_local_port_range = 16384 65535 net.core.rmem_max=16777216 net.core.wmem_max=16777216 net.ipv4.tcp_rmem=4096 87380 16777216 net.ipv4.tcp_wmem=4096 65536 16777216 net.ipv4.tcp_fin_timeout = 3 net.core.netdev_max_backlog = 30000 net.ipv4.tcp_no_metrics_save=1 net.core.somaxconn = 262144 net.ipv4.tcp_syncookies = 0 net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 4294967295 kernel.shmall = 268435456 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 |
setelah di save, baru di sysctl -p
catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja
Reboot CPU nya...[
tambahan :
Menghitung memory yang sedang digunakan oleh aplikasi di Linux :
# wget http://www.pixelbeat.org/scripts/ps_mem.py
# chmod +x ps_mem.py
# ./ps_mem.py
Install Squidmon :
# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py
untuk monitor squid :
# cat /var/log/squid/access.log | ./squidmon.py
# cat /var/log/squid/access.log | python squidmon.py
MEMBUAT SQUIDSTATS
1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e 'install Config::IniFiles'
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi
Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80
Untuk memonitor SQUID :
sudo /etc/init.d/squid stop
sudo /etc/init.d/squid restart
/etc/init.d/unbound restart
unbound-control stats
sudo unbound-control stats | tail -16
squidclient mgr:info
squidclient mgr:client_list
tail -f /var/log/squid/access.log
tail -f /var/log/squid/cache.log
tail -n 80 /var/log/squid/cache.log
squidclient mgr:storedir
cat /var/log/squid/access.log | ./squidmon.py
cat /var/log/squid/access.log | python squidmon.py
http://192.168.2.2/squidstats/graph-summary.cgi
./ps_mem.py
credit to teukurizal
http://forummikrotik.com
