Panduan Menginstall Squid Proxy Untuk 1 HDD 500 GB dan Ke Bawahnya

1. Partisi dibagi 3 ( swap = 10GB / root = 40GB / cache = sisa )

2. Setelah installasi OS selesai lakukan command dibawah ini :

Update Paket ke Mirror Indonesia
masuk ke direktori apt ( cd /etc/apt/ )
delete sources.list
download :

#Ubuntu
wget https://gemaroprek.com/xdatax/proksi/sources.list
#Debian
wget https://gemaroprek.com/xdatax/proksi/sources.list_ubuntu

kemudian update paket list :

#aptitude update
#aptitude safe-upgrade
#apt-get install ssh openssh-server vim-nox squid wget traceroute autoconf automake subversion make build-essential sharutils gcc cpp ccze squidclient
#chown -R proxy:proxy /cache/
#chown -R proxy:proxy /etc/squid/storeurl.pl

3. Masuk directory squid (cd /etc/squid )

delete squid.conf (rm squid.conf)
download config squid baru dari https://gemaroprek.com/xdatax/proksi/ (jangan dari tempat lain/ link diprivate, silahkan komentar untuk request) dengan command :

#wget https://gemaroprek.com/xdatax/proksi/common.conf
#wget https://gemaroprek.com/xdatax/proksi/ext-gamepatch.acl
#wget https://gemaroprek.com/xdatax/proksi/mime.conf
#wget https://gemaroprek.com/xdatax/proksi/squid.conf

4. edit squid.conf (nano /etc/squid/squid.conf atau vi /etc/squid/squid.conf)

Yang harus di edit di squid.conf :

cache_dir aufs /cache 76595 184 256

76595 = kapasitas avail /cache * 20% (command liat kapasitas hdd : df -ha)

contoh :

root@squid:/etc/squid# df -ha
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 56G 16G 37G 30% /
proc 0 0 0 - /proc
none 0 0 0 - /sys
none 0 0 0 - /sys/fs/fuse/connections
none 0 0 0 - /sys/kernel/debug
none 0 0 0 - /sys/kernel/security
none 998M 212K 998M 1% /dev
none 0 0 0 - /dev/pts
none 1003M 0 1003M 0% /dev/shm
none 1003M 40K 1003M 1% /var/run
none 1003M 0 1003M 0% /var/lock
none 1003M 0 1003M 0% /lib/init/rw
/dev/sda3 395G 431M 374G 1% /cache

Ambil Avail space di /cache

kapasitas di avail /cache 374 * 1024 = 382976 (konversi ke MB)
382976 * 20% = 76595 MB

184 = cache directory yg dibuat dgn rumus :

76595 * 1024 (konversi ke KB) = 78433280 KB
78433280 / 13 (average object size) / 256 / 256 * 2 = 184

hasil : cache_dir aufs /cache 76595 184 256

visible_hostname squid@warnet.net <= ganti ke nama warnet

setelah semua di save (squid.conf)
matikan squid nya dengan command : stop squid atau /etc/init.d/squid stop

5. edit rc.local dengan command :
nano /etc/rc.local atau vi /etc/rc.local
dan tambahkan diantara exit 0 :

sysctl -w net.ipv4.ip_forward=1

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8185

rm /var/log/squid/*.log.*
rm /var/log/*.gz
rm /var/log/*.0
rm /var/log/*.1
rm /var/log/*.2

contoh :

root@squid:/etc/squid# vi /etc/rc.local

 

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

sysctl -w net.ipv4.ip_forward=1

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8185

rm /var/log/squid/*.log.*
rm /var/log/*.gz
rm /var/log/*.0
rm /var/log/*.1
rm /var/log/*.2

exit 0

6. Patch LUSCA
pindah ke directory dengan command : cd /usr/local/src

Baca juga:  Cara Backup file dan folder dengan Tar

download patch Lusca dengan command :

#wget https://gemaroprek.com/xdatax/proksi/LUSCA_HEAD-r14809.tar.gz

Ekstrak dengan command :

#tar -zxvf LUSCA_HEAD-r14809.tar.gz

kemudian masuk ke direktori LUSCA dengan command :

#cd LUSCA_HEAD-r14809

Konfigure dan install dengan command :

./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio -with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536

 

#make
#make install
jalankan perintah di atas satu per satu

lanjutkan dengan command :

#squid -z (rebuilding cache dir)

7. edit dan tambahkan config (baris paling bawah) di /etc/security/limits.conf dengan command vi/nano /etc/security/limits.conf

* - nofile 65535
* soft nofile 65535
* hard nofile 65535

contoh :

# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#
#
#Where:
# can be:
# – an user name
# – a group name, with @group syntax
# – the wildcard *, for default entry
# – the wildcard %, can be also used with %group syntax,
# for maxlogin limit
# – NOTE: group and wildcard limits are not applied to root.
# To apply a limit to the root user, must be
# the literal username root.
#
# can have the two values:
# – “soft” for enforcing the soft limits
# – “hard” for enforcing hard limits
#
# can be one of the following:
# – core – limits the core file size (KB)
# – data – max data size (KB)
# – fsize – maximum filesize (KB)
# – memlock – max locked-in-memory address space (KB)
# – nofile – max number of open files
# – rss – max resident set size (KB)
# – stack – max stack size (KB)
# – cpu – max CPU time (MIN)
# – nproc – max number of processes
# – as – address space limit (KB)
# – maxlogins – max number of logins for this user
# – maxsyslogins – max number of logins on the system
# – priority – the priority to run user process with
# – locks – max number of file locks the user can hold
# – sigpending – max number of pending signals
# – msgqueue – max memory used by POSIX message queues (bytes)
# – nice – max nice priority allowed to raise to values: [-20, 19]
# – rtprio – max realtime priority
# – chroot – change root to directory (Debian-specific)
#
#
#

#* soft core 0
#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp – chroot /ftp
#@student – maxlogins 4
* – nofile 65535
* soft nofile 65535
* hard nofile 65535
# End of file

8. edit /usr/include/bits/typesizes.h dengan command vi/nano /usr/include/bits/typesizes.h :

#define __FD_SETSIZE 65535/

contoh :

/* bits/typesizes.h — underlying types for *_t. Generic version.
Copyright (C) 2002, 2003 Free Software Foundation, Inc.
This file is part of the GNU C Library.

The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */

#ifndef _BITS_TYPES_H
# error “Never include <bits/typesizes.h> directly; use <sys/types.h> instead.”
#endif

#ifndef _BITS_TYPESIZES_H
#define _BITS_TYPESIZES_H 1

/* See <bits/types.h> for the meaning of these macros. This file exists so
that <bits/types.h> need not vary across different GNU platforms. */

#define __DEV_T_TYPE __UQUAD_TYPE
#define __UID_T_TYPE __U32_TYPE
#define __GID_T_TYPE __U32_TYPE
#define __INO_T_TYPE __ULONGWORD_TYPE
#define __INO64_T_TYPE __UQUAD_TYPE
#define __MODE_T_TYPE __U32_TYPE
#define __NLINK_T_TYPE __UWORD_TYPE
#define __OFF_T_TYPE __SLONGWORD_TYPE
#define __OFF64_T_TYPE __SQUAD_TYPE
#define __PID_T_TYPE __S32_TYPE
#define __RLIM_T_TYPE __ULONGWORD_TYPE
#define __RLIM64_T_TYPE __UQUAD_TYPE
#define __BLKCNT_T_TYPE __SLONGWORD_TYPE
#define __BLKCNT64_T_TYPE __SQUAD_TYPE
#define __FSBLKCNT_T_TYPE __ULONGWORD_TYPE
#define __FSBLKCNT64_T_TYPE __UQUAD_TYPE
#define __FSFILCNT_T_TYPE __ULONGWORD_TYPE
#define __FSFILCNT64_T_TYPE __UQUAD_TYPE
#define __ID_T_TYPE __U32_TYPE
#define __CLOCK_T_TYPE __SLONGWORD_TYPE
#define __TIME_T_TYPE __SLONGWORD_TYPE
#define __USECONDS_T_TYPE __U32_TYPE
#define __SUSECONDS_T_TYPE __SLONGWORD_TYPE
#define __DADDR_T_TYPE __S32_TYPE
#define __SWBLK_T_TYPE __SLONGWORD_TYPE
#define __KEY_T_TYPE __S32_TYPE
#define __CLOCKID_T_TYPE __S32_TYPE
#define __TIMER_T_TYPE void *
#define __BLKSIZE_T_TYPE __SLONGWORD_TYPE
#define __FSID_T_TYPE struct { int __val[2]; }
#define __SSIZE_T_TYPE __SWORD_TYPE

/* Number of descriptors that can fit in an `fd_set’. */
#define __FD_SETSIZE 65535

9. edit /etc/default/squid dengan command vi/nano /etc/default/squid

SQUID_MAXFD=65535

contoh:

#
# /etc/default/squid Configuration settings for the Squid proxy server.
#

# Max. number of filedescriptors to use. You can increase this on a busy
# cache to a maximum of (currently) 65536 filedescriptors. Default is 1024.
SQUID_MAXFD=65535

10. Restart pc squidnya kemudian di coba.

Baca juga:  Mengenal Istilah Wireless LAN

11. liat file descriptor di squid brubah tidak (pake command)

#squidclient -p 8185 mgr:info | grep 'file descri'
#squidclient -p 8185 mgr:utilization

Untuk Lebih dari 1 HDD & 1 HDD 500 GB Ke Atas

sama seperti diatas, hanya cache dir nya dibuat menjadi cache1 cache2 dan seterusnya.

contoh untuh hdd 1 TB : Partisi dibagi 7 :

swap = 10GB
root = 40GB
cache1 = 200GB
cache2 = 200GB
cache3 = 200GB
cache4 = 200GB
cache5 = sisa

Hasil :

# cache_dir
cache_dir aufs /cache1 39321 92 256
cache_dir aufs /cache2 39321 92 256
cache_dir aufs /cache3 39321 92 256
cache_dir aufs /cache4 39321 92 256
cache_dir aufs /cache5 39321 92 256

Kenapa harus di bagi sampai 7 partisi ?
karena maksimum kedalaman directory itu 256, jadi kalo 1 TB HDD di jadikan satu partisi cachenya hasilnya tidak optimal.

(kalau kurang mengerti tolong ditanyakan ke Saya)

Konfigurasi Mikrotik

Mikrotik Versi 2.9 ( PC Router )

copy perintah berikut dan jalankan di terminal

/ip firewall mangle add chain=output content="X-Cache: HIT" action=mark-connection new-connection-mark=proxy-con passthrough=yes comment="Mark Proxy HIT" disabled=no

/ip firewall mangle add chain=output connection-mark=proxy-con action=mark-packet new-packet-mark=proxy-pkt passthrough=no comment="" disabled=no

/queue simple add name="proxy-HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=proxy-pkt priority=8 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=no

1 Comments

Write a Comment

Your email address will not be published.

17 − eleven =

%d bloggers like this: