14 November 2013

[SERVER] High Performance Cache HIT HTTPS Proxy Lusca on Ubuntu Server 12.04

[SERVER] High Performance Cache HIT HTTPS Proxy Lusca on Ubuntu Server 12.04

VIDEO TUTORIAL INSTALL UBUNTU SERVER 12.04


1. Paket Install yang di Butuhkan:

root@proxy:~# apt-get update
root@proxy:~# apt-get install squid -y
root@proxy:~# apt-get install squid squidclient squid-cgi -y
root@proxy:~# apt-get install gcc -y
root@proxy:~# apt-get install build-essential -y
root@proxy:~# apt-get install sharutils -y
root@proxy:~# apt-get install ccze -y
root@proxy:~# apt-get install libzip-dev -y
root@proxy:~# apt-get install automake1.9 -y
2. Download File squid-3.HEAD-20130412-r12755.tar.gz dengan cara sebagai berikut:
  • Download “wget http://pakmin.googlecode.com/files/squid-3.HEAD-20130412-r12755.tar.gz”
  • Extract “tar xzvf squid-3.HEAD-20130412-r12755.tar.gz”
  • Masuk ke direktori “cd squid-3.HEAD-20130412-r12755″
3. Perintah Install Compile File squid-3.HEAD-20130412-r12755:
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid3 --sysconfdir=/etc/squid3 --localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --datadir=/usr/share/squid3 --infodir=/usr/share/info --mandir=/usr/share/man --disable-dependency-tracking --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --enable-icmp --enable-esi --enable-icap-client --disable-wccp --disable-wccpv2 --enable-kill-parent-hack --enable-cachemgr-hostname=TProxy --enable-ssl --enable-cache-digests --enable-linux-netfilter --enable-follow-x-forwarded-for --enable-x-accelerator-vary --enable-zph-qos --with-default-user=proxy --with-logdir=/var/log/squid3 --with-pidfile=/var/run/squid3.pid --with-large-files --enable-ltdl-convenience --with-filedescriptors=65536 --enable-ssl --enable-ssl-crtd --disable-auth --build=i486-linux-gnu build_alias=i486-linux-gnu

Ketik “make && make install
Selanjutnya tinggal pasang squid config yg di google code dan jangan lupa store-idnya juga jangan lupa untuk “apt-get install libfile-readbackwards-perl”
4. Setelah Compile File squid-3.HEAD-20130412-r12755 Buatlah Direktori Cache:
  • root@proxy:~# mkdir cache-1
  • root@proxy:~# mkdir cache-2
5. Kemudian diberi lebel proxy:proxy dan di beri permision:
root@proxy:~# chown proxy:proxy /cache-1
root@proxy:~# chown proxy:proxy /cache-2
6. Kemudain di beri permision:
root@proxy:~# chmod 777 /cache-1
root@proxy:~# chmod 777 /cache-2
7. Setelah selesai anda Download File >>--> squid.conf
root@proxy:~# chown proxy:proxy /etc/squid3/squid.conf
root@proxy:~# chmod 777 /etc/squid3/squid.conf 
8. Kemudian Buat Listing File storeurl Sebelumnya Download File >>-->  storeurl.pl
root@proxy:~# touch /etc/squid3/storeurl.pl
root@proxy:~# chown proxy:proxy /etc/squid3/storeurl.pl
root@proxy:~# chmod 777 /etc/squid3/storeurl.pl
9. Buka storeurl.pl dengan winscp dan isikan dengan Script storeurl.pl yang telah anda download
  • Kemudian pada menu Terminal pada software putty ketik " /etc/init.d/squid3 stop "
  • Masih pada menu Terminal pada software , copy-paste perintah di bawah satu-persatu
root@proxy:~# /etc/init.d/squid3 restart
10. Restart Komputer Kamu
  • Monitoring Squid access.log :
root@proxy:~# tail -f /var/log/squid3/access.log | ccze

=========================
PAKET INSTALL TAMBAHAN
=========================
  • Di mikrotik add bari di bawah ini
  • eth2 interface from client
  • eth3 interface from tproxy
/ip firewall mangle add action=mark-routing chain=prerouting disabled=no dst-port=80 \ in-interface=ether2 new-routing-mark=proxy passthrough=no protocol=tcp add action=mark-connection chain=prerouting disabled=no dst-port=80 \ in-interface=ether3 new-connection-mark=tproxy passthrough=yes protocol=\ tcp src-address=!172.16.1.2 add action=mark-routing chain=prerouting connection-mark=tproxy disabled=no \ in-interface=!ether3 new-routing-mark=proxy passthrough=no

# Di mesin Proxy Masukkan saja baris di bawah ini ke rc.local atau file untuk startup
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
# Ganti saja ip dengan ip proxy
iptables -t mangle -A PREROUTING -d 172.16.1.2/32 -p tcp --dport 80 -j ACCEPT
iptables -t mangle -A PREROUTING -d 172.16.1.2/32 -p tcp --dport 3128 -j ACCEPT
iptables -t mangle -A PREROUTING ! -d 172.16.1.2/32 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
# don't forget to add option "tproxy" to http_port on your squid
Selamat Mencoba dan Semoga Berhasil :D
squid.conf dan  storeurl.pl  untuk squid3

squid.conf dan storeurl.pl untuk squid3

squid3.conf


storeurl.pl