Instalasi Squid High Performance di FreeBSD 6.3

Summary:Squid merupakan salah satu Proxy server yang mempunyai kemampuan untuk menghemat bandwidth, mencache web, meningkatkan keamanan dan mempercepat proses surfing web. Squid merupakan software proxy yang banyak dipakai dan dapat diperoleh secara gratis. Squid juga dapat digunakan untuk mengendalikan pemakaian bandwidth berdasarkan ekstensi file-file tertentu, menyaring situs-situs yang boleh diakses.

Sebelum kita melakukan instalasi, siapkan dulu 1 bungkus rokok A MILD dan segelas kopi panas... Yuk'z kita mulai,baca basmalah dulu ya... Ini dia langkah-langkahnya:
1. Kompile dulu kernel FreeBSD anda, tambahin baris spt dibawah ini:

 

## Tunning Squid
options     SYSVMSG        # SYSV-style message queues
options     SYSVSHM        # SYSV-style shared memory
options         MSGMNB=16384
options         MSGMNI=41
options         MSGSEG=2049
options         MSGSSZ=64
options         MSGTQL=512
options         SHMSEG=16
options         MAXFILES=8192
#options        NMBCLUSTERS=32768
options         VFS_AIO
options         SEMMSL=100
options         SEMMNS=32000
options         SEMOPM=100
options         SEMMNI=100
options         SHMMAX=1073741824
options         SHMMNI=128
options         SHMALL=16384
## Firewall 
options         IPFILTER
options         IPFILTER_LOG 
#options        IPFILTER_DEFAULT_BLOCK
options         IPFIREWALL 
options         IPFIREWALL_DEFAULT_TO_ACCEPT 
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=100 
options         IPDIVERT 
options         IPFIREWALL_FORWARD
options         IPV6FIREWALL
options         IPV6FIREWALL_VERBOSE
options         IPV6FIREWALL_VERBOSE_LIMIT=100
options        IPV6FIREWALL_DEFAULT_TO_ACCEPT
#options         IPFIREWALL_FORWARD_EXTENDED  
#options         RANDOM_IP_ID    # pf option
## PF Device Enable
device          pf
device          pflog
device          pfsync
device          carp

 

2. Setelah kompile kernel berhasil, langkah selanjutnya install squid --> Lewat Port aj ya.. Biar gampang and weenak

#cd /usr/ports/www/squid3/
#make config --> ini bertujuan untuk pilihan install squidnya maunya ntar kayak ap
#make install clean

 

unggu aj bentar, berdoa aj muga2 lancar
3. Setelah langkah 1 dan 2 berhasil, langsung aj nih kita buat squid.conf-nya

 

#cd /usr/local/squid
#touch squid.conf

 

ini dia contoh squid.conf ku

 

#=======================================================================$
# S Q U I D P R O X Y KONFIGURASI titikmaya V 1
# By : titikmaya
# Tested on Squid STABLE ver.3 STABLE4
# Last update : Mei , 18 2008
#=======================================================================$
#=======================================================================$
# NETWORK OPTIONS
#=======================================================================$
http_port 10.14.207.1:8080 transparent
icp_port 3130
snmp_port 3401
#========================================================================$
# hierarchy_stoplist
#========================================================================$
hierarchy_stoplist cgi-bin ? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
acl QUERY urlpath_regex cgi-bin ? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
no_cache deny QUERY
#========================================================================$
# OPTIONS WHICH AFFECT THE NEIGHBOUR SELECTION ALGORITHM
#========================================================================$
dead_peer_timeout 30 seconds
icp_query_timeout 0
maximum_icp_query_timeout 9000
mcast_icp_query_timeout 9000
log_icp_queries on
peer_connect_timeout 30 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ? 
no_cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#=======================================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#=======================================================================$
cache_mem 500 MB
cache_swap_low 98%
cache_swap_high 99%
maximum_object_size 1024 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 8 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
high_memory_warning 120 MB
#======================================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#======================================================================$
cache_dir ufs /cache1 640000  16  256
cache_dir ufs /cache2 640000  16  256
cache_dir ufs /cache3 640000  16  256
logformat combined [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
cache_access_log /var/log/squid/access.log
cache_log /dev/null
cache_store_log /dev/null
store_dir_select_algorithm round-robin
pid_filename /usr/local/squid/var/logs/squid.pid
coredump_dir /tmp
mime_table /usr/local/squid/etc/mime.conf
log_fqdn off
buffered_logs on
#============================================================$
# Transparent proxy setting
#============================================================$
httpd_accel_host virtual
httpd_accel_port 80 
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_no_pmtu_disc on
httpd_accel_single_host off
half_closed_clients off
log_ip_on_direct on
emulate_httpd_log on
httpd_suppress_version_string on
dns_nameservers 127.0.0.1 10.14.207.1
#============================================================$
# FTP section
#============================================================$
ftp_passive on
ftp_sanitycheck on
#=====================================================================$
# MISCELLANEOUS
#=====================================================================$
logfile_rotate 3
digest_generation on
digest_bits_per_entry 10
digest_rebuild_period 30 minute
digest_rewrite_period 30 minute
digest_swapout_chunk_size 6000 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
vary_ignore_expire on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
memory_pools off
forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 5
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 50
netdb_low 900
netdb_high 1000
netdb_ping_period 1 minutes
query_icmp on
test_reachability off
reload_into_ims on
high_page_fault_warning 10
high_response_time_warning 2000
client_persistent_connections on
server_persistent_connections on
negative_ttl 1 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 10 minutes
range_offset_limit 0 KB
half_closed_clients off
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
cachemgr_passwd proxy all
announce_period 7 day
ie_refresh off
miss_access allow all
#=====================================================================$
# GENERAL
#=====================================================================$
cache_mgr not_to_be_disturbed
client_db on
collapsed_forwarding on
detect_broken_pconn on
dns_defnames on
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
half_closed_clients off
ignore_unknown_nameservers on
retry_on_error on
strip_query_terms off
uri_whitespace strip
ident_lookup_access deny all
#=====================================================================$
# TIMEOUT
#=====================================================================$
forward_timeout 30 seconds
connect_timeout 30 seconds
read_timeout 30 seconds
request_timeout 30 seconds
persistent_request_timeout 1 minute
client_lifetime 20 hours
#=====================================================================$
# ADMINISTRATIVE PARAMETERS
#=====================================================================$
cache_mgr admin@titikmaya.com #Alamat e-mail ini dilindungi dari spambot, anda harus memampukan JavaScript untuk melihatnya
cache_effective_user nobody
cache_effective_group nobody
visible_hostname http://www.titikmaya.com
#=======================================================================$
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#=======================================================================$
unlinkd_program /usr/local/squid/libexec/squid/unlinkd
pinger_program /usr/local/squid/libexec/squid/pinger
#=======================================================================$
# ACCESS CONTROLS
#=======================================================================$
acl all src 0.0.0.0/0.0.0.0
acl localnet src 192.168.0.0/16
acl our_networks src 192.168.0.0/16
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl lan src 192.168.0.0/16
#=====================================================================$
# ACL Different access 
#=====================================================================$
acl SSL_ports port 443 563     # https,snews
acl Safe_ports port 448   
acl Safe_ports port 80         # http
acl Safe_ports port 21         # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70         # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 5000-5200  # yahoomessenger
acl Safe_ports port 6666-6669  # mirc
acl Safe_ports port 563        # snews
acl Safe_ports port 808
acl Safe_ports port 873        # rsync
acl Safe_ports port 901        # SWAT
acl Safe_ports port 631        # CUPS
always_direct allow localnet localhost our_networks 
always_direct deny all
acl CONNECT method CONNECT
acl purge method PURGE
acl snmp snmp_community snmpcomunity
acl manager proto cache_object
acl avi urlpath_regex -i .avi$
acl mpeg urlpath_regex -i .m1v$ .mpeg$ .mpg$
acl mpeg_2 urlpath_regex -i .m2v$ .vob$
acl mpeg_audio urlpath_regex -i .mpa$ .mp2$ .mp3$ .aac$
acl dat urlpath_regex -i .dat$ .bin$
acl real urlpath_regex -i .ram$ .ra$ .rm$ .rnx$
acl asf urlpath_regex -i .asf$ .wma$ .asx$ .wmv$
acl vivo urlpath_regex -i .viv$ .vivo$
acl magic_words1 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar.bz2 .bz2 .rpm .zip .rar 
acl magic_words2 url_regex -i .avi .mpeg .mpe .mpg .qt .ram .rm .raw .wav .iso
no_cache deny avi
no_cache deny mpeg
no_cache deny mpeg_2
no_cache deny mpeg_audio
no_cache deny dat
no_cache deny real
no_cache deny asf
no_cache deny vivo
#=====================================================================$
# SQUID GUARD
#=====================================================================$
#redirect_program /usr/local/bin/squidGuard -c /usr/local/squid3/blocked/squidGuard/squidGuard.conf
#redirect_children 10
#=======================================================================$
# Acl B L O C K I N G B A D W E B S I T E
#=======================================================================$
#acl adult dstdom_regex "/usr/local/squid/blocked/adult.txt"
#acl adult dstdom_regex "/usr/local/squid/blocked/adult.txt"
#acl sex dstdom_regex "/usr/local/squid/blocked/sex.txt"
#acl porn dstdom_regex "/usr/local/squid/blocked/porn.txt"
#=======================================================================$
# Access Denied
#=======================================================================$
http_access deny !Safe_ports
http_access allow CONNECT
#http_access deny adult 
#http_access deny sex
#http_access deny porn
#========================================================================$
# INTERNET ACCESS --- Check This Out
#========================================================================$
http_access allow manager all 
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow all
http_access allow localhost
http_access allow localnet
http_access allow our_networks
http_access lan
http_access deny all
icp_access allow all
icp_access allow localhost
icp_access allow localnet
icp_access allow our_networks
icp_access allow lan
icp_access deny all
#=========================================================================$
#          SNMP - MRTG Setting                               
#=========================================================================$
snmp_access allow snmp localhost
snmp_access deny all
#=========================================================================$
#          ANONYMOUS                        
#=========================================================================$
#header_access From deny all
#header_access Referer deny all
#header_access Server deny all
#header_access User-Agent deny all
#header_access Link deny all
#header_replace User-Agent ogeb browser , Version 1.1.0
#header_access Accept-Encoding deny all
#header_access X-Forwarded-For deny all
#header_access Via deny all
#httpd_accel_single_host off
#=========================================================================$
#         METHOD ALLOWED
#=========================================================================$
acl Safe_method method CONNECT GET HEAD POST
http_access deny !Safe_method
#=========================================================================$
#          ALLOW REPLIES TO CLIENT REQUEST
#=========================================================================$
http_reply_access allow all
reply_body_max_size 0 allow all
#=========================================================================$
#          HEADER RE-WRITE
#=========================================================================$
# header_replace Accept */*
# header_replace Accept-Encoding gzip
# header_replace Accept-Language en
header_replace User-Agent OurBrowser/1.0 (Some Name)
#=======================================================================$
# HEADER LIST ( DENY all -> ALLOW listed )      
#=======================================================================$
header_access Accept allow all
header_access Accept-Encoding deny all
header_access Accept-Language allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Disposition allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Location allow all
header_access Content-Range allow all
header_access Content-Type allow all
header_access Cookie allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Location allow all
header_access Range allow all
header_access Referer allow all
header_access Set-Cookie allow all
header_access WWW-Authenticate allow all
header_access All deny all
#=========================================================================$
#          TUNNING SQUID         
#=========================================================================$
#wais_relay_port 0
redirect_rewrites_host_header on
request_header_max_size 20 KB
request_body_max_size 0 MB
#==========================================================================$
#         REFRESH PATTERN
#==========================================================================$
refresh_pattern ^http://    1440    20%    10080
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .              0    20%    4320
refresh_pattern -i .(swf|png|jpg|jpeg|bmp|tiff|gif) 43200 90% 129600
refresh_pattern -i .(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 override-lastmod reload-into-ims
refresh_pattern -i .(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-ims override-lastmod
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i .(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.plasa.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 90% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
quick_abort_min 128 KB
quick_abort_max 4096 KB
quick_abort_pct 75
#================================================================================$
#Batasan Download Untuk User titikmaya
#================================================================================$
bigger than 25MB = 25000 X 1024byte = 25600000 byte
reply_body_max_size 25600000
allow magic_words1 magic_words2

 

 

squid.conf ini hasil dari pencarian di
http://google.com
http://harrychanputra.wordpress.com/ http://www.infolinux.web.id
http://indofreebsd.or.id (Greates Community FreeBSD in My Country,bravo FreeBSD Indonesia I Love You :) )
4. Setelah selesai, jalanin squid nya

 

#man squid ---> untuk mengetahui opsi2 menjalankan squid
  #squid -z
  #squid -DFY
  #ps -ax | grep squid ---> untuk melihat squidnya udah jalan apa belum
  #tail -f /var/log/squid/access_log (sesuaikan dgn letak  log squidnya ya... Lihat lognya kalau udah jalan)

 

 

sumber : http://www.ittelkom.ac.id

Artikel Terkait:

0 comments:

Post a Comment

 
© 2009 - The Inspitarion Of Weblog | Free Blogger Template designed by Choen

Home | Top

/* Google Analytics */ /* navigasi page number */