Seorang Teknisi Jaringan yang pernah berkecimpung di Internet Service Provider (ISP) dan akhirnya memutuskan diri untuk menjadi freelancer yang berdomisili di Solo, Surakarta Hadiningrat.
Melayani jasa pasang Internet berbasis Wireless maupun Fiber Optic, Jasa Pasang Tower/Pipa, Pointing Wireless, Setting Router, CCTV, Hotspot, Proxy, Web Server, Network Managed dan Monitoring
Berbagai saran, kritikan, keluhan dan masukan akan sangat berarti bagi saya. Anda dapat menghubungi/whatsapp saya di nomor:08564-212-8686 atau melalui BBM:2128686
Paket yang Dibutuhkan :
untuk lusca r14809 : http://untuk-kita-semua.googlecode.com/files/SQUID%202%20LUSCA.zipUntuk lusca FMI : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip
Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/…rver-amd64.iso
Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB
1. Partisi HDD
Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache
2. Install Paket
OPTIMALKAN partisi btrfs nya :
# lsmod |grep -i btrfs
# nano /etc/fstab
/cache btrfs noatime,compress,noacl 0 2
OPTIMALKAN juga kernelnya :
default FD 1024
cek di console
# ulimit -n
cara merubah :
# ulimit -HSn 65536
# echo “root soft nofile 65536″ >> /etc/security/limits.conf
# echo “root hard nofile 65536″ >> /etc/security/limits.conf
# nano /etc/pam.d/common-session
session required pam_limits.so
# modprobe ip_conntrack
kemudian tambahkan ip_contrack di /etc/modules
# nano /etc/modules
Tambahkan kalimat berikut :
ip_conntrack
DNS Unbound High Performance
apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*
sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)
# nano
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 16m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse
chroot: “/etc/unbound”
username: “unbound”
directory: “/etc/unbound”
#logfile: “/etc/unbound/unbound.log”
#use-syslog: yes
logfile: “”
use-syslog: no
pidfile: “/etc/unbound/unbound.pid”
root-hints: “/etc/unbound/named.cache”
identity: “DNS”
version: “1.4″
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: “iterator”
#zone localhost
local-zone: “localhost.” static
local-data: “localhost. 10800 IN NS localhost.”
local-data: “localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800″
local-data: “localhost. 10800 IN A 127.0.0.1″
local-zone: “127.in-addr.arpa.” static
local-data: “127.in-addr.arpa. 10800 IN NS localhost.”
local-data: “127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800″
local-data: “1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.”
#zone bzoet.net
local-zone: “bzoet.net.” static
local-data: “bzoet.net. 86400 IN NS ns1. bzoet.net.”
local-data: “bzoet.net. 86400 IN SOA bzoet.net. hostmaster.bzoet.net. 3 3600 1200 604800 86400″
local-data: “bzoet.net. 86400 IN A 192.168.2.2″
local-data: “www.bzoet.net. 86400 IN A 192.168.2.2″
local-data: “ns1.bzoet.net. 86400 IN A 192.168.2.2″
local-data: “mail.bzoet.net. 86400 IN A 192.168.2.2″
local-data: “bzoet.net. 86400 IN MX 10 mail.bzoet.net.”
local-data: “bzoet.net. 86400 IN TXT v=spf1 a mx ~all”
local-zone: “2.168.192.in-addr.arpa.” static
local-data: “2.168.192.in-addr.arpa. 10800 IN NS bzoet.net.”
local-data: “2.168.192.in-addr.arpa. 10800 IN SOA bzoet.net. hostmaster.bzoet.net. 4 3600 1200 604800 864000″
local-data: “2.2.168.192.in-addr.arpa. 10800 IN PTR bzoet.net.”
forward-zone:
name: “.”
forward-addr: 192.168.2.1
forward-addr: 116.254.99.254
forward-addr: 202.134.0.155
forward-addr: 203.130.196.5
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: “/etc/unbound/unbound_server.key”
server-cert-file: “/etc/unbound/unbound_server.pem”
control-key-file: “/etc/unbound/unbound_control.key”
control-cert-file: “/etc/unbound/unbound_control.pem”
lalu save di /etc/unbound/unbound.conf
forward-zone: sesuaikan dengan DNS ISP anda
cek configure unbound :
# unbound-checkconf /etc/unbound/unbound.conf
edit file di /etc/resolv.conf :
# nano /etc/resolv.conf
nameserver 127.0.0.1
edit file /etc/network/interfaces
# nano /etc/network/interfaces
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
untuk cek apakah d jalan :
# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53
2.2.168.192.in-addr.arpa name = bzoet.net
# nslookup bzoet.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: B.net
Address: 192.168.2.2
Untuk monitor :
# unbound-control stats
# sudo unbound-control stats | tail -16
# sudo apt-get update
# sudo apt-get install squid
# nano /etc/default/squid
SQUID_MAXFD=8192
# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc
# grep -E “#define\W+__FD_SETSIZE” /usr/include/*.h /usr/include/*/*.h
# nano /usr/include/linux/posix_types.h
#define __FD_SETSIZE 65536
# nano /usr/include/bits/typesizes.h
#define __FD_SETSIZE 65536
# nano /etc/pam.d/login
Session required /lib/security/pam_limits.so
# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9
3.Download Lusca
download lusca r14809 lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
download lusca FMI lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_FMI.tar.gz
lalu ekstrak :masuk ke foldernya :
jika memakai lusca r14809 :
# tar xzvf LUSCA_HEAD-r14809.tar.gz
jika memakai lusca FMI :
# tar tar xzvf LUSCA_FMI.tar.gz
jika menggunakan lusca r14809 :
copy file imr.diff ke /home/proxyku dengan menggunakan winscp..
winscp bisa didownload di : 4shared.com /file/KlAfa3dQ/winscp428.html
kemudian copy dengan menggunakan putty…
putty bisa didownload di : 4shared.com /file/16tJyvlq/putty.html
# sudo cp /home/proxyku/imr.diff /home/proxyku/LUSCA_HEAD-r14809
masuk ke foldernya :
jika menggunakan lusca r14809 :
# cd LUSCA_HEAD-r14809/
@ patch dulo revalidate dgn cara : patch -p0 <>
jika menggunakan lusca FMI :
# cd LUSCA_FMI/
jika menggunakan lusca FMI di unbuntu 64 sebelum compile lakukan perintah ini didalam folder lusca FMI :
# make distclean
ok..!! sekarang dimulai tahap compile nya :
cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai
Link untuk mengetahui CHOST dan CFLAGS ;
# untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
# untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
sebagai contoh saya menggunakan amd x2 7750 BE :
CHOST=”x86_64-pc-linux-gnu” \
CFLAGS=”-march=amdfam10 -msse3 -O2 -pipe” \
./configure –prefix=/usr –exec_prefix=/usr –bindir=/usr/sbin –sbindir=/usr/sbin –libexecdir=/usr/lib/squid –sysconfdir=/etc/squid \
–localstatedir=/var/spool/squid –datadir=/usr/share/squid –enable-async-io=24 –with-aufs-threads=24 –with-pthreads –enable-storeio=aufs \
–enable-linux-netfilter –enable-arp-acl –enable-epoll –enable-removal-policies=heap –with-aio –with-dl –enable-snmp \
–enable-delay-pools –enable-htcp –enable-cache-digests –disable-unlinkd –enable-large-cache-files –with-large-files \
–enable-err-languages=English –enable-default-err-language=English –with-maxfd=65536
selanjutnya, ketik perintah berikut di terminal ubuntu :
# make
# sudo make install
Edit squid.conf
agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10
#copy file squid yg di download tadi ke /etc/init.d/
# sudo cp /home/proxyku/squid /etc/init.d/
jgn lupa di :
#sudo chmod +x /etc/init.d/squid
# stop dulu squidnya :
sudo /etc/init.d/squid stop
#copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid —-> edit sesuai network juragan
sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid
4. Langkah selanjutnya
# Memberikan permission pada folder cache
chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :
squid -f /etc/squid/squid.conf -z
# Restart squid
sudo /etc/init.d/squid restart
# nano /etc/sysctl.conf
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 16777216
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
setelah di save, baru di sysctl -p
catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja
Reboot CPU nya…
tambahan :
Menghitung memory yang sedang digunakan oleh aplikasi di Linux :
# wget http://www.pixelbeat.org/scripts/ps_mem.py
# chmod +x ps_mem.py
# ./ps_mem.py
Install Squidmon :
# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py
untuk monitor squid :
# cat /var/log/squid/access.log | ./squidmon.py
# cat /var/log/squid/access.log | python squidmon.py
MEMBUAT SQUIDSTATS
1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e ‘install Config::IniFiles’
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi
Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80
Untuk memonitor SQUID :
sudo /etc/init.d/squid stop
sudo /etc/init.d/squid restart
/etc/init.d/unbound restart
unbound-control stats
sudo unbound-control stats | tail -16
squidclient mgr:info
squidclient mgr:client_list
tail -f /var/log/squid/access.log
tail -f /var/log/squid/cache.log
tail -n 80 /var/log/squid/cache.log
squidclient mgr:storedir
cat /var/log/squid/access.log | ./squidmon.py
cat /var/log/squid/access.log | python squidmon.py
http://192.168.2.2/squidstats/graph-summary.cgi
./ps_mem.py
credit to teukurizal
http://forummikrotik.com
jika menggunakan lusca r14809 :
ReplyDeletecopy file imr.diff ke /home/proxyku dengan menggunakan winscp.
newbie gak paham neh mastah.... mohon pencerahan