IGOS Nusantara dan proxy server squid kompilasi: Perbedaan revisi
(→Konfigurasi squid.conf) |
(→Konfigurasi squid.conf) |
||
(37 revisi antara oleh pengguna yang sama tidak ditampilkan) | |||
Baris 1: | Baris 1: | ||
− | Optimasi squid dapat lebih ditingkatkan dengan melakukan kompilasi dari source squid. Berikut ini kompilasi untuk spesifikasi: | + | Optimasi squid dapat lebih ditingkatkan dengan melakukan kompilasi dari source squid. |
+ | |||
+ | == 1. Spesifikasi Server == | ||
+ | Berikut ini kompilasi squid untuk spesifikasi: | ||
# Sistem Operasi memakai IGOS Nusantara 2010 (Instal minimal) | # Sistem Operasi memakai IGOS Nusantara 2010 (Instal minimal) | ||
# Posesor Intel(R) Xeon(TM) CPU 3.00GHz | # Posesor Intel(R) Xeon(TM) CPU 3.00GHz | ||
# RAM 1 GB (yup memori masih kecil, harusnya update ke 4 GB) | # RAM 1 GB (yup memori masih kecil, harusnya update ke 4 GB) | ||
# Harddisk 2 x 80 GB SCSI | # Harddisk 2 x 80 GB SCSI | ||
− | # | + | #* Harddisk1: /dev/sda (untuk menyimpan sistem operasi) |
− | # | + | #* Harddisk2: /dev/sdb (untuk menyimpan cache squid) |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | === | + | == 2. Prasyarat untuk optimasi squid == |
− | + | Sebelum melakukan kompilasi squid, beberapa hal sudah selesai dikonfigurasi dan berfungsi denganbaik, yaitu: | |
+ | # Mengetahui skema jaringan, ada di: http://igos-nusantara.or.id/wiki/Skema_Jaringan | ||
+ | # Instal IGOS Nusantara sebagai server, memakai pilihan minimal/konsol, ada di: http://igos-nusantara.or.id/wiki/Instal_IGOS_Nusantara_minimal-konsol | ||
+ | # Memformat harddisk kedua, ada di: http://igos-nusantara.or.id/wiki/Memformat_harddisk_kedua | ||
+ | # Tuning file sistem, ada di: http://igos-nusantara.or.id/wiki/Tuning_file_sistem | ||
− | == | + | == 3. Kompilasi Squid == |
=== Pasang paket untuk kompilasi squid === | === Pasang paket untuk kompilasi squid === | ||
# yum -y install gcc | # yum -y install gcc | ||
Baris 115: | Baris 32: | ||
=== Buat group dan user === | === Buat group dan user === | ||
Group dan user yang akan dipakai untuk menjalankan squid dibuat dengan cara: | Group dan user yang akan dipakai untuk menjalankan squid dibuat dengan cara: | ||
− | + | # useradd squid -c "Squid Proxy" -M -d /cache/proxy1 -s /bin/false | |
− | # useradd squid -c "Squid Proxy" -d /cache/proxy1 -s /bin/false | + | |
=== Optimasi Kompilasi === | === Optimasi Kompilasi === | ||
Baris 137: | Baris 53: | ||
=== Parameter Kompilasi === | === Parameter Kompilasi === | ||
− | Paramater yang dipakai untuk kompilasi | + | Paramater yang dipakai untuk kompilasi sebagian disesuaikan dengan squid.spec yang ada squid-*-.src.rpm dari Fedora 13 (F13). Info: F13 adalah basis IGOS Nusantara 2010. Berikut penjelasan sebagian parameter yang akan dipakai saat kompilasi: |
* --enable-async-io untuk mengaktifkan asynchronous I/O dalam proses baca/tulis ke harddisk. Memakai 16 bila memakai satu harddisk jenis lama (buffer hanya 2 MB). Bila memakai harddisk model baru dengan buffer 8 MB, 16 MB atau 32 MB dapat memakai 32. | * --enable-async-io untuk mengaktifkan asynchronous I/O dalam proses baca/tulis ke harddisk. Memakai 16 bila memakai satu harddisk jenis lama (buffer hanya 2 MB). Bila memakai harddisk model baru dengan buffer 8 MB, 16 MB atau 32 MB dapat memakai 32. | ||
* --enable-useragent-log berguna agar squid mencatat useragent di entri log | * --enable-useragent-log berguna agar squid mencatat useragent di entri log | ||
Baris 158: | Baris 74: | ||
CXXFLAGS="${CFLAGS}" \ | CXXFLAGS="${CFLAGS}" \ | ||
./configure \ | ./configure \ | ||
− | --bindir=/usr/ | + | --bindir=/usr/bin \ |
--datadir=/usr/share \ | --datadir=/usr/share \ | ||
+ | --exec-prefix=/usr \ | ||
--includedir=/usr/include \ | --includedir=/usr/include \ | ||
− | -- | + | --infodir=/usr/share/info \ |
+ | --libexecdir=/usr/libexec \ | ||
--localstatedir=/var \ | --localstatedir=/var \ | ||
+ | --mandir=/usr/share/man \ | ||
--prefix=/usr \ | --prefix=/usr \ | ||
+ | --program-prefix= \ | ||
+ | --sbindir=/usr/sbin \ | ||
+ | --sharedstatedir=/var/lib \ | ||
--sysconfdir=/etc/squid \ | --sysconfdir=/etc/squid \ | ||
− | --disable-hostname-checks \ | + | --disable-auth \ |
+ | --disable-basic-auth-helpers \ | ||
+ | --disable-dependency-tracking \ | ||
+ | --disable-digest-auth-helpers \ | ||
+ | --disable-epoll \ | ||
+ | --disable-external-acl-helpers \ | ||
+ | --disable-hostname-checks \ | ||
+ | --disable-htcp \ | ||
--disable-ident-lookups \ | --disable-ident-lookups \ | ||
+ | --disable-ipv6 \ | ||
+ | --disable-linux-tproxy \ | ||
+ | --disable-negotiate-auth-helpers \ | ||
+ | --disable-ntlm-auth-helpers \ | ||
+ | --disable-snmp \ | ||
+ | --disable-translation \ | ||
--disable-wccp \ | --disable-wccp \ | ||
--disable-wccpv2 \ | --disable-wccpv2 \ | ||
+ | --enable-arp-acl \ | ||
+ | --enable-auth=basic,digest \ | ||
--enable-async-io=32 \ | --enable-async-io=32 \ | ||
--enable-cache-digests \ | --enable-cache-digests \ | ||
+ | --enable-cachemgr-hostname=localhost \ | ||
--enable-default-err-languages=English \ | --enable-default-err-languages=English \ | ||
--enable-delay-pools \ | --enable-delay-pools \ | ||
--enable-err-languages=English \ | --enable-err-languages=English \ | ||
+ | --enable-follow-x-forwarded-for \ | ||
--enable-gnuregex \ | --enable-gnuregex \ | ||
− | |||
--enable-icmp \ | --enable-icmp \ | ||
− | |||
--enable-linux-transparent \ | --enable-linux-transparent \ | ||
+ | --enable-linux-netfilter \ | ||
--enable-removal-policies=heap,lru \ | --enable-removal-policies=heap,lru \ | ||
− | |||
--enable-storeio=aufs \ | --enable-storeio=aufs \ | ||
--enable-underscores \ | --enable-underscores \ | ||
− | -- | + | --enable-useragent-log \ |
+ | --enable-zph-qos \ | ||
--with-aufs-threads=32 \ | --with-aufs-threads=32 \ | ||
+ | --with-default-user=squid \ | ||
--with-dl \ | --with-dl \ | ||
+ | --with-filedescriptors=32768 \ | ||
+ | --with-large-files \ | ||
+ | --with-logdir=/var/log/squid \ | ||
--with-maxfd=32768 \ | --with-maxfd=32768 \ | ||
+ | --with-pidfile=/var/run/squid.pid \ | ||
--with-pthreads | --with-pthreads | ||
Baris 196: | Baris 139: | ||
Ketik perintah | Ketik perintah | ||
− | # | + | # ls -l /usr/sbin/squid |
+ | -rwxr-xr-x 1 root root 2521209 Jan 29 13:30 /usr/sbin/squid | ||
− | == | + | # strip /usr/sbin/squid |
+ | |||
+ | # ls -l /usr/sbin/squid | ||
+ | -rwxr-xr-x 1 root root 2121976 Jan 29 13:31 /usr/sbin/squid | ||
+ | |||
+ | == 4. Konfigurasi == | ||
=== Konfigurasi squid.conf === | === Konfigurasi squid.conf === | ||
− | + | # localhost | |
− | + | acl manager proto cache_object | |
− | + | acl localhost src 127.0.0.1/32 | |
+ | acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 | ||
− | + | # Jaringan lokal yang boleh mengakses | |
+ | #acl ip-admin src 192.168.228.10/32 | ||
+ | #acl localnet src 10.0.0.0/8 | ||
+ | #acl localnet src 172.16.0.0/12 | ||
+ | acl localnet src 192.168.228.0/24 | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
acl SSL_ports port 443 563 # https, snews | acl SSL_ports port 443 563 # https, snews | ||
acl Safe_ports port 80 81 # http | acl Safe_ports port 80 81 # http | ||
Baris 234: | Baris 176: | ||
acl Safe_ports port 873 # rsync | acl Safe_ports port 873 # rsync | ||
acl Safe_ports port 901 # SWAT | acl Safe_ports port 901 # SWAT | ||
− | |||
acl CONNECT method CONNECT | acl CONNECT method CONNECT | ||
− | |||
+ | # Akses cachemgr hanya boleh dari localhost | ||
+ | # http_access allow manager ip-admin | ||
http_access allow manager localhost | http_access allow manager localhost | ||
http_access deny manager | http_access deny manager | ||
− | # | + | |
+ | # Tolak permintaan ke Safe_ports | ||
http_access deny !Safe_ports | http_access deny !Safe_ports | ||
+ | |||
+ | # Tolak CONNECT ke selain SSL ports | ||
http_access deny CONNECT !SSL_ports | http_access deny CONNECT !SSL_ports | ||
+ | http_access deny to_localhost | ||
+ | http_access allow localnet | ||
+ | http_access allow localhost | ||
− | # | + | # Terakhir: tolak yang lainnya untuk akses ke proxy |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
http_access deny all | http_access deny all | ||
− | |||
− | |||
− | + | http_port 3128 transparent | |
− | + | icp_port 3130 | |
− | + | ||
− | + | ||
− | + | max_filedescriptors 32768 | |
− | + | dns_nameservers 127.0.0.1 | |
− | + | ||
− | + | hierarchy_stoplist cgi-bin ? .js .jsp .awt | |
− | + | acl QUERY urlpath_regex cgi-bin \? localhost | |
+ | no_cache deny QUERY | ||
cache_mgr admin | cache_mgr admin | ||
Baris 272: | Baris 212: | ||
memory_replacement_policy heap LFUDA | memory_replacement_policy heap LFUDA | ||
cache_replacement_policy heap GDSF | cache_replacement_policy heap GDSF | ||
− | cache_dir aufs /cache/proxy1 50000 102 256 | + | |
− | + | # Ukuran 50GB untuk cache_dir (contoh memakai harddisk SCSI) | |
+ | # cache_dir aufs /cache/proxy1 50000 102 256 | ||
+ | cache_dir aufs /cache/proxy1 7500 16 256 | ||
+ | |||
+ | # cache_mem 256 MB | ||
+ | cache_mem 128 MB | ||
+ | |||
+ | minimum_object_size 0 KB | ||
+ | maximum_object_size 128 MB | ||
+ | maximum_object_size_in_memory 64 KB | ||
+ | |||
+ | cache_swap_low 98 | ||
+ | cache_swap_high 99 | ||
+ | |||
+ | #high_response_time_warning 2000 | ||
+ | #high_page_fault_warning 2 | ||
+ | #high_memory_warning 1900 MB | ||
+ | |||
mime_table /etc/squid/mime.conf | mime_table /etc/squid/mime.conf | ||
pid_filename /var/run/squid.pid | pid_filename /var/run/squid.pid | ||
− | #coredump_dir / | + | # coredump_dir /cache/proxy1/ |
coredump_dir none | coredump_dir none | ||
− | + | access_log /var/log/squid/access.log | |
− | + | cache_log /var/log/squid/cache.log | |
− | + | cache_store_log /var/log/squid/store.log | |
− | cache_log /dev/null | + | |
+ | #access_log none | ||
+ | #cache_log /dev/null | ||
#cache_store_log none | #cache_store_log none | ||
Baris 291: | Baris 250: | ||
client_netmask 255.255.255.255 | client_netmask 255.255.255.255 | ||
strip_query_terms off | strip_query_terms off | ||
− | + | ||
refresh_pattern windowsupdate.com/.*\.(cab|exe\dll) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private | refresh_pattern windowsupdate.com/.*\.(cab|exe\dll) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private | ||
refresh_pattern download.microsoft.com/.*\.(cab|exe\dll) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private | refresh_pattern download.microsoft.com/.*\.(cab|exe\dll) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private | ||
Baris 304: | Baris 263: | ||
positive_dns_ttl 60 seconds | positive_dns_ttl 60 seconds | ||
negative_dns_ttl 30 seconds | negative_dns_ttl 30 seconds | ||
− | store_avg_object_size | + | store_avg_object_size 16 KB |
vary_ignore_expire on | vary_ignore_expire on | ||
client_lifetime 2 hours | client_lifetime 2 hours | ||
half_closed_clients off | half_closed_clients off | ||
− | shutdown_lifetime | + | shutdown_lifetime 4 seconds |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
log_icp_queries off | log_icp_queries off | ||
icp_hit_stale on | icp_hit_stale on | ||
Baris 325: | Baris 280: | ||
reload_into_ims on | reload_into_ims on | ||
pipeline_prefetch on | pipeline_prefetch on | ||
− | + | ||
− | + | === Menyiapkan folder untuk squid === | |
− | + | mkdir -p /var/log/squid | |
+ | touch /var/log/squid/access.log | ||
+ | chmod 770 /var/log/squid | ||
+ | chown -R squid:root /var/log/squid | ||
+ | |||
+ | touch /var/run/squid.pid | ||
+ | mkdir -p /cache/proxy1 | ||
+ | chown -R squid:squid /cache/proxy1 | ||
+ | |||
+ | === Periksa Konfigurasi === | ||
+ | Konfigurasi squid.conf yang dibuat dapat diperiksa dengan: | ||
+ | # squid -k parse | ||
+ | |||
+ | 2011/01/28 02:43:07| Processing Configuration File: /etc/squid/squid.conf (depth 0) | ||
+ | 2011/01/28 02:43:07| Starting Authentication on port [::]:3128 | ||
+ | 2011/01/28 02:43:07| Disabling Authentication on port [::]:3128 (interception enabled) | ||
+ | 2011/01/28 02:43:07| Disabling IPv6 on port [::]:3128 (interception enabled) | ||
+ | 2011/01/28 02:43:07| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP | ||
+ | 2011/01/28 02:43:07| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP | ||
+ | 2011/01/28 02:43:07| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP | ||
+ | 2011/01/28 02:43:07| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP | ||
+ | 2011/01/28 02:43:07| WARNING: use of 'ignore-no-cache' in 'refresh_pattern' violates HTTP | ||
+ | 2011/01/28 02:43:07| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP | ||
+ | |||
+ | Abaikan warning yang muncul karena refresh_pattern yang dibuat memang diatur untuk mengabaikan beberapa pengaturan HTTP. | ||
=== Buat /etc/init.d/squid === | === Buat /etc/init.d/squid === | ||
Baris 340: | Baris 319: | ||
# chkconfig --level 345 squid on | # chkconfig --level 345 squid on | ||
− | === | + | === Memasang squid di rc.local === |
− | + | # echo "# Squid Proxy" >> /etc/rc.local | |
− | + | # echo "/etc/init.d/squid start" >> /etc/rc.local | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | == | + | == 5. Buat swap == |
Setelah konfigurasi squid.conf dilakukan, kini saatnya menjalankan squid. Ketikkan perintah agar squid membuat swap | Setelah konfigurasi squid.conf dilakukan, kini saatnya menjalankan squid. Ketikkan perintah agar squid membuat swap | ||
# /usr/sbin/squid -z | # /usr/sbin/squid -z | ||
− | == | + | == 6. Jalankan squid == |
− | Jalankan | + | Pertama kali menjalankan squid sebaiknya mengaktifkan parameter debug, sehingga beberapa kesalahan dapat diketahui. Jalankan dengan cara: |
− | # / | + | # /usr/sbin/squid -Nd1 |
− | + | Buka terminal kedua, lalu periksa apakah squid sudah jalan atau gagal, lakukan: | |
− | + | ||
Cek apakah squid sudah berjalan apa belum dengan perintah | Cek apakah squid sudah berjalan apa belum dengan perintah | ||
Baris 370: | Baris 343: | ||
udp 0 0 :::3130 :::* 13109/(squid) | udp 0 0 :::3130 :::* 13109/(squid) | ||
− | == | + | Setelah squid dijalankan, akses beberapa situs dari PC client, jika squid sudah berfungsi, hentikan squid dengan menekan Ctrl+C. Selanjutnya jalankan squid sebagai daemon. Caranya: |
+ | # /etc/init.d/squid start | ||
+ | |||
+ | == 7. Periksa log == | ||
Ada di /var/log/squid/access.log | Ada di /var/log/squid/access.log | ||
# tail -f /var/log/squid/access.log | # tail -f /var/log/squid/access.log | ||
Baris 377: | Baris 353: | ||
# tail -f /var/log/squid/access.log | awk '{print$3 " " $8 " " $7}' | # tail -f /var/log/squid/access.log | awk '{print$3 " " $8 " " $7}' | ||
− | == | + | == 8. Boot ulang server == |
Lakukan reboot, kemudian jalankan squid. | Lakukan reboot, kemudian jalankan squid. | ||
Revisi terkini pada 11 Februari 2011 02.15
Optimasi squid dapat lebih ditingkatkan dengan melakukan kompilasi dari source squid.
Daftar isi
1. Spesifikasi Server
Berikut ini kompilasi squid untuk spesifikasi:
- Sistem Operasi memakai IGOS Nusantara 2010 (Instal minimal)
- Posesor Intel(R) Xeon(TM) CPU 3.00GHz
- RAM 1 GB (yup memori masih kecil, harusnya update ke 4 GB)
- Harddisk 2 x 80 GB SCSI
- Harddisk1: /dev/sda (untuk menyimpan sistem operasi)
- Harddisk2: /dev/sdb (untuk menyimpan cache squid)
2. Prasyarat untuk optimasi squid
Sebelum melakukan kompilasi squid, beberapa hal sudah selesai dikonfigurasi dan berfungsi denganbaik, yaitu:
- Mengetahui skema jaringan, ada di: http://igos-nusantara.or.id/wiki/Skema_Jaringan
- Instal IGOS Nusantara sebagai server, memakai pilihan minimal/konsol, ada di: http://igos-nusantara.or.id/wiki/Instal_IGOS_Nusantara_minimal-konsol
- Memformat harddisk kedua, ada di: http://igos-nusantara.or.id/wiki/Memformat_harddisk_kedua
- Tuning file sistem, ada di: http://igos-nusantara.or.id/wiki/Tuning_file_sistem
3. Kompilasi Squid
Pasang paket untuk kompilasi squid
# yum -y install gcc # yum -y install gcc-c++ # yum -y install libxml2-devel libcap-devel
Instal semua dalam satu baris perintah:
# yum -y install gcc gcc-c++ libxml2-devel libcap-devel
Unduh squid-3.1.10.tar.bz2
# mkdir /root/sumber # cd /root/sumber # wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.10.tar.bz2
Buat group dan user
Group dan user yang akan dipakai untuk menjalankan squid dibuat dengan cara:
# useradd squid -c "Squid Proxy" -M -d /cache/proxy1 -s /bin/false
Optimasi Kompilasi
Kompilasi agar optimal perlu memakai opsi atau FLAG yang sesuai dengan prosesor. Informasi tentang prosesor ada di /proc/cpuinfo
# cat /proc/cpuinfo
# cat /proc/cpuinfo | grep family cpu family : 15 cpu family : 15
[root@intra ~]# cat /proc/cpuinfo |grep model model : 4 model name : Intel(R) Xeon(TM) CPU 3.00GHz
Informasi yang diperoleh dari /proc/cpuinfo kemudian disesuaikan dengan flag kompilasi yang ada Gentoo Wiki[1], yaitu diperoleh:
CHOST="i686-pc-linux-gnu" CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer" CXXFLAGS="${CFLAGS}"
Parameter Kompilasi
Paramater yang dipakai untuk kompilasi sebagian disesuaikan dengan squid.spec yang ada squid-*-.src.rpm dari Fedora 13 (F13). Info: F13 adalah basis IGOS Nusantara 2010. Berikut penjelasan sebagian parameter yang akan dipakai saat kompilasi:
- --enable-async-io untuk mengaktifkan asynchronous I/O dalam proses baca/tulis ke harddisk. Memakai 16 bila memakai satu harddisk jenis lama (buffer hanya 2 MB). Bila memakai harddisk model baru dengan buffer 8 MB, 16 MB atau 32 MB dapat memakai 32.
- --enable-useragent-log berguna agar squid mencatat useragent di entri log
- --enable-snmp aktifkan snmp, misal mencatat statistik squid lalu ditampilkan dalam bentuk grafik.
- --enable-cache-digests harus diaktifkan jika memakai cache peer.
- --enable-storeio="aufs" adalah metoda penyimpanan metode I/O. AUFS adalah Asynchronous, memiliki performa yang optimal di Linux.
- --enable-removal-policies="heap,lru" adalah pilihan opsi untuk removal policies
- --with-maxfd=8192
- --enable-poll
- --disable-ident-lookups menghentikan squid dari melihat ident di setiap koneksi, bisa juga untuk mencegah serangan DDOS (membuka ribuan koneksi) yang dapat mematikan squid server
- --enable-truncate memerintahkan squid untuk selalu menggunakan truncate() ketimbang unlink() ketika menghapus file cache.
- --enable-delay-pools
Memulai Kompilasi
# cd /root/sumber # tar xjvf squid-3.1.10.tar.bz2 # cd squid-3.1.10 # CHOST="i686-pc-linux-gnu" \ CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer" \ CXXFLAGS="${CFLAGS}" \ ./configure \ --bindir=/usr/bin \ --datadir=/usr/share \ --exec-prefix=/usr \ --includedir=/usr/include \ --infodir=/usr/share/info \ --libexecdir=/usr/libexec \ --localstatedir=/var \ --mandir=/usr/share/man \ --prefix=/usr \ --program-prefix= \ --sbindir=/usr/sbin \ --sharedstatedir=/var/lib \ --sysconfdir=/etc/squid \ --disable-auth \ --disable-basic-auth-helpers \ --disable-dependency-tracking \ --disable-digest-auth-helpers \ --disable-epoll \ --disable-external-acl-helpers \ --disable-hostname-checks \ --disable-htcp \ --disable-ident-lookups \ --disable-ipv6 \ --disable-linux-tproxy \ --disable-negotiate-auth-helpers \ --disable-ntlm-auth-helpers \ --disable-snmp \ --disable-translation \ --disable-wccp \ --disable-wccpv2 \ --enable-arp-acl \ --enable-auth=basic,digest \ --enable-async-io=32 \ --enable-cache-digests \ --enable-cachemgr-hostname=localhost \ --enable-default-err-languages=English \ --enable-delay-pools \ --enable-err-languages=English \ --enable-follow-x-forwarded-for \ --enable-gnuregex \ --enable-icmp \ --enable-linux-transparent \ --enable-linux-netfilter \ --enable-removal-policies=heap,lru \ --enable-storeio=aufs \ --enable-underscores \ --enable-useragent-log \ --enable-zph-qos \ --with-aufs-threads=32 \ --with-default-user=squid \ --with-dl \ --with-filedescriptors=32768 \ --with-large-files \ --with-logdir=/var/log/squid \ --with-maxfd=32768 \ --with-pidfile=/var/run/squid.pid \ --with-pthreads
Selanjutnya ketikkan perintah
# make
Lanjutkan dengan
# make install
Ketik perintah
# ls -l /usr/sbin/squid -rwxr-xr-x 1 root root 2521209 Jan 29 13:30 /usr/sbin/squid
# strip /usr/sbin/squid
# ls -l /usr/sbin/squid -rwxr-xr-x 1 root root 2121976 Jan 29 13:31 /usr/sbin/squid
4. Konfigurasi
Konfigurasi squid.conf
# localhost acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 # Jaringan lokal yang boleh mengakses #acl ip-admin src 192.168.228.10/32 #acl localnet src 10.0.0.0/8 #acl localnet src 172.16.0.0/12 acl localnet src 192.168.228.0/24 acl SSL_ports port 443 563 # https, snews acl Safe_ports port 80 81 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 631 # cups acl Safe_ports port 10000 # webmin acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl CONNECT method CONNECT # Akses cachemgr hanya boleh dari localhost # http_access allow manager ip-admin http_access allow manager localhost http_access deny manager # Tolak permintaan ke Safe_ports http_access deny !Safe_ports # Tolak CONNECT ke selain SSL ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow localnet http_access allow localhost # Terakhir: tolak yang lainnya untuk akses ke proxy http_access deny all http_port 3128 transparent icp_port 3130 max_filedescriptors 32768 dns_nameservers 127.0.0.1 hierarchy_stoplist cgi-bin ? .js .jsp .awt acl QUERY urlpath_regex cgi-bin \? localhost no_cache deny QUERY cache_mgr admin cache_effective_user squid cache_effective_group squid visible_hostname proxy memory_replacement_policy heap LFUDA cache_replacement_policy heap GDSF # Ukuran 50GB untuk cache_dir (contoh memakai harddisk SCSI) # cache_dir aufs /cache/proxy1 50000 102 256 cache_dir aufs /cache/proxy1 7500 16 256 # cache_mem 256 MB cache_mem 128 MB minimum_object_size 0 KB maximum_object_size 128 MB maximum_object_size_in_memory 64 KB cache_swap_low 98 cache_swap_high 99 #high_response_time_warning 2000 #high_page_fault_warning 2 #high_memory_warning 1900 MB mime_table /etc/squid/mime.conf pid_filename /var/run/squid.pid # coredump_dir /cache/proxy1/ coredump_dir none access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log #access_log none #cache_log /dev/null #cache_store_log none emulate_httpd_log off logfile_rotate 2 log_fqdn off buffered_logs off client_netmask 255.255.255.255 strip_query_terms off refresh_pattern windowsupdate.com/.*\.(cab|exe\dll) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private refresh_pattern download.microsoft.com/.*\.(cab|exe\dll) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|psf) 259200 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private refresh_pattern ^ftp: 20160 95% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 100 negative_ttl 2 minutes positive_dns_ttl 60 seconds negative_dns_ttl 30 seconds store_avg_object_size 16 KB vary_ignore_expire on client_lifetime 2 hours half_closed_clients off shutdown_lifetime 4 seconds log_icp_queries off icp_hit_stale on query_icmp on ipcache_size 4096 ipcache_low 90 ipcache_high 95 fqdncache_size 4096 memory_pools off forwarded_for off reload_into_ims on reload_into_ims on pipeline_prefetch on
Menyiapkan folder untuk squid
mkdir -p /var/log/squid touch /var/log/squid/access.log chmod 770 /var/log/squid chown -R squid:root /var/log/squid touch /var/run/squid.pid mkdir -p /cache/proxy1 chown -R squid:squid /cache/proxy1
Periksa Konfigurasi
Konfigurasi squid.conf yang dibuat dapat diperiksa dengan:
# squid -k parse
2011/01/28 02:43:07| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2011/01/28 02:43:07| Starting Authentication on port [::]:3128 2011/01/28 02:43:07| Disabling Authentication on port [::]:3128 (interception enabled) 2011/01/28 02:43:07| Disabling IPv6 on port [::]:3128 (interception enabled) 2011/01/28 02:43:07| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP 2011/01/28 02:43:07| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP 2011/01/28 02:43:07| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2011/01/28 02:43:07| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP 2011/01/28 02:43:07| WARNING: use of 'ignore-no-cache' in 'refresh_pattern' violates HTTP 2011/01/28 02:43:07| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP
Abaikan warning yang muncul karena refresh_pattern yang dibuat memang diatur untuk mengabaikan beberapa pengaturan HTTP.
Buat /etc/init.d/squid
Pada bagian awal skrip /etc/init.d/squid harus memakai "ulimit -n 32768"
# wget http://repo.informatika.lipi.go.id/panduan/wiki/squid -O /etc/init.d/squid # chmod 700 /etc/init.d/squid
Buat simbolik link untuk squid
# chkconfig --add squid
Agar squid otomatis jalan saat server dinyalakan, tambahkan service squid dengan chkconfig
# chkconfig --level 345 squid on
Memasang squid di rc.local
# echo "# Squid Proxy" >> /etc/rc.local # echo "/etc/init.d/squid start" >> /etc/rc.local
5. Buat swap
Setelah konfigurasi squid.conf dilakukan, kini saatnya menjalankan squid. Ketikkan perintah agar squid membuat swap
# /usr/sbin/squid -z
6. Jalankan squid
Pertama kali menjalankan squid sebaiknya mengaktifkan parameter debug, sehingga beberapa kesalahan dapat diketahui. Jalankan dengan cara:
# /usr/sbin/squid -Nd1
Buka terminal kedua, lalu periksa apakah squid sudah jalan atau gagal, lakukan:
Cek apakah squid sudah berjalan apa belum dengan perintah
# netstat -pln | grep squid
bila muncul tampilan seperti dibawah ini, berarti squid sudah berjalan
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 13109/(squid) udp 0 0 0.0.0.0:6628 0.0.0.0:* 13109/(squid) udp 0 0 :::41063 :::* 13109/(squid) udp 0 0 :::3401 :::* 13109/(squid) udp 0 0 :::3130 :::* 13109/(squid)
Setelah squid dijalankan, akses beberapa situs dari PC client, jika squid sudah berfungsi, hentikan squid dengan menekan Ctrl+C. Selanjutnya jalankan squid sebagai daemon. Caranya:
# /etc/init.d/squid start
7. Periksa log
Ada di /var/log/squid/access.log
# tail -f /var/log/squid/access.log
Tampilan log ringkas
# tail -f /var/log/squid/access.log | awk '{print$3 " " $8 " " $7}'
8. Boot ulang server
Lakukan reboot, kemudian jalankan squid.
Referensi
- [1] http://forum.linux.or.id/viewtopic.php?f=40&t=20030#p117128
- [x] http://www.scribd.com/doc/47172020/Cara-Instal-dan-Optimasi-Squid-Proxy-Server
- [x] http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
- [pf] http://directory.fedoraproject.org/wiki/Performance_Tuning
- [fd] http://www.cyberciti.biz/faq/squid-proxy-server-running-out-filedescriptors/
- http://www.linuxinfo.com.br/squid_tproxy.htm
- https://wiki.archlinux.org/index.php/Reiser4FShowto