Install htproxy di ubuntu server 64 bit versi 12.04 LTS ( Youtube tercache )
Terimakasih kepada :
http://learningbytutz.blogspot.com/2013/12/install-htproxy-di-ubuntu-server-64-bit.html
4. Cari file fstab di /etc/fstab, lalu edit. (INGAT HANYA DRIVE CACHE)
cari line yang ada /cache nya dan ubah angka yang semula 0 2 menjadi 0 0 seperti ini :
# /cache was on /dev/sda4 during installation
UUID=1dd7c566-6a03-4634-99a9-02f0a0eef85f /cache reiserfs noatime,relatime 0 0
5. Install paket yang dibutuhkan
sudo apt-get update
sudo apt-get install squid squidclient squid-cgi
sudo apt-get install gcc
sudo apt-get install build-essential
sudo apt-get install sharutils
sudo apt-get install ccze
sudo apt-get install libzip-dev
sudo apt-get install automake1.9
sudo apt-get install multitail
sudo apt-get install acpid ( agar proses shutdown bisa dilakukan dgn menekan tombol power dipc )
sudo apt-get install libcap2 libcap2-dev ( package untuk tproxy)
sudo apt-get install libfile-readbackwards-perl
6. Lalu buang squid/lusca yang terinstall.
apt-get purge squid squid-common squid-cgi
apt-get purge squid3 &&
apt-get autoremove
dan buang filenya :
rm -rf /etc/squid
rm -f /usr/sbin/squid
7.Download package extract dan install :
cd /tmp/
32 bit sedot disini :
wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_i386.tar.bz2
64 bit sedot disini :
wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_x86-64.tar.bz2
Jika link diatas sudah gk valid bisa ambil dari sini :
32 bit :
http://www.4shared.com/file/P4_UUcTT/deb-htproxy_14942_i386tar.html
64 bit :
http://www.4shared.com/file/CkqP1QBV/deb-htproxy_14942_x86-64tar.html
32 bit install : tar xvf deb-htproxy_14942_i386.tar.bz2 && dpkg -i *.deb
64 bit install : tar xvf deb-htproxy_14942_x86-64.tar.bz2 && dpkg -i *.deb
8. Lalu cek apakah htproxy dan helper yang baru sudah terinstall, dengan perintah
#squid -v
#/usr/lib/squid/hikmah-teknologi.com -v
9.Jika sudah stop dulu servisnya agar kita bisa membuat cache_dir yang sesuai
/etc/init.d/squid stop
10. Lalu edit squid.conf , edit cache_dir , acl local net , cache_mem , maximum_object_size , dns_nameservers menurut settingan anda. Configurasi dari saya bisa anda download dari sini :
http://www.4shared.com/rar/IlDO2kiV/squid_nov_2013.html atau configurasi dari Master Rixum (FMI)sendiri :
http://www.4shared.com/rar/m-39yHay/htproxy_14942_yt_nov2013.html
11. Edit owner file di /etc/squid dari root ke proxy
chmod +x /etc/squid/rxm_cache.pl
chown proxy:proxy /etc/squid/rxm_cache.pl
chmod 777 /etc/squid/rxm_cache.pl
chown proxy:proxy /etc/squid/refresh_pattern.conf
chmod 777 /etc/squid/refresh_pattern.conf
chown proxy:proxy /etc/squid/squid.conf
chmod 777 /etc/squid/squid.conf
chown proxy:proxy /etc/squid/store_rewrite.conf
chmod 777 /etc/squid/store_rewrite.conf
Ini yang paling penting ubah owner folder cache dari root ke proxy :
chown proxy:proxy /cache chmod 777 /cache
12. Cek apakah ada configurasi yang error dengan perintah :
squid -k parse
squid -k reconfigure
13. Membuat folder-folder swap dan cache di dalam folder /cache yang telah ditentukan dg perintah :
squid -f /etc/squid/squid.conf -z
14. Jika sudah oke, jalankan servicesnya
/etc/init.d/squid start atau
squid -NDd1 && reboot
15. Cek apakah servis squid sudah jalan dengan perintah
netstat -pln |grep squid
Jika ada penampakan seperti ini :
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 909/(squid)
Berarti squid siap digunakan.
16. Test browsing dan cek access log
tail -f /var/log/squid/access.log | ccze
Note : untuk menghapus file cache tertentu squidclient -m PURGE ( link file tersebut )
contoh : squidclient -m PURGE http://122.102.49.132/audition/Update.ini
Untuk cek access log selain user root dengan perintah yang singkat bisa anda letakkan file di directory
/home/budi ( username )
buat file dengan putty dgn perintah :
touch cekcache
lalu edit dengan winscp, isi dengan :
sudo tail -f /var/log/squid/access.log | ccze
lalu ubah kepemilikannya dari root ke user tersebut :
sudo chown budi:budi /home/budi/cekcache
chmod 777 /home/budi/cekcache
nanti user tsb cukup menjalankan nya dgn perintah
./cekcache
Untuk perintah singkat hapus cache ikuti aja perintah seperti diatas dan buat file dgn nama
hapuscache dan isikan perintah berikut :
sudo /etc/init.d/squid stop
sudo rm -fdR /cache/*
sudo squid -f /etc/squid/squid.conf -z
sudo /etc/init.d/squid restart
jangan lupa ubah ownernya sudo
chown budi:budi /home/budi/hapuscache
sudo chmod 777 /home/budi/hapuscache
Tambahan : Saya lupa menambahkan configurasi untuk hide proxy agar tak terdeteksi di what'smyip
Tambahkan line berikut
disquid.conf :
#matikan kalau ingin terdeteksi di what'smyip
forwarded_for off
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all
kunjungi juga blog
http://henrysie.blogspot.com/2013/12/share-htproxy-cara-mudah-install-proxy.html
Make Money at : http://bit.ly/copy_win
Make Money at : http://bit.ly/copy_win
Minggu, 07 Desember 2014
Rabu, 02 Juli 2014
Unbound --dokumentasi pribadi-
DNS Unbound adalah alternatif DNS resolver dan juga DNS server, konon Unbound lebih aman dan lebih cepat dalam melakukan resolving ke domain atau juga dalam melakukan query...
*INSTALL PAKET*
# apt-get install build-essential libssl-dev
# apt-get install unbound
# cd /etc/unbound
# wget ftp://ftp.internic.net/domain/named.cache
# unbound-control-setup
# groupadd unbound
# useradd -d /var/unbound -m -g unbound -s /bin/false unbound
Sesuaikan config /etc/unbound/unbound.conf, servis dns lainnya bind/dnsmasq dll) harus di stop agar tidak bentrok.
# chown unbound:root unbound_*
# chmod 440 unbound_*
masuk unbound.conf lalu copas script dibawah ini
# nano /etc/unbound/unbound.conf
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 64m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
logfile: ""
use-syslog: no
#pidfile: "/etc/unbound/unbound.pid"
#pidfile: "/var/run/unbound.pid"
#root-hints: "/etc/unbound/named.cache"
#auto-trust-anchor-file: "/var/lib/unbound/root.key"
auto-trust-anchor-file: "/etc/unbound/root.key"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone iwinduarta.net
local-zone: "warnetku.net." static
local-data: "warnetku.net. 86400 IN NS ns1.warnetku.net."
local-data: "warnetku.net. 86400 IN SOA warnetku.net. hostmaster.warnetku.net. 3 3600 1200 604800 86400"
local-data: "warnetku.net. 86400 IN A 192.168.3.50"
local-data: "www.warnetku.net. 86400 IN A 192.168.3.50"
local-data: "ns1.warnetku.net. 86400 IN A 192.168.3.50"
local-zone: "3.168.192.in-addr.arpa." static
local-data: "3.168.192.in-addr.arpa. 10800 IN NS warnetku.net."
local-data: "3.168.192.in-addr.arpa. 10800 IN SOA warnetku.net. hostmaster.warnetku.net. 4 3600 1200 604800 864000"
local-data: "50.3.168.192.in-addr.arpa. 10800 IN PTR iwinduarta.net."
forward-zone:
name: "."
#forward-addr: 30.30.30.30
forward-addr: 202.134.0.155
forward-addr: 202.134.0.61
forward-addr: 203.130.193.74
forward-addr: 203.130.196.155
forward-addr: 202.134.1.5
forward-addr: 203.130.208.18
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
# End DNS Conf
setting ubuntu agar mengunakan DNS unbound :
edit file di /etc/resolv.conf :# nano /etc/resolv.conf
tuliskan :
nameserver 127.0.0.1
edit file /etc/network/interfaces# nano /etc/network/interfaces
iface eth0 inet static
address 30.30.30.67
netmask 255.255.255.0
network 30.30.30.0
broadcast 30.30.30.255
gateway 30.30.30.30
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
reboot cpu, kemudian tes dengan :
# /etc/init.d/unbound restartJika ada error atau bentrok dengan bind maka non aktifkan dulu bind dll, atau sekalian dihapus saja..
# nslookup 192.168.3.50
Server: 127.0.0.1
Address: 127.0.0.1#53
50.3.168.192.in-addr.arpa name = warnetku.net
# nslookup warnetku.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: warnetku.net
Address: 192.168.3.50
#unbound-control stats
thread0.num.queries=38
thread0.num.cachehits=7
thread0.num.cachemiss=31
thread0.num.recursivereplies=31
thread0.requestlist.avg=0.129032
thread0.requestlist.max=1
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=0
thread0.requestlist.current.user=0
thread0.recursion.time.avg=0.088811
thread0.recursion.time.median=0.0185685
thread1.num.queries=10
thread1.num.cachehits=1
thread1.num.cachemiss=9
thread1.num.recursivereplies=9
thread1.requestlist.avg=0
thread1.requestlist.max=0
thread1.requestlist.overwritten=0
thread1.requestlist.exceeded=0
thread1.requestlist.current.all=0
thread1.requestlist.current.user=0
thread1.recursion.time.avg=0.049576
thread1.recursion.time.median=0.016384
total.num.queries=48
total.num.cachehits=8
total.num.cachemiss=40
total.num.recursivereplies=40
total.requestlist.avg=0.1
total.requestlist.max=1
total.requestlist.overwritten=0
total.requestlist.exceeded=0
total.requestlist.current.all=0
total.requestlist.current.user=0
total.recursion.time.avg=0.079984
total.recursion.time.median=0.0174763
time.now=1281681396.583885
time.up=7299.491047
time.elapsed=4177.655650
*INSTALL PAKET*
# apt-get install build-essential libssl-dev
# apt-get install unbound
# cd /etc/unbound
# wget ftp://ftp.internic.net/domain/named.cache
# unbound-control-setup
# groupadd unbound
# useradd -d /var/unbound -m -g unbound -s /bin/false unbound
Sesuaikan config /etc/unbound/unbound.conf, servis dns lainnya bind/dnsmasq dll) harus di stop agar tidak bentrok.
# chown unbound:root unbound_*
# chmod 440 unbound_*
masuk unbound.conf lalu copas script dibawah ini
# nano /etc/unbound/unbound.conf
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 64m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
logfile: ""
use-syslog: no
#pidfile: "/etc/unbound/unbound.pid"
#pidfile: "/var/run/unbound.pid"
#root-hints: "/etc/unbound/named.cache"
#auto-trust-anchor-file: "/var/lib/unbound/root.key"
auto-trust-anchor-file: "/etc/unbound/root.key"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone iwinduarta.net
local-zone: "warnetku.net." static
local-data: "warnetku.net. 86400 IN NS ns1.warnetku.net."
local-data: "warnetku.net. 86400 IN SOA warnetku.net. hostmaster.warnetku.net. 3 3600 1200 604800 86400"
local-data: "warnetku.net. 86400 IN A 192.168.3.50"
local-data: "www.warnetku.net. 86400 IN A 192.168.3.50"
local-data: "ns1.warnetku.net. 86400 IN A 192.168.3.50"
local-zone: "3.168.192.in-addr.arpa." static
local-data: "3.168.192.in-addr.arpa. 10800 IN NS warnetku.net."
local-data: "3.168.192.in-addr.arpa. 10800 IN SOA warnetku.net. hostmaster.warnetku.net. 4 3600 1200 604800 864000"
local-data: "50.3.168.192.in-addr.arpa. 10800 IN PTR iwinduarta.net."
forward-zone:
name: "."
#forward-addr: 30.30.30.30
forward-addr: 202.134.0.155
forward-addr: 202.134.0.61
forward-addr: 203.130.193.74
forward-addr: 203.130.196.155
forward-addr: 202.134.1.5
forward-addr: 203.130.208.18
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
# End DNS Conf
setting ubuntu agar mengunakan DNS unbound :
edit file di /etc/resolv.conf :# nano /etc/resolv.conf
tuliskan :
nameserver 127.0.0.1
edit file /etc/network/interfaces# nano /etc/network/interfaces
iface eth0 inet static
address 30.30.30.67
netmask 255.255.255.0
network 30.30.30.0
broadcast 30.30.30.255
gateway 30.30.30.30
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
reboot cpu, kemudian tes dengan :
# /etc/init.d/unbound restartJika ada error atau bentrok dengan bind maka non aktifkan dulu bind dll, atau sekalian dihapus saja..
# nslookup 192.168.3.50
Server: 127.0.0.1
Address: 127.0.0.1#53
50.3.168.192.in-addr.arpa name = warnetku.net
# nslookup warnetku.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: warnetku.net
Address: 192.168.3.50
#unbound-control stats
thread0.num.queries=38
thread0.num.cachehits=7
thread0.num.cachemiss=31
thread0.num.recursivereplies=31
thread0.requestlist.avg=0.129032
thread0.requestlist.max=1
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=0
thread0.requestlist.current.user=0
thread0.recursion.time.avg=0.088811
thread0.recursion.time.median=0.0185685
thread1.num.queries=10
thread1.num.cachehits=1
thread1.num.cachemiss=9
thread1.num.recursivereplies=9
thread1.requestlist.avg=0
thread1.requestlist.max=0
thread1.requestlist.overwritten=0
thread1.requestlist.exceeded=0
thread1.requestlist.current.all=0
thread1.requestlist.current.user=0
thread1.recursion.time.avg=0.049576
thread1.recursion.time.median=0.016384
total.num.queries=48
total.num.cachehits=8
total.num.cachemiss=40
total.num.recursivereplies=40
total.requestlist.avg=0.1
total.requestlist.max=1
total.requestlist.overwritten=0
total.requestlist.exceeded=0
total.requestlist.current.all=0
total.requestlist.current.user=0
total.recursion.time.avg=0.079984
total.recursion.time.median=0.0174763
time.now=1281681396.583885
time.up=7299.491047
time.elapsed=4177.655650
Jumat, 28 Maret 2014
UBUNTU 12.04 gagal shutdown
periksa di system bios anda, pada power management pastikan feature ACPI anda sudah enable
edit /etc/default/grub
Edit menjadi berikut dan simpan file tersebut.
Update grub dengan perintah ini:
reboot! . kemudian coba tekan tombol power pada cpu anda... kal gagal, cari lagi................. :D
edit /etc/default/grub
# nano /etc/default/grub
Cari baris ini :
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
Edit menjadi berikut dan simpan file tersebut.
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi=force"
Update grub dengan perintah ini:
# update-grub
reboot! . kemudian coba tekan tombol power pada cpu anda... kal gagal, cari lagi................. :D
optimalkan squid
Set default FD jadi 1024
cheek di console default FD yang ada berapa nilainya dengan perintah:
# ulimit -n
1024
cara merubah angka 1024 ke 65536 dengan perintah:
# ulimit -HSn 65536
# echo "root soft nofile 65536" >> /etc/security/limits.conf
# echo "root hard nofile 65536" >> /etc/security/limits.conf
Selanjutnya 1 Tambahkan script
session required pam_limits.so
pada
# nano /etc/pam.d/common-session
Selanjutnya 2 Lakukan perintah :
# modprobe ip_conntrack
Dan tambahkan script
ip_contrack
pada file /etc/modules dengan perintah :
# nano /etc/modules
Lalu sisipkan code dibawah ini didalamnya
ip_conntrack
Kemudian ubah /etc/sysctl.conf dengan code berikut dengan perintah
# nano /etc/sysctl.conf
ubah atau ganti dengan dengan :
------------------------------
# Start Conf
# sysclt.conf
# Locate /etc/sysctl.conf
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# max openfiles
fs.file-max = 65536
# Minimalis use swap disk
vm.drop_caches = 3
vm.swappiness = 3
# kernel.shmall = 2097152
# kernel.shmmax = 2147483648
# kernel.shmmni = 4096
# kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
net.ipv4.tcp_low_latency = 1
net.core.netdev_max_backlog = 4000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 65536 4194304
# net.ipv4.tcp_rmem = 4096 87380 8388608
# net.ipv4.tcp_wmem = 4096 65536 8388608
net.core.wmem_max = 8388608
net.core.rmem_max = 8388608
net.ipv4.tcp_tw_recycle = 1
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# End Conf
-----------------------------------
Setelah itu check configurasi sysctl.conf lakukan dengan perintah:
# sysctl -p
Kemudian tambahkan entri berikut pada file /etc/security/limits.conf
# nano /etc/security/limits.conf (tambahakan script)
* - nofile 65536
root soft nofile 65536
root hard nofile 65536
Selesai & reboot
cheek di console default FD yang ada berapa nilainya dengan perintah:
# ulimit -n
1024
cara merubah angka 1024 ke 65536 dengan perintah:
# ulimit -HSn 65536
# echo "root soft nofile 65536" >> /etc/security/limits.conf
# echo "root hard nofile 65536" >> /etc/security/limits.conf
Selanjutnya 1 Tambahkan script
session required pam_limits.so
pada
# nano /etc/pam.d/common-session
Selanjutnya 2 Lakukan perintah :
# modprobe ip_conntrack
Dan tambahkan script
ip_contrack
pada file /etc/modules dengan perintah :
# nano /etc/modules
Lalu sisipkan code dibawah ini didalamnya
ip_conntrack
Kemudian ubah /etc/sysctl.conf dengan code berikut dengan perintah
# nano /etc/sysctl.conf
ubah atau ganti dengan dengan :
------------------------------
# Start Conf
# sysclt.conf
# Locate /etc/sysctl.conf
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# max openfiles
fs.file-max = 65536
# Minimalis use swap disk
vm.drop_caches = 3
vm.swappiness = 3
# kernel.shmall = 2097152
# kernel.shmmax = 2147483648
# kernel.shmmni = 4096
# kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
net.ipv4.tcp_low_latency = 1
net.core.netdev_max_backlog = 4000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 65536 4194304
# net.ipv4.tcp_rmem = 4096 87380 8388608
# net.ipv4.tcp_wmem = 4096 65536 8388608
net.core.wmem_max = 8388608
net.core.rmem_max = 8388608
net.ipv4.tcp_tw_recycle = 1
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# End Conf
-----------------------------------
Setelah itu check configurasi sysctl.conf lakukan dengan perintah:
# sysctl -p
Kemudian tambahkan entri berikut pada file /etc/security/limits.conf
# nano /etc/security/limits.conf (tambahakan script)
* - nofile 65536
root soft nofile 65536
root hard nofile 65536
Selesai & reboot
squid otomatis jalan
Setelah squid telah running dengan baik, maka untuk auto restart squid setelah di reboot, silahkan tuliskan script ini untuk auto start Squidnya:
# nano /etc/rc.local
ketik tepat pada bagian atas teks exit 0:
/usr/local/squid/sbin/squid -D
# nano /etc/rc.local
ketik tepat pada bagian atas teks exit 0:
/usr/local/squid/sbin/squid -D
HTPROXY cara gampang membangun proxy squid...
source :
http://www.forummikrotik.com/guide/18550-%5Bshare-htproxy%5D-cara-mudah-install-proxy-videocache-pada-ubuntu-htproxy.html
https://code.google.com/p/squid-proxy-pkg/
http://www.hikmah-teknologi.com
Topologinya Squid sejajar client ( ip proxy satu subnet dgn client)
MODEM
|
MT
|
Swicth ———- Proxy Ubunt 12.04
|
Client
Client = 192.168.2.1-192.168.2.19
proxy = 192.168.2.20
Gateway = 192.168.2.30
/ip firewall nat
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY SEJAJAR" disabled=no dst-port=80 in-interface=Local protocol=tcp src-address=!192.168.2.20 to-addresses=192.168.2.20 to-ports=3128
add action=src-nat chain=srcnat disabled=no out-interface=Local protocol=tcp src-address-list=Local-Address to-addresses=192.168.2.1 to-ports=0-65535
/ip firewall address-list add address=192.168.2.2-192.168.2.19 list=Local-Address
Mesin proxy menggunakan biostar A740G M2L+ Ver. 6.x dengan prossesor X-3, OS Debian 6.06 , HD Seagate 250 G, Memory 6 Giga
ip 192.168.2.20
host = proxy domain = proxy.local.war.net
Memory = 1024 MB; HDD 120 Giga
partisi
/ 18 G
/cache-1 30 G
/cache-2 30 G
/cache-3 30 G
SWAP 2 G
login pake non root user dgn putty dan enable kan root access
sudo passwd
login remote pake account root tambah repo webmin, dotdeb dan installasi build-essential supaya extract tar.bz2 tidak error
echo deb http://download.webmin.com/download/repository sarge contrib | tee -a /etc/apt/sources.list
cd /root
wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | apt-key add -
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
apt-get update && apt-get install build-essential
Install squid bila pake ubuntu 32 bit
cd /home
wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_i386.tar.bz2
tar xvf deb-htproxy_14942_i386.tar.bz2
dpkg -i *.deb
/etc/init.d/squid stop
Install squid bila pake ubuntu 64 bit
wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_x86-64.tar.bz2
tar xvf deb-htproxy_14942_x86-64.tar.bz2 && dpkg -i *.deb
dpkg -i *.deb
/etc/init.d/squid stop
kemudian bila selesei pake winscp edit file /etc/squid/squid.conf
sesuaikan dengan port, cache_mem, cache directory dan dns punyanya mas bro terus diubah kepemilikan folder cachenya
untuk 1 GB memory besaran cache_mem gak usah dirubah kayanya kalo partisi cache ama dnsnya bisa kaya gini
cache_dir aufs /cache-1 20000 20 256
cache_dir aufs /cache-2 20000 20 256
cache_dir aufs /cache-3 20000 20 256
#CONTOH DNS GOOGLE
dns_nameservers 203.130.208.18
dns_nameservers 203.130.193.74
dns_nameservers 203.130.196.5
dns_nameservers 222.124.204.34
dns_nameservers 203.130.196.6
dns_nameservers 208.67.222.222
dns_nameservers 208.67.220.220
dns_nameservers 180.131.144.144
dns_nameservers 180.131.145.145
Ubah kepemilikan directory cache
chown proxy:proxy /cache*
Optimalkan file system cache & ubah opsi untuk partisi cache
Disabled fsck (file system check)
nano /etc/fstab
Angka standart Drive Cache adalah 0 2 ——>> ganti dengan 0 0 (INGAT HANYA DRIVE CACHE)
Opsi Directory /cache :
Apabila menggunakan reiserfs gunakan opsi noatime,notail 0 0
Apabila menggunakan ext4 gunakan opsi noatime,barrier=0 0 0
Apabila menggunakan btrfs gunakan opsi noatime,compress,noacl 0 0
cek config bila ada yang error dan menjalankan squid pertama kali
squid -z
squid -f /etc/squid/squid.conf -z && /etc/init.d/squid start
edit sysctl.conf
nano /etc/sysctl.conf
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 245000
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
setelah di save,
sysctl -p
edit squid.conf sesuai kondisi
chown proxy:proxy /cache-1 && chmod 777 /cache-1 && chown proxy:proxy /cache-2 && chmod 777 /cache-2 && chown proxy:proxy /cache-3 && chmod 777 /cache-3
squid -z
squid -f /etc/squid/squid.conf -z && /etc/init.d/squid start
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -m state –-state NEW -p tcp –-dport 53 -j ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -m state –-state NEW -p udp –-dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.2.0/24 -–dport 80 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.2.0/24 -–dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.2.0/24 -–dport 8080 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.2.0/24 -–dport 8080 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -–dport 8080 -j REDIRECT -–to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p udp -–dport 8080 -j REDIRECT -–to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -–dport 80 -j REDIRECT -–to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p udp -–dport 80 -j REDIRECT -–to-port 3128
iptables-save -c > /etc/iptables.up.rules
http://www.forummikrotik.com/guide/18550-%5Bshare-htproxy%5D-cara-mudah-install-proxy-videocache-pada-ubuntu-htproxy.html
https://code.google.com/p/squid-proxy-pkg/
http://www.hikmah-teknologi.com
Topologinya Squid sejajar client ( ip proxy satu subnet dgn client)
MODEM
|
MT
|
Swicth ———- Proxy Ubunt 12.04
|
Client
Client = 192.168.2.1-192.168.2.19
proxy = 192.168.2.20
Gateway = 192.168.2.30
/ip firewall nat
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY SEJAJAR" disabled=no dst-port=80 in-interface=Local protocol=tcp src-address=!192.168.2.20 to-addresses=192.168.2.20 to-ports=3128
add action=src-nat chain=srcnat disabled=no out-interface=Local protocol=tcp src-address-list=Local-Address to-addresses=192.168.2.1 to-ports=0-65535
/ip firewall address-list add address=192.168.2.2-192.168.2.19 list=Local-Address
Mesin proxy menggunakan biostar A740G M2L+ Ver. 6.x dengan prossesor X-3, OS Debian 6.06 , HD Seagate 250 G, Memory 6 Giga
ip 192.168.2.20
host = proxy domain = proxy.local.war.net
Memory = 1024 MB; HDD 120 Giga
partisi
/ 18 G
/cache-1 30 G
/cache-2 30 G
/cache-3 30 G
SWAP 2 G
login pake non root user dgn putty dan enable kan root access
sudo passwd
login remote pake account root tambah repo webmin, dotdeb dan installasi build-essential supaya extract tar.bz2 tidak error
echo deb http://download.webmin.com/download/repository sarge contrib | tee -a /etc/apt/sources.list
cd /root
wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | apt-key add -
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
apt-get update && apt-get install build-essential
Install squid bila pake ubuntu 32 bit
cd /home
wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_i386.tar.bz2
tar xvf deb-htproxy_14942_i386.tar.bz2
dpkg -i *.deb
/etc/init.d/squid stop
Install squid bila pake ubuntu 64 bit
wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_x86-64.tar.bz2
tar xvf deb-htproxy_14942_x86-64.tar.bz2 && dpkg -i *.deb
dpkg -i *.deb
/etc/init.d/squid stop
kemudian bila selesei pake winscp edit file /etc/squid/squid.conf
sesuaikan dengan port, cache_mem, cache directory dan dns punyanya mas bro terus diubah kepemilikan folder cachenya
untuk 1 GB memory besaran cache_mem gak usah dirubah kayanya kalo partisi cache ama dnsnya bisa kaya gini
cache_dir aufs /cache-1 20000 20 256
cache_dir aufs /cache-2 20000 20 256
cache_dir aufs /cache-3 20000 20 256
#CONTOH DNS GOOGLE
dns_nameservers 203.130.208.18
dns_nameservers 203.130.193.74
dns_nameservers 203.130.196.5
dns_nameservers 222.124.204.34
dns_nameservers 203.130.196.6
dns_nameservers 208.67.222.222
dns_nameservers 208.67.220.220
dns_nameservers 180.131.144.144
dns_nameservers 180.131.145.145
Ubah kepemilikan directory cache
chown proxy:proxy /cache*
Optimalkan file system cache & ubah opsi untuk partisi cache
Disabled fsck (file system check)
nano /etc/fstab
Angka standart Drive Cache adalah 0 2 ——>> ganti dengan 0 0 (INGAT HANYA DRIVE CACHE)
Opsi Directory /cache :
Apabila menggunakan reiserfs gunakan opsi noatime,notail 0 0
Apabila menggunakan ext4 gunakan opsi noatime,barrier=0 0 0
Apabila menggunakan btrfs gunakan opsi noatime,compress,noacl 0 0
cek config bila ada yang error dan menjalankan squid pertama kali
squid -z
squid -f /etc/squid/squid.conf -z && /etc/init.d/squid start
edit sysctl.conf
nano /etc/sysctl.conf
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 245000
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
setelah di save,
sysctl -p
edit squid.conf sesuai kondisi
chown proxy:proxy /cache-1 && chmod 777 /cache-1 && chown proxy:proxy /cache-2 && chmod 777 /cache-2 && chown proxy:proxy /cache-3 && chmod 777 /cache-3
squid -z
squid -f /etc/squid/squid.conf -z && /etc/init.d/squid start
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -m state –-state NEW -p tcp –-dport 53 -j ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -m state –-state NEW -p udp –-dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.2.0/24 -–dport 80 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.2.0/24 -–dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.2.0/24 -–dport 8080 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.2.0/24 -–dport 8080 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -–dport 8080 -j REDIRECT -–to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p udp -–dport 8080 -j REDIRECT -–to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -–dport 80 -j REDIRECT -–to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p udp -–dport 80 -j REDIRECT -–to-port 3128
iptables-save -c > /etc/iptables.up.rules
perintah squid
squid -k parse
squid -k reconfigure
mengcek konfigurasi squid salah atau tidaknya
squid -z
membuat swap direktori
squid -DFY
ps -ax|grep squid
cek squid jalan atau tidaknya
perintah menjalankan dan menghentikan squid
sudo service squid start
sudo service squid restart
sudo service squid stop
perintah monitoring squid
squidclient -h localhost -p 8080 mgr:info
Sesuaikan port 8080 dengan port squid Anda.
tail -f /var/log/squid/access.log
Sesuaikan /var/log/squid/access.log dengan direktori log squid Anda.
squidclient -h localhost -p 8080 mgr:info | grep Hit
Sama seperti perintah pertama, sesuaikan -p 8080 dengan port squid Anda.
netstat plnat | grep squid
untuk mengetahui port squid kita
tail -f /var/log/squid/cache.log
Sesuaikan /var/log/squid/access.log dengan direktori log squid Anda.
tail -f /var/log/squid/access.log | grep HIT (log yang HIT saja)
Sesuaikan /var/log/squid/access.log dengan direktori log squid Anda.
squid -k reconfigure
mengcek konfigurasi squid salah atau tidaknya
squid -z
membuat swap direktori
squid -DFY
ps -ax|grep squid
cek squid jalan atau tidaknya
perintah menjalankan dan menghentikan squid
sudo service squid start
sudo service squid restart
sudo service squid stop
perintah monitoring squid
squidclient -h localhost -p 8080 mgr:info
Sesuaikan port 8080 dengan port squid Anda.
tail -f /var/log/squid/access.log
Sesuaikan /var/log/squid/access.log dengan direktori log squid Anda.
squidclient -h localhost -p 8080 mgr:info | grep Hit
Sama seperti perintah pertama, sesuaikan -p 8080 dengan port squid Anda.
netstat plnat | grep squid
untuk mengetahui port squid kita
tail -f /var/log/squid/cache.log
Sesuaikan /var/log/squid/access.log dengan direktori log squid Anda.
tail -f /var/log/squid/access.log | grep HIT (log yang HIT saja)
Sesuaikan /var/log/squid/access.log dengan direktori log squid Anda.
Jumat, 21 Maret 2014
bootable hiren
dalam rangka install windows di komputer warnet yg banyak dengan tipe yang sejenis, dan untuk keperluan lain seperti memaksa format hardisk dkk, recover isi hardisk akhirnya saya memutuskan untuk membuat blog tentang membuat bootable flashdisk hiren 9.8, langsung aja gini langkah2nya..
alat dan bahan
file usb_format dan grub4dos disini
file hiren bot cd 9.8 disini yang terbaru juga bole tinggal search aja di google
membuat
insert flashdisk
format flashdisk dengan usb_format seperti gambar berikut
kemudian buka grub4dos ikuti gambar ini
kalo keluar cmd seperti dibawah klik enter
buka folder grub4dos copy kan ke flashdisk ente bro
Dari folder Hiren’s.BootCD.15.2 copy folder “HBCD” dan “autorun.inf” ke flashdisk
penampakan dalam flashdisk nih gan
selanjutnya restart pc ente trus booting dengan flashdisk, silakan mencoba... kalo mo pake hiren versi yang lain silakan ganti folder HBCD ente dengan hiren yang baru... segitu saja gan
alat dan bahan
file usb_format dan grub4dos disini
file hiren bot cd 9.8 disini yang terbaru juga bole tinggal search aja di google
membuat
insert flashdisk
format flashdisk dengan usb_format seperti gambar berikut
kemudian buka grub4dos ikuti gambar ini
kalo keluar cmd seperti dibawah klik enter
buka folder grub4dos copy kan ke flashdisk ente bro
Dari folder Hiren’s.BootCD.15.2 copy folder “HBCD” dan “autorun.inf” ke flashdisk
penampakan dalam flashdisk nih gan
selanjutnya restart pc ente trus booting dengan flashdisk, silakan mencoba... kalo mo pake hiren versi yang lain silakan ganti folder HBCD ente dengan hiren yang baru... segitu saja gan
Langganan:
Postingan (Atom)