msi semua bisa setting squid3 https caching
DESCRIPTION
Cara Mudah Setting SQUID3TRANSCRIPT
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
1
Buka VirtualBox, Klik New. Ikuti petunjuk gambar dibawah ini :-D
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
2
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
3
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
4
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
5
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
6
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
7
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
8
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
9
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
10
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
11
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
12
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
13
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
14
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
15
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
16
Muncul error, klik Continue saja (karena network adapternya di-matikan tadi). Kita ON nanti setelah
instalasi Ubuntu Servernya selesai :-D
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
17
Isi nama komputernya
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
18
Isi full user name
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
19
Isi user name
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
20
Isi password
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
21
Isikan lagi password yang sama
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
22
Pilih No saja
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
23
Pilih Timezone
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
24
Pilih Partition Method – Guided – use entire disk
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
25
Enter saja
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
26
Yes
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
27
Tekan Enter saja
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
28
Pilih No automatic update
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
29
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
30
Tekan SPASI untuk memilih OpenSSHServer
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
31
Pilih Yes
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
32
Tekan Enter
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
33
Beres. Selesai sudah Install Ubuntu Server. Mudah bukan????.....bukaaaaaaaaaaaaaaan
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
34
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
35
Lanjut mau aktifkan Network Adapter di VirtualBox
Login lalu shutdown Ubuntu Virtual Machine
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
36
Kembali ke VirtualBox, pilih Settings dan centang Enable Network Adapter
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
37
Start kembali Ubuntu Server VirtualBox. Login dan aktifkan network adapter eth0
sudo ifconfig eth0 up
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
38
Cek apakah eth0 sudah UP atau belum. Ketik ifconfig
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
39
Lanjut, isi ip address. Ketik sudo nano /etc/network/interfaces. Isi sesuai ip address di tempatmu
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
40
Tekan tombol Ctrl+O lalu Enter
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
41
Tekan tombol Ctrl+X untuk keluar dari nano editor.
Lanjut dengan test ping ke ip address gateway
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
42
Network is unreachable..hehe…lupa restart dulu service networkingnya. Ketik sudo service networking
restart
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
43
Test ping pasti gagal juga…lupa di adapter virtualbox nya belum connect cable :-D. Poweroff dulu,
kembali ke VirtualBox Settings…Sorry pemirsa…wis tuo…hahaha
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
44
Start lagi bray..wkwkwkw
Test ping ke gateway
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
45
Ping ke www.dokter-squid-indonesia.com
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
46
Ok. Good. Koneksi internet lancar. Lanjut install squid.
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
47
Update Ubuntu Servernya terlebih dahulu
Ketik sudo apt-get update
Sabar menunggu sampai selesai…..
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
48
Kita lanjut pake Aplikasi WinSCP dan Putty (biar mudah copy pastenya)..itukan yang kamu
mau..heuheuheu. Kalau belum ada download dan install
http://winscp.net/download/winscp556setup.exe
http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.63-installer.exe
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
49
Pilih Yes
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
50
Open Putty dengan meng-klik toolbar Putty
Klik Yes
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
51
Masukin password user yang tadi dibuat
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
52
Install SQUID
Copy paste command dibawah ini :
sudo su
sudo apt-get install devscripts -y
sudo apt-get install libcap-*
sudo apt-get install openssl -y
sudo apt-get install ccze -y
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.9.tar.gz
tar xzvf squid-3*
cd squid-3*
./configure --prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc/squid \
--localstatedir=/var \
--libdir=/usr/lib \
--includedir=/usr/include \
--datadir=/usr/share/squid \
--enable-err-languages=English \
--enable-default-err-language=English \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
53
--disable-dependency-tracking \
--enable-storeio=ufs,aufs,diskd \
--enable-removal-policies=lru,heap \
--enable-icap-client \
--disable-wccp \
--disable-wccpv2 \
--enable-follow-x-forwarded-for \
--enable-x-accelerator-vary \
--enable-zph-qos \
--enable-snmp \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-large-files \
--enable-underscores \
--disable-auth \
--enable-async-io \
--with-pthreads \
--disable-ipv6
make && make install
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.asli
sudo chmod a-w /etc/squid/squid.conf.asli
cd
mkdir /cache
chown -R proxy:proxy /cache
chown -R proxy:proxy /var/log/squid
nano etc/squid/squid.conf
EDIT bagian yang saya HIGHLIGHT KUNING(sesuaikan dengan nama folder dan besaran cache
Anda)
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
54
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
55
# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /cache 3000 16 256
# Leave coredumps in the first cache dir
coredump_dir /cache
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
tekan Ctrl+o lalu ENTER untuk menyimpan perubahan
tekan Ctrl+x untuk keluar dari nano editor
lanjut copy paste command dibawah ini
squid -k parse
squid -z
tekan ENTER saja
squid start
Test Manual Proxy di Browser
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
56
Buka salah satu website misalnya detik.com
Tutup dan buka lagi website detik.com, pada Putty ketik command tail -f
/var/log/squid/access.log | ccze
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
57
Selesai untuk caching HTTP :-D ….Mudah bukan????? Bukaaaaaaaaaaaaaaaaaaaaaan….wakwow
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
58
Lanjut ke HTTPS caching
Untuk caching HTTPS kita butuh feature SSL_BUMP , DynamicSslCert. Feature ini harus diaktifkan saat
configure
--enable-ssl --enable-ssl-crtd
Ayo kita configure ulang
sudo su
Tambahkan dulu paket pendukung
apt-get install libssl-* -y
apt-get install libsasl2-dev –y
cd squid-3*
make clean
./configure --prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc/squid \
--localstatedir=/var \
--libdir=/usr/lib \
--includedir=/usr/include \
--datadir=/usr/share/squid \
--enable-err-languages=English \
--enable-default-err-language=English \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--disable-dependency-tracking \
--enable-storeio=ufs,aufs,diskd \
--enable-removal-policies=lru,heap \
--enable-icap-client \
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
59
--disable-wccp \
--disable-wccpv2 \
--enable-follow-x-forwarded-for \
--enable-x-accelerator-vary \
--enable-zph-qos \
--enable-snmp \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-large-files \
--enable-underscores \
--disable-auth \
--enable-async-io \
--with-pthreads \
--disable-ipv6 \
--enable-ssl
--enable-ssl-crtd
make && make install
mkdir -p /etc/squid/ssl_cert
cd /etc/squid/ssl_cert
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
60
mkdir -p /var/squid/ssl_db
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy /var/squid/ssl_db/certs
Edit squid.conf
nano /etc/squid/squid.conf
Tambahkan directive
http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/etc/squid/ssl_cert/myCA.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
61
ssl_bump server-first all
Simpan dengan menekan tombol Ctrl+o dan Enter
Keluar dengan menekan tombol Ctrl+x
Lanjut
squid -k reconfigure
reboot
squid start
Edit manual proxy browser
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
62
Test buka facebook.com
Muncul warning This Connection is Untrusted, browser ga mengenal CA yg ngeluarin certificate palsu
dari SQUID. Maka harus diimport CA certificatenya terlebih dahulu.
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
63
Di Firefox Tools > Options > Advanced > Certificates
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
64
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
65
Close browsernya dan buka lagi facebook.com
Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com
66