Paket yang Dibutuhkan :
untuk lusca r14809 : http://untuk-kita-semua.googlecode.com/files/SQUID%202%20LUSCA.zip
Untuk lusca FMI : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip
Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/…rver-amd64.iso
Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB
1. Partisi HDD
Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache
2. Install Paket
OPTIMALKAN partisi btrfs nya :
# lsmod |grep -i btrfs
# nano /etc/fstab
/cache btrfs noatime,compress,noacl 0 2
OPTIMALKAN juga kernelnya :
default FD 1024
cek di console
# ulimit -n
cara merubah :
# ulimit -HSn 65536
# echo “root soft nofile 65536″ >> /etc/security/limits.conf
# echo “root hard nofile 65536″ >> /etc/security/limits.conf
# nano /etc/pam.d/common-session
session required pam_limits.so
# modprobe ip_conntrack
kemudian tambahkan ip_contrack di /etc/modules
# nano /etc/modules
Tambahkan kalimat berikut :
ip_conntrack
DNS Unbound High Performance
apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*
sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)
# nano
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 16m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse
chroot: “/etc/unbound”
username: “unbound”
directory: “/etc/unbound”
#logfile: “/etc/unbound/unbound.log”
#use-syslog: yes
logfile: “”
use-syslog: no
pidfile: “/etc/unbound/unbound.pid”
root-hints: “/etc/unbound/named.cache”
identity: “DNS”
version: “1.4″
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: “iterator”
#zone localhost
local-zone: “localhost.” static
local-data: “localhost. 10800 IN NS localhost.”
local-data: “localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800″
local-data: “localhost. 10800 IN A 127.0.0.1″
local-zone: “127.in-addr.arpa.” static
local-data: “127.in-addr.arpa. 10800 IN NS localhost.”
local-data: “127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800″
local-data: “1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.”
#zone zoky.net
local-zone: “zoky.net.” static
local-data: “zoky.net. 86400 IN NS ns1.zoky.net.”
local-data: “zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604800 86400″
local-data: “zoky.net. 86400 IN A 192.168.2.2″
local-data: “www.zoky.net. 86400 IN A 192.168.2.2″
local-data: “ns1.zoky.net. 86400 IN A 192.168.2.2″
local-data: “mail.zoky.net. 86400 IN A 192.168.2.2″
local-data: “zoky.net. 86400 IN MX 10 mail.zoky.net.”
local-data: “zoky.net. 86400 IN TXT v=spf1 a mx ~all”
local-zone: “2.168.192.in-addr.arpa.” static
local-data: “2.168.192.in-addr.arpa. 10800 IN NS zoky.net.”
local-data: “2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000″
local-data: “2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net.”
forward-zone:
name: “.”
forward-addr: 192.168.2.1
forward-addr: 116.254.99.254
forward-addr: 202.134.0.155
forward-addr: 203.130.196.5
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: “/etc/unbound/unbound_server.key”
server-cert-file: “/etc/unbound/unbound_server.pem”
control-key-file: “/etc/unbound/unbound_control.key”
control-cert-file: “/etc/unbound/unbound_control.pem”
lalu save di /etc/unbound/unbound.conf
forward-zone: sesuaikan dengan DNS ISP anda
cek configure unbound :
# unbound-checkconf /etc/unbound/unbound.conf
edit file di /etc/resolv.conf :
# nano /etc/resolv.conf
nameserver 127.0.0.1
edit file /etc/network/interfaces
# nano /etc/network/interfaces
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
untuk cek apakah d jalan :
# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53
2.2.168.192.in-addr.arpa name = zoky.net
# nslookup zoky.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: Q.net
Address: 192.168.2.2
Untuk monitor :
# unbound-control stats
# sudo unbound-control stats | tail -16
# sudo apt-get update
# sudo apt-get install squid
# nano /etc/default/squid
SQUID_MAXFD=8192
# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc
# grep -E “#define\W+__FD_SETSIZE” /usr/include/*.h /usr/include/*/*.h
# nano /usr/include/linux/posix_types.h
#define __FD_SETSIZE 65536
# nano /usr/include/bits/typesizes.h
#define __FD_SETSIZE 65536
# nano /etc/pam.d/login
Session required /lib/security/pam_limits.so
# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9
3.Download Lusca
download lusca r14809 lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
download lusca FMI lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_FMI.tar.gz
lalu ekstrak :masuk ke foldernya :
jika memakai lusca r14809 :
# tar xzvf LUSCA_HEAD-r14809.tar.gz
jika memakai lusca FMI :
# tar tar xzvf LUSCA_FMI.tar.gz
jika menggunakan lusca r14809 :
copy file imr.diff ke /home/proxyku dengan menggunakan winscp..
winscp bisa didownload di : 4shared.com /file/KlAfa3dQ/winscp428.html
kemudian copy dengan menggunakan putty…
putty bisa didownload di : 4shared.com /file/16tJyvlq/putty.html
# sudo cp /home/proxyku/imr.diff /home/proxyku/LUSCA_HEAD-r14809
masuk ke foldernya :
jika menggunakan lusca r14809 :
# cd LUSCA_HEAD-r14809/
@ patch dulo revalidate dgn cara : patch -p0 < imr.diff
jika menggunakan lusca FMI :
# cd LUSCA_FMI/
jika menggunakan lusca FMI di unbuntu 64 sebelum compile lakukan perintah ini didalam folder lusca FMI :
# make distclean
ok..!! sekarang dimulai tahap compile nya :
cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai
Link untuk mengetahui CHOST dan CFLAGS ;
# untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
# untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
sebagai contoh saya menggunakan amd x2 7750 BE :
CHOST=”x86_64-pc-linux-gnu” \
CFLAGS=”-march=amdfam10 -msse3 -O2 -pipe” \
./configure –prefix=/usr –exec_prefix=/usr –bindir=/usr/sbin –sbindir=/usr/sbin –libexecdir=/usr/lib/squid –sysconfdir=/etc/squid \
–localstatedir=/var/spool/squid –datadir=/usr/share/squid –enable-async-io=24 –with-aufs-threads=24 –with-pthreads –enable-storeio=aufs \
–enable-linux-netfilter –enable-arp-acl –enable-epoll –enable-removal-policies=heap –with-aio –with-dl –enable-snmp \
–enable-delay-pools –enable-htcp –enable-cache-digests –disable-unlinkd –enable-large-cache-files –with-large-files \
–enable-err-languages=English –enable-default-err-language=English –with-maxfd=65536
selanjutnya, ketik perintah berikut di terminal ubuntu :
# make
# sudo make install
Edit squid.conf
agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10
#copy file squid yg di download tadi ke /etc/init.d/
# sudo cp /home/proxyku/squid /etc/init.d/
jgn lupa di :
#sudo chmod +x /etc/init.d/squid
# stop dulu squidnya :
sudo /etc/init.d/squid stop
#copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid —-> edit sesuai network juragan
sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid
4. Langkah selanjutnya
# Memberikan permission pada folder cache
chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :
squid -f /etc/squid/squid.conf -z
# Restart squid
sudo /etc/init.d/squid restart
# nano /etc/sysctl.conf
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 16777216
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
setelah di save, baru di sysctl -p
catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja
Reboot CPU nya…
tambahan :
Menghitung memory yang sedang digunakan oleh aplikasi di Linux :
# wget http://www.pixelbeat.org/scripts/ps_mem.py
# chmod +x ps_mem.py
# ./ps_mem.py
Install Squidmon :
# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py
untuk monitor squid :
# cat /var/log/squid/access.log | ./squidmon.py
# cat /var/log/squid/access.log | python squidmon.py
MEMBUAT SQUIDSTATS
1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e ‘install Config::IniFiles’
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi
Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80
Untuk memonitor SQUID :
sudo /etc/init.d/squid stop
sudo /etc/init.d/squid restart
/etc/init.d/unbound restart
unbound-control stats
sudo unbound-control stats | tail -16
squidclient mgr:info
squidclient mgr:client_list
tail -f /var/log/squid/access.log
tail -f /var/log/squid/cache.log
tail -n 80 /var/log/squid/cache.log
squidclient mgr:storedir
cat /var/log/squid/access.log | ./squidmon.py
cat /var/log/squid/access.log | python squidmon.py
http://192.168.2.2/squidstats/graph-summary.cgi
./ps_mem.py
credit to teukurizal
http://forummikrotik.com
This entry was posted in Uncategorized. Bookmark the permalink.
Home »
» UBUNTU 10.10 64 BIT + LUSCA_HEAD + DNS UNBOUND
UBUNTU 10.10 64 BIT + LUSCA_HEAD + DNS UNBOUND
Posted by eka
Posted on 14:47