Instal lusca r14809 di ubuntu server 12.04

catatan  installl lusca r14809 di ubuntu server 12.04

cache_dir aufs di /usr/var/cache1


*** Install ububuntu 11.10 sudah sempurna

sudo apt-get update
sudo apt-get install squid -y
sudo apt-get install squid squidclient squid-cgi squid-common squid-langpack -y
sudo apt-get install gcc -y
sudo apt-get install build-essential -y
sudo apt-get install sharutils -y
sudo apt-get install ccze -y
sudo apt-get install libzip-dev -y
sudo apt-get install automake1.9 -y
sudo apt-get install acpid
sudo apt-get install multitail -y



atau

$sudo apt-get update
$sudo apt-get install squid squidclient squid-cgi gcc build-essential sharutils ccze libzip-dev automake1.9 acpid multitail

sudo apt-get install squid squidclient squid-cgi gcc build-essential sharutils ccze libzip-dev  automake1.9 acpid multitail -y


*** Install tool monitor

wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
sudo chmod +x squidmon.py

wget http://www.pixelbeat.org/scripts/ps_mem.py
sudo chmod +x ps_mem.py

2. ====================================

*** Instalasi LUSCA

*** Daftar Web LUSCA

http://code.google.com/p/lusca-cache/downloads/list

*** Download file LUSCA dibawah ini

wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz

*** Seteleah selesai ekstrak filenya

tar xzvf LUSCA_HEAD-r14809.tar.gz
cd LUSCA_HEAD-r14809/

***ketik

./bootstrap.sh

Jika menggunakan Ubuntu Server 64/bit, masukkan perintah :

make distclean

3. ======================= compile lusca

CHOST="i686-pc-Linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-Linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536


4.==========================

*** Compile
*** Setelah selesai ketik dibawah ini

sudo make &&
sudo make install

*** Matikan Squid

squid stop

*** Backup original file

sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.backup &&
sudo mv /etc/sysctl.conf /etc/sysctl.conf.backup &&
sudo mv /etc/init.d/squid /etc/init.d/squid.backup

*** Salin File berikut ini, dengan mengetikkan pada putty (blok dan paste lewat putty

cd /etc/squid && wget http://ouziel-lusca.googlecode.com/files/storeurl.pl &&
wget http://ouziel-lusca.googlecode.com/files/squid.conf && wget http://ouziel-lusca.googlecode.com/files/porno.txt &&

cd /etc && wget http://ouziel-lusca.googlecode.com/files/sysctl.conf &&

cd /etc/init.d && wget http://ouziel-lusca.googlecode.com/files/squid &&

cd /usr/local/etc/squid && wget http://ouziel-lusca.googlecode.com/files/refresh.conf &&

cd /usr/share/squid/errors/en && wget http://ouziel-lusca.googlecode.com/files/ERR_ACCESS_DENIED
5.===============

***Buat folder cache

sudo squid start &&
sudo chown proxy:proxy /cache1 /cache2 /cache3 /cache4 &&
sudo chown proxy:proxy /etc/squid/storeurl.pl &&
sudo chown proxy:proxy /var/log/squid/access.log &&
sudo chown proxy:proxy /var/log/squid/cache.log &&
sudo chmod 777 /etc/squid/storeurl.pl &&
sudo chmod 777 /cache1 /cache2 /cache3 /cache4

sudo chmod -R 775 /cache1 /cache2 /cache3

sudo chmod +x /etc/init.d/squid
sudo chmod +x /etc/init.d/squid


Memberikan permission pada folder cache

# chown -R proxy.proxy /squid-1
# chown -R proxy.proxy /squid-2
# chown -R proxy.proxy /squid-3
# chmod 755 /etc/squid/storeurl-ubuntu.pl
# chmod 755 /etc/squid/tunning-ubuntu.conf
# chown -R proxy.proxy /etc/squid/storeurl-ubuntu.pl
# chown -R proxy.proxy /etc/squid/tunning-ubuntu.conf


# Memberikan permission pada folder cache

squid tidak jalan..

# apt-get install havp squid squid-common squid-cgi squidclient


chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl


*** Buka file squid.conf pada Directory /etc/squid/ edit dan sesuaikan bagian ini :
cache_dir aufs /cache 7000 16 256 (sesuai dengan ukuran dan partisi cache anda)
acl localnet src 192.168.2.0/24 (sesuaikan dengan IP warnet anda)

ls -all /cache1

*** cek konfigurasi squid
squid -z
sudo squid -k parse
squid -k reconfigure

##cek squid.conf


monitoring proxy :
tail -f /var/squid/log/access.log


untuk melihat koneksi client di proxy dan informasinya:
# squidclient -h ip.ub.un.tu -p 3128 mgr:info

misalnya
# squidclient -h 192.168.168.1 -p 3128 mgr:info
# squidclient mgr:info





Restart Mesin ubuntu adalah :
sudo shutdown -r now 
sudo reboot

ps ax | grep squid

*** Jika tidak ada erorr lanjut
squid -f /etc/squid/squid.conf -z
squid -f /etc/squid/squid.conf -z
tail -f /var/log/squid/access.log
tail -f /var/log/squid/access.log | ccze


squid -z
squid -d 8

squid -k rotate




squid -N -d 1 -D
squid -NCd1

*** restart squid

sudo squid restart
/etc/init.d/squid restart


*** set aktif saat boot

sudo update-rc.d squid defaults

*** Reboot Ubuntu


tail -f /var/log/messages

dns_nameservers 192.168.100.2 ini ipnya dns server lokal?kl iya diganti aj
dns_nameservers 127.0.0.1, definisikan di /etc/resolv.conf nameservernya dan search-nya

http://blog.last.fm/2007/08/30/squid-optimization-guide

squidclient mgr:info
sudo ./ps_mem.py
ps aux | grep squid


acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/24
acl localnet src 192.168.100.0/24

buat squid caching
/usr/sbin/squid -z

    Running test your squid performance. *type this command in your teminal

        /usr/sbin/squid -NCd1




OPTIMALKAN partisi btrfs nya :

# lsmod |grep -i btrfs

# nano /etc/fstab

/cache btrfs noatime,compress,noacl 0 2

OPTIMALKAN juga kernelnya :

default FD 1024
cek di console

# ulimit -n

cara merubah :
# ulimit -HSn 65536

# echo “root soft nofile 65536? >> /etc/security/limits.conf
# echo “root hard nofile 65536? >> /etc/security/limits.conf

# nano /etc/pam.d/common-session

session required pam_limits.so

# modprobe ip_conntrack

kemudian tambahkan ip_contrack di /etc/modules

# nano /etc/modules

Tambahkan kalimat berikut :

ip_conntrack

DNS Unbound High Performance

apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*

sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)

# nano

server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0

outgoing-range: 512
num-queries-per-thread: 1024

msg-cache-size: 16m
rrset-cache-size: 32m

msg-cache-slabs: 4
rrset-cache-slabs: 4

cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120

infra-cache-numhosts: 10000
infra-cache-lame-size: 10k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse

chroot: “/etc/unbound”
username: “unbound”
directory: “/etc/unbound”
#logfile: “/etc/unbound/unbound.log”
#use-syslog: yes
logfile: “”
use-syslog: no
pidfile: “/etc/unbound/unbound.pid”
root-hints: “/etc/unbound/named.cache”

identity: “DNS”
version: “1.4?
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: “iterator”

#zone localhost
local-zone: “localhost.” static
local-data: “localhost. 10800 IN NS localhost.”
local-data: “localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800?
local-data: “localhost. 10800 IN A 127.0.0.1?

local-zone: “127.in-addr.arpa.” static
local-data: “127.in-addr.arpa. 10800 IN NS localhost.”
local-data: “127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800?
local-data: “1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.”

#zone zoky.net
local-zone: “zoky.net.” static
local-data: “zoky.net. 86400 IN NS ns1.zoky.net.”
local-data: “zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604800 86400?
local-data: “zoky.net. 86400 IN A 192.168.2.2?
local-data: “www.zoky.net. 86400 IN A 192.168.2.2?
local-data: “ns1.zoky.net. 86400 IN A 192.168.2.2?

local-data: “mail.zoky.net. 86400 IN A 192.168.2.2?
local-data: “zoky.net. 86400 IN MX 10 mail.zoky.net.”
local-data: “zoky.net. 86400 IN TXT v=spf1 a mx ~all”

local-zone: “2.168.192.in-addr.arpa.” static
local-data: “2.168.192.in-addr.arpa. 10800 IN NS zoky.net.”
local-data: “2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000?
local-data: “2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net.”

forward-zone:
name: “.”
forward-addr: 192.168.2.1
forward-addr: 116.254.99.254
forward-addr: 202.134.0.155
forward-addr: 203.130.196.5
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: “/etc/unbound/unbound_server.key”
server-cert-file: “/etc/unbound/unbound_server.pem”
control-key-file: “/etc/unbound/unbound_control.key”
control-cert-file: “/etc/unbound/unbound_control.pem”

lalu save di /etc/unbound/unbound.conf

forward-zone: sesuaikan dengan DNS ISP anda

cek configure unbound :

# unbound-checkconf /etc/unbound/unbound.conf

edit file di /etc/resolv.conf :

# nano /etc/resolv.conf

nameserver 127.0.0.1

edit file /etc/network/interfaces

# nano /etc/network/interfaces

iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1

untuk cek apakah d jalan :

# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53

2.2.168.192.in-addr.arpa name = zoky.net

# nslookup zoky.net
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: Q.net
Address: 192.168.2.2

Untuk monitor :

# unbound-control stats

# sudo unbound-control stats | tail -16

# sudo apt-get update
# sudo apt-get install squid

# nano /etc/default/squid

SQUID_MAXFD=8192

# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc

# grep -E “#define\W+__FD_SETSIZE” /usr/include/*.h /usr/include/*/*.h

# nano /usr/include/linux/posix_types.h

#define __FD_SETSIZE 65536

# nano /usr/include/bits/typesizes.h

#define __FD_SETSIZE 65536

# nano /etc/pam.d/login

Session required /lib/security/pam_limits.so

# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9

3.Download Lusca

download lusca r14809 lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz

download lusca FMI lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_FMI.tar.gz

lalu ekstrak :masuk ke foldernya :
jika memakai lusca r14809 :

# tar xzvf LUSCA_HEAD-r14809.tar.gz

jika memakai lusca FMI :

# tar tar xzvf LUSCA_FMI.tar.gz

jika menggunakan lusca r14809 :
copy file imr.diff ke /home/proxyku dengan menggunakan winscp..
winscp bisa didownload di : 4shared.com /file/KlAfa3dQ/winscp428.html

kemudian copy dengan menggunakan putty…
putty bisa didownload di : 4shared.com /file/16tJyvlq/putty.html

# sudo cp /home/proxyku/imr.diff /home/proxyku/LUSCA_HEAD-r14809

masuk ke foldernya :
jika menggunakan lusca r14809 :

# cd LUSCA_HEAD-r14809/

@ patch dulo revalidate dgn cara : patch -p0 < imr.diff

jika menggunakan lusca FMI :

# cd LUSCA_FMI/

jika menggunakan lusca FMI di unbuntu 64 sebelum compile lakukan perintah ini didalam folder lusca FMI :

# make distclean

ok..!! sekarang dimulai tahap compile nya :

cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai

Link untuk mengetahui CHOST dan CFLAGS ;
# untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
# untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
sebagai contoh saya menggunakan amd x2 7750 BE :

CHOST=”x86_64-pc-linux-gnu” \
CFLAGS=”-march=amdfam10 -msse3 -O2 -pipe” \
./configure –prefix=/usr –exec_prefix=/usr –bindir=/usr/sbin –sbindir=/usr/sbin –libexecdir=/usr/lib/squid –sysconfdir=/etc/squid \
–localstatedir=/var/spool/squid –datadir=/usr/share/squid –enable-async-io=24 –with-aufs-threads=24 –with-pthreads –enable-storeio=aufs \
–enable-linux-netfilter –enable-arp-acl –enable-epoll –enable-removal-policies=heap –with-aio –with-dl –enable-snmp \
–enable-delay-pools –enable-htcp –enable-cache-digests –disable-unlinkd –enable-large-cache-files –with-large-files \
–enable-err-languages=English –enable-default-err-language=English –with-maxfd=65536

selanjutnya, ketik perintah berikut di terminal ubuntu :

# make
# sudo make install

Edit squid.conf

agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10
#copy file squid yg di download tadi ke /etc/init.d/

# sudo cp /home/proxyku/squid /etc/init.d/

jgn lupa di :
#sudo chmod +x /etc/init.d/squid

# stop dulu squidnya :
sudo /etc/init.d/squid stop

#copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid —-> edit sesuai network juragan

sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid

4. Langkah selanjutnya

# Memberikan permission pada folder cache

chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl

# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :

squid -f /etc/squid/squid.conf -z

# Restart squid
sudo /etc/init.d/squid restart

# nano /etc/sysctl.conf

fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 16777216

net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

setelah di save, baru di sysctl -p

catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja

Reboot CPU nya…

tambahan :

Menghitung memory yang sedang digunakan oleh aplikasi di Linux :

# wget http://www.pixelbeat.org/scripts/ps_mem.py

# chmod +x ps_mem.py

# ./ps_mem.py

Install Squidmon :

# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py

untuk monitor squid :

# cat /var/log/squid/access.log | ./squidmon.py

# cat /var/log/squid/access.log | python squidmon.py

MEMBUAT SQUIDSTATS

1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e ‘install Config::IniFiles’
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :

snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all

9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi

Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80

Untuk memonitor SQUID :

sudo /etc/init.d/squid stop

sudo /etc/init.d/squid restart

/etc/init.d/unbound restart

unbound-control stats

sudo unbound-control stats | tail -16

squidclient mgr:info

squidclient mgr:client_list

tail -f /var/log/squid/access.log

tail -f /var/log/squid/cache.log

tail -n 80 /var/log/squid/cache.log

squidclient mgr:storedir

cat /var/log/squid/access.log | ./squidmon.py

cat /var/log/squid/access.log | python squidmon.py

http://192.168.2.2/squidstats/graph-summary.cgi

./ps_mem.py