Nikmatilah Ilmu dan Hargai

route

Install Squid Debian Lenny

with one comment

Persiapan:
1. Tidak ada persiapan.
2. Koneksi keinternet dari kantor/noc.
3. sms/call jika bw kurang.

1. Update source, packet dan system jika perlu.
gmt:~# cp -f /usr/share/doc/apt/examples/sources.list /etc/apt/sources.list
gmt:~# cat /etc/apt/sources.list
# See sources.list(5) for more information, especialy
# Remember that you can only use http, ftp or file URIs
# CDROMs are managed through the apt-cdrom tool.
deb http://http.us.debian.org/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free

# Uncomment if you want the apt-get source function to work
#deb-src http://http.us.debian.org/debian stable main contrib non-free
#deb-src http://security.debian.org stable/updates main contrib non-free

2. Synchronize package index files
gmt:~# apt-get update
Get:1 http://security.debian.org stable/updates Release.gpg [197B]
Ign http://security.debian.org stable/updates/main Translation-en_US
Ign http://security.debian.org stable/updates/contrib Translation-en_US
Ign http://security.debian.org stable/updates/non-free Translation-en_US
Get:2 http://security.debian.org stable/updates Release [40.8kB]
Get:3 http://http.us.debian.org stable Release.gpg [386B]
Ign http://http.us.debian.org stable/main Translation-en_US
Ign http://http.us.debian.org stable/contrib Translation-en_US
Ign http://http.us.debian.org stable/non-free Translation-en_US
Get:4 http://http.us.debian.org stable Release [63.2kB]
Get:5 http://security.debian.org stable/updates/main Packages [49.2kB]
Get:6 http://http.us.debian.org stable/main Packages [6909kB]
Get:7 http://security.debian.org stable/updates/contrib Packages [20B]
Get:8 http://security.debian.org stable/updates/non-free Packages [20B]
Get:9 http://http.us.debian.org stable/contrib Packages [92.6kB]
Get:10 http://http.us.debian.org stable/non-free Packages [123kB]
Fetched 7278kB in 29s (243kB/s)
Reading package lists... Done
gmt:~#

# hanya beberapa detik jika anda juragan bandwidth >.<

3. Upgrade default packages yang terinstall minimal.
gmt:~# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
*** dipotong karena memakan space ***
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]? y
*** dipotong karena memakan space ***
gmt:~#

3.a Install Squid (depedensi akan automatic terinstall)
gmt:~# apt-get install squid
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libldap-2.4-2 squid-common
Suggested packages:
squidclient squid-cgi logcheck-database resolvconf smbclient winbind
The following NEW packages will be installed:
libldap-2.4-2 squid squid-common
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1376kB of archives.
After this operation, 7197kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://http.us.debian.org stable/main libldap-2.4-2 2.4.11-1 [188kB]
Get:2 http://http.us.debian.org stable/main squid-common 2.7.STABLE3-4.1 [497kB]
Get:3 http://http.us.debian.org stable/main squid 2.7.STABLE3-4.1 [691kB]
Fetched 1376kB in 20s (66.8kB/s)
Preconfiguring packages ...
Selecting previously deselected package libldap-2.4-2.
(Reading database ... 12437 files and directories currently installed.)
Unpacking libldap-2.4-2 (from .../libldap-2.4-2_2.4.11-1_i386.deb) ...
Selecting previously deselected package squid-common.
Unpacking squid-common (from .../squid-common_2.7.STABLE3-4.1_all.deb) ...
Selecting previously deselected package squid.
Unpacking squid (from .../squid_2.7.STABLE3-4.1_i386.deb) ...
Processing triggers for man-db ...
Setting up libldap-2.4-2 (2.4.11-1) ...
Setting up squid-common (2.7.STABLE3-4.1) ...
Setting up squid (2.7.STABLE3-4.1) ...
Creating squid spool directory structure
2009/03/10 13:36:12| Creating Swap Directories
Restarting Squid HTTP proxy: squid.
gmt:~#

# shutdown terlebih dahulu squid daeomon untuk configurasi.
gmt:~# /etc/init.d/squid stop
Stopping Squid HTTP proxy: squid.
gmt:~#

3.b Configurasi SQUID (sesuaikan dengan kebutuhan)
gmt:~# cd /etc/squid/
gmt:/etc/squid# ls -al
total 171
drwxr-xr-x 2 root root 80 2009-03-10 13:36 .
drwxr-xr-x 47 root root 2952 2009-03-10 13:36 ..
-rw------- 1 root root 168949 2009-03-10 13:36 squid.conf

# backup jika terjadi kesalahan tidak terlalu pusing (tinggal diff)
gmt:/etc/squid# cp squid.conf squid.conf-bak

################## START FILE: /etc/squid/squid.conf ##################
# WELCOME TO SQUID 2.7.STABLE3
# —————————-
# configure by: agusr [at] gmedia.co.id

# NETWORK OPTIONS
# —————————————————————————–
# TAG: http_port
http_port 3128 transparent

# TAG: icp_port
#Default:
# icp_port 3130

# TAG: htcp_port
#Default:
# htcp_port 0

# TAG: mcast_groups
#Default:
# none

# TAG: udp_incoming_address
# TAG: udp_outgoing_address
#Default:
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# —————————————————————————–
#Default:
# none

# TAG: cache_peer_domain
#Default:
# none

# TAG: neighbor_type_domain
#Default:
# none

# TAG: icp_query_timeout (msec)
#Default:
# icp_query_timeout 0

# TAG: maximum_icp_query_timeout (msec)
#Default:
# maximum_icp_query_timeout 2000

# TAG: mcast_icp_query_timeout (msec)
#Default:
# mcast_icp_query_timeout 2000

# TAG: dead_peer_timeout (seconds)
#Default:
# dead_peer_timeout 10 seconds

# TAG: hierarchy_stoplist
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# TAG: cache
# Default is to allow all to be cached
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

# TAG: cache_vary
#Default:
# cache_vary on

# TAG: broken_vary_encoding
# Apache mod_gzip and mod_deflate known to be broken so don’t trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# OPTIONS WHICH AFFECT THE CACHE SIZE
# —————————————————————————–
# TAG: cache_mem (bytes)
#Default:
# cache_mem 8 MB

# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
#Default:
# cache_swap_low 90
# cache_swap_high 95

# TAG: maximum_object_size (bytes)
#Default:
# maximum_object_size 4096 KB

# TAG: minimum_object_size (bytes)
#Default:
# minimum_object_size 0 KB

# TAG: maximum_object_size_in_memory (bytes)
#Default:
# maximum_object_size_in_memory 8 KB

# TAG: ipcache_size (number of entries)
# TAG: ipcache_low (percent)
# TAG: ipcache_high (percent)
#Default:
# ipcache_size 1024
ipcache_low 85
ipcache_high 90

# TAG: fqdncache_size (number of entries)
#Default:
# fqdncache_size 1024

# TAG: cache_replacement_policy
#Default:
# cache_replacement_policy lru
cache_replacement_policy heap LFUDA

# TAG: memory_replacement_policy
#Default:
# memory_replacement_policy lru
memory_replacement_policy heap GDSF

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# —————————————————————————–

# TAG: cache_dir
#Default:
# cache_dir ufs /var/spool/squid 100 16 256
#cache_dir diskd /cache/01 36000 16 256 Q1=72 Q2=64
#cache_dir diskd /cache/02 36000 16 256 Q1=72 Q2=64
cache_dir ufs /cache/01 1000 16 256
#cache_dir ufs /cache/02 1000 16 256

# TAG: access_log
# To log the request via syslog specify a filepath of “syslog”
access_log /var/log/squid/access.log squid

# TAG: cache_log
#Default:
# cache_log /var/log/squid/cache.log

# TAG: cache_store_log
#Default:
# cache_store_log /var/log/squid/store.log
cache_store_log none

# TAG: cache_swap_log
#Default:
# none

# TAG: emulate_httpd_log on|off
#Default:
# emulate_httpd_log off

# TAG: log_ip_on_direct on|off
#Default:
# log_ip_on_direct on

# TAG: mime_table
#Default:
# mime_table /usr/share/squid/mime.conf

# TAG: log_mime_hdrs on|off
#Default:
# log_mime_hdrs off

# TAG: useragent_log
#Default:
# none

# TAG: referer_log
#Default:
# none

# TAG: pid_filename
#Default:
# pid_filename /var/run/squid.pid

# TAG: debug_options
#Default:
# debug_options ALL,1

# TAG: log_fqdn on|off
#Default:
# log_fqdn off

# TAG: client_netmask
#Default:
# client_netmask 255.255.255.255

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# —————————————————————————–

# TAG: ftp_user
#Default:
# ftp_user Squid@

# TAG: ftp_list_width
#Default:
# ftp_list_width 32

# TAG: ftp_passive
#Default:
# ftp_passive on

# TAG: ftp_sanitycheck
#Default:
# ftp_sanitycheck on

# TAG: ftp_telnet_protocol
#Default:
# ftp_telnet_protocol on

# TAG: check_hostnames
#Default:
# check_hostnames on

# TAG: allow_underscore
#Default:
# allow_underscore on

# TAG: cache_dns_program
#Default:
# cache_dns_program /usr/lib/squid/dnsserver

# TAG: dns_children
#Default:
# dns_children 5

# TAG: dns_retransmit_interval
#Default:
# dns_retransmit_interval 5 seconds

# TAG: dns_timeout
#Default:
# dns_timeout 2 minutes

# TAG: dns_defnames on|off
#Default:
# dns_defnames off

# TAG: dns_nameservers
#Default:
# none

# TAG: hosts_file
#Default:
# hosts_file /etc/hosts
#
hosts_file /etc/hosts

# TAG: diskd_program
#Default:
# diskd_program /usr/lib/squid/diskd-daemon

# TAG: unlinkd_program
#Default:
# unlinkd_program /usr/lib/squid/unlinkd

# TAG: pinger_program
#Default:
# pinger_program /usr/lib/squid/pinger

# TAG: url_rewrite_program
#Default:
# none

# TAG: url_rewrite_children
#Default:
# url_rewrite_children 5

# TAG: url_rewrite_concurrency
#Default:
# url_rewrite_concurrency 0

# TAG: url_rewrite_host_header
#Default:
# url_rewrite_host_header on

# TAG: url_rewrite_access
#Default:
# none

# TAG: location_rewrite_program
#Default:
# none

# TAG: location_rewrite_children
#Default:
# location_rewrite_children 5

# TAG: location_rewrite_concurrency
#Default:
# location_rewrite_concurrency 0

# TAG: location_rewrite_access
#Default:
# none

# TAG: auth_param

# TAG: authenticate_cache_garbage_interval
#Default:
# authenticate_cache_garbage_interval 1 hour

# TAG: authenticate_ttl
#Default:
# authenticate_ttl 1 hour

# TAG: authenticate_ip_ttl
#Default:
# authenticate_ip_ttl 0 seconds

# TAG: external_acl_type
#Default:
# none

# OPTIONS FOR TUNING THE CACHE
# —————————————————————————–

# TAG: wais_relay_host
#Default:
# wais_relay_port 0

# TAG: request_header_max_size (KB)
#Default:
# request_header_max_size 20 KB

# TAG: request_body_max_size (KB)
#Default:
# request_body_max_size 0 KB

# TAG: refresh_pattern
#Suggested default:
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
#refresh_pattern . 0 20% 4320

## agus tuned extentions (To make them case-insensitive, use the -i option.)
refresh_pattern -i \.(gif|jpg|jpeg|png|bmp|swf)$ 180 35% 10080 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(xbm|xpm|tiff|pdf)$ 180 60% 20160 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(au|snd|wav|ra|mid|ad)$ 180 60% 20160 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(zip|exe|bin|rar|gz)$ 180 60% 20160 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(avi|asf|qtm|viv|mpq|mpg|mpeg|3gp|psf|dat|flv)$ 180 60% 20160 override-expire override-lastmod reload-into-ims ignore-reload
#============================================================$
# Refresh Rate
#Youtube
refresh_pattern ^http://(.*?)/get_video\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?)/videodownload\? 10080 90% 999999 override-expire ignore-no-cache ignore-private

# Global Vars
refresh_pattern ^ftp:// 1440 20% 10080
refresh_pattern ^gopher:// 1440 0% 1440
refresh_pattern /cgi-bin/ 60 0% 120
refresh_pattern . 0 10% 1440

# TAG: quick_abort_min (KB)
# TAG: quick_abort_max (KB)
# TAG: quick_abort_pct (percent)
#Default:
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98

# TAG: read_ahead_gap buffer-size
#Default:
# read_ahead_gap 16 KB

# TAG: negative_ttl time-units
#Default:
# negative_ttl 5 minutes

# TAG: positive_dns_ttl time-units
#Default:
# positive_dns_ttl 6 hours

# TAG: negative_dns_ttl time-units
#Default:
# negative_dns_ttl 1 minute

# TAG: range_offset_limit (bytes)
#Default:
# range_offset_limit 0 KB

# TAG: collapsed_forwarding (on|off)
#Default:
# collapsed_forwarding off

# TAG: refresh_stale_hit (time)
#Default:
# refresh_stale_hit 0 seconds

# TIMEOUTS
# —————————————————————————–

# TAG: forward_timeout time-units
#Default:
# forward_timeout 4 minutes

# TAG: connect_timeout time-units
#Default:
# connect_timeout 1 minute

# TAG: peer_connect_timeout time-units
#Default:
# peer_connect_timeout 30 seconds

# TAG: read_timeout time-units
#Default:
# read_timeout 15 minutes

# TAG: request_timeout
#Default:
# request_timeout 5 minutes

# TAG: persistent_request_timeout
#Default:
# persistent_request_timeout 1 minute

# TAG: client_lifetime time-units
#Default:
# client_lifetime 1 day

# TAG: half_closed_clients
#Default:
# half_closed_clients on

# TAG: pconn_timeout
#Default:
# pconn_timeout 120 seconds

# TAG: ident_timeout
#Default:
# ident_timeout 10 seconds

# TAG: shutdown_lifetime time-units
#Default:
# shutdown_lifetime 30 seconds
shutdown_lifetime 15 seconds

# ACCESS CONTROLS
# —————————————————————————–

# TAG: acl
#Examples:
#acl macaddress arp 09:00:2b:23:45:67
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl int_addr0 src 192.168.0.0/255.255.255.0
acl int_addr0 src 192.168.1.0/255.255.255.0
acl int_addr0 src 192.168.2.0/255.255.255.0

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

# TAG: follow_x_forwarded_for
#Default:
# follow_x_forwarded_for deny all

# TAG: acl_uses_indirect_client on|off
#Default:
# acl_uses_indirect_client on

# TAG: delay_pool_uses_indirect_client on|off
#Default:
# delay_pool_uses_indirect_client on

# TAG: log_uses_indirect_client on|off
#Default:
# log_uses_indirect_client on

# TAG: http_access
#Default:
# http_access deny all
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

http_access allow int_addr0

http_access deny all

# TAG: http_access2
#Default:
# none

# TAG: http_reply_access
#Default:
# http_reply_access allow all
http_reply_access allow all

# TAG: icp_access
#Default:
# icp_access deny all
#
#Allow ICP queries from everyone
icp_access allow all

# TAG: htcp_access
#Default:
# htcp_access deny all

# TAG: htcp_clr_access
#Default:
# htcp_clr_access deny all

# TAG: miss_access
#Default setting:
# miss_access allow all

# TAG: cache_peer_access
#Default:
# none

# TAG: ident_lookup_access
#Default:
# ident_lookup_access deny all

# TAG: tcp_outgoing_tos
#Default:
# none

# TAG: tcp_outgoing_address
#Default:
# none

# TAG: reply_header_max_size (KB)
#Default:
# reply_header_max_size 20 KB

# TAG: reply_body_max_size bytes allow|deny acl acl…
#Default:
# reply_body_max_size 0 allow all

# TAG: log_access allow|deny acl acl…
#Default:
# none

# ADMINISTRATIVE PARAMETERS
# —————————————————————————–

# TAG: cache_mgr
#Default:
cache_mgr admin

# TAG: mail_from
#Default:
# none

# TAG: mail_program
#Default:
# mail_program mail

# TAG: cache_effective_user
#Default:
# cache_effective_user proxy

# TAG: cache_effective_group
# If you want Squid to run with a specific GID regardless of
# the group memberships of the effective user then set this
# to the group (or GID) you want Squid to run as. When set
# all other group privileges of the effective user is ignored
# and only this GID is effective. If Squid is not started as
# root the user starting Squid must be member of the specified
# group.
cache_effective_group proxy

# TAG: httpd_suppress_version_string on|off
#Default:
# httpd_suppress_version_string off

# TAG: visible_hostname
#Default:
# none
visible_hostname localhost

# TAG: unique_hostname
#Default:
# none

# TAG: hostname_aliases
#Default:
# none

# TAG: umask
#Default:
# umask 027

# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# —————————————————————————–
# TAG: announce_period
#Default:
# announce_period 0
#
#To enable announcing your cache, just uncomment the line below.
#announce_period 1 day

# TAG: announce_host
# TAG: announce_file
# TAG: announce_port
#Default:
# announce_host tracker.ircache.net
# announce_port 3131

# HTTPD-ACCELERATOR OPTIONS
# —————————————————————————–

# TAG: httpd_accel_no_pmtu_disc on|off
#Default:
# httpd_accel_no_pmtu_disc off

# MISCELLANEOUS
# —————————————————————————–

# TAG: dns_testnames
#Default:
# dns_testnames netscape.com internic.net nlanr.net microsoft.com

# TAG: logfile_rotate
#Default:
# logfile_rotate 0
logfile_rotate 10

# TAG: append_domain
#Default:
# none

# TAG: tcp_recv_bufsize (bytes)
#Default:
# tcp_recv_bufsize 0 bytes

# TAG: error_map
#Default:
# none

# TAG: err_html_text
#Default:
# none

# TAG: deny_info
#Default:
# none

# TAG: memory_pools on|off
#Default:
# memory_pools on
memory_pools off

# TAG: memory_pools_limit (bytes)
#Default:
# memory_pools_limit 5 MB

# TAG: via on|off
#Default:
# via on

# TAG: forwarded_for on|off
#Default:
# forwarded_for on
forwarded_for off

# TAG: log_icp_queries on|off
#Default:
# log_icp_queries on
log_icp_queries off

# TAG: icp_hit_stale on|off
#Default:
# icp_hit_stale off

# TAG: minimum_direct_hops
#Default:
# minimum_direct_hops 4

# TAG: minimum_direct_rtt
#Default:
# minimum_direct_rtt 400

# TAG: cachemgr_passwd
#Example:
# cachemgr_passwd secret shutdown
# cachemgr_passwd lesssssssecret info stats/objects
# cachemgr_passwd disable all
#
#Default:
# none
cachemgr_passwd MataMu all

# TAG: store_avg_object_size (kbytes)
#Default:
# store_avg_object_size 13 KB

# TAG: store_objects_per_bucket
#Default:
# store_objects_per_bucket 20

# TAG: client_db on|off
#Default:
# client_db on

# TAG: netdb_low
# TAG: netdb_high
#Default:
# netdb_low 900
# netdb_high 1000

# TAG: netdb_ping_period
#Default:
# netdb_ping_period 5 minutes

# TAG: query_icmp on|off
#Default:
# query_icmp off

# TAG: test_reachability on|off
#Default:
# test_reachability off

# TAG: buffered_logs on|off
#Default:
# buffered_logs off

# TAG: reload_into_ims on|off
#Default:
# reload_into_ims off
reload_into_ims on

# TAG: always_direct
#Default:
# none

# TAG: never_direct
#Default:
# none

# TAG: header_access
#Default:
# none

# TAG: header_replace
#Default:
# none

# TAG: icon_directory
#Default:
# icon_directory /usr/share/squid/icons

# TAG: global_internal_static
#Default:
# global_internal_static on

# TAG: short_icon_urls
#Default:
# short_icon_urls off

# TAG: error_directory
#Default:
# error_directory /usr/share/squid/errors/English

# TAG: maximum_single_addr_tries
#Default:
# maximum_single_addr_tries 1

# TAG: retry_on_error
#Default:
# retry_on_error off

# TAG: snmp_port
#Default:
# snmp_port 0
snmp_port 3401

# TAG: snmp_access
#Default:
# snmp_access deny all
acl sq_snmp snmp_community PubliKK
snmp_access allow sq_snmp localhost
snmp_access deny all

# TAG: snmp_incoming_address
# TAG: snmp_outgoing_address
#Default:
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255

# TAG: as_whois_server
#Default:
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net

# TAG: wccp_router
# TAG: wccp2_router
#Default:
# wccp_router 0.0.0.0

# TAG: wccp_version
#Default:
# wccp_version 4

# TAG: wccp2_rebuild_wait
#Default:
# wccp2_rebuild_wait on

# TAG: wccp2_forwarding_method
#Default:
# wccp2_forwarding_method 1

# TAG: wccp2_return_method
#Default:
# wccp2_return_method 1

# TAG: wccp2_assignment_method
#Default:
# wccp2_assignment_method 1

# TAG: wccp2_service
#Default:
# wccp2_service standard 0

# TAG: wccp2_service_info
#Default:
# none

# TAG: wccp2_weight
#Default:
# wccp2_weight 10000

# TAG: wccp_address
# TAG: wccp2_address
#Default:
# wccp_address 0.0.0.0
# wccp2_address 0.0.0.0

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# —————————————————————————–
#acl NO_LIMIT time SMTWHFA 00:01-07:00
#acl magic_words1 url_regex -i 192.168
#acl magic_words2 urlpath_regex -i ftp$ .mp3$ .mp4$ .wmv$ .tar$ .zip$ .rar$ .avi$ .mpeg$ .mpg$ .rm$ .iso$ .3gp$ .mov$ .wmv$ .pdf$ .bin$ .cab$ .flv$ .asf$ .wma$ .7z$ .upd$ .doc$ .xls$ .ppt$ .docx$
#acl magic_words3 urlpath_regex -i \.jpg$ \.swf$ \.SWF$ \.JPG$ \.jpeg$ \.bmp$ \.gif$ \.png$
#acl magic_words4 url_regex -i .swf .exe .zip .mp3 .mp4 google.com/images? .asf google.com/kh google.com/mt .wma .pdb .rmvb download .mpg .tar.gz .bz2 .daa .iso
#acl magic_words5 url_regex -i get_video .flv .3gp videodownload? videoplay depositfiles.com indowebster.com

#delay_pools 9

#delay_class 1 2
#delay_parameters 1 -1/-1 -1/-1
#delay_access 1 allow magic_words1

## limit siang
#delay_class 2 2
#delay_parameters 2 64000/100000 12000/12000
#delay_access 2 allow magic_words2 !NO_LIMIT

#delay_class 3 2
#delay_parameters 3 64000/200000 12000/15000
#delay_access 3 allow magic_words3 !NO_LIMIT

#delay_class 4 2
#delay_parameters 4 64000/100000 12000/12000
#delay_access 4 allow magic_words4 !NO_LIMIT

#delay_class 5 2
#delay_parameters 5 64000/100000 12000/12000
#delay_access 5 allow magic_words5 !NO_LIMIT

# limit malam
#delay_class 6 2
#delay_parameters 6 64000/100000 20000/20000
#delay_access 6 allow magic_words2 NO_LIMIT

#delay_class 7 2
#delay_parameters 7 64000/200000 20000/20000
#delay_access 7 allow magic_words3 NO_LIMIT

#delay_class 8 2
#delay_parameters 8 64000/100000 20000/20000
#delay_access 8 allow magic_words4 NO_LIMIT

#delay_class 9 2
#delay_parameters 9 640000/100000 15000/15000
#delay_access 9 allow magic_words5 NO_LIMIT
#####DELAY POOLS START END

# TAG: incoming_icp_average
# TAG: incoming_http_average
# TAG: incoming_dns_average
# TAG: min_icp_poll_cnt
# TAG: min_dns_poll_cnt
# TAG: min_http_poll_cnt
#Default:
# incoming_icp_average 6
# incoming_http_average 4
# incoming_dns_average 4
# min_icp_poll_cnt 8
# min_dns_poll_cnt 8
# min_http_poll_cnt 8

# TAG: max_open_disk_fds
#Default:
# max_open_disk_fds 0

# TAG: offline_mode
#Default:
# offline_mode off

# TAG: uri_whitespace
#Default:
# uri_whitespace strip

# TAG: broken_posts
#Example:
# acl buggy_server url_regex ^http://….
# broken_posts allow buggy_server
#
#Default:
# none

# TAG: mcast_miss_addr
#Default:
# mcast_miss_addr 255.255.255.255

# TAG: mcast_miss_ttl
#Default:
# mcast_miss_ttl 16

# TAG: mcast_miss_port
#Default:
# mcast_miss_port 3135

# TAG: mcast_miss_encode_key
#Default:
# mcast_miss_encode_key XXXXXXXXXXXXXXXX

# TAG: nonhierarchical_direct
#Default:
# nonhierarchical_direct on

# TAG: prefer_direct
#Default:
# prefer_direct off

# TAG: strip_query_terms
#Default:
# strip_query_terms on

# TAG: coredump_dir
#Default:
# coredump_dir none
coredump_dir /var/log/squid

# TAG: redirector_bypass
#Default:
# redirector_bypass off

# TAG: ignore_unknown_nameservers
#Default:
# ignore_unknown_nameservers on

# TAG: digest_generation
#Default:
# digest_generation on

# TAG: digest_bits_per_entry
#Default:
# digest_bits_per_entry 5

# TAG: digest_rebuild_period (seconds)
#Default:
# digest_rebuild_period 1 hour

# TAG: digest_rewrite_period (seconds)
#Default:
# digest_rewrite_period 1 hour

# TAG: digest_swapout_chunk_size (bytes)
#Default:
# digest_swapout_chunk_size 4096 bytes

# TAG: digest_rebuild_chunk_percentage (percent, 0-100)
#Default:
# digest_rebuild_chunk_percentage 10

# TAG: chroot
#Default:
# none

# TAG: client_persistent_connections
# TAG: server_persistent_connections
#Default:
# client_persistent_connections on
# server_persistent_connections on

# TAG: persistent_connection_after_error
#Default:
# persistent_connection_after_error off

# TAG: detect_broken_pconn
#Default:
# detect_broken_pconn off

# TAG: balance_on_multiple_ip
#Default:
# balance_on_multiple_ip on

# TAG: pipeline_prefetch
#Default:
# pipeline_prefetch off

# TAG: extension_methods
#Default:
# none

# TAG: request_entities
#Default:
# request_entities off

# TAG: high_response_time_warning (msec)
#Default:
# high_response_time_warning 0

# TAG: high_page_fault_warning
#Default:
# high_page_fault_warning 0

# TAG: high_memory_warning
#Default:
# high_memory_warning 0

# TAG: store_dir_select_algorithm
# Set this to ’round-robin’ as an alternative.
#
#Default:
# store_dir_select_algorithm least-load

# TAG: forward_log
# Note: This option is only available if Squid is rebuilt with the
#Default:
# none

# TAG: ie_refresh on|off
#Default:
# ie_refresh off

# TAG: vary_ignore_expire on|off

#Default:
# vary_ignore_expire off
vary_ignore_expire on

# TAG: sleep_after_fork (microseconds)
#Default:
# sleep_after_fork 0

# TAG: minimum_expiry_time (seconds)
#Default:
# minimum_expiry_time 60 seconds

# TAG: relaxed_header_parser on|off|warn
#Default:
# relaxed_header_parser on
################## END FILE: /etc/squid/squid.conf ##################

3.c Start Squid Daemon
gmt:/etc/squid# squid -k parse
gmt:/etc/squid#
# pastikan tidak ada pesan kesalahan pada saat check configurasi

gmt:/etc/squid# squid -z
2009/03/11 09:59:59| Creating Swap Directories
FATAL: Failed to make swap directory /cache/01/00: (13) Permission denied
Squid Cache (Version 2.7.STABLE3): Terminated abnormally.
CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
## pesan di atas permisi directory dimana cache di taroh belum
## di ganti owner directory

## perhatikan:
# TAG: cache_dir
#Default:
# cache_dir ufs /var/spool/squid 100 16 256
cache_dir ufs /cache/01 1000 16 256

gmt:/cache/01# chown proxy:proxy /cache/01
gmt:/cache/01#
## owerner /cache/01 kita ganti sama dengan username daemon proxy

gmt:/cache/01# squid -z
2009/03/11 10:03:17| Creating Swap Directories
gmt:/cache/01# /etc/init.d/squid start
Starting Squid HTTP proxy: squid.
gmt:/cache/01#

## Proxy Siap d gunakan secara sederhana :) ..

Note:
- Ditulis untuk Junior Engineer.
- Sebelum mengenable transparent proxy, validasi terlebih dahulu
dengan memasukkan proxy secara manual di browser. misal:
ip proxy 10.10.10.2 port 3128
sesuai dengan configurasi yang dibuat.

Written by agusr

March 11, 2009 at 3:15 am

Posted in Debian

«
»

One Response

Subscribe to comments with RSS.

  1. [...] Install Squid Debian Lenny [...]

    Squid « Intermezo

    July 2, 2009 at 7:26 am

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.