Seting Squid Di Server Ubuntu
Seting Squid Di Server Ubuntu
Buka VirtualBox, Klik New. Ikuti petunjuk gambar dibawah ini :-D
10
11
12
13
14
15
16
Muncul error, klik Continue saja (karena network adapternya di-matikan tadi). Kita ON nanti setelah
instalasi Ubuntu Servernya selesai :-D
17
18
19
20
Isi password
21
22
Pilih No saja
23
Pilih Timezone
24
25
Enter saja
26
Yes
27
28
29
30
31
Pilih Yes
32
Tekan Enter
33
34
35
Lanjut mau aktifkan Network Adapter di VirtualBox
Login lalu shutdown Ubuntu Virtual Machine
36
37
Start kembali Ubuntu Server VirtualBox. Login dan aktifkan network adapter eth0
sudo ifconfig eth0 up
38
39
Lanjut, isi ip address. Ketik sudo nano /etc/network/interfaces. Isi sesuai ip address di tempatmu
40
41
42
Network is unreachable..hehelupa restart dulu service networkingnya. Ketik sudo service networking
restart
43
Test ping pasti gagal jugalupa di adapter virtualbox nya belum connect cable :-D. Poweroff dulu,
kembali ke VirtualBox SettingsSorry pemirsawis tuohahaha
44
45
Ping ke www.dokter-squid-indonesia.com
46
47
Update Ubuntu Servernya terlebih dahulu
Ketik sudo apt-get update
48
Kita lanjut pake Aplikasi WinSCP dan Putty (biar mudah copy pastenya)..itukan yang kamu
mau..heuheuheu. Kalau belum ada download dan install
http://winscp.net/download/winscp556setup.exe
http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.63-installer.exe
49
Pilih Yes
50
Klik Yes
51
52
Install SQUID
Copy paste command dibawah ini :
sudo su
sudo apt-get install devscripts -y
sudo apt-get install libcap-*
sudo apt-get install openssl -y
sudo apt-get install ccze -y
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.9.tar.gz
tar xzvf squid-3*
cd squid-3*
./configure --prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc/squid \
--localstatedir=/var \
--libdir=/usr/lib \
--includedir=/usr/include \
--datadir=/usr/share/squid \
--enable-err-languages=English \
--enable-default-err-language=English \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
Kurangi Rokokmu Tambahin Sedekahmu http://www.sedekahrombongan.com
53
--disable-dependency-tracking \
--enable-storeio=ufs,aufs,diskd \
--enable-removal-policies=lru,heap \
--enable-icap-client \
--disable-wccp \
--disable-wccpv2 \
--enable-follow-x-forwarded-for \
--enable-x-accelerator-vary \
--enable-zph-qos \
--enable-snmp \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-large-files \
--enable-underscores \
--disable-auth \
--enable-async-io \
--with-pthreads \
--disable-ipv6
make && make install
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.asli
sudo chmod a-w /etc/squid/squid.conf.asli
cd
mkdir /cache
chown -R proxy:proxy /cache
chown -R proxy:proxy /var/log/squid
nano etc/squid/squid.conf
EDIT bagian yang saya HIGHLIGHT KUNING(sesuaikan dengan nama folder dan besaran cache
Anda)
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8
# RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7
# RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
54
acl SSL_ports port 443
acl Safe_ports port 80
# http
acl Safe_ports port 21
# ftp
acl Safe_ports port 443
# https
acl Safe_ports port 70
# gopher
acl Safe_ports port 210
# wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280
# http-mgmt
acl Safe_ports port 488
# gss-http
acl Safe_ports port 591
# filemaker
acl Safe_ports port 777
# multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
55
# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /cache 3000 16 256
# Leave coredumps in the first cache dir
coredump_dir /cache
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:
1440 20%
10080
refresh_pattern ^gopher:
1440 0%
1440
refresh_pattern -i (/cgi-bin/|\?) 0
0%
0
refresh_pattern .
0
20%
4320
tekan Ctrl+o lalu ENTER untuk menyimpan perubahan
tekan Ctrl+x untuk keluar dari nano editor
lanjut copy paste command dibawah ini
squid -k parse
squid -z
tekan ENTER saja
squid start
Test Manual Proxy di Browser
56
Tutup dan buka lagi website detik.com, pada Putty ketik command tail -f
/var/log/squid/access.log | ccze
57
58
Lanjut ke HTTPS caching
Untuk caching HTTPS kita butuh feature SSL_BUMP , DynamicSslCert. Feature ini harus diaktifkan saat
configure
--enable-ssl --enable-ssl-crtd
59
--disable-wccp \
--disable-wccpv2 \
--enable-follow-x-forwarded-for \
--enable-x-accelerator-vary \
--enable-zph-qos \
--enable-snmp \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-large-files \
--enable-underscores \
--disable-auth \
--enable-async-io \
--with-pthreads \
--disable-ipv6 \
--enable-ssl
--enable-ssl-crtd
make && make install
mkdir -p /etc/squid/ssl_cert
cd /etc/squid/ssl_cert
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
60
mkdir -p /var/squid/ssl_db
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy /var/squid/ssl_db/certs
Edit squid.conf
nano /etc/squid/squid.conf
Tambahkan directive
http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/etc/squid/ssl_cert/myCA.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
61
ssl_bump server-first all
62
Muncul warning This Connection is Untrusted, browser ga mengenal CA yg ngeluarin certificate palsu
dari SQUID. Maka harus diimport CA certificatenya terlebih dahulu.
63
Di Firefox Tools > Options > Advanced > Certificates
64
65
66