catatan installl lusca r14809 di ubuntu server 12.

04 cache_dir aufs di /usr/var/cache1

*** Install ububuntu 11.10 sudah sempurna sudo sudo sudo sudo sudo sudo sudo sudo sudo sudo sudo apt-get apt-get apt-get apt-get apt-get apt-get apt-get apt-get apt-get apt-get apt-get update install install install install install install install install install install squid -y squid squidclient squid-cgi squid-common squid-langpack -y gcc -y build-essential -y sharutils -y ccze -y libzip-dev -y automake1.9 -y acpid multitail -y

atau $sudo apt-get update $sudo apt-get install squid squidclient squid-cgi gcc build-essential sharutils ccze libzip-dev automake1.9 acpid multitail sudo apt-get install squid squidclient squid-cgi gcc build-essential sharutils c cze libzip-dev automake1.9 acpid multitail -y *** Install tool monitor wget http://squidmon.googlecode.com/svn/trunk/squidmon.py sudo chmod +x squidmon.py wget http://www.pixelbeat.org/scripts/ps_mem.py sudo chmod +x ps_mem.py 2. ==================================== *** Instalasi LUSCA *** Daftar Web LUSCA http://code.google.com/p/lusca-cache/downloads/list *** Download file LUSCA dibawah ini wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz *** Seteleah selesai ekstrak filenya tar xzvf LUSCA_HEAD-r14809.tar.gz cd LUSCA_HEAD-r14809/ ***ketik

./bootstrap.sh Jika menggunakan Ubuntu Server 64/bit, masukkan perintah : make distclean 3. ======================= compile lusca CHOST="i686-pc-Linux-gnu" CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer" CXXFLAGS="${CFLAGS}" ./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/s bin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \ --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \ --enable-Linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-polici es=heap --with-aio --with-dl --enable-snmp \ --enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --en able-large-cache-files --with-large-files \ --enable-err-languages=English --enable-default-err-language=English --with-maxf d=65536 4.========================== *** Compile *** Setelah selesai ketik dibawah ini sudo make && sudo make install *** Matikan Squid squid stop *** Backup original file sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.backup && sudo mv /etc/sysctl.conf /etc/sysctl.conf.backup && sudo mv /etc/init.d/squid /etc/init.d/squid.backup *** Salin File berikut ini, dengan mengetikkan pada putty (blok dan paste lewat putty cd /etc/squid && wget http://ouziel-lusca.googlecode.com/files/storeurl.pl && wget http://ouziel-lusca.googlecode.com/files/squid.conf && wget http://ouziel-l usca.googlecode.com/files/porno.txt && cd /etc && wget http://ouziel-lusca.googlecode.com/files/sysctl.conf && cd /etc/init.d && wget http://ouziel-lusca.googlecode.com/files/squid && cd /usr/local/etc/squid && wget http://ouziel-lusca.googlecode.com/files/refresh .conf && cd /usr/share/squid/errors/en && wget http://ouziel-lusca.googlecode.com/files/E RR_ACCESS_DENIED 5.===============

***Buat folder cache sudo sudo sudo sudo sudo sudo sudo squid chown chown chown chown chmod chmod start && proxy:proxy /cache1 /cache2 /cache3 /cache4 && proxy:proxy /etc/squid/storeurl.pl && proxy:proxy /var/log/squid/access.log && proxy:proxy /var/log/squid/cache.log && 777 /etc/squid/storeurl.pl && 777 /cache1 /cache2 /cache3 /cache4

sudo chmod -R 775 /cache1 /cache2 /cache3 sudo chmod +x /etc/init.d/squid sudo chmod +x /etc/init.d/squid Memberikan permission pada folder cache # # # # # # # chown chown chown chmod chmod chown chown -R proxy.proxy /squid-1 -R proxy.proxy /squid-2 -R proxy.proxy /squid-3 755 /etc/squid/storeurl-ubuntu.pl 755 /etc/squid/tunning-ubuntu.conf -R proxy.proxy /etc/squid/storeurl-ubuntu.pl -R proxy.proxy /etc/squid/tunning-ubuntu.conf

# Memberikan permission pada folder cache squid tidak jalan.. # apt-get install havp squid squid-common squid-cgi squidclient chown chmod chown chmod proxy:proxy /cache 777 /cache proxy:proxy /etc/squid/storeurl.pl 777 /etc/squid/storeurl.pl

*** Buka file squid.conf pada Directory /etc/squid/ edit dan sesuaikan bagian in i : cache_dir aufs /cache 7000 16 256 (sesuai dengan ukuran dan partisi cache anda) acl localnet src 192.168.2.0/24 (sesuaikan dengan IP warnet anda) ls -all /cache1 *** cek konfigurasi squid squid -z sudo squid -k parse squid -k reconfigure ##cek squid.conf monitoring proxy : tail -f /var/squid/log/access.log untuk melihat koneksi client di proxy dan informasinya:

# squidclient -h ip.ub.un.tu -p 3128 mgr:info misalnya # squidclient -h 192.168.168.1 -p 3128 mgr:info # squidclient mgr:info

Restart Mesin ubuntu adalah : sudo shutdown -r now sudo reboot ps ax | grep squid *** Jika tidak ada erorr lanjut squid -f /etc/squid/squid.conf -z squid -f /etc/squid/squid.conf -z tail -f /var/log/squid/access.log tail -f /var/log/squid/access.log | ccze squid -z squid -d 8 squid -k rotate

squid -N -d 1 -D squid -NCd1 *** restart squid sudo squid restart /etc/init.d/squid restart *** set aktif saat boot sudo update-rc.d squid defaults *** Reboot Ubuntu tail -f /var/log/messages dns_nameservers 192.168.100.2 ini ipnya dns server lokal?kl iya diganti aj dns_nameservers 127.0.0.1, definisikan di /etc/resolv.conf nameservernya dan sea rch-nya http://blog.last.fm/2007/08/30/squid-optimization-guide squidclient mgr:info sudo ./ps_mem.py ps aux | grep squid

acl acl acl acl

localnet localnet localnet localnet

src src src src

10.0.0.0/8 172.16.0.0/12 192.168.0.0/24 192.168.100.0/24

buat squid caching /usr/sbin/squid -z Running test your squid performance. *type this command in your teminal /usr/sbin/squid -NCd1

OPTIMALKAN partisi btrfs nya : # lsmod |grep -i btrfs # nano /etc/fstab /cache btrfs noatime,compress,noacl 0 2 OPTIMALKAN juga kernelnya : default FD 1024 cek di console # ulimit -n cara merubah : # ulimit -HSn 65536 # echo root soft nofile 65536? >> /etc/security/limits.conf # echo root hard nofile 65536? >> /etc/security/limits.conf # nano /etc/pam.d/common-session session required pam_limits.so # modprobe ip_conntrack kemudian tambahkan ip_contrack di /etc/modules # nano /etc/modules Tambahkan kalimat berikut : ip_conntrack DNS Unbound High Performance apt-get install unbound cd /etc/unbound wget ftp://FTP.INTERNIC.NET/domain/named.cache unbound-control-setup chown unbound:root unbound_* chmod 440 unbound_* sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq

dll) harus di stop agar tidak bentrok) # nano server: verbosity: 1 statistics-interval: 120 statistics-cumulative: yes num-threads: 1 interface: 0.0.0.0 outgoing-range: 512 num-queries-per-thread: 1024 msg-cache-size: 16m rrset-cache-size: 32m msg-cache-slabs: 4 rrset-cache-slabs: 4 cache-max-ttl: 86400 infra-host-ttl: 60 infra-lame-ttl: 120 infra-cache-numhosts: 10000 infra-cache-lame-size: 10k do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes do-daemonize: yes #access-control: 0.0.0.0/0 allow access-control: 192.168.0.0/16 allow access-control: 172.16.0.0/12 allow access-control: 10.0.0.0/8 allow access-control: 127.0.0.0/8 allow access-control: 0.0.0.0/0 refuse chroot: /etc/unbound username: unbound directory: /etc/unbound #logfile: /etc/unbound/unbound.log #use-syslog: yes logfile: use-syslog: no pidfile: /etc/unbound/unbound.pid root-hints: /etc/unbound/named.cache identity: DNS version: 1.4? hide-identity: yes hide-version: yes harden-glue: yes do-not-query-address: 127.0.0.1/8 do-not-query-localhost: yes module-config: iterator #zone localhost

local-zone: local-data: local-data: 10800? local-data:

localhost. static localhost. 10800 IN NS localhost. localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 localhost. 10800 IN A 127.0.0.1?

local-zone: 127.in-addr.arpa. static local-data: 127.in-addr.arpa. 10800 IN NS localhost. local-data: 127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800? local-data: 1.0.0.127.in-addr.arpa. 10800 IN PTR localhost. #zone zoky.net local-zone: zoky.net. static local-data: zoky.net. 86400 IN NS ns1.zoky.net. local-data: zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604 800 86400? local-data: zoky.net. 86400 IN A 192.168.2.2? local-data: www.zoky.net. 86400 IN A 192.168.2.2? local-data: ns1.zoky.net. 86400 IN A 192.168.2.2? local-data: mail.zoky.net. 86400 IN A 192.168.2.2? local-data: zoky.net. 86400 IN MX 10 mail.zoky.net. local-data: zoky.net. 86400 IN TXT v=spf1 a mx ~all local-zone: 2.168.192.in-addr.arpa. static local-data: 2.168.192.in-addr.arpa. 10800 IN NS zoky.net. local-data: 2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000? local-data: 2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net. forward-zone: name: . forward-addr: forward-addr: forward-addr: forward-addr: forward-addr: forward-addr: forward-addr: forward-addr:

192.168.2.1 116.254.99.254 202.134.0.155 203.130.196.5 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220

remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: /etc/unbound/unbound_server.key server-cert-file: /etc/unbound/unbound_server.pem control-key-file: /etc/unbound/unbound_control.key control-cert-file: /etc/unbound/unbound_control.pem lalu save di /etc/unbound/unbound.conf forward-zone: sesuaikan dengan DNS ISP anda cek configure unbound : # unbound-checkconf /etc/unbound/unbound.conf edit file di /etc/resolv.conf :

# nano /etc/resolv.conf nameserver 127.0.0.1 edit file /etc/network/interfaces # nano /etc/network/interfaces iface eth0 inet static address 192.168.2.2 netmask 255.255.255.0 network 122.168.2.0 broadcast 192.168.2.255 gateway 192.168.2.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 127.0.0.1 untuk cek apakah d jalan : # /etc/init.d/unbound restart # nslookup 192.168.2.2 Server: 127.0.0.1 Address: 127.0.0.1#53 2.2.168.192.in-addr.arpa name = zoky.net # nslookup zoky.net Server: 127.0.0.1 Address: 127.0.0.1#53 Name: Q.net Address: 192.168.2.2 Untuk monitor : # unbound-control stats # sudo unbound-control stats | tail -16 # sudo apt-get update # sudo apt-get install squid # nano /etc/default/squid SQUID_MAXFD=8192 # sudo apt-get install squid squidclient squid-cgi # sudo apt-get install gcc # grep -E #define\W+__FD_SETSIZE /usr/include/*.h /usr/include/*/*.h

# nano /usr/include/linux/posix_types.h #define __FD_SETSIZE 65536 # nano /usr/include/bits/typesizes.h #define __FD_SETSIZE 65536

# nano /etc/pam.d/login Session required /lib/security/pam_limits.so # # # # # sudo sudo sudo sudo sudo apt-get apt-get apt-get apt-get apt-get install install install install install build-essential sharutils ccze libzip-dev automake1.9

3.Download Lusca download lusca r14809 lewat terminal ubuntu dengan perintah : # wget http://untuk-kita-semua.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz download lusca FMI lewat terminal ubuntu dengan perintah : # wget http://untuk-kita-semua.googlecode.com/files/LUSCA_FMI.tar.gz lalu ekstrak :masuk ke foldernya : jika memakai lusca r14809 : # tar xzvf LUSCA_HEAD-r14809.tar.gz jika memakai lusca FMI : # tar tar xzvf LUSCA_FMI.tar.gz jika menggunakan lusca r14809 : copy file imr.diff ke /home/proxyku dengan menggunakan winscp.. winscp bisa didownload di : 4shared.com /file/KlAfa3dQ/winscp428.html kemudian copy dengan menggunakan putty putty bisa didownload di : 4shared.com /file/16tJyvlq/putty.html # sudo cp /home/proxyku/imr.diff /home/proxyku/LUSCA_HEAD-r14809 masuk ke foldernya : jika menggunakan lusca r14809 : # cd LUSCA_HEAD-r14809/ @ patch dulo revalidate dgn cara : patch -p0 < imr.diff jika menggunakan lusca FMI : # cd LUSCA_FMI/ jika menggunakan lusca FMI di unbuntu 64 sebelum compile lakukan perintah ini di dalam folder lusca FMI : # make distclean ok..!! sekarang dimulai tahap compile nya : cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan pro cessor yang anda pakai Link untuk mengetahui CHOST dan CFLAGS ; # untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD # untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel

sebagai contoh saya menggunakan amd x2 7750 BE : CHOST= x86_64-pc-linux-gnu \ CFLAGS= -march=amdfam10 -msse3 -O2 -pipe \ ./configure prefix=/usr exec_prefix=/usr bindir=/usr/sbin sbindir=/usr/sbin libexecdi r=/usr/lib/squid sysconfdir=/etc/squid \ localstatedir=/var/spool/squid datadir=/usr/share/squid enable-async-io=24 with-aufs -threads=24 with-pthreads enable-storeio=aufs \ enable-linux-netfilter enable-arp-acl enable-epoll enable-removal-policies=heap withaio with-dl enable-snmp \ enable-delay-pools enable-htcp enable-cache-digests disable-unlinkd enable-large-cach e-files with-large-files \ enable-err-languages=English enable-default-err-language=English with-maxfd=65536 selanjutnya, ketik perintah berikut di terminal ubuntu : # make # sudo make install Edit squid.conf agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10 #copy file squid yg di download tadi ke /etc/init.d/ # sudo cp /home/proxyku/squid /etc/init.d/ jgn lupa di : #sudo chmod +x /etc/init.d/squid # stop dulu squidnya : sudo /etc/init.d/squid stop #copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/sq uid -> edit sesuai network juragan sudo cp /home/proxyku/squid.conf /etc/squid sudo cp /home/proxyku/storeurl.pl /etc/squid 4. Langkah selanjutnya # Memberikan permission pada folder cache chown chmod chown chmod proxy:proxy /cache 777 /cache proxy:proxy /etc/squid/storeurl.pl 777 /etc/squid/storeurl.pl

# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan d g perintah : squid -f /etc/squid/squid.conf -z # Restart squid sudo /etc/init.d/squid restart # nano /etc/sysctl.conf fs.file-max=65536 vm.drop_caches = 3 vm.swappiness = 3

net.netfilter.nf_conntrack_acct= 1 net.ipv4.netfilter.ip_conntrack_max = 16777216 net.ipv4.tcp_keepalive_time = 60 net.ipv4.tcp_keepalive_intvl = 10 net.ipv4.tcp_keepalive_probes = 6 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_sack = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_max_tw_buckets = 1440000 net.ipv4.ip_local_port_range = 16384 65535 net.core.rmem_max=16777216 net.core.wmem_max=16777216 net.ipv4.tcp_rmem=4096 87380 16777216 net.ipv4.tcp_wmem=4096 65536 16777216 net.ipv4.tcp_fin_timeout = 3 net.core.netdev_max_backlog = 30000 net.ipv4.tcp_no_metrics_save=1 net.core.somaxconn = 262144 net.ipv4.tcp_syncookies = 0 net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 4294967295 kernel.shmall = 268435456 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 setelah di save, baru di sysctl -p catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga men jadi setengahnya, kolom ke satu biarkan saja Reboot CPU nya tambahan : Menghitung memory yang sedang digunakan oleh aplikasi di Linux : # wget http://www.pixelbeat.org/scripts/ps_mem.py # chmod +x ps_mem.py # ./ps_mem.py Install Squidmon : # wget http://squidmon.googlecode.com/svn/trunk/squidmon.py # chmod +x squidmon.py

untuk monitor squid : # cat /var/log/squid/access.log | ./squidmon.py # cat /var/log/squid/access.log | python squidmon.py MEMBUAT SQUIDSTATS 1. -y 2. 3. 4. 5. 5. 6. 8. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 perl -MCPAN -e install Config::IniFiles wget http://jaringanwarnet.com/downloads/squidstats-r54.tar tar -xvf squidstats-r54.tar cd squidstats-r54 cp mib.txt /etc/squid/ cp snmpd.conf /etc/snmp/ untuk squid.conf tambahkan berikut ini :

snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic all 9. make && make install 10. snmpwalk -v 1 -c public localhost 11. squidstats.pl createdb 12. squidstats.pl gather 13. crontab -e (kemudian copy rule dibawah ini) */5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null 14. cp squidstats.conf /etc/apache2/conf.d 15. reboot 16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi Agar bias di akses dari luar buat spt ini : /ip firewall nat add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \ dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80 Untuk memonitor SQUID : sudo /etc/init.d/squid stop sudo /etc/init.d/squid restart /etc/init.d/unbound restart unbound-control stats sudo unbound-control stats | tail -16 squidclient mgr:info squidclient mgr:client_list tail -f /var/log/squid/access.log tail -f /var/log/squid/cache.log tail -n 80 /var/log/squid/cache.log

squidclient mgr:storedir cat /var/log/squid/access.log | ./squidmon.py cat /var/log/squid/access.log | python squidmon.py http://192.168.2.2/squidstats/graph-summary.cgi ./ps_mem.py