CARA INSTALL SQUID + DNS UNBOUND DI UBUNTU : Partisi hardisk : - 256 Mb ext4 /boot ( Flag Boot,opsi noatime ) jika

Flag Boot masih off setelah pilihan on ABAIKAN SAJA - 16 Gb ext4 / ( opsi noatime ) - 1.0 Gb swap ( swap sesuaikan dengan RAM fisik cpu anda ) - sisanya Gb btrfs /cache Optimalkan file system cache : 1. disabled fsck (file system check) # nano /etc/fstab angka standart 0 2 didrive cache ganti dengan 0 0

2. ubah opsi untuk partisi cache # nano /etc/fstab apabila menggunakan reiserfs gunakan opsi noatime,notail apabila menggunakan ext4 gunakan opsi noatime,barrier=0 apabila menggunakan btrfs gunakan opsi noatime,compress,noacl Optimalkan kernelnya : # ulimit -HSn 65536 echo echo nf echo nf echo nf echo nf echo nf echo nf echo echo 65536 > /proc/sys/fs/file-max "* soft nofile "* "root "root "proxy "proxy hard soft hard soft hard nofile nofile nofile nofile nofile 65536" >> /etc/security/limits.co 65536" >> /etc/security/limits.co 65536" >> /etc/security/limits.co 65536" >> /etc/security/limits.co 65536" >> /etc/security/limits.co 65536" >> /etc/security/limits.co

"session required pam_limits.so" >> /etc/pam.d/common-session "session required /lib/security/pam_limits.so" >> /etc/pam.d/login

# modprobe ip_conntrack kemudian tambahkan ip_contrack di /etc/modules # nano /etc/modules tambahkan kalimat berikut : ip_conntrack

Installasi DNS unbound : # apt-get install unbound

# # # # #

cd /etc/unbound wget ftp://FTP.INTERNIC.NET/domain/named.cache unbound-control-setup chown unbound:root unbound_* chmod 440 unbound_*

# nano lalu copy paste configurasi ini : server: verbosity: 1 statistics-interval: 120 statistics-cumulative: yes num-threads: 1 interface: 0.0.0.0 outgoing-range: 512 num-queries-per-thread: 1024 msg-cache-size: 64m rrset-cache-size: 32m msg-cache-slabs: 4 rrset-cache-slabs: 4 cache-max-ttl: 86400 infra-host-ttl: 60 infra-lame-ttl: 120 infra-cache-numhosts: 10000 infra-cache-lame-size: 10k do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes do-daemonize: yes #access-control: 0.0.0.0/0 allow access-control: 192.168.0.0/16 allow access-control: 172.16.0.0/12 allow access-control: 10.0.0.0/8 allow access-control: 127.0.0.0/8 allow access-control: 0.0.0.0/0 refuse chroot: "/etc/unbound" username: "unbound" directory: "/etc/unbound" #logfile: "/etc/unbound/unbound.log" #use-syslog: yes logfile: "" use-syslog: no pidfile: "/etc/unbound/unbound.pid" root-hints: "/etc/unbound/named.cache" identity: "DNS" version: "1.4" hide-identity: yes hide-version: yes

harden-glue: yes do-not-query-address: 127.0.0.1/8 do-not-query-localhost: yes module-config: "iterator" #zone localhost local-zone: "localhost." static local-data: "localhost. 10800 IN NS localhost." local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1 200 604800 10800" local-data: "localhost. 10800 IN A 127.0.0.1" local-zone: "127.in-addr.arpa." static local-data: "127.in-addr.arpa. 10800 IN NS localhost." local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800" local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost." #zone zoky.net local-zone: "zoky.net." static local-data: "zoky.net. 86400 IN NS ns1.zoky.net." local-data: "zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 36 00 1200 604800 86400" local-data: "zoky.net. 86400 IN A 192.168.2.2" local-data: "www.zoky.net. 86400 IN A 192.168.2.2" local-data: "ns1.zoky.net. 86400 IN A 192.168.2.2" local-data: "mail.zoky.net. 86400 IN A 192.168.2.2" local-data: "zoky.net. 86400 IN MX 10 mail.zoky.net." local-data: "zoky.net. 86400 IN TXT v=spf1 a mx ~all" local-zone: "2.168.192.in-addr.arpa." static local-data: "2.168.192.in-addr.arpa. 10800 IN NS zoky.net." local-data: "2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zo ky.net. 4 3600 1200 604800 864000" local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net." forward-zone: name: "." forward-addr: forward-addr: forward-addr: forward-addr: forward-addr: forward-addr: forward-addr: forward-addr: forward-addr: forward-addr: forward-addr:

202.134.0.155 202.134.0.61 203.130.193.74 203.130.196.155 202.134.1.5 203.130.196.155 203.130.208.18 208.67.222.222 208.67.220.220 8.8.8.8 8.8.4.4

remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: "/etc/unbound/unbound_server.key" server-cert-file: "/etc/unbound/unbound_server.pem" control-key-file: "/etc/unbound/unbound_control.key" control-cert-file: "/etc/unbound/unbound_control.pem"

lalu save di /etc/unbound/unbound.conf forward-zone : sesuaikan dengan DNS ISP anda ip pada local data sesuaikan dengan ip ubuntu anda setting ubuntu agar mengunakan DNS unbound : edit file di /etc/resolv.conf : # nano /etc/resolv.conf nameserver 127.0.0.1 edit file /etc/network/interfaces # nano /etc/network/interfaces iface eth0 inet static address 192.168.2.2 netmask 255.255.255.0 network 122.168.2.0 broadcast 192.168.2.255 gateway 192.168.2.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 127.0.0.1 reboot cpu anda.... untuk mngecek DNS unbound sudah jalan : # /etc/init.d/unbound restart # nslookup 192.168.2.2 Server: 127.0.0.1 Address: 127.0.0.1#53 2.2.168.192.in-addr.arpa name = zoky.net # nslookup zoky.net Server: 127.0.0.1 Address: 127.0.0.1#53 Name: zoky.net Address: 192.168.2.2

INSTALL SQUID : 1. Install Paket yg Diperlukan : # # # # # # # sudo sudo sudo sudo sudo sudo sudo apt-get apt-get apt-get apt-get apt-get apt-get apt-get update install install install install install install squid squidclient squid-cgi gcc build-essential sharutils ccze libzip-dev

# sudo apt-get install automake1.9 2. Sebelum proses compile squid optimalkan dulu : # nano /etc/default/squid SQUID_MAXFD=8192 # nano /usr/include/linux/posix_types.h #define __FD_SETSIZE 65536 # nano /usr/include/bits/typesizes.h #define __FD_SETSIZE 65536 3. Download file yang dibutuhkan diwindows kemudian exstrak : http://untuk-kita-semua.googlecode.com/files/squid-2.7.STABLE9%20%2B%20patch%20% 2B%20conf.zip 4. Step for patching and recompiling : upload squid-2.7.STABLE9.tar.gz + file2 patch yang sudah didownload diwindows me nggunakan WINSCP ke ubuntu file2 tersebut : 1. aggresive.patch 2. loop.patch 3. ignore-must-revalidate.patch 4. ignore-no-store_new.patch kemudian exstrak # tar xvf squid-2.7.STABLE9.tar.gz kemudian copy file2 patch yg sudah diupload tadi ke folder squid hasil exstrakan tadi : # # # # cp cp cp cp /home/zoky/aggressive.patch /home/zoky/squid-2.7.STABLE9 /home/zoky/ignore_must_revalidate.patch /home/zoky/squid-2.7.STABLE9 /home/zoky/ignore-no-store_new.patch /home/zoky/squid-2.7.STABLE9 /home/zoky/loop.patch /home/zoky/squid-2.7.STABLE9

# cd squid-2.7.STABLE9 # patch -p0 < aggressive.patch && patch -p0 < loop.patch && patch -p0 < ignore_m ust_revalidate.patch && patch -p0 < ignore-no-store_new.patch klo squid yg sdh dipatch tidak usah dipatch lg : Download squid-2.7.STABLE9 yg sudah dipatch di sini : http://untuk-kita-semua.googlecode.com/files/squid-2.7.STABLE9%2Bpatch.tar.gz upload ke ubuntu menggunakan WINSCP kemudian exstrak : # tar xvf squid-2.7.STABLE9+patch.tar.gz # cd squid-2.7.STABLE9

sekarang dimulai tahap compile nya : # cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan p rocessor yang anda pakai Link untuk mengetahui CHOST dan CFLAGS ; untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel sebagai contoh saya menggunakan amd x2 7750 BE : CHOST="x86_64-pc-linux-gnu" \ CFLAGS="-march=amdfam10 -msse3 -O2 -pipe" \ ./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin \ --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \ --enable-async-io --with-pthreads --enable-storeio=aufs,coss,null \ --enable-linux-netfilter --enable-arp-acl --enable-epoll \ --enable-removal-policies=lru,heap --enable-snmp --enable-delay-pools \ --enable-htcp --enable-cache-digests --enable-referer-log \ --enable-useragent-log --enable-follow-x-forwarded-for \ --with-large-files --enable-large-cache-files --enable-truncate \ --disable-ident-lookups --with-maxfd=65536 # make # sudo make install upload file squid ke ubuntu kemudian copy ke dalam folder ke /etc/init.d/ : # cp /home/zoky/squid /etc/init.d/ jangan lupa : # sudo chmod +x /etc/init.d/squid stop dulu squidnya : # sudo /etc/init.d/squid stop upload file squid.conf + storeurl.pl ke ubuntu kemudian copy ke dalam folder /et c/squid : ( squid.conf sesuaikan dengan jaringan anda !!! ) # cp /home/zoky/squid.conf /etc/squid # cp /home/zoky/storeurl.pl /etc/squid Memberikan permission pada folder cache chown chmod chown chmod proxy:proxy /cache 777 /cache proxy:proxy /etc/squid/storeurl.pl 777 /etc/squid/storeurl.pl

Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah : # squid -f /etc/squid/squid.conf -z

Restart squid # sudo /etc/init.d/squid restart Optimalkan sysctl : # nano copy paste settingan berikut : catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga men jadi setengahnya, kolom ke satu biarkan saja fs.file-max=65536 vm.drop_caches = 3 vm.swappiness = 3 net.netfilter.nf_conntrack_acct= 1 net.ipv4.netfilter.ip_conntrack_max = 16777216 net.ipv4.tcp_keepalive_time = 60 net.ipv4.tcp_keepalive_intvl = 10 net.ipv4.tcp_keepalive_probes = 6 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_sack = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_max_tw_buckets = 1440000 net.ipv4.ip_local_port_range = 16384 65535 net.core.rmem_max=16777216 net.core.wmem_max=16777216 net.ipv4.tcp_rmem=4096 87380 16777216 net.ipv4.tcp_wmem=4096 65536 16777216 net.ipv4.tcp_fin_timeout = 3 net.core.netdev_max_backlog = 30000 net.ipv4.tcp_no_metrics_save=1 net.core.somaxconn = 262144 net.ipv4.tcp_syncookies = 0 net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 4294967295 kernel.shmall = 268435456 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 kemudian save di /etc/sysctl.conf lalu sysctl -p Reboot CPU nya... INSTALL SOFTWARE MONITORING SQUID :

1. Menghitung memory yang sedang digunakan oleh aplikasi di Linux : # wget http://www.pixelbeat.org/scripts/ps_mem.py # chmod +x ps_mem.py 2. Install squidmon : # wget http://squidmon.googlecode.com/svn/trunk/squidmon.py # chmod +x squidmon.py 3. Install multitail : # sudo apt-get install multitail 4. Install SQUIDSTATS : # y # # # # # # # # # # # apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 perl -MCPAN -e 'install Config::IniFiles' wget http://untuk-kita-semua.googlecode.com/files/squidstats-r54.tar tar -xvf squidstats-r54.tar cd squidstats-r54 cp mib.txt /etc/squid/ cp snmpd.conf /etc/snmp/ make && make install snmpwalk -v 1 -c public localhost squidstats.pl createdb squidstats.pl gather crontab -e (kemudian copy rule dibawah ini):

*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null # cp squidstats.conf /etc/apache2/conf.d untuk squid.conf tambahkan berikut ini jika belum ada: snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic all Reboot ubuntu anda.... 5. Install WEBMIN : # aptitude install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-run time libio-pty-perl libmd5-perl # apt-get install apt-show-versions # wget http://prdownloads.sourceforge.net/sourceforge/webadmin/webmin_1.530_all. deb # dpkg -i webmin_1.530_all.deb 5. Shutdown ubuntu dengan sekali tekan tombol power :

# sudo apt-get install acpid Cara clear cache manual : Stop dulu squidnya : sudo /etc/init.d/squid stop Atau : killall squid # rm -rf /cache/* (check if this is the real path) # rm /var/log/squid/access.log # rm /var/log/squid/cache.log lalu buat folder cache sesuai squid.conf : squid -f /etc/squid/squid.conf -z kemudian restart squid : sudo /etc/init.d/squid restart untuk menghapus file : # sudo rm /lokasi_file/nama_file sedangkan untuk hapus folder/direktori : # sudo rm -rf /lokasi/directory Cara uninstall program : # apt-get remove "package names" # apt-get autoremove "package names" # apt-get remove --purge "package names" command untuk monitoring squid + unbound : # unbound-control stats # sudo unbound-control stats # squidclient mgr:info # squidclient mgr:client_list # tail -f /var/log/squid/access.log # multitail -s 2 /var/log/squid/access.log # tail -f /var/log/squid/access.log # tail -f /var/log/squid/cache.log # tail -n 80 /var/log/squid/cache.log # tail -f /var/log/squid/access.log grep jpg # tail -f /var/log/squid/access.log grep flv # squidclient mgr:storedir ccze tail -16

# cat /var/log/squid/access.log # cat /var/log/squid/access.log

./squidmon.py python squidmon.py

control cache menggunakan browser diwindows : http://192.168.2.2/squid-reports/ https://192.168.2.2:10000 http://192.168.2.2/squidstats/graph-summary.cgi http://192.168.2.2/cgi-bin/cachemgr.cgi

Automatis Boot jika suatu saat Ubuntu Server Crash ( terutama di ubuntu 10.10 ) Untuk mengatasi hal tersebut terjadi lagi, maka harus mengedit parameter pada ko nfigurasi grub nya. # sudo pico /boot/grub/grub.cfg ubah if [ ${recordfail} = 1 ]; then set timeout=-1 #ini yang menyebabkan otomatis bootnya, ga bisa else set timeout=2 ganti menjadi if [ ${recordfail} = 1 ]; then set timeout=2 else set timeout=2