msi semua bisa setting squid3 https caching

Kurangi Rokokmu Tambahin Sedekahmu – http://www.sedekahrombongan.com

1

Buka VirtualBox, Klik New. Ikuti petunjuk gambar dibawah ini :-D


2


3


4


5


6


7


8


9


10


11


12


13


14


15


16

Muncul error, klik Continue saja (karena network adapternya di-matikan tadi). Kita ON nanti setelah

instalasi Ubuntu Servernya selesai :-D


17

Isi nama komputernya


18

Isi full user name


19

Isi user name


20

Isi password


21

Isikan lagi password yang sama


22

Pilih No saja


23

Pilih Timezone


24

Pilih Partition Method – Guided – use entire disk


25

Enter saja


26

Yes


27

Tekan Enter saja


28

Pilih No automatic update


29


30

Tekan SPASI untuk memilih OpenSSHServer


31

Pilih Yes


32

Tekan Enter


33

Beres. Selesai sudah Install Ubuntu Server. Mudah bukan????.....bukaaaaaaaaaaaaaaan


34


35

Lanjut mau aktifkan Network Adapter di VirtualBox

Login lalu shutdown Ubuntu Virtual Machine


36

Kembali ke VirtualBox, pilih Settings dan centang Enable Network Adapter


37

Start kembali Ubuntu Server VirtualBox. Login dan aktifkan network adapter eth0

sudo ifconfig eth0 up


38

Cek apakah eth0 sudah UP atau belum. Ketik ifconfig


39

Lanjut, isi ip address. Ketik sudo nano /etc/network/interfaces. Isi sesuai ip address di tempatmu


40

Tekan tombol Ctrl+O lalu Enter


41

Tekan tombol Ctrl+X untuk keluar dari nano editor.

Lanjut dengan test ping ke ip address gateway


42

Network is unreachable..hehe…lupa restart dulu service networkingnya. Ketik sudo service networking

restart


43

Test ping pasti gagal juga…lupa di adapter virtualbox nya belum connect cable :-D. Poweroff dulu,

kembali ke VirtualBox Settings…Sorry pemirsa…wis tuo…hahaha


44

Start lagi bray..wkwkwkw

Test ping ke gateway


45

Ping ke www.dokter-squid-indonesia.com


46

Ok. Good. Koneksi internet lancar. Lanjut install squid.


47

Update Ubuntu Servernya terlebih dahulu

Ketik sudo apt-get update

Sabar menunggu sampai selesai…..


48

Kita lanjut pake Aplikasi WinSCP dan Putty (biar mudah copy pastenya)..itukan yang kamu

mau..heuheuheu. Kalau belum ada download dan install

http://winscp.net/download/winscp556setup.exe

http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.63-installer.exe


49

Pilih Yes


50

Open Putty dengan meng-klik toolbar Putty

Klik Yes


51

Masukin password user yang tadi dibuat


52

Install SQUID

Copy paste command dibawah ini :

sudo su

sudo apt-get install devscripts -y

sudo apt-get install libcap-*

sudo apt-get install openssl -y

sudo apt-get install ccze -y

wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.9.tar.gz

tar xzvf squid-3*

cd squid-3*

./configure --prefix=/usr \

--bindir=/usr/bin \

--sbindir=/usr/sbin \

--libexecdir=/usr/lib/squid \

--sysconfdir=/etc/squid \

--localstatedir=/var \

--libdir=/usr/lib \

--includedir=/usr/include \

--datadir=/usr/share/squid \

--enable-err-languages=English \

--enable-default-err-language=English \

--infodir=/usr/share/info \

--mandir=/usr/share/man \


53

--disable-dependency-tracking \

--enable-storeio=ufs,aufs,diskd \

--enable-removal-policies=lru,heap \

--enable-icap-client \

--disable-wccp \

--disable-wccpv2 \

--enable-follow-x-forwarded-for \

--enable-x-accelerator-vary \

--enable-zph-qos \

--enable-snmp \

--with-default-user=proxy \

--with-logdir=/var/log/squid \

--with-pidfile=/var/run/squid.pid \

--with-large-files \

--enable-underscores \

--disable-auth \

--enable-async-io \

--with-pthreads \

--disable-ipv6

make && make install

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.asli

sudo chmod a-w /etc/squid/squid.conf.asli

cd

mkdir /cache

chown -R proxy:proxy /cache

chown -R proxy:proxy /var/log/squid

nano etc/squid/squid.conf

EDIT bagian yang saya HIGHLIGHT KUNING(sesuaikan dengan nama folder dan besaran cache

Anda)

#

# Recommended minimum configuration:

#

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network



acl localnet src fc00::/7 # RFC 4193 local private network range

acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines


54

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all


55

# Squid normally listens to port 3128

http_port 3128

# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /cache 3000 16 256

# Leave coredumps in the first cache dir

coredump_dir /cache

#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

tekan Ctrl+o lalu ENTER untuk menyimpan perubahan

tekan Ctrl+x untuk keluar dari nano editor

lanjut copy paste command dibawah ini

squid -k parse

squid -z

tekan ENTER saja

squid start

Test Manual Proxy di Browser


56

Buka salah satu website misalnya detik.com

Tutup dan buka lagi website detik.com, pada Putty ketik command tail -f

/var/log/squid/access.log | ccze


57

Selesai untuk caching HTTP :-D ….Mudah bukan????? Bukaaaaaaaaaaaaaaaaaaaaaan….wakwow


58

Lanjut ke HTTPS caching

Untuk caching HTTPS kita butuh feature SSL_BUMP , DynamicSslCert. Feature ini harus diaktifkan saat

configure

--enable-ssl --enable-ssl-crtd

Ayo kita configure ulang

sudo su

Tambahkan dulu paket pendukung

apt-get install libssl-* -y

apt-get install libsasl2-dev –y

cd squid-3*

make clean

./configure --prefix=/usr \

--bindir=/usr/bin \

--sbindir=/usr/sbin \

--libexecdir=/usr/lib/squid \

--sysconfdir=/etc/squid \

--localstatedir=/var \

--libdir=/usr/lib \

--includedir=/usr/include \

--datadir=/usr/share/squid \

--enable-err-languages=English \

--enable-default-err-language=English \

--infodir=/usr/share/info \

--mandir=/usr/share/man \

--disable-dependency-tracking \

--enable-storeio=ufs,aufs,diskd \

--enable-removal-policies=lru,heap \

--enable-icap-client \


59

--disable-wccp \

--disable-wccpv2 \

--enable-follow-x-forwarded-for \

--enable-x-accelerator-vary \

--enable-zph-qos \

--enable-snmp \

--with-default-user=proxy \

--with-logdir=/var/log/squid \

--with-pidfile=/var/run/squid.pid \

--with-large-files \

--enable-underscores \

--disable-auth \

--enable-async-io \

--with-pthreads \

--disable-ipv6 \

--enable-ssl

--enable-ssl-crtd

make && make install

mkdir -p /etc/squid/ssl_cert

cd /etc/squid/ssl_cert

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem

openssl x509 -in myCA.pem -outform DER -out myCA.der


60

mkdir -p /var/squid/ssl_db

/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs

chown -R proxy:proxy /var/squid/ssl_db/certs

Edit squid.conf

nano /etc/squid/squid.conf

Tambahkan directive

http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

cert=/etc/squid/ssl_cert/myCA.pem

sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB

sslcrtd_children 5

sslproxy_cert_error allow all

sslproxy_flags DONT_VERIFY_PEER


61

ssl_bump server-first all

Simpan dengan menekan tombol Ctrl+o dan Enter

Keluar dengan menekan tombol Ctrl+x

Lanjut

squid -k reconfigure

reboot

squid start

Edit manual proxy browser


62

Test buka facebook.com

Muncul warning This Connection is Untrusted, browser ga mengenal CA yg ngeluarin certificate palsu

dari SQUID. Maka harus diimport CA certificatenya terlebih dahulu.


63

Di Firefox Tools > Options > Advanced > Certificates


64


65

Close browsernya dan buka lagi facebook.com


66

msi semua bisa setting squid3 https caching

Documents