Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #########################################################
- # #
- # squid3.5.x Rock Store Large support SmpScale #
- # http://wiki.squid-cache.org/Features/LargeRockStore #
- # http://wiki.squid-cache.org/Features/SmpScale #
- # #
- # created by www.hikmah-teknologi.com #
- # #
- # #
- #########################################################
- # # Asumsi IP proxy linux singgle interfaces eth0 = 192.168.100.2 dan IP Local Client = 192.168.1.0/24
- # = Mangle mikrotik =
- # Taruh di baris paling awal (sebelum mangle qos)
- ## /ip fi ma
- ## add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 dst-port=80 new-routing-mark=proxy src-address=192.168.1.0/24
- # Tambahkan ini jika ingin menginterceot port 443, tentunya ssl config harus di config dan si sesuaikan dulu, saat in hanya membahas fitur rock store
- # add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 dst-port=443 new-routing-mark=proxy src-address=192.168.1.0/24
- # = Routing Mikrotik =
- # /ip route
- # add distance=1 dst-address=0.0.0.0/0 gateway=192.168.100.2 routing-mark=proxy
- #
- # = Iptables Linux =
- # paste di console linux sebagai root :
- ## iptables -t nat -A PREROUTING -s 192.168.1.0/24 ! -d 192.168.0.0/16 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.100.2:3128
- ## iptables -t nat -A PREROUTING -s 192.168.1.0/24 ! -d 192.168.0.0/16 -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.100.2:3129
- #
- #port squid are listen
- #http_port 3128
- #http_port 3129 tproxy
- #https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/myCA.pem
- http_port 0.0.0.0:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/myCA.pem
- acl step1 at_step SslBump1
- acl step2 at_step SslBump2
- acl step3 at_step SslBump3
- ssl_bump peek step1 all
- ssl_bump bump all
- #
- sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/squid3/ssl_db -M 4MB
- sslcrtd_children 16 startup=1 idle=1
- sslproxy_capath /etc/ssl/certs
- sslproxy_cert_error allow all
- sslproxy_flags DONT_VERIFY_PEER #this line fixing www.gmail.com, mail.yahoo.com for some errors
- always_direct allow all
- ssl_unclean_shutdown on
- #
- acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
- acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
- acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
- #
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- acl getmethod method GET
- #
- #acl storeid_rewrite_url url_regex ^https?:\/\/.*\.googlevideo\.com\/videoplayback\?
- #acl storeid_rewrite_url url_regex ^https?:\/\/.*\.ytimg\.com.*\.(webp|jpg|gif)
- #
- acl storeid_rewrite_url url_regex ^https?:\/\/profile.ak.fbcdn.net\/hprofile-ak-[a-z]{3}[0-9]\/
- acl storeid_rewrite_url url_regex ^https?:\/\/.*?([a-z]{4,}).*?.ak.fbcdn.net\/
- acl storeid_rewrite_url url_regex ^https?:\/\/fbcdn-(s?photos|profile)-[a-z]-a.akamaihd.net/h(profile|s?photos)-ak-
- acl storeid_rewrite_url url_regex ^https?:\/\/fbcdn-(profile|dragon)-[a-z]\.akamaihd.net/h(profile|photos)-ak-
- acl storeid_rewrite_url url_regex ^http:\/\/(.*)\/speedtest\/.*\.(jpg|txt|bmp)
- acl storeid_rewrite_url url_regex ^http:\/\/[a-z0-9]{4}\.reverbnation\.com\/.*\/([0-9]*).*
- acl storeid_rewrite_url url_regex ^http:\/\/[0-9]?.bp.blogspot\.com\/(.*)\/s.*?\/.*(jpg|png|gif)$
- acl storeid_rewrite_url url_regex ^http.*\,avast\.com\/.*\.vpx$
- acl storeid_rewrite_url url_regex ^http:\/\/fs[0-9]{2}.filehippo.com\/([0-9]{4})\/
- acl nocache url_regex \.(ini|ui|ver|patch|lst|inf|cfg|md5|key|pub|list|txt|db|log|html)$ \.(php|jsp|cgi|asx|asp|aspx|js)$
- acl nocache url_regex (hackshield|notice|xtrap|login|registration|reset)
- #
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost manager
- http_access deny manager
- http_access allow localnet
- http_access allow localhost
- http_access deny all
- #
- visible_hostname de-isle.blogspot.co.id
- cache_mgr fox.skd@gmail.com
- pid_filename /var/run/squid3.pid
- error_directory /usr/share/squid3/errors/en
- strip_query_terms off
- access_log daemon:/var/log/squid3/access.log squid
- cache_log /var/log/squid3/cache.log
- cache_store_log none
- cache_replacement_policy heap GDSF
- memory_replacement_policy heap LFUDA
- #Mmebuat Directory Cache Disk dengan type rock store :
- #Buat device shm
- #paste di console linux sebagai root :
- ## echo "shm /dev/shm tmpfs nodev,nosuid,noexec 0 0" >> /etc/fstab
- ## echo "net.local.dgram.recvspace = 262144" > /etc/sysctl.conf
- # echo "net.local.dgram.maxdgram = 16384" > /etc/sysctl.conf
- ## mount -a
- ## chown proxy:proxy /var/run/squid3
- #
- #asumsi 5 disk virtual masing2 8GB utk cache_dir dengan disk directory mulai /var/spool/squid3/1 sd /var/spool/squid3/5
- #pergunakan max 50% jadi 4Gb per cache_dir
- #ketik di console linux
- ## mkdir /var/spool/squid3/{1,2,3,4,5}
- ## chown proxy:proxy /var/spool/squid3/*
- ## squid3 -z
- #
- #angka setelah cache_dir rock/aufs 4096 = artinya 4096MB=> dalam satuan MB => 4GB
- #angka di setelah min-size=/max-size= dalam satuan bytes
- #silahkan di sesuaikan itu hanya contoh dalam virtual box
- #
- #=============================================#
- workers 3
- cache_dir rock /cache/0 4096 min-size=0 max-size=65536 swap-timeout=300 max-swap-rate=200/sec
- if ${process_number} = 1
- cache_dir ufs /cache/1 4096 16 256 min-size=65536 max-size=1024000
- endif
- if ${process_number} = 2
- cache_dir ufs /cache/2 4096 16 256 min-size=1024000 max-size=2048000
- endif
- if ${process_number} = 3
- cache_dir ufs /cache/3 4096 16 256 min-size=2048000 max-size=4096000
- endif
- #=============================================#
- cache_mem 64 MB
- maximum_object_size_in_memory 8 KB
- memory_cache_mode disk
- store_avg_object_size 64 KB
- #
- cache_replacement_policy heap GDSF
- coredump_dir /cache
- #
- cache deny nocache
- #
- logfile_rotate 1
- shutdown_lifetime 5 second
- #
- snmp_port 3401
- snmp_access allow all
- snmp_incoming_address 0.0.0.0
- snmp_outgoing_address 0.0.0.0
- #
- qos_flows local-hit=0x30
- qos_flows sibling-hit=0x30
- qos_flows parent-hit=0x30
- #
- cache_effective_user proxy
- cache_effective_group proxy
- #resolver
- dns_nameservers 127.0.0.1
- dns_timeout 20 seconds
- dns_v4_first on
- client_dst_passthru off
- host_verify_strict off
- reload_into_ims on
- refresh_all_ims on
- detect_broken_pconn on
- client_persistent_connections off
- server_persistent_connections on
- vary_ignore_expire on
- shutdown_lifetime 3 seconds
- #squidbooster trial 30 days
- #store_id_program /etc/squid3/64bits/ut-squidbooster -i -g -l /var/log/squid3
- #store_id_children 10 startup=5 idle=2 concurrency=0
- #refresh_pattern -i ^http:\/\/.*\.unveiltech\.internal\/.* 324000 100% 432000 override-expire override-lastmod refresh-ims reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate
- #store-id
- store_id_program /usr/lib/squid3/storeid_file_rewrite /etc/squid3/store-id.pl
- store_id_children 40 startup=10 idle=5 concurrency=0
- store_id_access deny !getmethod
- store_id_access deny nocache
- store_id_access allow storeid_rewrite_url
- store_id_access deny all
- store_id_bypass on
- # REFRESH PATTERN
- refresh_pattern -i https?:\/\/.*\.xx\.fbcdn\.net\/.*\.(jpg|png) 43830 99% 259200 override-expire override-lastmod ignore-reload
- refresh_pattern static\.(xx|ak)\.fbcdn\.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store
- refresh_pattern ^https?\:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store
- refresh_pattern (akamaihd|fbcdn)\.net 14400 99% 518400 ignore-no-store ignore-private ignore-reload ignore-must-revalidate store-stale
- refresh_pattern (audio|video)\/(webm|mp4) 129600 99% 129600 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
- refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 20% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
- refresh_pattern -i reverbnation.com 1440 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
- refresh_pattern -i (yimg|twimg)\.com\.* 1440 100% 129600 override-expire ignore-reload reload-into-ims
- refresh_pattern -i (ytimg|ggpht)\.com\.* 1440 80% 129600 override-expire override-lastmod ignore-auth ignore-reload reload-into-ims
- refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?|\.mp4|\.webm|\.flv|((audio|video)\/(webm|mp4))) 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale
- refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.* 10080 99% 43200 override-lastmod override-expire ignore-reload reload-into-ims ignore-private reload-into-ims ignore-auth store-stale
- refresh_pattern ^\.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth max-stale=1440
- refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
- refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
- refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
- refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
- refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
- refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
- refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
- refresh_pattern (zynga|topeleven|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
- refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 80% 10080 override-expire override-lastmod reload-into-ims
- refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar|iop|nzp|pak|mar|msp) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload
- refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 80% 10080 override-expire override-lastmod reload-into-ims
- refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob|webm) 10080 80% 10080 override-expire override-lastmod reload-into-ims
- refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 80% 10080 override-expire override-lastmod reload-into-ims
- refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|cup|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
- refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar|pak|cup) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
- refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
- refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
- refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
- refresh_pattern -i .(html|htm|css|js|xml)$ 1440 75% 40320
- refresh_pattern -i .index.(html|htm)$ 0 75% 43800
- refresh_pattern -i ^http.*squid\.internal.* 43200 100% 799000 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
- #KEEP THESE LINES AT BOTTOM OF CONFIGURATION
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 0 50% 4320
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
