API tools faq
paste
Advertisement
teknisiazza

How To Build and Config Squid-3.5.3 Cache Youtube and Facebo

teknisiazza
Mar 30th, 2016
194
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.31 KB | None | 0 0
raw download clone embed print report
  1. sudo su
  2. apt-get update && apt-get upgrade -y
  3.  
  4. apt-get install devscripts \
  5. build-essential \
  6. openssl libssl-dev \
  7. fakeroot \
  8. libcppunit-dev \
  9. libsasl2-dev \
  10. cdbs \
  11. ccze \
  12. libfile-readbackwards-perl \
  13. libcap2 \
  14. libcap-dev \
  15. libcap2-dev \
  16. libtool \
  17. sysv-rc-conf -y
  18.  
  19. wget http://files.bandi-tech.id.ai/squid/version/v3/squid-3.5.3.tar.bz2
  20. tar -xjf squid-3.5.3.tar.bz2
  21. cd squid-3.5.3
  22.  
  23.  
  24. ./configure \
  25. --prefix=/usr \
  26. --includedir=/usr/include \
  27. --infodir=/usr/share/info \
  28. --sysconfdir=/etc \
  29. --localstatedir=/var \
  30. --libexecdir=/usr/lib/squid \
  31. --srcdir=. \
  32. --datadir=/usr/share/squid \
  33. --sysconfdir=/etc/squid \
  34. --mandir=/usr/share/man \
  35. --enable-inline \
  36. --enable-async-io=24 \
  37. --enable-storeio=ufs,aufs,diskd,rock \
  38. --enable-removal-policies=lru,heap \
  39. --enable-gnuregex \
  40. --enable-delay-pools \
  41. --enable-cache-digests \
  42. --enable-underscores \
  43. --enable-icap-client \
  44. --enable-follow-x-forwarded-for \
  45. --enable-eui \
  46. --enable-esi \
  47. --enable-icmp \
  48. --enable-zph-qos \
  49. --enable-http-violations \
  50. --enable-ssl-crtd \
  51. --enable-linux-netfilter \
  52. --enable-ltdl-install \
  53. --enable-ltdl-convenience \
  54. --enable-x-accelerator-vary \
  55. --disable-maintainer-mode \
  56. --disable-dependency-tracking \
  57. --disable-silent-rules \
  58. --disable-translation \
  59. --disable-ipv6 \
  60. --disable-ident-lookups \
  61. --with-swapdir=/var/spool/squid \
  62. --with-logdir=/tmp \
  63. --with-pidfile=/var/run/squid.pid \
  64. --with-aufs-threads=24 \
  65. --with-filedescriptors=65536 \
  66. --with-large-files \
  67. --with-maxfd=65536 \
  68. --with-openssl \
  69. --with-default-user=proxy \
  70. --with-included-ltdl
  71.  
  72. make && make install
  73.  
  74. cd /etc/squid
  75. mkdir ssl_certs
  76. cd ssl_certs
  77. openssl genrsa -out squid.key 2048
  78. openssl req -new -key squid.key -out squid.csr -nodes
  79. openssl x509 -req -days 3652 -in squid.csr -signkey squid.key -out squid.crt
  80.  
  81.  
  82. mkdir /var/lib/squid
  83. chown -R nobody /var/lib/squid/
  84. /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
  85. chown -R proxy:proxy /var/lib/squid/ssl_db/
  86. chmod -R 777 /var/lib/squid/ssl_db/
  87.  
  88.  
  89. #
  90. # Recommended minimum configuration:
  91. #
  92.  
  93. # Example rule allowing access from your local networks.
  94. # Adapt to list your (internal) IP networks from where browsing
  95. # should be allowed
  96. acl localnet src 192.168.10.0/24 # Sesuaikan dengan ip client/local
  97.  
  98. acl SSL_ports port 443
  99. acl Safe_ports port 80 # http
  100. acl Safe_ports port 21 # ftp
  101. acl Safe_ports port 443 # https
  102. acl Safe_ports port 70 # gopher
  103. acl Safe_ports port 210 # wais
  104. acl Safe_ports port 1025-65535 # unregistered ports
  105. acl Safe_ports port 280 # http-mgmt
  106. acl Safe_ports port 488 # gss-http
  107. acl Safe_ports port 591 # filemaker
  108. acl Safe_ports port 777 # multiling http
  109. acl CONNECT method CONNECT
  110. acl getmethod method GET
  111. acl getmethod method GET
  112. acl loop_302 http_status 302
  113.  
  114. # TAG: QUERY
  115. # -----------------------------------------------------------------------------
  116. acl QUERY urlpath_regex -i (hackshield|blank.html|infinity.js|hshield.da|renew_session_token.php|recaptcha.js|dat.asp|notice.swf|patchlist.txt|hackshield|captcha|reset.css|update.ver|notice.html|updates.txt|gamenotice|images.kom|patchinfo.xml|noupdate.ui|\.Xtp|\.htc|\.txt)
  117. acl QUERY urlpath_regex -i (patch.conf|uiimageset.xml.iop|gashaponwnd.xml.iop|loading.swf|download.swf|version.list|version.ini|launch.jnlp|server_patch.cfg.iop|core.swf|Loading.swf|resouececheck.sq|mainloading.swf|config.xml|gemmaze.swf|xml.png|size.xml|resourcesbar.swf|version.xml|version.list|delete.ini)
  118. acl QUERY urlpath_regex -i \.(jsp|asp|aspx|cfg|iop|zip|php|xml|html)(\?|$)
  119. cache deny QUERY
  120.  
  121. #
  122. acl dontstore url_regex ^http:\/\/(([\d\w-]*(\.[^\.\-]*?\..*?))(\/\mosalsal\/[\d]{4}\/.*\/)(.*\.flv))\?start.*
  123. acl dontstore url_regex redbot\.org \.php
  124. acl dontstore url_regex -i ^http:\/\/.*gemscool\.com\/.*
  125. acl dontstore url_regex \.(aspx|php)\?
  126. acl dontstore url_regex goldprice\.org\/NewCharts\/gold\/images\/.*\.png
  127. acl dontstore url_regex google\.co(m|\.[a-z]{2})\/complete\/search\?
  128. acl dontstore url_regex redirector\.([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id|get_video_info\?|ptracking\?|player_204\?|stream_204\?).*
  129.  
  130. acl store_yt_id url_regex -i youtube.*(ptracking|stream_204|playback|player_204|watchtime|set_awesome|s\?|ads).*(video_id|docid|\&v|content_v)\=([^\&\s]*).*$
  131. acl store_id_list_yt url_regex -i (youtube|googlevideo).*videoplayback.*$
  132. acl store_id_list_yt url_regex ^https?\:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id).*
  133.  
  134. acl store-id_list urlpath_regex -i dl\.sourceforge\.net
  135. acl store-id_list urlpath_regex -i \.ytimg\.com
  136. acl store-id_list urlpath_regex -i \.(akamaihd|fbcdn)\.net
  137. acl store_id_list urlpath_regex -i [a-zA-Z]{2}[0-9]*\.4shared\.com\/download\/
  138.  
  139. acl store_id_list_url url_regex ^http:\/\/[0-9]\.bp\.blogspot\.com.*\.(jpeg|jpg|png|gif|ico)
  140. acl store_id_list_url url_regex ^http[s]?:\/\/.*\.twimg\.com\/(.*)\.(gif|jpeg|jpg|png|js|css)
  141. acl store_id_list_url url_regex ^http[s]?:\/\/(media|static)\.licdn\.com\/.*\.(png|jpg|gif|woff)
  142. acl store_id_list_url url_regex ^https:\/\/fb(static|cdn)\-.*\-a.akamaihd.net\/(.*)\.(gif|jpeg|jpg|png|js|css|mp4)
  143. acl store_id_list_url url_regex ^http:\/\/.*\.ak\.fbcdn\.net\/.*\.(gif|jpg|png|js|mp4)
  144.  
  145. request_header_access Range deny store_id_list_yt
  146. range_offset_limit 10 KB store_id_list_yt
  147.  
  148.  
  149. ###############################################################################
  150. # Recommended minimum Access Permission configuration:
  151. #
  152. # Deny requests to certain unsafe ports
  153. ###############################################################################
  154. http_access deny !Safe_ports
  155. http_access deny CONNECT !SSL_ports
  156. http_access allow localhost manager
  157. http_access deny manager
  158. http_access allow localnet
  159. http_access allow localhost
  160. http_access deny all
  161.  
  162. ###############################################################################
  163. # squid ssl_bump option
  164. ###############################################################################
  165. always_direct allow all
  166. ssl_bump server-first all
  167. sslproxy_cert_error deny all
  168. sslproxy_flags DONT_VERIFY_PEER
  169.  
  170. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB
  171. sslcrtd_children 8 startup=1 idle=1
  172.  
  173. ###############################################################################
  174. # Squid normally listens to port 3128
  175. ###############################################################################
  176. http_port 3129
  177. http_port 3128 tproxy
  178. https_port 3130 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.crt key=/etc/squid/ssl_certs/squid.key
  179.  
  180. # TAG: Store-id Program
  181. # -----------------------------------------------------------------------------
  182. store_id_program /etc/squid/store-id.pl
  183. store_id_children 100 startup=0 idle=1 concurrency=1000
  184.  
  185. # TAG: Store-id Access
  186. # -----------------------------------------------------------------------------
  187. store_id_access deny dontstore
  188. store_id_access deny !getmethod
  189. store_id_access allow store_id_list_yt
  190. store_id_access allow store_yt_id
  191. store_id_access allow store-id_list
  192. store_id_access deny all
  193. store_id_bypass on
  194.  
  195. # TAG: Youtube 302
  196. # -----------------------------------------------------------------------------
  197. store_miss deny store_id_list_yt loop_302
  198. send_hit deny store_id_list_yt loop_302
  199.  
  200. ###############################################################################
  201. ## MEMORY CACHE OPTIONS
  202. ###############################################################################
  203. client_dst_passthru on
  204. cache_mem 1024 MB
  205. maximum_object_size_in_memory 1024 KB
  206. memory_cache_shared off
  207. memory_cache_mode disk
  208. memory_replacement_policy heap GDSF
  209.  
  210. ###############################################################################
  211. ## DISK CACHE OPTIONS
  212. ###############################################################################
  213. cache_replacement_policy heap LFUDA
  214. minimum_object_size 1 bytes
  215. maximum_object_size 10 GB
  216.  
  217. ###############################################################################
  218. # Uncomment and adjust the following to add a disk cache directory.
  219. ###############################################################################
  220. cache_dir aufs /cache-0 300000 16 256
  221. cache_dir aufs /cache-1 320000 16 256
  222. cache_dir aufs /cache-2 320000 16 256
  223. cache_dir aufs /cache-3 320000 16 256
  224.  
  225. store_dir_select_algorithm round-robin
  226. cache_swap_low 90
  227. cache_swap_high 95
  228.  
  229. ###############################################################################
  230. # Leave coredumps in the first cache dir
  231. ###############################################################################
  232. coredump_dir /cache-0
  233.  
  234. ###############################################################################
  235. ## LOGFILE OPTIONS
  236. ###############################################################################
  237. access_log daemon:/tmp/access.log !log
  238. logfile_daemon /usr/lib/squid/log_file_daemon
  239. cache_store_log none
  240. logfile_rotate 1
  241. mime_table /etc/squid/mime.conf
  242. pid_filename /var/run/squid.pid
  243. strip_query_terms off
  244. buffered_logs off
  245.  
  246. ###############################################################################
  247. ## OPTIONS FOR TROUBLESHOOTING
  248. ###############################################################################
  249. #cache_log /tmp/cache.log
  250. cache_log /dev/null
  251. #debug_options ALL,1 22,3
  252.  
  253. coredump_dir /cache-0
  254.  
  255. ###############################################################################
  256. ## OPTIONS FOR TUNING THE CACHE
  257. ###############################################################################
  258. max_stale 1 years
  259. vary_ignore_expire on
  260. shutdown_lifetime 10 seconds
  261.  
  262. ###############################################################################
  263. # Add any of your own refresh_pattern entries above these.
  264. ###############################################################################
  265. refresh_pattern ^ftp: 1440 20% 10080
  266. refresh_pattern ^gopher: 1440 0% 1440
  267. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  268.  
  269. # Youtube Video
  270. refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?|\.mp4|\.webm|\.flv|((audio|video)\/(webm|mp4))) 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale
  271. refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.* 10080 99% 43200 override-lastmod override-expire ignore-reload reload-into-ims ignore-private reload-into-ims ignore-auth store-stale
  272. refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.*$ 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale
  273.  
  274. # Image Youtube
  275. refresh_pattern -i (yimg|twimg)\.com\.* 1440 100% 129600 override-expire ignore-reload reload-into-ims
  276. refresh_pattern -i (ytimg|ggpht)\.com\.* 1440 80% 129600 override-expire override-lastmod ignore-auth ignore-reload reload-into-ims
  277.  
  278. #images facebook
  279. refresh_pattern -i fbcdn.*net\/.*\.((jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)|(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)(\?|.*$)) 241920 99% 241920 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-auth
  280. refresh_pattern -i pixel\.facebook\.com.*\.(jpg|png|gif|ico|css|js) 241920 80% 241920 override-expire ignore-reload reload-into-ims ignore-auth
  281. refresh_pattern -i \.akamaihd\.net.*\.(jpg|png|gif|ico|css|js) 241920 80% 241920 override-expire ignore-reload reload-into-ims ignore-auth
  282. refresh_pattern -i ((facebook.com)|(85.131.151.39))\.(jpg|png|gif) 241920 99% 241920 ignore-reload override-expire ignore-no-store store-stale
  283. refresh_pattern -i fbcdn\.net\/.*\.((jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)|(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)(\?|.*$)) 241920 99% 241920 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-auth
  284. refresh_pattern static\.(xx|ak)\.fbcdn\.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store
  285. refresh_pattern ^https?\:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store
  286.  
  287. # Video Facebook
  288. refresh_pattern -i \.video.ak.fbcdn.net.*\.(mp4|flv|mp3|amf) 10080 80% 43200 override-expire ignore-reload reload-into-ims ignore-private ignore-no-store ignore-must-revalidate
  289. refresh_pattern (audio|video)\/(webm|mp4) 129600 99% 129600 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
  290. refresh_pattern -i ^http://.*squid\.internal.* 241920 100% 241920 override-lastmod override-expire ignore-reload ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
  291.  
  292. # All File
  293. refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 80% 10080 override-expire override-lastmod reload-into-ims
  294. refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar|iop|nzp|pak|mar|msp) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload
  295. refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 80% 10080 override-expire override-lastmod reload-into-ims
  296. refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob|webm) 10080 80% 10080 override-expire override-lastmod reload-into-ims
  297. refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 80% 10080 override-expire override-lastmod reload-into-ims
  298. refresh_pattern . 0 20% 4320
  299.  
  300. ###############################################################################
  301. ## ADMINISTRATIVE PARAMETERS
  302. ###############################################################################
  303. cache_mgr bandi.shippuden@gmail.com
  304. cache_effective_user proxy
  305. cache_effective_group proxy
  306. visible_hostname bandi-shippuden.admin.net
  307. unique_hostname bandi-shippuden.admin.net
  308.  
  309. ###############################################################################
  310. ## PERSISTENT CONNECTION HANDLING
  311. ###############################################################################
  312. detect_broken_pconn on
  313. client_persistent_connections off
  314. server_persistent_connections on
  315.  
  316. ###############################################################################
  317. ## ERROR PAGE OPTIONS
  318. ###############################################################################
  319. error_directory /usr/share/squid/errors/en
  320. error_log_languages off
  321.  
  322. ###############################################################################
  323. ## DNS OPTIONS
  324. ###############################################################################
  325. check_hostnames off
  326. hosts_file /etc/hosts
  327. connect_retries 2
  328. ipcache_low 90
  329. ipcache_high 95
  330. ipcache_size 10024 # 2x Besar RAM
  331. fqdncache_size 7024 # real RAM Hardware
  332. pipeline_prefetch 100
  333.  
  334. ###############################################################################
  335. ## MISCELLANEOUS
  336. ###############################################################################
  337. memory_pools off
  338. reload_into_ims on
  339. uri_whitespace strip
  340. max_filedescriptors 65536
  341.  
  342.  
  343. chown proxy:proxy /cache_proxy
  344. chmod 777 /cache_proxy
  345.  
  346. cd /etc/squid/
  347. wget http://files.bandi-tech.id.ai/Config/squid-3.5/store-id.pl
  348. chmod +x store-id.pl
  349.  
  350. squid -f /etc/squid/squid.conf -z
  351.  
  352.  
  353.  
  354. cd /etc/init.d/
  355. wget http://files.bandi-tech.id.ai/Config/squid-3.5/squid
  356. chmod +x squid
  357.  
  358. sysv-rc-conf squid default
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!