View difference between Paste ID: <a href="/EyWfA5sf">EyWfA5sf</a> and <a href="/hZWQQ7LV">hZWQQ7LV</a>

Installasi HTPROXY
1	-	Installasi HTPROXY
1	+	HIT tapi Buffering adalah ciri2 bottleneck, penyebabnya bisa jadi setting bisa juga kinerja PC.untuk
2		memory 1 G saya rasa debian 32 BIT lebih realistik karena ringan dan installasinya cepat (cuma 10 menit) karena tidak perlu akses internet (Saat installasi jangan pasang kabel LAN dan pada saat configure package manager pilih GO Back dan Continue without a network mirrors pilih yes ).
3
4		link downloadnya:
5		http://kambing.ui.ac.id/iso/debian/6.0.5/i386/iso-cd/debian-6.0.5-i386-netinst.iso atau
6		http://napoleon.acc.umu.se/debian-cd/6.0.5/i386/iso-cd/debian-6.0.5-i386-netinst.iso
7	-	Ubuntu 12.04
7	+
8		untuk yang 64
9		http://kambing.ui.ac.id/iso/debian/6.0.5/amd64/iso-cd/debian-6.0.5-amd64-netinst.iso
10	-	LOKAL = 192.168.2.30/24
10	+
11	-	Client = 192.168.2.2-192.168.2.19
11	+	Installasi , topologi dan setting Mikrotik
12	-	PROXY = 192.168.2.20
12	+
13		topologinya Squid sejajar client ( ip proxy satu subnet dgn client)
14	-	/ip firewall nat
14	+
15	-	add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY SEJAJAR" disabled=no dst-port=80 in-interface=Local protocol=tcp src-address=!192.168.2.20 to-addresses=\
15	+
16	-	192.168.2.20 to-ports=3128
16	+
17		Debian
18
19	-	/ip firewall address-list add address=192.168.2.1-192.168.2.29 list=Local-Address
19	+
20		Local = 192.168.2.30
21	-	tolong disesuaikan
21	+	Client = 192.168.2.1-192.168.2.20
22		PROXY = 192.168.2.22
23	-	Ubuntu 12 32 bit
23	+
24	-	proxy minimal p4 memory 1 G, hardisk 80 G kalo hardisk lebih besar memory harap ditambah
24	+	add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY SEJAJAR" disabled=no dst-port=80 in-interface=Local protocol=tcp src-address=!192.168.2.22 to-addresses=\
25		192.168.2.22 to-ports=3128
26	-	ip 192.168.2.20
26	+
27
28		/ip firewall address-list add address=192.168.2.1-192.168.2.21 list=Local-Address
29
30	-	domain = local.war.net
30	+	/ip dns
31	-	Memory = 1024 MB; HDD 80 Giga
31	+	set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \
32		max-udp-packet-size=512 servers="203.130.208.18,203.130.193.74,203.130.196.5, \
33		222.124.204.34,203.130.196.6,208.67.222.222,208.67.220.220,180.131.144.144, \
34	-	/ root 28 G ext4
34	+	180.131.145.145"
35	-	/cache-1 30 G ext4
35	+	/ip dns static
36	-	/cache-2 30 G ext4
36	+	add address=192.168.2.22 disabled=no name=proxy.crowded.war.net ttl=1d
37	-	/cache-3 30 G ext4
37	+
38
39		ip 192.168.2.22
40		netmask 255.255.255.0
41	-	Enable root access
41	+
42	-	sudo passwd
42	+	name server addresses = 192.168.2.30
43		host = proxy
44	-	mulai installasi via remote as root
44	+	domain = crowded.war.net
45
46	-	tambah repo webmin, dotdeb dan installasi build-essential supaya extract tar.bz2 tidak error
46	+
47		/ root 13 G ext4
48		/cache-1 35 G ext4
49		/cache-2 35 G ext4
50	-	wget http://www.dotdeb.org/dotdeb.gpg
50	+	/cache-3 35 G ext4
51	-	cat dotdeb.gpg \| apt-key add -
51	+
52
53		pilihan packet : SSH-Server dan Standart System Utilities
54	-	apt-get update && apt-get install build-essential
54	+
55		mulai installasi via remote as root karena di Debian Rootnya sudah langsung aktif saat installasi
56
57		tambah repo webmin dan installasi unbound dan build-essential supaya extract tar.bz2 tidak error
58		[CODE]
59		echo deb http://kambing.ui.ac.id/debian/ squeeze main non-free contrib \| tee -a /etc/apt/sources.list
60		echo deb-src http://kambing.ui.ac.id/debian/ squeeze main non-free contrib \| tee -a /etc/apt/sources.list
61		echo deb http://download.webmin.com/download/repository sarge contrib \| tee -a /etc/apt/sources.list
62		cd /root
63		wget http://www.webmin.com/jcameron-key.asc
64	-	Opsi Directory /cache :
64	+
65	-	gunakan opsi noatime,barrier=0 0 0
65	+	apt-get -y update && apt-get -y upgrade
66		[/CODE]
67
68		[CODE]
69		apt-get -y install unbound build-essential
70
71		cd /etc/unbound
72		wget ftp://FTP.INTERNIC.NET/domain/named.cache
73	-	kernel.randomize_va_space = 1
73	+	unbound-control-setup
74		chown unbound:root unbound_*
75		chmod 440 unbound_*
76	-	net.core.rmem_default = 524288
76	+
77	-	net.core.rmem_max = 524288
77	+
78	-	net.core.wmem_default = 524288
78	+	nano /etc/unbound/unbound.conf
79	-	net.core.wmem_max = 524288
79	+	delete isinya ganti dengan
80	-	net.core.optmem_max = 57344
80	+
81		server:
82		verbosity: 1
83		statistics-interval: 120
84		num-threads: 1
85		interface: 0.0.0.0
86
87		outgoing-range: 512
88		num-queries-per-thread: 1024
89	-	net.ipv4.conf.all.send_redirects = 0
89	+
90	-	net.ipv4.conf.default.send_redirects = 0
90	+	msg-cache-size: 16m
91	-	net.ipv4.conf.all.secure_redirects = 0
91	+	rrset-cache-size: 32m
92	-	net.ipv4.conf.default.secure_redirects = 0
92	+
93		msg-cache-slabs: 4
94		rrset-cache-slabs: 4
95
96		cache-max-ttl: 86400
97	-	net.ipv4.tcp_rmem = 4096 87380 524288
97	+	infra-host-ttl: 60
98	-	net.ipv4.tcp_wmem = 4096 87380 524288
98	+	infra-lame-ttl: 120
99	-	net.ipv4.tcp_mem = 524288 524288 524288
99	+
100		infra-cache-numhosts: 10000
101	-	net.ipv4.tcp_max_orphans = 1440000
101	+	infra-cache-lame-size: 10k
102
103		do-ip4: yes
104		do-ip6: no
105		do-udp: yes
106		do-tcp: yes
107		do-daemonize: yes
108
109		#access-control: 0.0.0.0/0 allow
110		access-control: 192.168.0.0/16 allow
111		#access-control: 172.16.0.0/12 allow
112		#access-control: 10.0.0.0/8 allow
113	-	net.ipv4.tcp_max_syn_backlog = 2048
113	+	access-control: 127.0.0.0/8 allow
114		access-control: 0.0.0.0/0 refuse
115	-	net.ipv4.tcp_timestamps = 0
115	+
116		chroot: "/etc/unbound"
117	-	net.ipv4.ip_forward = 1
117	+	username: "unbound"
118		directory: "/etc/unbound"
119	-	net.ipv4.ip_no_pmtu_disc = 0
119	+	#logfile: "/etc/unbound/unbound.log"
120	-	net.ipv4.icmp_echo_ignore_all = 1
120	+	#use-syslog: yes
121		logfile: ""
122		use-syslog: no
123	-	net.ipv4.route.flush = 1
123	+	pidfile: "/etc/unbound/unbound.pid"
124	-	vm.swappiness = 15
124	+	root-hints: "/etc/unbound/named.cache"
125
126		identity: "proxy.crowded.war.net"
127		version: "1.4"
128		hide-identity: yes
129		hide-version: yes
130	-	untuk optimalisasi lainnya silahkan cari sendiri
130	+	harden-glue: yes
131		do-not-query-address: 127.0.0.1/8
132		do-not-query-localhost: yes
133		module-config: "iterator"
134
135		#zone localhost
136		local-zone: "localhost." static
137		local-data: "localhost. 10800 IN NS localhost."
138		local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
139		local-data: "localhost. 10800 IN A 127.0.0.1"
140
141		local-zone: "127.in-addr.arpa." static
142		local-data: "127.in-addr.arpa. 10800 IN NS localhost."
143		local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
144		local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
145
146		#zone crowded.war.net
147	-	cache_dir aufs /cache-1 20000 20 256
147	+	local-zone: "crowded.war.net." static
148	-	cache_dir aufs /cache-2 20000 20 256
148	+	local-data: "crowded.war.net. 86400 IN NS ns.crowded.war.net."
149	-	cache_dir aufs /cache-3 20000 20 256
149	+	local-data: "crowded.war.net. 86400 IN SOA crowded.war.net. hostmaster.crowded.war.net. 3 3600 1200 604800 86400"
150		local-data: "crowded.war.net. 86400 IN A 192.168.2.22"
151		local-data: "www.crowded.war.net. 86400 IN A 192.168.2.22"
152		local-data: "ns.crowded.war.net. 86400 IN A 192.168.2.22"
153
154		local-zone: "2.168.192.in-addr.arpa." static
155		local-data: "2.168.192.in-addr.arpa. 10800 IN NS crowded.war.net."
156		local-data: "2.168.192.in-addr.arpa. 10800 IN SOA crowded.war.net. hostmaster.crowded.war.net. 4 3600 1200 604800 864000"
157		local-data: "22.2.168.192.in-addr.arpa. 10800 IN PTR crowded.war.net."
158
159		forward-zone:
160		name: "."
161		forward-addr: 203.130.208.18
162		forward-addr: 203.130.193.74
163		forward-addr: 203.130.196.5
164		forward-addr: 222.124.204.34
165		forward-addr: 203.130.196.6
166		forward-addr: 208.67.222.222
167		forward-addr: 208.67.220.220
168	-	Agar proses shutdown dapat langsung dijalankan dengan menekan tombol Power gunakan perintah berikut:
168	+	forward-addr: 180.131.144.144
169	-	apt-get install acpid
169	+	forward-addr: 180.131.145.145
170
171		remote-control:
172		control-enable: yes
173		control-interface: 127.0.0.1
174		control-port: 953
175		server-key-file: "/etc/unbound/unbound_server.key"
176		server-cert-file: "/etc/unbound/unbound_server.pem"
177		control-key-file: "/etc/unbound/unbound_control.key"
178		control-cert-file: "/etc/unbound/unbound_control.pem"
179	-	iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 53 -j ACCEPT
179	+
180	-	iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p udp --dport 53 -j ACCEPT
180	+	save
181	-	iptables -A INPUT -p tcp -s 192.168.2.0/24 --dport 80 -j ACCEPT
181	+
182	-	iptables -A INPUT -p tcp -s 192.168.2.0/24 --dport 3128 -j ACCEPT
182	+	rubah resolv.conf
183
184	-	iptables-save -c > /etc/iptables.up.rules
184	+	[CODE]
185		cat > /etc/resolv.conf << "EOF"
186	-	apt-get -y install gcc build-essential sharutils ccze libzip-dev automake1.9 make webmin
186	+	# Begin /etc/resolv.conf
187		domain proxy.crowded.war.net
188		nameserver 127.0.0.1
189		nameserver 192.168.2.30
190		# End /etc/resolv.conf
191		EOF
192		[/CODE]
193
194		unbound-checkconf /etc/unbound/unbound.conf
195
196		reboot
197
198		Tuning Up
199
200		Optimalkan file system cache & ubah opsi untuk partisi cache
201		Disabled fsck (file system check)
202
203		Angka standart Drive Cache adalah 0 2 ——>> ganti dengan 0 0 (INGAT HANYA DRIVE CACHE)
204
205		Opsi Directory /cache ubah
206		# /cache-1 was on /dev/sda6 during installation
207		UUID=b11e172f-5b54-474c-92b1-0ae780f85f29 /cache-1 ext4 default 0 0
208
209		# /cache-1 was on /dev/sda6 during installation
210		UUID=b11e172f-5b54-474c-92b1-0ae780f85f29 /cache-1 ext4 noatime,errors=remount-ro,nobh,barrier=0,data=writeback 0 0
211
212		nano /etc/sysctl.conf
213
214		kernel.panic = 30
215		kernel.panic_on_oops = 30
216		kernel.sysrq = 0
217		kernel.core_uses_pid = 1
218		kernel.msgmnb = 65536
219		kernel.msgmax = 65536
220		fs.file-max = 65536
221		vm.swappiness = 0
222		vm.vfs_cache_pressure=50
223		vm.mmap_min_addr = 4096
224		vm.overcommit_ratio = 0
225		vm.overcommit_memory = 0
226		kernel.shmmax = 268435456
227		kernel.shmall = 268435456
228		vm.min_free_kbytes = 65536
229		net.ipv6.conf.all.disable_ipv6 = 1
230		net.ipv4.tcp_syncookies = 1
231		net.ipv4.tcp_syn_retries = 5
232		net.ipv4.tcp_synack_retries = 2
233		net.ipv4.tcp_max_syn_backlog = 4096
234		net.ipv4.ip_forward = 0
235		net.ipv4.conf.all.forwarding = 0
236		net.ipv4.conf.default.forwarding = 0
237		net.ipv4.conf.all.accept_source_route = 0
238		net.ipv4.conf.default.accept_source_route = 0
239		net.ipv4.conf.all.rp_filter = 1
240		net.ipv4.conf.default.rp_filter = 1
241		net.ipv4.conf.all.accept_redirects = 0
242		net.ipv4.conf.default.accept_redirects = 0
243		net.ipv4.conf.all.log_martians = 0
244		net.ipv4.conf.default.log_martians = 0
245		net.ipv4.tcp_fin_timeout = 15
246		net.ipv4.tcp_keepalive_time = 300
247		net.ipv4.tcp_keepalive_probes = 5
248		net.ipv4.tcp_keepalive_intvl = 15
249		net.ipv4.conf.all.bootp_relay = 0
250		net.ipv4.conf.all.proxy_arp = 0
251		net.ipv4.tcp_dsack = 1
252		net.ipv4.tcp_sack = 1
253		net.ipv4.tcp_fack = 1
254		net.ipv4.tcp_timestamps = 1
255		net.ipv4.icmp_echo_ignore_all = 0
256		net.ipv4.icmp_echo_ignore_broadcasts = 1
257		net.ipv4.icmp_ignore_bogus_error_responses = 1
258		net.ipv4.ip_local_port_range = 1024 65535
259		net.ipv4.tcp_rfc1337 = 1
260		net.ipv4.tcp_congestion_control = cubic
261		net.ipv4.tcp_window_scaling = 1
262		net.ipv4.tcp_mem = 65536 131072 262144
263		net.ipv4.udp_mem = 65536 131072 262144
264		net.ipv4.tcp_rmem = 8192 87380 16777216
265		net.ipv4.udp_rmem_min = 16384
266		net.core.rmem_default = 87380
267		net.core.rmem_max = 16777216
268		net.ipv4.tcp_wmem = 8192 65536 16777216
269		net.ipv4.udp_wmem_min = 16384
270		net.core.wmem_default = 65536
271		net.core.wmem_max = 16777216
272		net.core.somaxconn = 32768
273		net.core.netdev_max_backlog = 4096
274		net.core.dev_weight = 64
275		net.core.optmem_max = 65536
276		net.ipv4.tcp_max_tw_buckets = 1440000
277		net.ipv4.tcp_tw_recycle = 1
278		net.ipv4.tcp_tw_reuse = 1
279		net.ipv4.tcp_max_orphans = 16384
280		net.ipv4.tcp_orphan_retries = 0
281		net.ipv4.ipfrag_high_thresh = 512000
282		net.ipv4.ipfrag_low_thresh = 446464
283		net.ipv4.tcp_no_metrics_save = 1
284		net.ipv4.tcp_moderate_rcvbuf = 1
285		net.unix.max_dgram_qlen = 50
286		net.ipv4.neigh.default.gc_thresh3 = 2048
287		net.ipv4.neigh.default.gc_thresh2 = 1024
288		net.ipv4.neigh.default.gc_thresh1 = 32
289		net.ipv4.neigh.default.gc_interval = 30
290		net.ipv4.neigh.default.proxy_qlen = 96
291		net.ipv4.neigh.default.unres_qlen = 6
292		net.ipv4.tcp_ecn = 1
293		net.ipv4.tcp_reordering = 3
294		net.ipv4.tcp_retries2 = 15
295		net.ipv4.tcp_retries1 = 3
296
297		setelah di save,
298		sysctl -p
299
300
301		Kurangi TCP TIME_WAIT setting, default value (60 in Debian 6)
302
303		echo 4 > /proc/sys/net/ipv4/tcp_fin_timeout
304
305		ulimit -n 65535 # Sets number of open files for this process and it's children
306
307		nano /etc/profile file and ensure that the file does not contain any commands that set ulimit values.
308		Add the following commands to the end of the /etc/profile file
309
310		ulimit -Hn 65536
311		ulimit -Sn 65535
312
313		echo 65536 > /proc/sys/fs/file-max
314		echo "* soft nofile 65536" >> /etc/security/limits.conf
315		echo "* hard nofile 65536" >> /etc/security/limits.conf
316		echo "root soft nofile 65536" >> /etc/security/limits.conf
317		echo "root hard nofile 65536" >> /etc/security/limits.conf
318		echo "proxy soft nofile 65536" >> /etc/security/limits.conf
319		echo "proxy hard nofile 65536" >> /etc/security/limits.conf
320		echo "session required pam_limits.so" >> /etc/pam.d/common-session
321		modprobe ip_conntrack
322
323		kemudian tambahkan ip_contrack di /etc/modules
324		nano /etc/modules
325		tambahkan kalimat berikut baris paling bawah :
326
327		ip_conntrack
328		save
329
330		Install squid
331		32
332		[CODE]
333		cd /home
334		wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_i386.tar.bz2
335		tar xvf deb-htproxy_14942_i386.tar.bz2
336		dpkg -i *.deb
337		/etc/init.d/squid stop
338		[/CODE]
339
340		64
341		[CODE]
342		cd /home
343		wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_x86-64.tar.bz2
344		tar xvf deb-htproxy_14942_x86-64.tar.bz2 && dpkg -i *.deb
345		dpkg -i *.deb
346		/etc/init.d/squid stop
347		[/CODE]
348
349		pake winscp edit
350		/etc/squid/squid.conf
351
352		edit squid.conf sesuai kondisi
353		kalo saranku sih
354
355		cache_dir aufs /cache-1 26000 26 256
356		cache_dir aufs /cache-2 26000 26 256
357		cache_dir aufs /cache-3 26000 26 256
358
359		#CONTOH DNS GOOGLE
360		dns_nameservers 203.130.208.18
361		dns_nameservers 203.130.193.74
362		dns_nameservers 203.130.196.5
363		dns_nameservers 222.124.204.34
364		dns_nameservers 203.130.196.6
365		dns_nameservers 208.67.222.222
366		dns_nameservers 208.67.220.220
367		dns_nameservers 180.131.144.144
368		dns_nameservers 180.131.145.145
369
370		pilihan lain sebenernya tidak signifikan kalo mau optimalisasi belakangan aja
371
372		chown proxy:proxy /cache-1 && chmod 777 /cache-1
373		chown proxy:proxy /cache-2 && chmod 777 /cache-2
374		chown proxy:proxy /cache-3 && chmod 777 /cache-3
375		squid -z
376		squid -f /etc/squid/squid.conf -z && /etc/init.d/squid start
377
378		iptables -F
379		iptables -X
380		iptables -t nat -F
381		iptables -t nat -X
382		iptables -t mangle -F
383		iptables -t mangle -X
384		iptables -P INPUT ACCEPT
385		iptables -P OUTPUT ACCEPT
386		iptables -A INPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 53 -j ACCEPT
387		iptables -A INPUT -s 192.168.0.0/16 -m state --state NEW -p udp --dport 53 -j ACCEPT
388		iptables -A INPUT -p tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT
389		iptables -A INPUT -p tcp -s 192.168.0.0/16 --dport 3128 -j ACCEPT
390		iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
391		iptables-save -c > /etc/iptables.up.rules