Seputar Perintah Dasar dalam pengelolaan squid dan aplikasi yum clearOS
1.) Untuk Startup Squid Manual:
/usr/local/squid/sbin/squid -NDd1 & atau
/usr/sbin/squid -NDd1 &
cat : sesuaikan penempatan squidnya
2.) Untuk meng reconfigurasi squid, apabila habis di edit squid.conf nya:
/usr/local/squid/sbin/squid -k reconfigure
# squid -k reconfigure
3.) Melihat aktifitas user:
# tail -f /cache1/access.log ATAU
# tail -f /var/log/squid/access.log
cat : sesuaikan letak access.log di proxy anda
4.) Melihat persentase HIT Ratio:
/usr/local/squid/bin/squidclient -p 3128 mgr:info|grep Hit
5.) Untuk matiin squid:
/usr/local/squid/sbin/squid -k shutdown ATAU
#squid -k shutdown
6.) Untuk mengoreksi configurasi squid.conf:
/usr/local/squid/sbin/squid -k parse atau
#squid -k parse
7.) Untuk mengaktifkan kembali content filter:
yum install adzapper app-dansguardian-av app-squid app-squid-acl dansguardian-av
Sumber : Beldin.net
8.) Untuk menghapus squid yang sudah di upgrade
# yum remove squid
9.) Untuk menginstal / memasang squid standar bawaan COS
# yum install squid
10.) untuk menghentikan squid
# service squid stop
11.) untuk menjalankan squid
# service squid start
12.) untuk merestart squid setelah mengedit
# service squid restart
cat : biasanya perintah ini dilakukan 2x saat squid stop eror
13.) untuk mengecek versi squid
# squid -v
14.) untuk mengubah hak akses squid.conf
# chown proxy:proxy /etc/squid/squid.conf
15.) untuk memberikan hak akses ke squid.conf , storeurl.pl dan mime.conf
# chmod 777 /etc/squid/squid.conf
# chmod 777 /etc/squid/Storeurl.pl
# chmod 777 /etc/squid/mime.conf
ket : sesuaikan settingan penempatan file pada squid, store dan mime di proxy anda
16.) REBUILD CACHE / membentuk directory cache
# squid -z
cat : proses ini dilakukan jika saat pengecekan squid sudah tidak ada masalah
17.) Agar squid bisa jalan secara otomatis saat proses booting
# nano /etc/rc.local
cat : sesuaikan penempatan rc.lokal di proxy anda
SEPUTAR perintah DIREKTORY CACHE :
18.) untuk membuat direktori/folder cache
#mkdir /cache
#mkdir /cache 2, dan seterusnya
19.) untuk menghapus folder/directory cache
# rm -rf /cache
cat : untuk menghapus folder cache secara keseluruhan
# rm –rf /cache-* ATAU
# rm -rf /cache/*
cat : perintah diatas untuk menghapus subfolder/file yang ada didalam folder utama cache
SEPUTAR perintah YUM :
20.) mengecek paket yang tersedia
# yum list update
# yum list available
21.) Menginstall paket
# yum install [nama paket]
# yum install [paket1] [paket2] [paket3]
contoh penggunaan untuk menginstall squid
#yum install squid
atau untuk menginstall squid, http, dan ftp
#yum install squid http ftp
22.) Menghapus paket
#yum remove [nama paket]
#yum remove [paket1] [paket2] [paket3]
23.) Melihat isi paket
#yum info [nama paket]
24.) mencari paket
#yum search [nama paket]
25.) Melihat paket yang telah terinstall
#yum list installed
#yum list installed [nama paket]
26.) Mengupdate seluruh paket yang ada di repository
#yum update
27.) Menginstall file RPM yang ada di direktori lokal
#yum localinstall --nogpgcheck [path][nama file].rpm
contoh :
Jika anda telah mendownload file webmin-1.530-1.noarch.rpm dan anda letakkan di /home , maka untuk menginstall nya sbb:
Code: [Select]
#yum localinstall --nogpgcheck /home/webmin-1.530-1.noarch.rpm
Tambahan :
anda bisa mendownload file rpm di COS dengan menggunakan program wget
contoh :
#wget http://prdownloads.sourceforge.net/webadmin/webmin-1.530-1.noarch.rpm /home
1.) Untuk Startup Squid Manual:
/usr/local/squid/sbin/squid -NDd1 & atau
/usr/sbin/squid -NDd1 &
cat : sesuaikan penempatan squidnya
2.) Untuk meng reconfigurasi squid, apabila habis di edit squid.conf nya:
/usr/local/squid/sbin/squid -k reconfigure
# squid -k reconfigure
3.) Melihat aktifitas user:
# tail -f /cache1/access.log ATAU
# tail -f /var/log/squid/access.log
cat : sesuaikan letak access.log di proxy anda
4.) Melihat persentase HIT Ratio:
/usr/local/squid/bin/squidclient -p 3128 mgr:info|grep Hit
5.) Untuk matiin squid:
/usr/local/squid/sbin/squid -k shutdown ATAU
#squid -k shutdown
6.) Untuk mengoreksi configurasi squid.conf:
/usr/local/squid/sbin/squid -k parse atau
#squid -k parse
7.) Untuk mengaktifkan kembali content filter:
yum install adzapper app-dansguardian-av app-squid app-squid-acl dansguardian-av
Sumber : Beldin.net
8.) Untuk menghapus squid yang sudah di upgrade
# yum remove squid
9.) Untuk menginstal / memasang squid standar bawaan COS
# yum install squid
10.) untuk menghentikan squid
# service squid stop
11.) untuk menjalankan squid
# service squid start
12.) untuk merestart squid setelah mengedit
# service squid restart
cat : biasanya perintah ini dilakukan 2x saat squid stop eror
13.) untuk mengecek versi squid
# squid -v
14.) untuk mengubah hak akses squid.conf
# chown proxy:proxy /etc/squid/squid.conf
15.) untuk memberikan hak akses ke squid.conf , storeurl.pl dan mime.conf
# chmod 777 /etc/squid/squid.conf
# chmod 777 /etc/squid/Storeurl.pl
# chmod 777 /etc/squid/mime.conf
ket : sesuaikan settingan penempatan file pada squid, store dan mime di proxy anda
16.) REBUILD CACHE / membentuk directory cache
# squid -z
cat : proses ini dilakukan jika saat pengecekan squid sudah tidak ada masalah
17.) Agar squid bisa jalan secara otomatis saat proses booting
# nano /etc/rc.local
cat : sesuaikan penempatan rc.lokal di proxy anda
SEPUTAR perintah DIREKTORY CACHE :
18.) untuk membuat direktori/folder cache
#mkdir /cache
#mkdir /cache 2, dan seterusnya
19.) untuk menghapus folder/directory cache
# rm -rf /cache
cat : untuk menghapus folder cache secara keseluruhan
# rm –rf /cache-* ATAU
# rm -rf /cache/*
cat : perintah diatas untuk menghapus subfolder/file yang ada didalam folder utama cache
SEPUTAR perintah YUM :
20.) mengecek paket yang tersedia
# yum list update
# yum list available
21.) Menginstall paket
# yum install [nama paket]
# yum install [paket1] [paket2] [paket3]
contoh penggunaan untuk menginstall squid
#yum install squid
atau untuk menginstall squid, http, dan ftp
#yum install squid http ftp
22.) Menghapus paket
#yum remove [nama paket]
#yum remove [paket1] [paket2] [paket3]
23.) Melihat isi paket
#yum info [nama paket]
24.) mencari paket
#yum search [nama paket]
25.) Melihat paket yang telah terinstall
#yum list installed
#yum list installed [nama paket]
26.) Mengupdate seluruh paket yang ada di repository
#yum update
27.) Menginstall file RPM yang ada di direktori lokal
#yum localinstall --nogpgcheck [path][nama file].rpm
contoh :
Jika anda telah mendownload file webmin-1.530-1.noarch.rpm dan anda letakkan di /home , maka untuk menginstall nya sbb:
Code: [Select]
#yum localinstall --nogpgcheck /home/webmin-1.530-1.noarch.rpm
Tambahan :
anda bisa mendownload file rpm di COS dengan menggunakan program wget
contoh :
#wget http://prdownloads.sourceforge.net/webadmin/webmin-1.530-1.noarch.rpm /home
OPTIMALISASI SQUID 2.6 SATBLE 21
Aplikasikan pada ClearOS 5.2 sp1 SQUID 2.6.STABLE 21
edit pada squid.conf nya
edit pada squid.conf nya
# webconfig: http_port_start
http_port 192.168.1.1:3128 transparent
http_port 127.0.0.1:3128 transparent
# webconfig: http_port_end
hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost
no_cache deny QUERY
ipcache_size 8192
cache_mem 256 MB
maximum_object_size 204800 KB
store_dir_select_algorithm least-load
minimum_object_size 0 KB
range_offset_limit -1
maximum_object_size 200 MB
cache_swap_low 98
cache_swap_high 99
ipcache_low 98
ipcache_high 99
fqdncache_size 8192
cache_dir ufs /var/spool/squid 10240 16 256
redirect_program /usr/sbin/adzapper
redirect_children 10
auth_param basic program /usr/lib/squid/squid_ldap_auth -b “dc=localhost,dc=net” -f “(&(objectClass=pcnProxyAccount)(uid=%s))” -h 127.0.0.1 -D “cn=manager,cn=internal,dc=smkyapisbiak,dc=net” -W /etc/squid/ldap.conf -s one -v 3 -U pcnProxyPassword -d
auth_param basic children 5
auth_param basic realm ClarkConnect Community Edition – Web Proxy
auth_param basic credentialsttl 2 hours
refresh_pattern -i ^http://*.windowsupdate.com/.* 1440 99% 518400 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg|flv|ra|rm|wmv|divx)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(class|css|js|gif|jpg|ps)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(mpg|mpe|wav|au|mid|mp3|mp4|ac4|swf)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(zip|gz|arj|lha|lzh|7z)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(rar|tgz|tar|exe|bin|rpm|iso)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf|xls|ppt|pdf|docx|xlsx)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(inc|cab|ad|txt|dll|dat)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.zynga.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.friendster.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.kompas.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.detik.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.facebook.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims
refresh_pattern -i ^http://*.bhinneka.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.fbcdn.net/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims
refresh_pattern . 720 50% 432000 reload-into-ims override-lastmod
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
half_closed_clients off
shutdown_lifetime 10 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.0/8
# webconfig: acl_start
acl webconfig_lan src 192.168.1.0/24
acl webconfig_to_lan dst 192.168.1.0/24
# webconfig: acl_end
acl to_localhost dst 127.0.0.0/8
acl password proxy_auth REQUIRED
acl privoxy dstdomain config.privoxy.org
acl SSL_ports port 443 563
acl SSL_ports port 81 10000
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 81 82 83 10000 # Web-based administration tools
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl sex url_regex -i “/etc/squid/sex”
deny_info ERR_ACCESS_DENIED sex
http_access deny sex
acl our_networks src 192.168.1.0/24 #IP Network Lokal
http_access allow our_networks
http_access deny privoxy
http_access allow localhost
http_access allow webconfig_to_lan
http_access allow webconfig_lan
http_access deny all
http_reply_access allow all
dns_testnames 5
icp_access allow all
reply_body_max_size 104857600 allow all
cache_effective_user squid
cache_effective_group squid
memory_pools off
memory_pools_limit 2048 MB
forwarded_for off
store_avg_object_size 50 KB
reload_into_ims on
error_directory /etc/squid/errors
maximum_single_addr_tries 3
coredump_dir /usr/local/squid/var/cache
balance_on_multiple_ip on
pipeline_prefetch on
positive_dns_ttl 1 year
connect_timeout 1 minute
# Filter Download
acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .msi .mp4
# disini akan kita buat 2 aturan
delay_pools 2
# aturan pertama ini tidak ada batasan, sesuai dengan poin 1 dan 2 di rule sederhana tadi
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
# aturan 2, setelah download 2048000 bytes mk download menjadi 15000 bytes/s
delay_class 2 2
delay_parameters 2 -1/10240000 20000/10241000
delay_access 2 allow download
delay_access 2 deny all
delay_access 1 deny download
delay_access 1 allow all
#
coredump_dir /var/spool/squid
client_persistent_connections on
server_persistent_connections off
persistent_connection_after_error on
ie_refresh on
vary_ignore_expire on
http_port 192.168.1.1:3128 transparent
http_port 127.0.0.1:3128 transparent
# webconfig: http_port_end
hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost
no_cache deny QUERY
ipcache_size 8192
cache_mem 256 MB
maximum_object_size 204800 KB
store_dir_select_algorithm least-load
minimum_object_size 0 KB
range_offset_limit -1
maximum_object_size 200 MB
cache_swap_low 98
cache_swap_high 99
ipcache_low 98
ipcache_high 99
fqdncache_size 8192
cache_dir ufs /var/spool/squid 10240 16 256
redirect_program /usr/sbin/adzapper
redirect_children 10
auth_param basic program /usr/lib/squid/squid_ldap_auth -b “dc=localhost,dc=net” -f “(&(objectClass=pcnProxyAccount)(uid=%s))” -h 127.0.0.1 -D “cn=manager,cn=internal,dc=smkyapisbiak,dc=net” -W /etc/squid/ldap.conf -s one -v 3 -U pcnProxyPassword -d
auth_param basic children 5
auth_param basic realm ClarkConnect Community Edition – Web Proxy
auth_param basic credentialsttl 2 hours
refresh_pattern -i ^http://*.windowsupdate.com/.* 1440 99% 518400 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg|flv|ra|rm|wmv|divx)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(class|css|js|gif|jpg|ps)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(mpg|mpe|wav|au|mid|mp3|mp4|ac4|swf)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(zip|gz|arj|lha|lzh|7z)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(rar|tgz|tar|exe|bin|rpm|iso)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf|xls|ppt|pdf|docx|xlsx)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(inc|cab|ad|txt|dll|dat)$ 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.zynga.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.friendster.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.kompas.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.detik.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.facebook.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims
refresh_pattern -i ^http://*.bhinneka.com/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://*.fbcdn.net/.* 1440 90% 432000 override-expire override-lastmod reload-into-ims
refresh_pattern . 720 50% 432000 reload-into-ims override-lastmod
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
half_closed_clients off
shutdown_lifetime 10 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.0/8
# webconfig: acl_start
acl webconfig_lan src 192.168.1.0/24
acl webconfig_to_lan dst 192.168.1.0/24
# webconfig: acl_end
acl to_localhost dst 127.0.0.0/8
acl password proxy_auth REQUIRED
acl privoxy dstdomain config.privoxy.org
acl SSL_ports port 443 563
acl SSL_ports port 81 10000
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 81 82 83 10000 # Web-based administration tools
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl sex url_regex -i “/etc/squid/sex”
deny_info ERR_ACCESS_DENIED sex
http_access deny sex
acl our_networks src 192.168.1.0/24 #IP Network Lokal
http_access allow our_networks
http_access deny privoxy
http_access allow localhost
http_access allow webconfig_to_lan
http_access allow webconfig_lan
http_access deny all
http_reply_access allow all
dns_testnames 5
icp_access allow all
reply_body_max_size 104857600 allow all
cache_effective_user squid
cache_effective_group squid
memory_pools off
memory_pools_limit 2048 MB
forwarded_for off
store_avg_object_size 50 KB
reload_into_ims on
error_directory /etc/squid/errors
maximum_single_addr_tries 3
coredump_dir /usr/local/squid/var/cache
balance_on_multiple_ip on
pipeline_prefetch on
positive_dns_ttl 1 year
connect_timeout 1 minute
# Filter Download
acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .msi .mp4
# disini akan kita buat 2 aturan
delay_pools 2
# aturan pertama ini tidak ada batasan, sesuai dengan poin 1 dan 2 di rule sederhana tadi
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
# aturan 2, setelah download 2048000 bytes mk download menjadi 15000 bytes/s
delay_class 2 2
delay_parameters 2 -1/10240000 20000/10241000
delay_access 2 allow download
delay_access 2 deny all
delay_access 1 deny download
delay_access 1 allow all
#
coredump_dir /var/spool/squid
client_persistent_connections on
server_persistent_connections off
persistent_connection_after_error on
ie_refresh on
vary_ignore_expire on