Install Lusca di Ubuntu

== UPDATE UBUNTU & INSTALASI ADDON
Jangan lupa direktori cache mount:
btrs => jika pake booting X64 bit
Reiserf => jika pake booting X32 bit

##Langkah Awal Download UBUNTU Server 12.04.1 LTS 32 bit
Silahkan Download disini
http://gb.releases.ubuntu.com//precise/ubuntu-12.04.1-server-i386.iso

##INSTALASI UBUNTU PADA RESOURCE P-III (masih seperti sebelumnya) yaitu
512 MB = /boot
2 GB = /
1 GB = Swap
15 GB RaiserFS= /cache1
15 GB RaiserFS= /cache2

## Jika Resources anda highend Processor dan higher memory
maka kecil kemungkinan permasalahan terutama memory –
dan proxy akan aggresiffff wowwww kerennn

+++++++++++++++++++++
MEMBUAT PASSWORD ROOT
+++++++++++++++++++++
Ubah password Root dengan cara
# sudo su
# passwd root
Login menggunanakan root supaya mudah

+++++++++++++
UPDATE UBUNTU
+++++++++++++
# apt-get update
# apt-get install gcc build-essential sharutils ccze libzip-dev automake1.9

++++++++++++++++++++++++++
DOWNLOAD LUSCA HEAD 14809
++++++++++++++++++++++++++
# cd /tmp
# wget http://ubuntu-proxy-squidlusca.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
# tar xzvf LUSCA_HEAD-r14809.tar.gz
# cd LUSCA_HEAD-r14809

++++++++++++++++++++++++++++++++
DOWNLOAD PATCHNYA DAN PATCHING:
++++++++++++++++++++++++++++++++
# wget http://ubuntu-proxy-squidlusca.googlecode.com/files/luscaVaryrR14697.diff
# wget http://ubuntu-proxy-squidlusca.googlecode.com/files/3xx%20loop.diff
# wget http://ubuntu-proxy-squidlusca.googlecode.com/files/ignore-must-revalidate.diff
# wget http://ubuntu-proxy-squidlusca.googlecode.com/files/keblux-lusca-gzip.patch

# patch -p0 < luscaVaryrR14697.diff
# patch -p0 < 3xx\ loop.diff
# patch -p0 < ignore-must-revalidate.diff
# patch -p2 < keblux-lusca-gzip.patch
# ./bootstrap.sh

Run commen dibawah ini Jika anda pake X64 bit
# make distclean

++++++++++++++++++++++++++++++++
== COMPILE LUSCA HEAD-r14809
++++++++++++++++++++++++++++++++ JUST CHOICE HOW TO COMPILE
++++ AACABLE COMPILER
CHOST=”i686-pc-linux-gnu” \
CFLAGS=”-march=pentium3 -O2 -pipe -fomit-frame-pointer” \
./configure ‘–prefix=/usr/local/squid’ ‘–enable-removal-policies=heap,lru’ ‘–disable-dependency-tracking’ ‘–disable-arp-acl’ ‘–disable-cache-digests’ ‘–enable-cachemgr-hostname=localhost’ ‘–disable-delay-pools’ ‘–enable-epoll’ ‘–enable-external-acl-helpers=ip_user’ ‘–disable-ident-lookups’ ‘–enable-linux-netfilter’ ‘–disable-referer-log’ ‘–enable-removal-policies=heap,lru’ ‘–disable-snmp’ ‘–disable-ssl’ ‘–enable-storeio=aufs,null,coss’ ‘–disable-useragent-log’ ‘–disable-wccpv2’ ‘–with-aio’ ‘–with-maxfd=1048576’ ‘–with-dl’ ‘–with-pthreads’ ‘build_alias=i686-redhat-linux-gnu’ ‘host_alias=i686-redhat-linux-gnu’ ‘targe_alias=i686-redhat-linux-gnu’ ‘–enable-truncate’ ‘–disable-unlinkd’ ‘–with-large-files’ ‘–disable-htcp’

+++ OTHER FORUM COMPILER
CHOST=”i686-pc-linux-gnu” \
CFLAGS=”-march=pentium3 -O2 -pipe -fomit-frame-pointer” \
./configure -prefix=/usr –exec_prefix=/usr -bindir=/usr/sbin -sbindir=/usr/sbin -libexecdir=/usr/lib/squid -sysconfdir=/etc/squid \
-localstatedir=/var/spool/squid -datadir=/usr/share/squid -enable-async-io=24 -with-aufs-threads=24 -with-pthreads -enable-storeio=aufs \
-enable-linux-netfilter -enable-arp-acl -enable-epoll -enable-removal-policies=heap -with-aio -with-dl -enable-snmp \
-disable-delay-pools -enable-htcp -enable-cache-digests -disable-unlinkd -enable-large-cache-files -with-large-files \
-enable-err-languages=English -enable-default-err-language=English -with-maxfd=65536

# make all
# make install

== LUSCA/SQUID AKAN DITEMUKAN :
# /usr/local/squid/etc/
and squid executable di:
# /usr/local/squid/sbin/

++++++++++++++++++++
== SQUID CONFIGURE
++++++++++++++++++++
Download file disini
http://ubuntu-proxy-squidlusca.googlecode.com/files/squid-conf-update1.txt
atau
http://ubuntu-proxy-squidlusca.googlecode.com/files/SquidConf-rev-02.txt
dan copy paste isi file tersebut pada

# nano /usr/local/squid/etc/squid.conf

+++++++++++++++++++++++++++++++
== CREATE CACHE_DIR DAN LOGS
+++++++++++++++++++++++++++++++
# mkdir /cache1 <-tidak usah dilakukan jk sudah ada partisi dir-nya
# mkdir /cache2 <-tidak usah dilakukan jk sudah ada partisi dir-nya
# chown proxy:proxy /cache1
# chown proxy:proxy /cache2
# chmod 777 /cache1
# chmod 777 /cache2
# mkdir /var/log/squid
# chmod 777 /var/log/squid
# /usr/local/squid/sbin/squid -z

++++++++++++++++++++++++++++++
== CREATE STORE_URL
++++++++++++++++++++++++++++++
# mkdir /usr/local/squid
# touch /usr/local/squid/storeurl.pl
# chmod 777 /etc/squid/storeurl.pl
# nano /etc/squid/storeurl.pl

Download file disini Atau coba-coba sendiri mana yang enak :
http://ubuntu-proxy-squidlusca.googlecode.com/files/pl%20update.txt
http://code.google.com/p/ubuntu-proxy-squidlusca/source/browse/aacable-pl?repo=wiki
http://code.google.com/p/ubuntu-proxy-squidlusca/source/browse/ucok-rev15?repo=wiki
dan copy paste isi file tersebut pada
# nano /etc/squid/storeurl.pl

# mkdir /etc/squid
# cd /etc/squid
# chmod 777 /etc/squid/storeurl.pl

Lakukan start SQUID Server dalam Debug mode, untuk meng-check error dengan cara:
# /usr/local/squid/sbin/squid -d1

+++++++++++++++++++++++++++++++++++++++
== MEMBUAT SQUID AUTORUN SAAT START UP
+++++++++++++++++++++++++++++++++++++++
Setelah squid telah running dengan baik, maka untuk auto restart squid setelah di reboot, silahkan tuliskan script ini untuk auto start Squidnya:
# nano /etc/rc.local
ketik tepat pada bagian atas teks exit 0:
/usr/local/squid/sbin/squid -D

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
== MENJALANKAN SERVER AUTO REBOOT DENGAN MENGGUNAKAN CRONTAB
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ternyata gampang dengan menuliskan sebagaimana dibawah, contohnya:
setiap jam 5 pagi interval 3 hari sekali server ubuntu akan reboot

# m h dom mon dow user command
#
00 5 3 * * * * root reboot -h now

tuliskan scriptnya disini:
# nano /etc/crontab
Dan
# reboot -h now

++++++++++++++++++++++++++++++++
== OPTIMALISASI KERNEL SQUID
++++++++++++++++++++++++++++++++
Set default FD jadi 1024
cheek di console default FD yang ada berapa nilainya dengan perintah:
# ulimit -n
1024

cara merubah angka 1024 ke 65536 dengan perintah:
# ulimit -HSn 65536
# echo “root soft nofile 65536” >> /etc/security/limits.conf
# echo “root hard nofile 65536” >> /etc/security/limits.conf

Selanjutnya 1 Tambahkan script
session required pam_limits.so
pada
# nano /etc/pam.d/common-session

Selanjutnya 2 Lakukan perintah :
# modprobe ip_conntrack
Dan tambahkan script
ip_contrack
pada file /etc/modules dengan perintah :
# nano /etc/modules
Lalu sisipkan code dibawah ini didalamnya
ip_conntrack

Kemudian ubah /etc/sysctl.conf dengan code berikut dengan perintah
# nano /etc/sysctl.conf
ubah atau ganti dengan dengan :
——————————
# Start Conf
# sysclt.conf
# Locate /etc/sysctl.conf
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# max openfiles
fs.file-max = 65536
# Minimalis use swap disk
vm.drop_caches = 3
vm.swappiness = 3
# kernel.shmall = 2097152
# kernel.shmmax = 2147483648
# kernel.shmmni = 4096
# kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
net.ipv4.tcp_low_latency = 1
net.core.netdev_max_backlog = 4000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 65536 4194304
# net.ipv4.tcp_rmem = 4096 87380 8388608
# net.ipv4.tcp_wmem = 4096 65536 8388608
net.core.wmem_max = 8388608
net.core.rmem_max = 8388608
net.ipv4.tcp_tw_recycle = 1
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# End Conf
———————————–
Setelah itu check configurasi sysctl.conf lakukan dengan perintah:
# sysctl -p

Kemudian tambahkan entri berikut pada file /etc/security/limits.conf
# nano /etc/security/limits.conf (tambahakan script)
* – nofile 65536
root soft nofile 65536
root hard nofile 65536

Selesai & reboot

++++++++++++++++++++++++++++++++++++
INSTALASI DNS UNBOUND
++++++++++++++++++++++++++++++++++++

Ada banyak cara untuk mempercepat akses internet. Salah satunya adalah dengan menggunakan DNS resolver.
Salah satu tool bagus untuk DNS Resolver adalah Unbound. Dibanding DNS resolver yang lain –
seperti DNSMASQ, PDNSD, MaraDNS, BIND, dnschace, dan PowerDNS – Unbound jauh lebih responsif.
Walau pada dasarnya Unbound diperuntukkan untuk OS Linux, tapi tersedia juga paket untuk Windows.

Unbound adalah alternatif DNS resolver dan juga DNS server, konon Unbound lebih aman dan lebih cepat dalam
melakukan resolving ke domain atau juga dalam melakukan query. Hm…, penasaran juga dengan yang satu ini.

Tested on OS ubuntu ram 512MB, (include servis squid, apache2, & mrtg squid
Install Paket Yang dibutuhkan:
apt-get install build-essential libssl-dev

# apt-get install unbound
# cd /etc/unbound
# wget ftp://ftp.internic.net/domain/named.cache
# unbound-control-setup
# groupadd unbound
# useradd -d /var/unbound -m -g unbound -s /bin/false unbound

dan sesuaikan config /etc/unbound/unbound.conf,
dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)

# chown unbound:root unbound_*
# chmod 440 unbound_*
# nano

dan Copy paste dibawah ini
=====================
# Start DNS Conf
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 64m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

access-control: 0.0.0.0/0 allow

chroot: “/etc/unbound”
username: “unbound”
directory: “/etc/unbound”
logfile: “”
use-syslog: no
pidfile: “/etc/unbound/unbound.pid”
root-hints: “/etc/unbound/named.cache”
identity: “DNS”
version: “1.4”
hide-identity: yes
hide-version: yes
harden-glue: yes

do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: “iterator”

#zone localhost
local-zone: “localhost.” static
local-data: “localhost. 10800 IN NS localhost.”
local-data: “localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800”
local-data: “localhost. 10800 IN A 127.0.0.1”
local-zone: “127.in-addr.arpa.” static
local-data: “127.in-addr.arpa. 10800 IN NS localhost.”
local-data: “127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800”
local-data: “1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.”

#zone ciputih.net
local-zone: “ciputih.net.” static
local-data: “ciputih.net. 86400 IN NS ns1.ciputih.net.”
local-data: “ciputih.net. 86400 IN SOA ciputih.net. hostmaster.ciputih.net. 3 3600 1200 604800 86400”
local-data: “ciputih.net. 86400 IN A 30.30.30.67”
local-data: “www.ciputih.net. 86400 IN A 30.30.30.67”
local-data: “ns1.ciputih.net. 86400 IN A 30.30.30.67”
local-zone: “30.30.30.in-addr.arpa.” static
local-data: “30.30.30.in-addr.arpa. 10800 IN NS ciputih.net.”
local-data: “30.30.30.in-addr.arpa. 10800 IN SOA ciputih.net. hostmaster.ciputih.net. 4 3600 1200 604800 864000”
local-data: “67.30.30.30.in-addr.arpa. 10800 IN PTR ciputih.net.”

forward-zone:
name: “.”
forward-addr: 30.30.30.30
forward-addr: 202.134.0.155
forward-addr: 202.134.0.61
forward-addr: 203.130.193.74
forward-addr: 203.130.196.155
forward-addr: 202.134.1.5
forward-addr: 203.130.208.18
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: “/etc/unbound/unbound_server.key”
server-cert-file: “/etc/unbound/unbound_server.pem”
control-key-file: “/etc/unbound/unbound_control.key”
control-cert-file: “/etc/unbound/unbound_control.pem”
# End DNS Conf
=============================
lalu save di /etc/unbound/unbound.conf
=============================

forward-zone : sesuaikan dengan DNS ISP anda
ip pada local data sesuaikan dengan ip ubuntu anda

setting ubuntu agar mengunakan DNS unbound :
edit file di /etc/resolv.conf :
# nano /etc/resolv.conf
tuliskan :
nameserver 127.0.0.1

edit file /etc/network/interfaces
# nano /etc/network/interfaces
iface eth0 inet static
address 30.30.30.67
netmask 255.255.255.0
network 30.30.30.0
broadcast 30.30.30.255
gateway 30.30.30.30
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1

reboot cpu anda….
untuk mengecek DNS unbound sudah jalan :

# /etc/init.d/unbound restart
Jika ada error atau bentrok dengan bind maka

# nslookup 30.30.30.67
Server: 127.0.0.1
Address: 127.0.0.1#53
67.30.30.30.in-addr.arpa name = ciputih.net

# nslookup ciputih.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: ciputih.net
Address: 30.30.30.67

#unbound-control stats
thread0.num.queries=38
thread0.num.cachehits=7
thread0.num.cachemiss=31
thread0.num.recursivereplies=31
thread0.requestlist.avg=0.129032
thread0.requestlist.max=1
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=0
thread0.requestlist.current.user=0
thread0.recursion.time.avg=0.088811
thread0.recursion.time.median=0.0185685
thread1.num.queries=10
thread1.num.cachehits=1
thread1.num.cachemiss=9
thread1.num.recursivereplies=9
thread1.requestlist.avg=0
thread1.requestlist.max=0
thread1.requestlist.overwritten=0
thread1.requestlist.exceeded=0
thread1.requestlist.current.all=0
thread1.requestlist.current.user=0
thread1.recursion.time.avg=0.049576
thread1.recursion.time.median=0.016384
total.num.queries=48
total.num.cachehits=8
total.num.cachemiss=40
total.num.recursivereplies=40
total.requestlist.avg=0.1
total.requestlist.max=1
total.requestlist.overwritten=0
total.requestlist.exceeded=0
total.requestlist.current.all=0
total.requestlist.current.user=0
total.recursion.time.avg=0.079984
total.recursion.time.median=0.0174763
time.now=1281681396.583885
time.up=7299.491047
time.elapsed=4177.655650

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s