Instalasi Proxy Server: Squid pada FreeBSD

This post is originated from http://lukmanul.hakimd.net/2012/04/13/proxy-server/

1. Install Squid 3.1 via FreeBSD ports.

cd /usr/ports/www/squid31  
make install clean  

Atau Lewat Pakage

pkg_add –r squid31  

Setelah selesai, file-file Konfigurasi terletak pada /usr/local/etc/squid/.

2. Buka squid.conf

ee /usr/local/etc/squid/squid.conf  

Contoh squid.conf yang bisa dipakai dibawah ini.

acl manager proto cache_object  
acl localhost src 127.0.0.1/32 ::1  
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# acl localnet disesuaikan
# acl localnet src 167.205.0.0/16     # RFC1918 possible internal network
acl SSL_ports port 443  
acl Safe_ports port 80         # http  
acl Safe_ports port 21         # ftp  
acl Safe_ports port 443               # https  
acl Safe_ports port 70         # gopher  
acl Safe_ports port 210               # wais  
acl Safe_ports port 1025-65535 # unregistered ports  
acl Safe_ports port 280               # http-mgmt  
acl Safe_ports port 488               # gss-http  
acl Safe_ports port 591               # filemaker  
acl Safe_ports port 777               # multiling http  
acl CONNECT method CONNECT

# authentikasi menggunakan ncsa

auth_param basic program /usr/local/libexec/squid/ncsa_auth /usr/local/etc/passwd  
auth_param basic children 5  
auth_param basic realm Squid proxy-caching web server  
auth_param basic credentialsttl 2 hours  
auth_param basic casesensitive off  
acl ncsa_users proxy_auth REQUIRED  
http_access allow ncsa_users

http_access allow manager localhost  
http_access deny manager  
http_access deny !Safe_ports  
http_access deny CONNECT !SSL_ports  
http_access allow localnet  
http_access allow localhost  
http_access deny all  
http_port 8080

cache_peer 167.205.22.105 parent 8080 0 no-query login=lukmanul.hakim:[pass] default  
never_direct allow all

hierarchy_stoplist cgi-bin ?

#cache_dir disesuaikan
#cache_dir ufs /var/squid/cache 100 16 256
coredump_dir /var/squid/cache

refresh_pattern ^ftp:          1440    20%     10080  
refresh_pattern ^gopher:       1440    0%      1440  
refresh_pattern -i (/cgi-bin/|\?) 0   0%      0  
refresh_pattern .              0       20%     4320

cache_mgr lukman@arc.itb.ac.id  

3. Buat htpassword

# htpasswd –c /usr/local/etc/passwd lukman
New password:  
Re-type new password:  

4. Buat direktori cache

# squid -z

5. Tambahkan ke rc.conf

# echo 'squid_enable=”YES”' >> /etc/rc.conf

6. Jalankan squid

# /usr/local/etc/rc.d/squid start

7. Set proxy pada browser


Rotating Logs

Fungsinya agar access.log dibuat menjadi tidak hanya satu, agar file tidak membengkak terlalu besar

  1. Terminate squid, squid –k shutdown
  2. Hapus seluruh isi cache_dir
  3. Jalan kan squid /usr/local/etc/rc.d/squid start
  4. Rotate squid squid –k rotate

Lukman

Radio astronomer pretending to be system engineer.

Bandung, Indonesia