Squid 3 HEAD Support HTTPS

Written by Bima Firewall 1 comments Posted in:
Share

konfigurasi Jaringan
====================

                        port ethernet no.3 ------- SQUID 
Klien ---- Switch ---- port ethernet no.2
                       port ethernet no.1-------Modem

 Konfigurasi di MikroTik
=======================

 #copy paste command dibawah ini menggunakan menu New Terminal di Winbox#
--------------------------------------------------------------------------
kasi nama interface dan IP address
----------------------------------
/interface ethernet
set 2 name=ether3-proxy

 /ip address 
add address=192.168.5.1/24 interface=ether3-proxy
Instalasi pada PC Proxy
=======================

 --Instalasi Web Proxy di Ubuntu Server 12.04 part 1 - Instalasi Ubuntu Server 12.04---

 Hardware (silahkan disesuaikan)
========
- Proc Core 2 Duo
- HDD 40 GB 
- RAM 1 GB
- CD/DVD RW

 Software
========
- Download Ubuntu Server ver 12.04 (iso)
- Download & Install Putty Installer
- Download & Install WinSCP Installer

 Persiapan
=========
- Install NIAT terlebih dahulu :-)
- Burn iso file ke CD /DVD
- Set BIOS PC untuk First Boot melalui CD/DVD

 Instalasi Ubuntu Server ver 12.04 Lts 
=====================================

 Silahkan ikuti petunjuk instalasi dibawah ini. Jumlah cache dan besaran cache sila disesuaikan

 ---- Configure Language, Location, locales ----
- English [ Tekan Enter ]
- Install Ubuntu Server [ Tekan Enter ]
- English [ Tekan Enter ]
- Other [ Tekan Enter ]
- Asia [ Tekan Enter ]
- Indonesia [ Tekan Enter ]
- United States [ Tekan Enter ]

 ----Configure the keyboard----
- No [ Tekan Enter ]
- English (US) [ Tekan Enter ]
- English (US) [ Tekan Enter ]

 ---- Configure the network ----
- Continue [ Tekan Enter ]
- Configure Network Manually [ Tekan Enter ]
- IP Address : 192.168.5.2 [ Tekan Enter ]
- Netmask : 255.255.255.0 [ Tekan Enter ]
- Gateway : 192.168.5.1 [ Tekan Enter ]
- Name Server address : 192.168.5.1 [ Tekan Enter ]
- Hostname : BelajarJaringan [ Tekan Enter ]
- Domain name : [ Tekan Enter ]
- Full name for new user : Belajar Jaringan [ Tekan Enter ]
- username for your account : belajar [ Tekan Enter ]
- choose a password for the new user : passwordku [ Tekan Enter ]
- Re-enter password to verify : passwordku [ Tekan Enter ]
- Encrypt your home directory? : No [ Tekan Enter ]

 ---- Configure the clock ----
- Jakarta

 ---- Partition disk ----
- Manual
- SCSI1 (0,0,0) (sda) - 42.9 GB [ Tekan Enter ]
- Create New Partition table on this device ? Yes [ Tekan Enter ]

 - pri/log 42.9 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 1 GB [ Tekan Enter ]
- Type for the new partition : Primary [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Mount point [ Tekan Enter ]
- Pilih /boot - static files of the boot loader [ Tekan Enter ]
- Pilih Mount options [ Tekan Enter ]
- Pilih Noatime [Tekan Tombol Spacebar] [ Tekan Enter ]
- Pilih Bootable flag [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]

 - pri/log 41.9 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 2 GB [ Tekan Enter ]
- Type for the new partition : Primary [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Use [ Tekan Enter ]
- Pilih swap area [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]

 - pri/log 39.9 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 19.9 GB [ Tekan Enter ]  ------------------> Saya sisakan 20 GB untuk cache dir 
- Type for the new partition : Primary [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Mount point [ Tekan Enter ]
- Pilih / - the root file system [ Tekan Enter ]
- Pilih Mount options [ Tekan Enter ]
- Pilih Noatime [Tekan Tombol Spacebar] [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]

 - pri/log 20 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 20 GB [ Tekan Enter ]
- Type for the new partition : Logical [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Use [ Tekan Enter ]
- Pilih ReiserFS journaling file system
- Pilih Mount point [ Tekan Enter ]
- Pilih Enter manually [ Tekan Enter ]
- Hapus /Home ganti menjadi /cache1 [ Tekan Enter ]
- Pilih Mount options [ Tekan Enter ]
- Pilih Noatime [Tekan Tombol Spacebar], Pilih Notail [Tekan Tombol Spacebar] [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]

 - Pilih Finish partitioning and write changes to disk [ Tekan Enter ]
- Write the changes to disks : Yes [ Tekan Enter ]

 --- Configure the package manager ----
- HTTP proxy information (blank for none) : [ Tekan Enter ]

 --- Configure tasksel ---
- How do you want to manage upgrade on this system? : No automatic updates [ Tekan Enter ]

 --- Software selection ---
- Pilih OpenSSH Server [Tekan Tombol Spacebar] [ Tekan Enter ]

 --- Install the GRUB boot loader on a hard disk---
- Install the GRUB boot loader to the master boot record? : Yes [ Tekan Enter ]

 --- [!!] Finish the installation ---
- Pilih Continue [ Tekan Enter ]
- keluarkan CD Installer

 Mengganti Password root
=======================
1. Login ke Proxy melalui WinSCP/ Putty dengan login yg Anda buat sewaktu install
2. ketik perintah dibawah ini
sudo su [tekan ENTER]
(masukkan password user yang anda buat sewaktu install)
3. ketik lagi
passwd root [tekan ENTER]
ENTER new UNIX password : (masukkan password baru untuk root)
Retype new UNIX password : (masukkan kembali password yang sama)

 pastikan muncul tulisan : passwd : password updated successfully

 Instalasi Squid 3 HEAD
======================
Petunjuk:
--------------
- Login ke Program WinSCP menggunakan user root
- Copy Paste Perintah-Perintah dibawah ini melalui Putty (Copy lalu Klik kanan pada putty tekan Enter) :

 apt-get update
apt-get install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ccze libfile-readbackwards-perl libcap2 libcap-dev libcap2-dev 
apt-get install sysv-rc-conf

 wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.0.2.tar.gz
tar xzvf squid-3.4.0.2.tar.gz

 cd squid-3.4.0.2

 ./configure --prefix=/usr \
--bindir=/usr/bin --sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --datadir=/usr/share/squid \
--infodir=/usr/share/info --mandir=/usr/share/man \
--disable-dependency-tracking --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --enable-icmp --enable-esi --enable-icap-client \
--disable-wccp --disable-wccpv2 \
--enable-kill-parent-hack --enable-cache-digests --enable-follow-x-forwarded-for --enable-x-accelerator-vary --enable-zph-qos \
--with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid --with-large-files --enable-ltdl-convenience --with-filedescriptors=65536 \
--enable-ssl --enable-ssl-crtd --disable-auth --build=i486-linux-gnu build_alias=i486-linux-gnu
make && make install

 chown -R proxy:proxy /cache
chown -R proxy:proxy /var/log/squid

 ## Copy 2 file berikut menggunakan Program WinSCP 
=================================================
- File "squid.conf" (sila download di http://pastebin.com/PKZkLfpD) yang telah diubah dan disesuaikan dengan kebutuhan ke folder: /etc/squid/
- File "squid" (sila download di  http://pastebin.com/8xLYXZQC)ke folder: /etc/init.d/

 ijin execute squid
==========================
chmod +x /etc/init.d/squid

 Setup SSL Bump
==============
cd /etc/squid
mkdir ssl_cert
cd ssl_cert
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem  -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
cd
mkdir /var/squid
cd /var/squid
mkdir ssl_db
cd
chown -R nobody /var/squid/ssl_db/
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy /var/squid/ssl_db/
swap dir
========
squid -z
Copy Paste Perintah-Perintah dibawah ini pada file /etc/rc.local
================================================================
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat

 iptables -t mangle -F
iptables -t mangle -X

 iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING ! -d 192.168.5.2/32 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t mangle -A PREROUTING ! -d 192.168.5.2/32 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127

 /sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100

 echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward

 iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
exit 0

 Mangle dan Routing TPROXY
-------------------------
/ip firewall mangle
add action=mark-routing chain=prerouting comment="TPROXY ROUTING" disabled=no dst-port=80,443 in-interface=ether2-Lan new-routing-mark=tproxy_rm passthrough=no protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface=ether3-Proxy new-connection-mark=tproxy_cm passthrough=yes protocol=tcp src-address=!192.168.2.1
add action=mark-routing chain=prerouting connection-mark=tproxy_cm disabled=yes in-interface=!ether3-Proxy new-routing-mark=tproxy_rm passthrough=no

 /ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=tproxy_rm scope=30 target-scope=10

 ---------------------------------------------------------------------------------------------


1 comments:

  1. Unknown

    squid.conf nya minta pak

    5 February 2016 at 22:10


:)) :)] ;)) ;;) :D ;) :p :(( :) :( :X =(( :-o :-/ :-* :| 8-} ~x( :-t b-( :-L x( =))

Post a Comment

Powered by Blogger.

Komentar