Install Squid sebagai Elite / High-Anonymous Proxy pada VPS
CentOS – update file support / dependencies
yum groupinstall "Development Tools" -y yum install libxml2-devel libcap-devel -y yum install kernel-devel kernel-headers -y yum httpd nano -y yum update -y
untuk debian atau ubuntu
apt-get install build-essential libssl-dev
Install Squid
CentOS
yum install squid -y
Debian atau Ubuntu
apt-get install squid
hapus config aslinya, jangan khawatir karena config defaultnya masih ada dengan nama file squid.conf.def
rm -rf /etc/squid/squid.conf
Kemudian buat file config nya
touch /etc/squid/squid.conf nano /etc/squid/squid.conf
Konfigurasi untuk versi 3.xx
dns_nameservers 8.8.8.8 8.8.4.4 4.2.2.1 4.2.2.6 198.6.1.3 204.117.214.10 207.172.11.73 dns_defnames on dns_retransmit_interval 2 seconds dns_timeout 5 minutes balance_on_multiple_ip on cache_mgr not_to_be_disturbed client_db on detect_broken_pconn on half_closed_clients off httpd_suppress_version_string on ignore_unknown_nameservers on pipeline_prefetch on prefer_direct on query_icmp on range_offset_limit -1 retry_on_error on server_persistent_connections on strip_query_terms off uri_whitespace strip ## untuk password untuk versi 32bit, lokasi file ganti seperti di bawah ini : ## /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hour # ACCESS CONTROLS ###################### #Recommended minimum configuration: acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # local networks. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 21 22 25 53 109 143 443 554 563 993 21976 acl Safe_ports port 53 80 136 137 182 acl Safe_ports port 22 25 70 210 280 acl Safe_ports port 143 443 554 563 993 acl Safe_ports port 1025-65535 acl Safe_ports port 8000-8090 acl Safe_ports port 67-68 acl Safe_ports port 123 465 488 587 591 777 6667 acl Safe_ports port 9000-9091 acl Safe_ports port 110 119 995 2030 2401 3306 3690 6881 8443 8843 acl ncsa_users proxy_auth REQUIRED acl CONNECT method CONNECT # #Recommended minimum configuration: ###################### ## Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager ## http_access allow localhost http_access allow ncsa_users http_access deny to_localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports ## ## disable multicast icp miss_access allow all ident_lookup_access deny all # NETWORK OPTIONS ###################### http_port 143 # Leave coredumps in the first cache dir access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_access_log none cache_store_log none # hierarchy_stoplist cgi-bin ? acl apache rep_header Server ^Apache ipcache_size 8192 ipcache_low 90 ipcache_high 95 #cache_dir null /tmp cache_mem 16 MB cache_dir ufs /var/spool/squid/cache0 1000 16 256 cache_dir ufs /var/spool/squid/cache1 1000 16 256 cache_dir ufs /var/spool/squid/cache2 1000 16 256 cache_dir ufs /var/spool/squid/cache3 1000 16 256 deny_info ::0 all # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 visible_hostname google.com
Konfigurasi untuk versi 2.6xx dan 2.7xx
dns_nameservers 8.8.8.8 8.8.4.4 4.2.2.1 4.2.2.6 198.6.1.3 204.117.214.10 207.172.11.73 cache_mgr not_to_be_disturbed client_db on detect_broken_pconn on dns_defnames on dns_retransmit_interval 2 seconds dns_timeout 5 minutes half_closed_clients off httpd_suppress_version_string on ignore_unknown_nameservers on pipeline_prefetch on prefer_direct on query_icmp on range_offset_limit -1 retry_on_error on server_persistent_connections on strip_query_terms off uri_whitespace strip ## untuk password untuk versi 32bit, lokasi file ganti seperti di bawah ini : ## /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hour # ACCESS CONTROLS ###################### #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 21 22 25 53 109 143 443 554 563 993 21976 acl Safe_ports port 53 80 136 137 182 acl Safe_ports port 22 25 70 210 280 acl Safe_ports port 143 443 554 563 993 acl Safe_ports port 67-68 acl Safe_ports port 1025-65535 acl Safe_ports port 8000-8090 acl Safe_ports port 123 465 488 587 591 777 6667 acl Safe_ports port 9000-9091 acl Safe_ports port 110 119 995 2030 2401 3306 3690 6881 8443 8843 acl ncsa_users proxy_auth REQUIRED acl CONNECT method CONNECT # #Recommended minimum configuration: ###################### ## Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager ## http_access allow localhost http_access allow ncsa_users http_access deny to_localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports ## disable multicast icp miss_access allow all ident_lookup_access deny all # NETWORK OPTIONS ## open-port ########### http_port 143 ###################### cache_mem 16 MB cache_dir ufs /var/spool/squid/cache0 1000 16 256 cache_dir ufs /var/spool/squid/cache1 1000 16 256 cache_dir ufs /var/spool/squid/cache2 1000 16 256 cache_dir ufs /var/spool/squid/cache3 1000 16 256 # Leave coredumps in the first cache dir access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_access_log none cache_store_log none # hierarchy_stoplist cgi-bin ? acl apache rep_header Server ^Apache # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 visible_hostname Google.com
Setting password
Buat file-nya dulu:
touch /etc/squid/squid_passwd
ubah permission filenya, agar tidak permission denied
chown root.root /etc/squid/squid_passwd
isikan user name dan passwd ke file
htpasswd -b /etc/squid/squid_passwd [user_1] [passwd_1]
Buat cache file dan test jalankan
cd /var/spool chmod 775 squid chmod g+w squid squid -z squid -d 1 -D # tekan CTRL+C service squid restart
start on boot dan start/stop/restart/status squid
chkconfig --add squid chkconfig squid on service squid status
all credits: john6000 – bugs4u.info