Tuesday, May 21, 2013

Tutorial install squid nginx



Skenario :  internet - modem - Squid Nginx - Clients

 Langkah dalam menginstal Nginx + Squid :

 1. Update Ubuntu + Upgrade untuk menjaga performa dan kestabilan sistem sebelum ditambah paket.

 #apt-get update
#apt-get upgrade

 2. Install SSH Server sebagai Remote menggunakan Tools SSH seperti Putty

 #apt-get install openssh-server

 3. Install Squid, untuk kestabilan sebaiknya gunakan Squid 2.7 stable 7

 #apt-get install squid
#gedit /etc/squid/squid.conf

 (remove semua isi squid.conf dan gantikan dengan script berikut)


# SQUID 2.7 stable 7
# See at : www.jadiakbar.wordpress.com
# PORT and Transparent Option
http_port 8080 transparent
server_http11 on
icp_port 0

# Cache saya set 40GB
store_dir_select_algorithm round-robin
cache_dir aufs /cache1 40000 16 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA

# Enable Log Waktu
emulate_httpd_log on
logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
log_fqdn off

# Rotate Log saya set 2 bulan
logfile_rotate 60
debug_options ALL,1
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# Instal DNS Masquerade untuk searching DNS tercepat
# Instal dulu paketnya "apt-get install dnsmasq" first
dns_nameservers 127.0.0.1 8.8.8.8

#ACL Section
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
http_reply_access allow all
icp_access allow all

# Set Info Proxy
cache_effective_user proxy
cache_effective_group proxy
cache_mgr jadiakbar@rocketmail.com
visible_hostname jadiakbar.wordpress.com
unique_hostname c0d393n

cache_mem 16 MB
minimum_object_size 0 bytes
maximum_object_size 400 MB
maximum_object_size_in_memory 128 KB

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 50% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# Youtube Cache Section
url_rewrite_program /etc/nginx/nginx.rb
url_rewrite_host_header off
acl youtube_videos url_regex -i ^http://[^/]+\.youtube\.com/videoplayback\?
acl range_request req_header Range .
acl begin_param url_regex -i [?&]begin=
acl id_param url_regex -i [?&]id=
acl itag_param url_regex -i [?&]itag=
acl sver3_param url_regex -i [?&]sver=3
cache_peer 127.0.0.1 parent 8081 0 proxy-only no-query connect-timeout=10
cache_peer_access 127.0.0.1 allow youtube_videos id_param itag_param sver3_param !begin_param !range_request
cache_peer_access 127.0.0.1 deny all

 4. Install NginX

 #apt-get install nginx
#gedit /etc/nginx/nginx.conf
(edit nginx.conf dan pastekan script berikut)
# For more info, visit http://code.google.com/p/youtube-cache/
# See at www.jadiakbar.wordpress.com
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_static on;
gzip_comp_level 6;
gzip_disable .msie6.;
gzip_vary on;
gzip_types text/plain text/css text/xml text/javascript application/json application/x-javascript application/xml application/xml+rss;
gzip_proxied expired no-cache no-store private auth;
gzip_buffers 16 8k;
gzip_http_version 1.1;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# starting youtube section
server {
listen 127.0.0.1:8081;
location / {
root /usr/local/www/nginx_cache/files;
#try_files "/id=$arg_id.itag=$arg_itag" @proxy_youtube; # Old one
#try_files  "$uri" "/id=$arg_id.itag=$arg_itag.flv" "/id=$arg_id-range=$arg_range.itag=$arg_itag.flv" @proxy_youtube; #old2
try_files "/id=$arg_id.itag=$arg_itag.range=$arg_range.algo=$arg_algorithm" @proxy_youtube;
}
location @proxy_youtube {
resolver 221.132.112.8;
proxy_pass http://$host$request_uri;
proxy_temp_path "/usr/local/www/nginx_cache/tmp";
#proxy_store "/usr/local/www/nginx_cache/files/id=$arg_id.itag=$arg_itag"; # Old 1
proxy_store "/usr/local/www/nginx_cache/files/id=$arg_id.itag=$arg_itag.range=$arg_range.algo=$arg_algorithm";
proxy_ignore_client_abort off;
proxy_method GET;
proxy_set_header X-YouTube-Cache "jadiakbar@rocketmail.com";
proxy_set_header Accept "video/*";
proxy_set_header User-Agent "YouTube Cacher (nginx)";
proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language "";
proxy_set_header Accept-Charset "";
proxy_set_header Cache-Control "";}
}
}

 5. Buat Direktori untuk Cache

 #mkdir /usr/local/www
#mkdir /usr/local/www/nginx_cache
#mkdir /usr/local/www/nginx_cache/tmp
#mkdir /usr/local/www/nginx_cache/files
#chown www-data /usr/local/www/nginx_cache/files/ -Rf

 6. Buat File NginX.rb

 #touch /etc/nginx/nginx.rb
(permission)
#chmod 755 /etc/nginx/nginx.rb

 7. Edit File NginX.rb

 #gedit /etc/nginx/nginx.rb
(gantikan dengan)
#!/usr/bin/env ruby1.8
# See at www.jadiakbar.wordpress.com
# For more info, visit http://code.google.com/p/youtube-cache/
# url_rewrite_program <path>/nginx.rb
# url_rewrite_host_header off

require "syslog"
require "base64"

class SquidRequest
attr_accessor :url, :user
attr_reader :client_ip, :method

def method=(s)
@method = s.downcase
end

def client_ip=(s)
@client_ip = s.split('/').first
end
end

def read_requests
# URL <SP> client_ip "/" fqdn <SP> user <SP> method [<SP> kvpairs]<NL>
STDIN.each_line do |ln|
r = SquidRequest.new
r.url, r.client_ip, r.user, r.method, *dummy = ln.rstrip.split(' ')
(STDOUT << "#{yield r}\n").flush
end
end

def log(msg)
Syslog.log(Syslog::LOG_ERR, "%s", msg)
end

def main
Syslog.open('nginx.rb', Syslog::LOG_PID)
log("Started")

read_requests do |r|
if r.method == 'get' && r.url !~ /[?&]begin=/ && r.url =~ %r{\Ahttp://[^/]+\.youtube\.com/(videoplayback\?.*)\z}
log("YouTube Video [#{r.url}].")
"http://127.0.0.1:8081/#{$1}"
else
r.url
end
end
end
main

 8. Install Ruby sebagai bahasa pemrograman berbasis Open Source yang ringan untuk Read/ Write Cache

 #apt-get install ruby

 9. Konfigurasi Direktori Squid dan Permissionnya

 #mkdir /cache1
#chown proxy:proxy /cache1
#chmod -R  777 /cache1

 10. Inialisasi Direktori

 #squid -z

 11. Restar Squid dan NginX

 #service squid start
#service nginx restart

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)