Sunday, April 26, 2015

clearos 6.4 + Squid 3.5.2 Gateway Mode https caching

clearos 6.4 + Squid 3.5.2 Gateway Mode https caching

April 1, 2015 — mikrotiksquid 
clearos 6.4 + squid 3.5.2 (Gateway Mode [https cache :P)
http://forum.clearos.or.id/index.php?topic=2458.0

# yum update 

# yum-config-manager --enable clearos-core

# yum --enablerepo=clearos-core,clearos-developer,clearos-epel install clearos-devel app-devel

# yum install openssl openssl-devel fakeroot ccze ebtables perl-File-ReadBackwards libcap libcap-devel libtool-ltdl-devel automake gcc glibc-devel e2fsprogs-devel sharutils

# yum --enablerepo=* install libtool libtool-ltdl libtool-ltdl-devel

# reboot

# service squid stop

# service remove squid 

# mkdir /squid3

# mkdir /etc/apache2

# cd squid3

# wget ... bla bla .. squid.org 

# tar -zxvf squid 3.5.2

# cd squid 3.5.2

# ./bootstrap.sh 

# ./configure options:  '--prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/cache' '--libdir=/usr/lib' '--includedir=/usr/include' '--datadir=/usr/share/squid' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--srcdir=.' '--disable-dependency-tracking' '--disable-strict-error-checking' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--disable-ipv6' '--disable-wccp' '--disable-wccpv2' '--enable-kill-parent-hack' '--disable-snmp' '--enable-cachemgr-hostname=squid' '--enable-ssl' '--enable-cache-digests' '--disable-select' '--enable-http-violations' '--enable-linux-netfilter' '--enable-follow-x-forwarded-for' '--disable-ident-lookups' '--enable-ssl-crtd' '--disable-auth-basic' '--enable-x-accelerator-vary' '--enable-zph-qos' '--with-default-user=squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-swapdir=/var/spool/squid' '--with-aufs-threads=32' '--with-dl' '--with-large-fi  les' '--with-openssl' '--enable-ltdl-convenience' '--enable-delay-pools' '--with-filedescriptors=65536

# make 

# make install

# squid -v

# mkdir /cache

# chown squid:squid /cache && chmod 755 /cache

# chown squid:squid /var/log/squid

# cd

# mkdir /etc/squid/cert

# cd /etc/squid/cert 

# openssl genrsa 4096 > /etc/squid/cert/private.pem

# openssl req -new -x509 -days 3650 -key /etc/squid/cert/private.pem -out /etc/squid/cert/public.pem

# openssl x509 -in /etc/squid/cert/public.pem -outform DER -out /etc/squid/cert/gobrother.der

# /usr/lib/squid/ssl_crtd -c -s /etc/squid/ssl_db

# chown -R squid:squid /etc/squid/ssl_db

# chown -R nobody /etc/squid/ssl_db/

# touch /var/log/squid/cache.log

# touch /var/log/squid/access.log

# chown -R squid:squid /etc/squid/cert

# chown -R squid:squid /var/log/squid/

# chown -R squid:squid /var/log/squid/cache.log

# chown -R squid:squid /var/log/squid/access.log

# chmod 755 /etc/squid/store-id.pl squid.conf 

# cd /etc/apache2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 3129
Listen 3128

<IfModule ssl_module>
 Listen 443
</IfModule>

<IfModule mod_gnutls.c>
 Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

buat file + save dengan nama (apaajaboleh.conf)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


# chmod 755 /etc/apache2/apaajaboleh.conf

# chown -R squid:squid /etc/apache2/apaajaboleh.conf

# cd /etc/rc.d

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

edit rc.local + save

iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A PREROUTING ! -d xx.xx.xx.xx/24 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128
iptables -t mangle -A PREROUTING ! -d xx.xx.xx.xx/24 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129


/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100

echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward

exit 0

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# squid -z 

# squid -Nd1 &

# service firewall restart

+++++++ catatan pribadi ++++++++++
tidak untuk diperjual belikan 
resiko ditanggung penumpang 
+++++++++++++++++++++++++++++++++
sumber: https://mikrotiksquid.wordpress.com/2015/04/01/clearos-6-4-squid-3-5-2-gateway-mode-https-caching/
Posted by at No comments:
Subscribe to: Posts (Atom)