Squid Diskd di FreeBSD
setting squid
=====================================
# tar zxvf squid-3.0.STABLE10.tar.gz
# cd squid-3.0.STABLE10
# ./configure --sysconfdir=/etc/squid --enable-storeio=diskd,ufs,aufs --enable-delay-pools
--enable-pf-transparent --enable-ipf-transparent --disable-ident-lookups
--enable-removal-policies
# make
# make install
=========================
squid.conf
=========================
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl snmppublic snmp_community public
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl porn url_regex -i "/usr/local/etc/squid/xxx.txt"
http_access deny porn
acl internal src 192.168.2.0/24
http_access allow internal
http_access deny all
icp_access allow internal
icp_access deny all
miss_access allow all
miss_access deny all
http_port 125.162.125.190:8080 transparent
hierarchy_stoplist cgi-bin ? .js .jsp .awt
cache_mem 18 MB
maximum_object_size_in_memory 64 KB
memory_replacement_policy heap LFUDA
cache_replacement_policy heap GDSF
cache_dir diskd /usr/local/squid/cache 20000 102 256 Q1=64 Q2=72
minimum_object_size 0 KB
maximum_object_size 64 MB
cache_swap_low 98
cache_swap_high 99
access_log /usr/local/squid/logs/access.log
cache_log /dev/null
cache_store_log none
logfile_rotate 3
emulate_httpd_log off
mime_table /usr/local/etc/squid/mime.conf
pid_filename /usr/local/squid/logs/squid.pid
log_fqdn off
client_netmask 255.255.255.255
strip_query_terms off
buffered_logs off
diskd_program /usr/local/libexec/squid/diskd
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
negative_ttl 2 minutes
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
store_avg_object_size 15 KB
vary_ignore_expire on
client_lifetime 2 hours
half_closed_clients off
shutdown_lifetime 15 seconds
cache_mgr andri.yanto@panin.co.id
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.paninpangkalpinang.co.id
snmp_port 3401
snmp_access allow snmppublic localhost
snmp_access deny all
icp_port 3130
log_icp_queries off
icp_hit_stale on
query_icmp on
icon_directory /usr/local/etc/squid/icons
error_directory /usr/local/etc/squid/errors/English
dns_nameservers 202.134.0.155
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
memory_pools off
forwarded_for on
reload_into_ims on
coredump_dir none
pipeline_prefetch on
high_response_time_warning 2000
high_page_fault_warning 2
high_memory_warning 1900 MB
======================
create swapfile:
======================
#/usr/local/sbin/squid -Rz
start squid:
#/usr/local/sbin/squid -D
======================
Redirect ke proxy
======================
isi dari /etc/ipnat.rules
rdr 0/0 port 80 -> port 8080 tcp
isi dari /etc/rc.conf:
# -- sysinstall generated deltas -- # Mon Nov 3 11:32:38 2008
# Created: Mon Nov 3 11:32:38 2008
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="192.168.1.1"
gateway_enable="YES"
hostname="panin.telkom.net"
ifconfig_bge0="inet 192.168.2.1 netmask 255.255.255.0"
ifconfig_rl0="inet 192.168.1.253 netmask 255.255.255.0"
sshd_enable="YES"
ipnat_enable="YES" # Start ipnat function
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
Tidak ada komentar:
Posting Komentar
Komentarnya mana