API tools faq
paste
Advertisement
ujiajah1

manual script installing squid-3.5.xx tproxy with mikrotik

ujiajah1
Jan 4th, 2016
2,320
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ActionScript 11.05 KB | None | 0 0
raw download clone embed print report
  1. #manual for debian7 ubuntu12/14
  2.  
  3. after finish your installing of ubuntu / debian
  4. # change or replace /etc/apt/sources.list with  a local repository  
  5. debian 7 indonesia=
  6. deb http://kambing.ui.ac.id/debian/ wheezy main contrib non-free
  7. deb http://kambing.ui.ac.id/debian/ wheezy-updates main contrib non-free
  8. deb http://kambing.ui.ac.id/debian-security/ wheezy/updates main contrib non-free
  9.  
  10. for debian error key=
  11. aptitude install debian-keyring debian-archive-keyring
  12. apt-key update
  13. apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
  14.  
  15. apt-get update && apt-get upgrade -y
  16. key input (q)
  17.  
  18. #edit tuning limits.conf at /security/limits.conf
  19. add /etc/security/limits.conf
  20. =============================================================
  21. *         soft        nofile          65536
  22. *         hard        nofile          65536
  23. root      soft        nofile          65536
  24. root      hard        nofile          65536
  25. proxy     soft        nofile          65536
  26. proxy     hard        nofile          65536
  27. ================================================================
  28. #edit kernel @ .. /etc/sysctl.conf
  29. =================================================================
  30. #remove all contents and replace with config below
  31. ################################################################
  32. << .....................................................................................
  33. kernel.panic = 30
  34. kernel.panic_on_oops = 30
  35. kernel.sysrq = 0
  36. kernel.core_uses_pid = 1
  37. kernel.msgmnb = 65536
  38. kernel.msgmax = 65536
  39. fs.file-max = 65536
  40. vm.swappiness = 5
  41. vm.vfs_cache_pressure=50
  42. vm.mmap_min_addr = 4096
  43. vm.overcommit_ratio = 0
  44. vm.overcommit_memory = 0
  45. kernel.shmmax = 268435456
  46. kernel.shmall = 268435456
  47. vm.min_free_kbytes = 65536
  48. net.ipv4.tcp_syncookies = 1
  49. net.ipv4.tcp_syn_retries = 5
  50. net.ipv4.tcp_synack_retries = 2
  51. net.ipv4.tcp_max_syn_backlog = 4096
  52. net.ipv4.ip_forward = 1
  53. net.ipv4.conf.all.forwarding = 1
  54. net.ipv4.conf.default.forwarding = 1
  55. net.ipv4.conf.all.accept_source_route = 0
  56. net.ipv4.conf.default.accept_source_route = 0
  57. net.ipv4.conf.all.rp_filter = 0
  58. net.ipv4.conf.default.rp_filter = 0
  59. net.ipv4.conf.eth0.rp_filter = 0
  60. net.ipv4.conf.all.accept_redirects = 0
  61. net.ipv4.conf.default.accept_redirects = 0
  62. net.ipv4.conf.all.log_martians = 0
  63. net.ipv4.conf.default.log_martians = 0
  64. net.ipv4.tcp_fin_timeout = 15
  65. net.ipv4.tcp_keepalive_time = 300
  66. net.ipv4.tcp_keepalive_probes = 5
  67. net.ipv4.tcp_keepalive_intvl = 15
  68. net.ipv4.conf.all.bootp_relay = 0
  69. net.ipv4.conf.all.proxy_arp = 0
  70. net.ipv4.tcp_dsack = 1
  71. net.ipv4.tcp_sack = 1
  72. net.ipv4.tcp_fack = 1
  73. net.ipv4.tcp_timestamps = 1
  74. net.ipv4.icmp_echo_ignore_all = 0
  75. net.ipv4.icmp_echo_ignore_broadcasts = 1
  76. net.ipv4.icmp_ignore_bogus_error_responses = 1
  77. net.ipv4.ip_local_port_range = 1024 65535
  78. net.ipv4.tcp_rfc1337 = 1
  79. net.ipv4.tcp_congestion_control = cubic
  80. net.ipv4.tcp_window_scaling = 1
  81. net.ipv4.tcp_mem = 65536 131072 262144
  82. net.ipv4.udp_mem = 65536 131072 262144
  83. net.ipv4.tcp_rmem = 8192 87380 16777216
  84. net.ipv4.udp_rmem_min = 16384
  85. net.core.rmem_default = 87380
  86. net.core.rmem_max = 16777216
  87. net.ipv4.tcp_wmem = 8192 65536 16777216
  88. net.ipv4.udp_wmem_min = 16384
  89. net.core.wmem_default = 65536
  90. net.core.wmem_max = 16777216
  91. net.core.somaxconn = 32768
  92. net.core.netdev_max_backlog = 4096
  93. net.core.dev_weight = 64
  94. net.core.optmem_max = 65536
  95. net.ipv4.tcp_max_tw_buckets = 1440000
  96. net.ipv4.tcp_tw_recycle = 1
  97. net.ipv4.tcp_tw_reuse = 1
  98. net.ipv4.tcp_max_orphans = 16384
  99. net.ipv4.tcp_orphan_retries = 0
  100. net.ipv4.ipfrag_high_thresh = 512000
  101. net.ipv4.ipfrag_low_thresh = 446464
  102. net.ipv4.tcp_no_metrics_save = 1
  103. net.ipv4.tcp_moderate_rcvbuf = 1
  104. net.unix.max_dgram_qlen = 50
  105. net.ipv4.neigh.default.gc_thresh3 = 2048
  106. net.ipv4.neigh.default.gc_thresh2 = 1024
  107. net.ipv4.neigh.default.gc_thresh1 = 32
  108. net.ipv4.neigh.default.gc_interval = 30
  109. net.ipv4.neigh.default.proxy_qlen = 96
  110. net.ipv4.neigh.default.unres_qlen = 6
  111. net.ipv4.tcp_ecn = 1
  112. net.ipv4.tcp_reordering = 3
  113. net.ipv4.tcp_retries2 = 15
  114. net.ipv4.tcp_retries1 = 3
  115. <<<...........................................................................................................
  116. ==============================================================================================================
  117. # install web server
  118. apt-get install apache2 php5 php5-mysql mysql-server phpmyadmin -y
  119. edit apache2.conf @/etc/apache2/apache2.conf
  120. # Include the virtual host configurations:
  121. Include sites-enabled/
  122. ServerName localhost <<<< adding
  123.  
  124. # install dns server can bind or unbound
  125. I used to wear when unbound, user friendly installation
  126. apt-get install unbound
  127. /etc/init.d/unbound stop
  128. cd /etc/unbound
  129. wget ftp://ftp.internic.net/domain/named.cache -O /etc/unbound/named.cache
  130. edit unbound.conf= <<<my unbound.conf.... http://pastebin.com/2gTnMNAV
  131. edit dns-nameservers in /etc/netwwork/interfaces replace with localhost ip
  132. # for mikrotik router
  133. <<<.. adding my mikrotik nat dns-server unbound resolver= http://pastebin.com/190MZmtz
  134. unbound-control-setup
  135. chown unbound:root unbound_* && chmod 440 unbound_*
  136. /etc/init.d/unbound restart
  137. flush cache unbound= /etc/init.d/unbound reload or unbound control-reload
  138.  
  139. #mulai konfigurasi squid proxy
  140. # install packet
  141. apt-get install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ebtables bridge-utils libcap2 libcap-dev libcap2-dev sysv-rc-conf iproute kernel-package libncurses5-dev fakeroot wget bzip2 debhelper linuxdoc-tools libselinux1-dev htop iftop dnstop perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python ccze pastebinit checkinstall libssl-dev htop iftop iptraf mtr-tiny bwm-ng ccze sysv-rc-conf -y
  142.  
  143. #libecap
  144. download libecap= http://www.4shared.com/archive/uMVmB3ADce/libecap-100tar.html
  145. download DSI_ecap_youtube.so=  http://www.4shared.com/file/rYJcJqyVce/DSI_ecap_youtube.html
  146. tar -xzf libecap-1.0.0.tar.gz
  147. cd libecap-1.0.0/
  148. ./configure && make && make install
  149. echo "/usr/local/lib" >> /etc/ld.so.conf
  150. ldconfig
  151.  
  152. #ecap_adapter
  153. apt-get install pkg-config
  154. wget http://www.measurement-factory.com/tmp/ecap/ecap_adapter_sample-1.0.0.tar.gz
  155. tar -xzf ecap_adapter_sample-1.0.0.tar.gz
  156. cd ecap_adapter_sample-1.0.0
  157. # download patch ecap_adapter in mikrotik squid indonesia group / thanks to Mikrotike N SquidLovers
  158. https://www.facebook.com/download/989568241123182/patch_ecap_adapter_sample.patch
  159. <<< move patch_ecap_adapter_sample.patch > #to directory= /ecap_adapter_sample-1.0.0
  160. <<< and then input the scripts below >>>
  161. eksekusi >> patch -p1 < patch_ecap_adapter_sample.patch
  162. ./configure && make && make install
  163.  
  164.  
  165. #squid installation
  166. wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.12.tar.gz
  167. tar -xzvf squid-3.5.12.tar.gz
  168. cd squid-3*
  169.  
  170. ./configure \
  171. CHOST="x86_64-pc-linux-gnu" \
  172. CFLAGS="-march=core2 -O2 -pipe" \
  173. CXXFLAGS="${CFLAGS}" \
  174. --build=x86_64-linux-gnu \
  175. --prefix=/usr \
  176. --exec-prefix=/usr \
  177. --bindir=/usr/bin \
  178. --sbindir=/usr/sbin \
  179. --libdir=/usr/lib \
  180. --sharedstatedir=/usr/com \
  181. --includedir=/usr/include \
  182. --localstatedir=/var \
  183. --libexecdir=/usr/lib/squid \
  184. --srcdir=. \
  185. --datadir=/usr/share/squid \
  186. --sysconfdir=/etc/squid \
  187. --infodir=/usr/share/info \
  188. --mandir=/usr/share/man \
  189. --x-includes=/usr/include \
  190. --x-libraries=/usr/lib \
  191. --with-default-user=proxy \
  192. --with-logdir=/var/log/squid \
  193. --with-swapdir=/cache/cache \
  194. --with-pidfile=/var/run/squid.pid \
  195. --enable-err-languages=English \
  196. --enable-default-err-language=English \
  197. --enable-storeio=ufs,aufs,diskd \
  198. --enable-linux-netfilter \
  199. --enable-removal-policies=lru,heap \
  200. --enable-gnuregex \
  201. --enable-follow-x-forwarded-for \
  202. --enable-x-accelerator-vary \
  203. --enable-zph-qos \
  204. --enable-delay-pools \
  205. --enable-snmp \
  206. --enable-underscores \
  207. --with-openssl \
  208. --enable-ssl-crtd \
  209. --enable-http-violations \
  210. --enable-async-io=24 \
  211. --enable-storeid-rewrite-helpers \
  212. --with-large-files \
  213. --with-libcap \
  214. --with-libnetfilter-conntrack \
  215. --with-included-ltdl \
  216. --with-maxfd=65536 \
  217. --with-filedescriptors=65536 \
  218. --with-pthreads \
  219. --without-gnutls \
  220. --without-mit-krb5 \
  221. --without-heimdal-krb5 \
  222. --without-gnugss \
  223. --disable-icap-client \
  224. --disable-wccp \
  225. --disable-wccpv2 \
  226. --disable-dependency-tracking \
  227. --disable-auth --disable-epoll \
  228. --disable-ident-lookups \
  229. --disable-icmp \
  230. --enable-ecap \
  231. PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
  232.  
  233. make && make install
  234.  
  235. chown -R proxy:proxy /cache/cache/
  236. chmod -R 777 /cache/cache/
  237.  
  238. cd /etc/squid
  239. mkdir ssl_certs
  240.  
  241. cd ssl_certs
  242. openssl genrsa -out squid.key 2048
  243. openssl req -new -key squid.key -out squid.csr -nodes
  244. #input  data for certificate squid#
  245. openssl x509 -req -days 3652 -in squid.csr -signkey squid.key -out squid.crt
  246.  
  247. /usr/lib/squid/ssl_crtd -c -s /etc/squid/ssl_db
  248.  
  249. #edit squid.conf
  250. my squid.conf for tproxy= http://pastebin.com/18Rb3nD0
  251. my squid.conf non tproxy only virtualbox= http://pastebin.com/uvtLinw8
  252. my store-id.pl= http://pastebin.com/pLK4Jk81
  253. chown -R nobody /etc/squid/
  254. chown -R proxy:proxy /etc/squid/
  255. chmod -R 777 /etc/squid/
  256.  
  257. /usr/lib/squid/ssl_crtd -c -s /etc/squid/ssl_db
  258.  
  259. cd /var/log/squid/
  260. touch access.log
  261. touch cache.log
  262. cd ...
  263. chown -R proxy:proxy /var/log/squid/access.log
  264. chown -R proxy:proxy /var/log/squid/cache.log
  265. chmod -R 777 /var/log/squid/access.log
  266. chmod -R 777 /var/log/squid/cache.log
  267.  
  268. cd /etc/init.d/
  269. touch squid >> add scripts
  270. /etc/init.d/squid= http://pastebin.com/W8xQAD0d
  271. edit line 64 squid file @/etc/init.d/squid >>line 64= #cache_dir=`find_cache_dir cache_dir /cache/cache`
  272. chmod +x /etc/init.d/squid
  273. update-rc.d squid defaults
  274. /etc/init.d/squid stop
  275. <<< chown -R nobody /etc/squid/ssl_db/
  276. <<< chown -R proxy:proxy /etc/squid/ssl_db/
  277. <<< chmod -R 777 /etc/squid/ssl_db/
  278.  
  279. # edit /etc/rc.local
  280. config rc.local>>>.... http://pastebin.com/3z3s1Hpy
  281.  
  282. squid -z
  283. reboot
  284. ###################################################################################
  285. # your mikrotik
  286. add your ip proxy @ ip firewall address list
  287. <<and this is mikrotik simple config for tproxy access
  288. >>> http://pastebin.com/9uyMpMac
  289. #####################################################################################
  290.  
  291. #back to proxy and login
  292. input=
  293. /etc/init.d/squid restart
  294.  
  295. #ssl_cert import
  296. download ssl_cert your squid directory
  297. using winscp >> download ssl_certs on directory /etc/squid/ >> to your computer windows/....
  298.  
  299. #setting non tproxy manual browser input
  300. #add setting your browser mozilla / chrome or etc....
  301. # google chrome= setting >>> add https/ssl >> manage certificates >> click trusted root certification
  302. click buttin import >>> and import your squid.crt -on directory /ssl_cets
  303. # mozilla/firefox
  304. click tools >> advanced >> certificates >> clieck button view certifictes >> import your squid.crt -on directory /ssl_cets
  305.  
  306.  
  307. =======================================================================================================
  308. # if you install dns-crypt and unbound>>  
  309. script auto start dns-crypt=
  310. <<<... /usr/local/sbin/dnscrypt-proxy -a 127.0.0.1:40 -d -R d0wn-sg-ns1 -e 4096 -p /run/dnscrypt-proxy.pid
  311. ========================================================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!