Install Proxy Server with Squid v5.9 on Ubuntu 22.04 (Support Caching HTTTP and HTTPS)

Install Proxy Server dengan Squid v5.9 di Ubuntu 22.04 (Support Cache HTTTP dan HTTPS)


Install Proxy Squid

  • Update sistem ubuntu
apt update && apt upgrade -y
  • Download squid v5.9
cd /usr/local/src/
wget http://www.squid-cache.org/Versions/v5/squid-5.9.tar.gz
tar -zxvf squid-5.9.tar.gz
cd squid-5.9/
  • Install build essentials
apt install build-essential openssl libssl-dev pkg-config -y
  • Compile dan Install Squid v5.9 (tunggu sekitaran 20-30 menit)
./configure --with-default-user=proxy --with-openssl --enable-ssl-crtd
make && make install

Setting Self-Signed Certificates

  • Setting openssl pada file /etc/ssl/openssl.cnf
nano /etc/ssl/openssl.cnf
  • Tambahkan baris berikut dibawah: [ v3_ca ]
keyUsage = cRLSign, keyCertSign
  • Generate self-signed certificates di folder /tmp/ssl_cert
mkdir /tmp/ssl_cert && cd /tmp/ssl_cert
  • Generate self-signed root CA certificate file
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -extensions v3_ca -keyout squid-self-signed.key -out squid-self-signed.crt
  • Convert CRT menjadi DER dan PEM file
openssl x509 -in squid-self-signed.crt -outform DER -out squid-self-signed.der
openssl x509 -in squid-self-signed.crt -outform PEM -out squid-self-signed.pem
openssl dhparam -outform PEM -out squid-self-signed_dhparam.pem 2048
  • Copy file certificates ke dalam folder Squid dan local trusted CA lalu update certificates
cp -rf /tmp/ssl_cert/ /usr/local/squid/etc/ssl_cert
cp /usr/local/squid/etc/ssl_cert/squid-self-signed.pem /usr/local/share/ca-certificates/squid-self-signed.crt

sudo update-ca-certificates

Setting Proxy Squid

  • Backup file konfigurasi squid.conf
cp /usr/local/squid/etc/squid.conf /usr/local/squid/etc/squid.conf.bak
  • Edit file /usr/local/squid/etc/squid.conf
nano /usr/local/squid/etc/squid.conf
  • Isi konfigurasi file squid.conf sesuaikan parameter berikut:
  • maximum_object_size (maksimum size file yang bisa di cache)
  • cache_mem (total size cache yang bisa di simpan di memory server squid)
  • minimum_object_size (minumim size file yang bisa di cache)
  • maximum_object_size_in_memory (maksimum size file yang bisa disimpandi memory)
  • http_port 3128 (default port proxy squid adalah 3128)
  • cache_dir ufs /usr/local/squid/var/cache/squid 32000 16 256 (lokasi file cache dengan maksimal cache yang bisa di simpan sekitar 32GB)
  • http_port 3127 intercept (untuk transparent proxy mode http)
  • https_port 3129 intercept (untuk transparent proxy mode https)
acl intermediate_fetching transaction_initiator certificate-fetching
http_access allow intermediate_fetching

acl localnet src 0.0.0.1-0.255.255.255	
acl localnet src 10.0.0.0/8		
acl localnet src 100.64.0.0/10		
acl localnet src 169.254.0.0/16 	
acl localnet src 172.16.0.0/12		
acl localnet src 192.168.0.0/16		
acl localnet src fc00::/7       	
acl localnet src fe80::/10     

acl SSL_ports port 443
acl Safe_ports port 80		
acl Safe_ports port 21		
acl Safe_ports port 443		
acl Safe_ports port 70		
acl Safe_ports port 210		
acl Safe_ports port 1025-65535	
acl Safe_ports port 280		
acl Safe_ports port 488		
acl Safe_ports port 591		
acl Safe_ports port 777	
acl CONNECT	method CONNECT


http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager

http_access allow localhost
http_access allow to_localhost
http_access allow to_linklocal
http_access allow localnet
http_access allow all

http_port 3128 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/usr/local/squid/etc/ssl_cert/squid-self-signed.crt tls-key=/usr/local/squid/etc/ssl_cert/squid-self-signed.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS: options=NO_TLSv1,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=prime256v1:/usr/local/squid/etc/ssl_cert/squid-self-signed_dhparam.pem
http_port 3127 intercept
https_port 3129 intercept tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/usr/local/squid/etc/ssl_cert/squid-self-signed.crt tls-key=/usr/local/squid/etc/ssl_cert/squid-self-signed.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS: options=NO_TLSv1,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=prime256v1:/usr/local/squid/etc/ssl_cert/squid-self-signed_dhparam.pem

sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /usr/local/squid/var/logs/ssl_db -M 20MB
sslcrtd_children 5
ssl_bump server-first all
ssl_bump stare all
sslproxy_cert_error deny all

maximum_object_size 10 GB
cache_mem 2048 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 512 MB
offline_mode on
cache_dir ufs /usr/local/squid/var/cache/squid 32000 16 256

coredump_dir /usr/local/squid/var/cache/squid

#Testing Cache Agressive - OK
refresh_pattern . 10080 9999% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-lastmod reload-into-ims store-stale

#MISC FILE CACHING HERE
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|rpm|divx|dvr-ms)(\?|$)       43800 100% 129600        
refresh_pattern -i \.(rar|jar|gz|tgz|tar|bz2|iso)(\?|$)                               43800 100% 129600        
refresh_pattern -i \.(m1v|M2V|M2P|MOD|MOV|FLV)(\?|$)                                  43800 100% 129600        
refresh_pattern -i \.(jp(e?g|e|2)|gif|gif?|pn[pg]|bm?|tiff?|ico|swf|css|js)(\?|$)     43800 100% 129600        
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p))(\?|$)                    43800 100% 129600        
refresh_pattern -i \.(og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav)(\?|$)                   43800 100% 129600       
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))(\?|$)                43800 100% 129600       
refresh_pattern -i \.(woff|txt|exe|dmg|webm)(\?|$)                                    43800 100% 129600        
refresh_pattern -i \.(css)(\?|$)                                                      10080 100% 43800         
refresh_pattern -i \.(js)(\?|$)                                                       10080 100% 10080         
refresh_pattern -i \.(doc|pdf)(\?|$)                                                  10080 100% 43200      	
refresh_pattern -i \.(html|htm)(\?|$)                                                 14400 100% 10080      	
refresh_pattern -i .(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$                         43200 100% 432000     	
refresh_pattern -i .(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|docx|tiff)$          10080 100% 43200     
refresh_pattern -i .(html|htm|css|js)$                                                14400 100% 40320     
refresh_pattern -i .index.(html|htm)$                                                 10000 100% 10080     
refresh_pattern -i .(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|ps)$                     10000 100% 200000	refresh-ims
refresh_pattern -i .(xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt)$                         10000 100% 200000	refresh-ims
refresh_pattern -i .(app|bin|deb|rpm|drpm|exe|zip|zipx|tar|tgz|tbz2|tlz|iso|arj|cfs|dar|jar)$           100000 100% 200000     refresh-ims
refresh_pattern -i .(bz|bz2|ipa|ram|rar|uxx|gz|msi|dll|lz|lzma|7z|s7z|Z|z|zz|sz)$                       100000 100% 200000     refresh-ims
refresh_pattern -i .(exe|msi)$                                                        10000 100% 200000 refresh-ims
refresh_pattern -i .(cab|psf|vidt|apk|wtex|hz|ova|ovf)$                               10000 100% 200000	refresh-ims
refresh_pattern -i .(xml|flow|asp|aspx)$                                              10000 100% 200000	refresh-ims
refresh_pattern -i .(json)$                                                           100000 100% 20000 refresh-ims
refresh_pattern -i .(asx|mp2|mp3|mp4|mp5|wmv|flv|mts|f4v|f4|pls|midi|mid)$            10000 100% 200000	refresh-ims
refresh_pattern -i .(mpa|m2a|mpe|avi|mov|mpg|mpeg|mpg3|mpg4|mpg5)$                    10000 100% 200000 refresh-ims
refresh_pattern -i .(m1s|mp2v|m2v|m2s|m2ts|mp2t|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|war)$  100000 100% 200000     refresh-ims
refresh_pattern -i .(swf|js|ejs)$                                                     10000 100% 200000     refresh-ims
refresh_pattern -i .(wav|css|class|dat|zsci|ver|advcs)$                               10000 100% 200000     refresh-ims
refresh_pattern -i .(gif|png|ico|jpg|jpeg|jp2|webp)$                                  10000 100% 200000     refresh-ims
refresh_pattern -i .(jpx|j2k|j2c|fpx|bmp|tif|tiff|bif)$                               10000 100% 200000     refresh-ims
refresh_pattern -i .(pcd|pict|rif|exif|hdr|bpg|img|jif|jfif)$                         10000 100% 200000     refresh-ims
refresh_pattern -i .(woff|woff2|eps|ttf|otf|svg|svgi|svgz|ps|ps1|acsm|eot)$           10000 100% 200000     refresh-ims
refresh_pattern -i (\.|-)(mid|midi|mpg|mpeg|ram|cav|acc|alz|apk|at3|bke|arc|ass|ba|big|bik|bkf|bld|c4|cals|clipflair|cpt|daa|dmg|ddz|dpe|egg|egt|ecab|ess|gho|ghs|gz|ipg|jar|lbr|lqr|lha|lz|lzo|lzma|lzx|mbw|mc.meta|mpq|nth|osz|pak|par|par2|paf|pyk|pk3|pk4|rag|sen|sitx|skb|tb|tib|uha|uue|viv|vsa|z|zoo|nrg|adf|adz|dms|dsk|d64|sdi|mds|mdx|cdi|cue|cif|c2d|daa|b6t)(\?.*)?$ 43200 100% 432000        
refresh_pattern -i (.|-)(mp3|m4a|aa?c3?|wm?av?|og(x|v|a|g)|ape|mka|au|aiff|zip|flac|m4(b|r)|m1v|m2(v|p)|mo(d|v)|arj|appx|lha|lzh|on2)                                                           43200 100% 432000        
refresh_pattern -i (.|-)(exe|bin|(n|t)ar|acv|(r|j)ar|t?gz|(g|b)z(ip)?2?|7?z(ip)?|wm[v|a]|patch|diff|mar|vpu|inc|r(a|p)m|kom|iso|sys|[ap]sf|ms[i|u|f]|dat|msi|cab|psf|dvr-ms|ace|asx|qt|xt|esd)  43200 100% 432000        
refresh_pattern -i (.|-)(ico(.)?|pn[pg]|css|(g|t)iff?|jpe?g(2|3|4)?|psd|c(d|b)r|cad|bmp|img)                                                      43200 100% 432000        
refresh_pattern -i (.|-)(webm|(x-)?swf|mp(eg)?(3|4)|mpe?g(av)?|(x-)?f(l|4)v|divx?|rmvb?|mov|trp|ts|avi|m38u|wmv|wmp|m4v|mkv|asf|dv|vob|3gp?2?)    3200  100% 432000        
refresh_pattern -i (.|-)(docx?|xlsx?|pptx?|rtf|xml|pdf|tiff?|txt)                     43200 100% 432000            

#new refresh patterns 2
refresh_pattern -i (\.|-)(ini|def|sig|upt|mid|midi|mpg|mpeg|ram|cav|acc|alz|apk|at3|bke|arc|ass|ba|big|bik|bkf|bld|c4|cals|clipflair|cpt|daa|dmg|ddz|dpe|egg|egt|ecab|ess|esd|gho|ghs|gz|ipg|jar|lbr|lqr|lha|lz|lzo|lzma|lzx|mbw|mc.meta|mpq|nth|osz|pak|par|par2|paf|pyk|pk3|pk4|rag|sen|sitx|skb|tb|tib|uha|uue|viv|vsa|z|zoo|nrg|adf|adz|dms|dsk|d64|sdi|mds|mdx|cdi|cue|cif|c2d|daa|b6t)(\?.*)?$ 43200 100% 432000        

#new refresh patterns 1
refresh_pattern -i (\.|-)(mp3|m4a|aa?c3?|wm?av?|og(x|v|a|g)|ape|mka|au|aiff|zip|flac|m4(b|r)|m1v|m2(v|p)|mo(d|v)|arj|appx|lha|lzh|on2)(\?.*)?$                      43200 100% 432000        
refresh_pattern -i (\.|-)(exe|bin|(n|t)ar|acv|(r|j)ar|t?gz|(g|b)z(ip)?2?|7?z(ip)?|wm[v|a]|patch|diff|mar|vpu|inc|r(a|p)m|kom|iso|sys|[ap]sf|ms[i|u|f]|dat|msi|cab|psf|dvr-ms|ace|asx|qt|xt|esd)(\?.*)?$     43200 100% 432000        
refresh_pattern -i (\.|-)(ico(.*)?|pn[pg]|css|(g|t)iff?|jpe?g(2|3|4)?|psd|c(d|b)r|cad|bmp|img)(\?.*)?$                                                              43200 100% 432000        
refresh_pattern -i (\.|-)(webm|(x-)?swf|mp(eg)?(3|4)|mpe?g(av)?|(x-)?f(l|4)v|divx?|rmvb?|mov|trp|ts|avi|m38u|wmv|wmp|m4v|mkv|asf|dv|vob|3gp?2?)(\?.*)?$             43200 100% 432000        
refresh_pattern -i (\.|-)(docx?|xlsx?|pptx?|rtf|xml|pdf|tiff?|txt)(\?.*)?$                                                                                          43200 100% 432000        
refresh_pattern -i \.(rar|jar|gz|tgz|tar|bz2|iso|m1v|m2(v|p)|mo(d|v)|flv)                                                                                           12960 100% 129600                            
refresh_pattern (Release|Packages(.gz)*)$                                                                                                                           10000 100% 28800

# GENERIC CACHING BELOW
refresh_pattern -i \.(cdn)                                                            10800 100% 43800       
refresh_pattern -i (cdn)                                                              10800 100% 43800       
refresh_pattern -i (.|-)(xml|js|jsp|txt|css)?$                                        36000 100% 1440        
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)                              129600 100% 129600      
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)          129600 100% 129600      
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600       
refresh_pattern ^.*safebrowsing.*google                                                           129600 100% 129600      
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk)                              129600 100% 129600   
refresh_pattern ytimg\.com.*\.jpg                                                                 129600 100% 129600  
refresh_pattern garena\.com                                                                       129600 100% 129600  
refresh_pattern ^http:\/\/www.onemanga.com.*\/                                                    129600 100% 129600
refresh_pattern ^http://.*\.yandex\..*                                                            129600 100% 129600    
refresh_pattern ^https://z\.clarity\.ms/collect                                                   129600 100% 129600
refresh_pattern ^https?://([a-z0-9\-]+\.)?clarity\.ms/.*                                          129600 100% 129600
refresh_pattern ^https?://([a-z0-9\-]+\.)?bing\.com/.*                                            129600 100% 129600
refresh_pattern ^https?://[a-z0-9\-]+\.yandex\.(com|ru)/.*\.(jpg|jpeg|png|gif|bmp)                129600 100% 129600
refresh_pattern ^https?://.*wp-admin/.*                                                                 0 0% 0
refresh_pattern -i ^https?://([a-z]+\.)?wikipedia\.org/.*                                         129600 100% 129600
refresh_pattern -i ^https?://.*\.detik\.com/.*\.(jpg|jpeg|png|gif|bmp|mp4|flv|avi|mov)            129600 100% 129600

# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin)                                                43200 100% 43200     
refresh_pattern (avgate|avira).*(idx|gz)$                                             43200 100% 43200     
refresh_pattern kaspersky.*\.avc$                                                     43200 100% 43200     
refresh_pattern kaspersky                                                             43200 100% 43200     
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)                                      43200 100% 43200     
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)                   43200 100% 43200     
refresh_pattern -i symantecliveupdate.com/.*\.(zip|exe)                               43200 100% 43200 
refresh_pattern -i avast.com/.*\.(vpu|vpaa)                                            4320 100% 43200 
refresh_pattern -i avira-update.com/.*\.*                                               720 100% 10800 
refresh_pattern -i download.iobit.com/.*\.*                                             720 100% 10800 

#YOUTUBE
refresh_pattern \.ytimg\?                                                             10800 100% 10800
refresh_pattern ^https?://i\.ytimg\.com/vi/.*\/hqdefault\.jpg                          1440 100% 10800
refresh_pattern -i (yimg|twimg).com.*                                                  1440 100% 12960   
refresh_pattern -i (ytimg|ggpht).com.*                                                 1440 100% 12960     
refresh_pattern -i (get_video?|videoplayback?|videodownload?|.mp4|.webm|.flv|.mkv|((audio|video)/(webm|mp4)))     241920 100% 241920      store-stale
refresh_pattern -i ^https?://..googlevideo.com/videoplayback.                                                     10080 100% 43200        store-stale
refresh_pattern -i ^https?://..googlevideo.com/videoplayback.$                                                    24192 100% 241920       store-stale

#FACEBOOK
refresh_pattern ^http://*.facebook.com/*                                                      1440 100% 4320 

#FACEBOOK IMAGES  
refresh_pattern -i pixel.facebook.com..(jpg|png|gif|ico|css|js)                         241920 100% 241920    
refresh_pattern -i .akamaihd.net..(jpg|png|gif|ico|css|js)                              241920 100% 241920    
refresh_pattern -i ((facebook.com)|(85.131.151.39)).(jpg|png|gif)                       241920 99% 241920        store-stale   
refresh_pattern static.(xx|ak).fbcdn.net.(jpg|gif|png)                                  241920 99% 241920   
refresh_pattern ^https?://profile.ak.fbcdn.net*.(jpg|gif|png)                           241920 99% 241920

#FACEBOOK VIDEO
refresh_pattern -i .video.ak.fbcdn.net.*.(mp4|flv|mp3|amf)                              10080 80% 43200      
refresh_pattern (audio|video)/(webm|mp4)                                                12960 99% 129600         store-stale
refresh_pattern -i ^http://.squid.internal.                                             24192 100% 241920        store-stale

#YAHOO
refresh_pattern ^http://mail.yahoo.com/.*                                               720 100% 4320 
refresh_pattern ^http://*.yahoo.*/.*                                                    720 100% 4320 
refresh_pattern ^http://*.yimg.*/.*                                                     720 100% 4320 

#GOOGLE STUFF
refresh_pattern ^http://*.gmail.*/.*                                                    720 100% 4320 
refresh_pattern ^http://*.google.*/.*                                                   720 100% 4320 

#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?)           129600 100% 129600     
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/                                     43200  100% 129600     
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/                                        43200  100% 129600     
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf)                                  43200  100% 129600     
refresh_pattern ^http:\/\/openx.kompas.com.*\/                                          43200  100% 129600     
refresh_pattern kaskus.us.*\.(jp(e?g|e|2)|gif|png|swf)                                  43200  100% 129600     
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf)                            43200  100% 129600      
refresh_pattern -i ^https?://akcdn\.detik\.net\.id/.*\.(jpg|jpeg|gif|png|swf)           43200  100% 129600 

#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp4|exe|msi|zip|iso)      43200 100% 129600  
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.gofile\.io/\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp4|exe|msi|iso|jpg|png)       129600 100% 129600      

#HULU
refresh_pattern -i hulu.com/.*                                                          10080 90% 43200 

#MICROSOFT
refresh_pattern -i microsoft.com/..(cab|exe|msi|msu|msf|asf|wma|dat|zip)$                           4320 80% 43200  refresh-ims
refresh_pattern -i windowsupdate.com/..(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$                  4320 80% 43200  refresh-ims
refresh_pattern -i windows.com/..(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip)$                         4320 80% 43200  refresh-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)                     4320 80% 43200 
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)                 4320 80% 43200 
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)                       4320 80% 43200 
refresh_pattern -i .*windowsupdate.com/.*\.(cab|exe)                                              259200 100% 259200   
refresh_pattern -i .*update.microsoft.com/.*\.(cab|exe|dll|msi|psf)                               259200 100% 259200   
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi|psf)                                        10080 100% 43200 
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi|psf)                                   10080 100% 43200 
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi|psf)                                        10080 100% 43200 
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf)                             4320 100% 43200 
refresh_pattern bg.v4.pr.dl.ws.microsoft.com/.*\.(cab|exe|dll|msi|psf)                              4320 100% 43200 

#windows update NEW UPDATE 0.04
refresh_pattern update.microsoft.com/.*\.(cab|exe)                                                 43200 100% 129600    
refresh_pattern ([^.]+\.)?(download|(windows)?update)\.(microsoft\.)?com/.*\.(cab|exe|msi|msp|psf)  4320 100% 43200  
refresh_pattern update.microsoft.com/.*\.(cab|exe|dll|msi|psf)                                     10080 100% 43200 
refresh_pattern -i \.update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)          525600 100% 525600       
refresh_pattern -i \.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)             525600 100% 525600       
refresh_pattern -i \.download.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)        525600 100% 525600       
refresh_pattern -i \.ws.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)              525600 100% 525600       

#new refresh patterns 3
acl Windows_Update dstdomain windowsupdate.microsoft.com
acl Windows_Update dstdomain .update.microsoft.com
acl Windows_Update dstdomain download.windowsupdate.com
acl Windows_Update dstdomain www.download.windowsupdate.com
acl Windows_Update dstdomain au.download.windowsupdate.com
acl Windows_Update dstdomain bg.v4.pr.dl.ws.microsoft.com

#nvidia updates 
refresh_pattern -i download.nvidia.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)                                         43200  100% 129600     
refresh_pattern -i international-gfe.download.nvidia.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)                       43200  100% 129600     
refresh_pattern -i international-gfe.download.nvidia.com.global.ogslb.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)      43200  100% 129600           

#APPLE STUFF
refresh_pattern -i apple.com/..(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip|dist)$                                                 43200 100% 43200  refresh-ims

#apple update
refresh_pattern -i (download|adcdownload).apple.com/.*\.(pkg|dmg)                               4320 100% 43200 
refresh_pattern -i appldnld\.apple\.com                                                       129600 100% 129600     
refresh_pattern -i phobos\.apple\.com                                                         129600 100% 129600     
refresh_pattern -i iosapps\.itunes\.apple\.com                                                129600 100% 129600     

#GENERIC SITES/PROTOCOLS												
refresh_pattern ^ftp:                                                     1440 20% 10080 																		  
refresh_pattern ^gopher:                                                  1440  0%  1440
refresh_pattern -i (/cgi-bin/\?)                                              0 0% 0

#Website
refresh_pattern -i (\.|-)(xml|js|jsp|txt|css)(\?.*)?$                      3600 100% 1440        
#end new refresh patterns
refresh_pattern -i (/cgi-bin/|\?)                                         0      0%      0
refresh_pattern \.(ico|video-stats)$                                     129600 100% 129600       

#photobucket
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)           129600 100% 129600  

#dailymotion
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?                      129600 100% 129600   

#mediafire
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600
refresh_pattern -i ^https?://.*\.mediafire\.com/.*\.(jpg|jpeg|png|gif|bmp) 129600 100% 129600

#generic image subdomain sites
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.                      129600 100% 129600     

#IMEEM
refresh_pattern imeem.*\.flv$                                              0     0%         0  

#RAPIDSHARE
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]*                       161280 90% 161280 

#STEAM
refresh_pattern -i \.cs.steampowered.com                                525600 100% 525600
refresh_pattern -i cs.steampowered.com                                  525600 100% 525600
refresh_pattern -i content1.steampowered.com                            525600 100% 525600
refresh_pattern -i content2.steampowered.com                            525600 100% 525600 
refresh_pattern -i content3.steampowered.com                            525600 100% 525600 
refresh_pattern -i content4.steampowered.com                            525600 100% 525600
refresh_pattern -i content5.steampowered.com                            525600 100% 525600 
refresh_pattern -i content6.steampowered.com                            525600 100% 525600 
refresh_pattern -i content7.steampowered.com                            525600 100% 525600
refresh_pattern -i content8.steampowered.com                            525600 100% 525600 
refresh_pattern -i \.hsar.steampowered.com.edgesuite.net                525600 100% 525600
refresh_pattern -i \.akamai.steamstatic.com                             525600 100% 525600 
refresh_pattern -i content-origin.steampowered.com                      525600 100% 525600
refresh_pattern -i client-download.steampowered.com                     525600 100% 525600 
refresh_pattern -i \.steamcontent.com                                   525600 100% 525600
refresh_pattern -i steamcontent.com                                     525600 100% 525600
refresh_pattern -i \.edgecast.steamstatic.com                           525600 100% 525600 
refresh_pattern -i \.steampipe.akamaized.net                            525600 100% 525600
refresh_pattern -i steam.cdn.on.net                                     525600 100% 525600

#EPIC GAMES
refresh_pattern -i epicgames-download1.akamaized.net                    525600 100% 525600

# riot
refresh_pattern -i lancache-riot                                        525600 100% 525600
refresh_pattern -i l3cdn.riotgames.com                                  525600 100% 525600
refresh_pattern -i worldwide.l3cdn.riotgames.com                        525600 100% 525600

# blizzard
refresh_pattern -i lancache-blizzard                                    525600 100% 525600
refresh_pattern -i dist.blizzard.com.edgesuite.net                      525600 100% 525600
refresh_pattern -i llnw.blizzard.com                                    525600 100% 525600
refresh_pattern -i dist.blizzard.com                                    525600 100% 525600
refresh_pattern -i blizzard.vo.llnwd.net                                525600 100% 525600

# hirez
refresh_pattern -i lancache-hirez                                       525600 100% 525600
refresh_pattern -i hirez.http.internapcdn.net                           525600 100% 525600

# origin
refresh_pattern -i lancache-origin                                      525600 100% 525600
refresh_pattern -i akamai.cdn.ea.com                                    525600 100% 525600
refresh_pattern -i lvlt.cdn.ea.com                                      525600 100% 525600

# sony
refresh_pattern -i lancache-sony                                        525600 100% 525600
refresh_pattern -i pls.patch.station.sony.com                           525600 100% 525600

# turbine
refresh_pattern -i lancache-turbine                                     525600 100% 525600
refresh_pattern -i download.ic.akamai.turbine.com                       525600 100% 525600
refresh_pattern -i launcher.infinitecrisis.com                          525600 100% 525600

# microsoft Games
refresh_pattern -i lancache-microsoft                                   525600 100% 525600
refresh_pattern -i \.download.windowsupdate.com                         525600 100% 525600
refresh_pattern -i download.windowsupdate.com                           525600 100% 525600
refresh_pattern -i dlassets.xboxlive.com                                525600 100% 525600
refresh_pattern -i \.xboxone.loris.llnwd.net                            525600 100% 525600
refresh_pattern -i xboxone.vo.llnwd.net                                 525600 100% 525600
refresh_pattern -i images-eds.xboxlive.com                              525600 100% 525600
refresh_pattern -i xbox-mbr.xboxlive.com                                525600 100% 525600
refresh_pattern -i assets1.xboxlive.com.nsatc.net                       525600 100% 525600
refresh_pattern -i assets1.xboxlive.com                                 525600 100% 525600
  • Setting permission file
chown -R proxy:proxy /usr/local/squid/

Log Analisis & Report Performance Squid

  • Install ccze untuk analisis log
apt install ccze -y
  • Buat file ca pada /usr/sbin/ untuk analisis log cache
cat <<EOF | tee /usr/sbin/ca
tail -f /usr/local/squid/var/logs/cache.log | ccze -A -C -o noscroll
EOF
  • Buat file ac pada /usr/sbin/ untuk analisis log cache
cat <<EOF | tee /usr/sbin/ac
tail -f /usr/local/squid/var/logs/access.log | ccze -A -C -o noscroll
EOF
  • Install calamaris untuk analisis report performance squid
apt install calamaris -y
  • Buat file ac pada /usr/sbin/ untuk analisis log cache
cat <<EOF | tee /usr/sbin/cala
sudo cat /usr/local/squid/var/logs/access.log | calamaris
EOF
  • Setting permission file
chmod +x /usr/sbin/ac
chmod +x /usr/sbin/ca
chmod +x /usr/sbin/cala

Start Squid Service

  • Start service squid (untuk menjalankan service squid)
sudo -u proxy -- /usr/local/squid/libexec/security_file_certgen -c -s /usr/local/squid/var/logs/ssl_db -M 20MB
sudo -u proxy -- /usr/local/squid/sbin/squid -z
sudo -u proxy -- /usr/local/squid/sbin/squid -d 10
  • Stop service squid (untuk menghentikan service squid)
sudo -u proxy -- /usr/local/squid/sbin/squid -k shutdown
  • Cek proses squid
ps ax | grep squid
---<output>---
   1228 ?        Ss     0:00 /usr/local/squid/sbin/squid -d 10
   1230 ?        S      0:00 (squid-1) --kid squid-1 -d 10
   1231 ?        S      0:00 (security_file_certgen) -s /usr/local/squid/var/logs/ssl_db -M 20MB
   1232 ?        S      0:00 (security_file_certgen) -s /usr/local/squid/var/logs/ssl_db -M 20MB
   1233 ?        S      0:00 (security_file_certgen) -s /usr/local/squid/var/logs/ssl_db -M 20MB
   1234 ?        S      0:00 (security_file_certgen) -s /usr/local/squid/var/logs/ssl_db -M 20MB
   1235 ?        S      0:00 (security_file_certgen) -s /usr/local/squid/var/logs/ssl_db -M 20MB
   1236 ?        S      0:00 (logfile-daemon) /usr/local/squid/var/logs/access.log
   1239 pts/0    S+     0:00 grep --color=auto squid
  • Cek versi squid
/usr/local/squid/sbin/squid -v
---<output>---
Squid Cache: Version 5.9
Service Name: squid
This binary uses OpenSSL 3.0.2 15 Mar 2022. configure options:  '--with-default-user=proxy' '--with-openssl' '--enable-ssl-crtd' --enable-ltdl-convenience

Setting Proxy Client

  • Download file self-signed root CA certificate (.crt dan .der) dari server squid di folder /usr/local/squid/etc/ssl_cert
  • Buka browser mozilla atau yang lain
  • Manage certificate > trusted root certificate authority > import .crt
  • Setting proxy client
  • masukan IP server squid dengan port 3128 dan ceklis also use this proxy for HTTPS

Pengujian

  • Akses website dengan protocol https bisa di cache
  • Download file .exe dan berhasil di cache

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.