Konfigurasi Proxy Server menggunakan Squid di CentOS
1. Pendahuluan
Squid adalah sebuah aplikasi perangkat lunak yang berjalan pada
banyak platform sistem operasi dan salah satunya adalah Linux. Squid
sendiri merupakan sebuah high-performance proxy caching server untuk web
klien, yang sudah mendukung FTP, Ghoper dan HTTP data object. Berbeda
dengan aplikasi perangkat lunak yang lama, Squid menangani semua
permintaan tunggal ( single ), non-blocking, I/O-driver process.
Squid menyimpan meta data dan terutama hot-object yang disimpan di
RAM, menyimpan DNS lookups, mendukung non-blocking DNS lookups, dan
implementasi negative-caching jika permintaan gagal.
2. Internet Object Caching
Internet Object Caching adalah sebuah cara untuk menyimpan hasil
permintaan internet-object ( seperti, data yang ada dari HTTP, FTP, dan
cache sebagai ghoper protokol ) untuk membuat sebuah sitem dekat dengan
permintaan daripada ke sumber aslinya. Web browser dapat menggunakan
lokal squid cache sebagai proxy HTTP server, ini akan mengurangi waktu
akses seperti halnya penghematan bandwidth sampai maximum 30% .
3. Installasi Squid Transparent
3.1 Kebutuhan Sistem
Sebuah komputer dengan sistem operasi CentOS 5.4 yang bisa dilihat pada tutorial yang terdapat pada situs ini.
Sebuah komputer dengan sistem operasi CentOS 5.4 yang bisa dilihat pada tutorial yang terdapat pada situs ini.
3.2 Setup IP
Pada tutorial ini skema IP Address yang akan dipergunakan adalah sebagai berikut :
Pada tutorial ini skema IP Address yang akan dipergunakan adalah sebagai berikut :
[Internet]—— Modem ——— eth0 ——— eth1
192.168.10.1 192.168.10.2 192.168.2.1
squid port 3128
192.168.10.1 192.168.10.2 192.168.2.1
squid port 3128
Memasang masing – masing ip pada interfaces yang sudah didefinisikan sebelumnya.
#vim /etc/sysconfig/network-scripts/ifcfg-eth0
#vim /etc/sysconfig/network-scripts/ifcfg-eth0
apabila sudah selesai melakukan editing ip address tekan [esc] lalu
shift+: dan wq [Enter], lakukan hal yang sama terhadap ifcfg-eth1
#vim /etc/sysconfig/network-script/ifcfg-eth1
#vim /etc/sysconfig/network-script/ifcfg-eth1
Restart network supaya melakukan perubahan yang sudah kita lakukan
#/etc/init.d/network restart
#/etc/init.d/network restart
Memastikan bahwa kita sudah terkoneksi dengan baik ke internet lakukan dengan menggunakan ping
#ping google.com
#ping google.com
3.3 Memasang Repository Indonesia
Untuk menghemat bandwith serta mempercepat proses download dari
repository, repository akan diarahkan ke mirror repository yang ada di
indonesia, salah satunya adalah http://pandawa.ipb.ac.id/
Masuk direktori konfigurasi repository berada
#cd /etc/yum.repo.d/
#cd /etc/yum.repo.d/
Rename konfigurasi asli
#mv CentOS-Base.repo CentOS-Base.ori
#mv CentOS-Base.repo CentOS-Base.ori
Download konfigurasi indonesia
#wget http://pandawa.ipb.ac.id/centos.repo
#wget http://pandawa.ipb.ac.id/centos.repo
Rename konfigurasi
#mv centos.repo CentOS-Base.repo
#mv centos.repo CentOS-Base.repo
Melakukan update sistem operasi dan aplikasi yang ada didalamnya
#yum update
#yum update
3.4 Squid install
Apabila update sistem operasi beserta aplikasinya sudah selesai
dilakukan maka skarang waktunya melakukan installasi Squid pada sistem,
dengan cara :
Memastikan bahwa paket squid ada pada repository
#yum search squid
#yum search squid
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
=============== Matched: squid =====================
squid.i386 : The Squid proxy caching server.
updates | 1.9 kB 00:00
=============== Matched: squid =====================
squid.i386 : The Squid proxy caching server.
Paket squid berada pada repository dan selanjutnya melakukan installasi
#yum -y install squid
#yum -y install squid
Masuk direktori squid berada
#cd /etc/squid
#cd /etc/squid
Merename konfigurasi squid.
#mv squid.conf squid.conf.default
#mv squid.conf squid.conf.default
Membuat konfigurasi squid baru, perintah di bawah ini dimaksudkan
menghilangkan seluruh text yang mengandung # di depannya dan
menyimpannya menjadi konfigurasi squid.conf
#cat squid.conf.default | sed ‘/ *#/d; /^ *$/d’ > squid.conf
#cat squid.conf.default | sed ‘/ *#/d; /^ *$/d’ > squid.conf
Edit squid.conf untuk disesuaikan dengan kebutuhan dan dengan isi sebagai berikut
#vim squid.conf
#vim squid.conf
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 1024 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lokal src 192.168.2.0/24 # Menambahkan ini
http_access allow localhost
http_access allow lokal # Menambahkan ini
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname proxy.dimain.ku
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
apbila semua sudah sesuai dengan kebutuhan yang diinginkan keluar dan jalankan squid
#/etc/init.d/squid start
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 1024 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lokal src 192.168.2.0/24 # Menambahkan ini
http_access allow localhost
http_access allow lokal # Menambahkan ini
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname proxy.dimain.ku
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
apbila semua sudah sesuai dengan kebutuhan yang diinginkan keluar dan jalankan squid
#/etc/init.d/squid start
3.5 Iptables
Squid sudah berjalan dengan tidak mengalami masalah maka jika server
yang terpasang merupakan sebuah gateway bagi jaringan lokal
dibelakangnya, perlu melakukan sebuah perintah untuk memaksa seluruh
request / permintaan klien pada port 80 menuju port 3128 yang di kelola
oleh squid dengan perintah :
#iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j DNAT –to 192.168.2.1:3128
#iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128
#iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128
note : apabila iptables belum tersedia lakukan installasi iptables dengan menggunakan YUM ( Yellow dog Update Management )
Untuk dapat mengetahui lebih jauh tentang bagaimana sebuah squid
dapat di implementasikan kedalam sebuah jaringan lokal bisa merujuk pada
situs – situs di bawah ini untuk dapat mendalami squid sedikit lebih
dalam.
* http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
* http://www.visolve.com/squid/squid30/contents.php
* http://www.squid-cache.org/Doc/config/
* http://www.visolve.com/squid/squid30/contents.php
* http://www.squid-cache.org/Doc/config/
Mail Server
Jalankan perintah berikut untuk menonaktifkan firewall:
Jalankan perintah untuk mengedit "Device configuration" dan "DNS configuration"
Edit "Device configuration" dan "DNS configuration" berikut:
Periksa konfigurasi jaringan anda:
Cek resolve Name Server anda
Seharusnya output nameserver sebagai berikut
Edit file vi /etc/hosts
Tambahkan beris kode berikut:
Disable SELinux
Edit SELinux menjadi
Reboot CentOS Server Anda:
Tambahkan beberapa repositori
Edit /etc/yum.repos.d/epel.repo
Tambahkan kode
pada [epel] repositori diantara enabled=1 dan gpgcheck=1 sehingga menjadi
Lakukan Update dan instalasi "Development Tools"
Install Quota dan edit file /etc/fstab
tambahkan kode berikut:
sehingga menjadi;
Jalankan dan aktifkan quota berikut:
Install Apache, MySQL dan phpMyadmin
Install Courier-IMAP, Courier-Authlib dan Maildrop
Tambahkan hak akses untuk user indoit
Pindah user untuk melakukan instalasi
Persiapkan direktori kerja untuk tahap instalasi Courier-IMAP, Courier-Authlib dan Maildrop
Download Courier-IMAP, Courier-Authlib dan Maildrop
Build dan install Courier-Authlib
Build dan install Courier-IMAP
Build dan install Maildrop
Keluar user dan jalankan service courier-imap
Install Postfix
Install Getmail dan set password MySQL
Tambahkan alias phpMyAdmin
Output
Silahkan cek halaman phpmyadmin anda di http://ip-server/phpmyadmin
Edit /usr/share/phpmyadmin/config.inc.php ubah "cookie" menjadi "http"
Jalankan service httpd
Install Apache2 With mod_php, mod_fcgi/PHP5, And suPHP
Edit dan aktifkan cgi.fix_pathinfo=1 pada file /etc/php.ini
Kode
Install Suphp
Tambahkan kode berikut:
Buat file /etc/suphp.conf
tambahkan kode berikut:
Restart service httpd
Install Ruby
Edit file /etc/httpd/conf.d/ruby.conf
tambahkan kode berikut pada /etc/httpd/conf.d/ruby.conf
Install Python
Edit dan aktifkan beberapa LoadModule berikut:
Restart service http
Install PureFTPd
Edit dan aktifkan TLS /etc/pure-ftpd/pure-ftpd.conf
Membuat sertifikat SSL untuk PureFTPd
Install Bind DNS Server
EDIT ROOTDIR=/var/named/chroot line is comment out:
Backup dan edit /etc/named.conf
Masukkan kode /etc/named.conf berikut
Jalankan service bind
Install vlogger, webalizer, and awstats
Install Jailkit
Install fail2ban
Edit logtarget = SYSLOG line and add logtarget = /var/log/fail2ban.log:
Jalankan service fail2ban
Install Rkhunter
Install Mailman
Edit dan tambahkan kode /etc/aliases
Jalankan perintah newaliases
Edit dan tabmahkan kode /etc/httpd/conf.d/mailman.conf
Tambahkan kode berikut pada /etc/httpd/conf.d/mailman.conf
Restart service httpd dan jalankan service mailman
Install SquirrelMail
Pilih option ( D, courier, ENTER, S, Q)
Edit file /etc/squirrelmail/config_local.php
UPDATE:
Jika mengalami kendala dengan web mail server, gunakan konfigurasi berikut untuk postfix
Download dan install system-switch-mail, dimana tool ini akan memudahkan anda dalam switch mail system
Terlebih dahulu bakup file konfigurasi /etc/postfix/main.cf
Kosongkan file /etc/postfix/main.cf
Tambahkan kode di file /etc/postfix/main.cf
Isi /etc/postfix/main.cf dengan kode berikut:
Atau dapat mendownload file /etc/postfix/main.cf konfigurasi berikut:
Jalankan service postfix
Test koneksi postfix
Install Dovecot
Matikan service Courier-IMAP dan jalankan Dovecot
ketikkan "quit" untuk keluar Selanjut nya kita akan mengkonfigurasi Untuk Dovecot
Edit file /etc/dovecot/dovecot.conf
Tambahkan kode berikut
Edit file /etc/dovecot/conf.d/10-mail.conf
Hilangkan tanda pagar pada
Edit file /etc/dovecot/conf.d/20-pop3.conf
Hilangkan tanda pagar pada
Jalankan service dovecot
Install Amavisd-new, Spamassassin dan ClamAV
Test kirim email dengan perintah berikut
1
| # system-config-firewall-tui |
Jalankan perintah untuk mengedit "Device configuration" dan "DNS configuration"
1
| # system-config-network |
Edit "Device configuration" dan "DNS configuration" berikut:
1
2
3
4
5
6
7
8
| Device configurationPrimary DNS Server 8.8.8.8Secondary DNS Server 8.8.4.4DNS configurationHostname server.indoit.web.idPrimary DNS 8.8.8.8Secondary DNS 8.8.4.4 |
Periksa konfigurasi jaringan anda:
1
| # ifconfig |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| eth0 Link encap:Ethernet HWaddr 08:00:27:69:A5:E9 inet addr:192.168.10.20 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe69:a5e9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:76 errors:0 dropped:0 overruns:0 frame:0 TX packets:69 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8516 (8.3 KiB) TX bytes:7952 (7.7 KiB)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) |
Cek resolve Name Server anda
1
| # cat /etc/resolv.conf |
1
2
| nameserver 8.8.8.8nameserver 8.8.4.4 |
Edit file vi /etc/hosts
1
| # vi /etc/hosts |
Tambahkan beris kode berikut:
1
2
3
4
| 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4192.168.0.100 server.indoit.web.id server::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 |
Disable SELinux
1
| # vi /etc/selinux/config |
Edit SELinux menjadi
1
2
3
4
5
6
7
8
9
10
| # This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=disabled# SELINUXTYPE= can take one of these two values:# targeted - Targeted processes are protected,# mls - Multi Level Security protection.SELINUXTYPE=targeted |
Reboot CentOS Server Anda:
1
| # reboot |
Tambahkan beberapa repositori
1
2
3
4
5
6
7
8
9
| # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt# cd /tmp# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.i686.rpm# rpm --import https://fedoraproject.org/static/0608B895.txt# rpm -ivh epel-release-6-5.noarch.rpm# yum install yum-priorities |
Edit /etc/yum.repos.d/epel.repo
1
| # vi /etc/yum.repos.d/epel.repo |
Tambahkan kode
1
| priority=10 |
pada [epel] repositori diantara enabled=1 dan gpgcheck=1 sehingga menjadi
1
2
3
4
5
6
7
8
9
| [epel]name=Extra Packages for Enterprise Linux 6 - $basearch#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearchmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearchfailovermethod=priorityenabled=1priority=10gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 |
Lakukan Update dan instalasi "Development Tools"
1
2
| # yum update# yum groupinstall 'Development Tools' |
Install Quota dan edit file /etc/fstab
1
2
| # yum install quota# vi /etc/fstab |
tambahkan kode berikut:
1
| ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 |
sehingga menjadi;
1
2
3
4
5
6
7
8
9
10
11
12
13
| # /etc/fstab# Created by anaconda on Thu Jan 26 11:39:33 2012## Accessible filesystems, by reference, are maintained under '/dev/disk'# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info#/dev/mapper/vg_server-lv_root
/ ext4
defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0
1 1UUID=e6def23a-8da7-4b83-9ecc-8a0ab2ca3e9d /boot ext4 defaults 1 2/dev/mapper/vg_server-lv_swap swap swap defaults 0 0tmpfs /dev/shm tmpfs defaults 0 0devpts /dev/pts devpts gid=5,mode=620 0 0sysfs /sys sysfs defaults 0 0proc /proc proc defaults 0 0 |
Jalankan dan aktifkan quota berikut:
1
2
3
| # mount -o remount /# quotacheck -avugm# quotaon -avug |
Install Apache, MySQL dan phpMyadmin
1
| # yum install ntp httpd mod_ssl mysql-server php php-mysql php-mbstring phpmyadmin |
Install Courier-IMAP, Courier-Authlib dan Maildrop
1
2
3
4
5
| # yum remove dovecot dovecot-mysql#
yum install rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel
pkgconfig zlib-devel pcre-devel openldap-devel postgresql-devel expect
libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel
gamin-devel libidn-devel# useradd -m -s /bin/bash indoit# passwd indoitmasukkan password user indoit |
Tambahkan hak akses untuk user indoit
1
| # visudo |
1
2
3
4
5
| [...]## Allow root to run any commands anywhereroot ALL=(ALL) ALLindoit ALL=(ALL) ALL[...] |
Pindah user untuk melakukan instalasi
1
| # su indoit |
Persiapkan direktori kerja untuk tahap instalasi Courier-IMAP, Courier-Authlib dan Maildrop
1
2
3
4
5
6
7
8
9
10
11
12
| # mkdir $HOME/rpm# mkdir $HOME/rpm/SOURCES# mkdir $HOME/rpm/SPECS# mkdir $HOME/rpm/BUILD# mkdir $HOME/rpm/BUILDROOT# mkdir $HOME/rpm/SRPMS# mkdir $HOME/rpm/RPMS# mkdir $HOME/rpm/RPMS/i386# mkdir $HOME/rpm/RPMS/x86_64# echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros# mkdir $HOME/downloads# cd $HOME/downloads |
Download Courier-IMAP, Courier-Authlib dan Maildrop
Build dan install Courier-Authlib
1
2
3
4
5
| # sudo rpmbuild -ta courier-authlib-0.63.0.tar.bz2# sudo ls -l /root/rpmbuild/RPMS/i686# sudo rpm -ivh /root/rpmbuild/RPMS/i686/courier-authlib-0.63.0-1.el6.i686.rpm# sudo rpm -ivh /root/rpmbuild/RPMS/i686/courier-authlib-mysql-0.63.0-1.el6.i686.rpm# sudo rpm -ivh /root/rpmbuild/RPMS/i686/courier-authlib-devel-0.63.0-1.el6.i686.rpm |
1
2
3
4
| # cd $HOME/downloads# sudo mkdir -p /var/cache/ccache/tmp# sudo chmod o+rwx /var/cache/ccache/# sudo chmod 777 /var/cache/ccache/tmp |
Build dan install Courier-IMAP
1
2
3
4
| # rpmbuild -ta courier-imap-4.9.3.tar.bz2# cd $HOME/rpm/RPMS/i686# ls -l# sudo rpm -ivh courier-imap-4.9.3-1.i686.rpm |
Build dan install Maildrop
1
2
3
4
| # cd $HOME/downloads# sudo rpmbuild -ta maildrop-2.5.5.tar.bz2# sudo ls -l /root/rpmbuild/RPMS/i686# sudo rpm -ivh /root/rpmbuild/RPMS/i686/maildrop-2.5.5-1.i686.rpm |
Keluar user dan jalankan service courier-imap
1
2
| # exit# /etc/init.d/courier-imap start |
Install Postfix
1
2
3
4
5
6
7
8
| # yum install postfix# chkconfig --levels 235 mysqld on# /etc/init.d/mysqld start# chkconfig --levels 235 sendmail off# chkconfig --levels 235 postfix on# /etc/init.d/sendmail stop# /etc/init.d/postfix restart |
Install Getmail dan set password MySQL
1
2
| # yum install getmail# mysql_secure_installation |
Tambahkan alias phpMyAdmin
1
| # vi /etc/httpd/conf.d/phpmyadmin.conf |
1
2
3
| Alias /phpmyadmin /usr/share/phpmyadminAlias /phpMyAdmin /usr/share/phpmyadminAlias /mysqladmin /usr/share/phpmyadmin |
Output
1
2
3
4
5
6
7
8
9
10
| # Web application to manage MySQL# # Order Deny,Allow# Deny from all# Allow from 127.0.0.1#Alias /phpmyadmin /usr/share/phpmyadminAlias /phpMyAdmin /usr/share/phpmyadminAlias /mysqladmin /usr/share/phpmyadmin |
Silahkan cek halaman phpmyadmin anda di http://ip-server/phpmyadmin
Edit /usr/share/phpmyadmin/config.inc.php ubah "cookie" menjadi "http"
1
| # vi /usr/share/phpmyadmin/config.inc.php |
1
2
3
4
| [...]/* Authentication type */$cfg['Servers'][$i]['auth_type'] = 'http';[...] |
Jalankan service httpd
1
2
| # chkconfig --levels 235 httpd on# /etc/init.d/httpd start |
Install Apache2 With mod_php, mod_fcgi/PHP5, And suPHP
1
| #
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc
php-pear php-xml php-xmlrpc php-xcache php-mbstring php-mcrypt php-mssql
php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick
libxml2 libxml2-devel mod_fcgid php-cli httpd-devel |
Edit dan aktifkan cgi.fix_pathinfo=1 pada file /etc/php.ini
1
| # vi /etc/php.ini |
Kode
1
2
3
4
5
6
7
8
9
10
11
12
13
| [...];error_reporting = E_ALL & ~E_DEPRECATEDerror_reporting = E_ALL & ~E_NOTICE[...]; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting; of zero causes PHP to behave as before. Default is 1. You should fix your scripts; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfocgi.fix_pathinfo=1[...] |
Install Suphp
1
2
3
4
5
6
7
8
| # cd /tmp# tar xvfz suphp-0.7.1.tar.gz# cd suphp-0.7.1/#
./configure --prefix=/usr --sysconfdir=/etc
--with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs
--with-apache-user=apache --with-setid-mode=owner
--with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log
--enable-SUPHP_USE_USERGROUP=yes# make# make install# vi /etc/httpd/conf.d/suphp.conf |
Tambahkan kode berikut:
1
| LoadModule suphp_module modules/mod_suphp.so |
Buat file /etc/suphp.conf
1
| # vi /etc/suphp.conf |
tambahkan kode berikut:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| [global];Path to logfilelogfile=/var/log/httpd/suphp.log;Loglevelloglevel=info;User Apache is running aswebserver_user=apache;Path all scripts have to be indocroot=/;Path to chroot() to before executing script;chroot=/mychroot; Security optionsallow_file_group_writeable=trueallow_file_others_writeable=falseallow_directory_group_writeable=trueallow_directory_others_writeable=false;Check wheter script is within DOCUMENT_ROOTcheck_vhost_docroot=true;Send minor error messages to browsererrors_to_browser=false;PATH environment variableenv_path=/bin:/usr/bin;Umask to set, specify in octal notationumask=0077; Minimum UIDmin_uid=100; Minimum GIDmin_gid=100[handlers];Handler for php-scriptsx-httpd-suphp="php:/usr/bin/php-cgi";Handler for CGI-scriptsx-suphp-cgi="execute:!self" |
Restart service httpd
1
| # /etc/init.d/httpd restart |
Install Ruby
1
2
3
4
5
6
7
8
| # yum install httpd-devel ruby ruby-devel# cd /tmp# tar zxvf mod_ruby-1.3.0.tar.gz# cd mod_ruby-1.3.0/# ./configure.rb --with-apr-includes=/usr/include/apr-1# make# make install |
Edit file /etc/httpd/conf.d/ruby.conf
1
| # vi /etc/httpd/conf.d/ruby.conf |
tambahkan kode berikut pada /etc/httpd/conf.d/ruby.conf
1
2
| LoadModule ruby_module modules/mod_ruby.soRubyAddPath /1.8 |
Install Python
1
2
| # yum install mod_python# /etc/init.d/httpd restart |
Edit dan aktifkan beberapa LoadModule berikut:
1
| # vi /etc/httpd/conf/httpd.conf |
1
2
3
4
5
6
7
| [...]LoadModule auth_digest_module modules/mod_auth_digest.so[...]LoadModule dav_module modules/mod_dav.so[...]LoadModule dav_fs_module modules/mod_dav_fs.so[...] |
Restart service http
1
| # /etc/init.d/httpd restart |
Install PureFTPd
1
2
3
4
| # yum install pure-ftpd# chkconfig --levels 235 pure-ftpd on# /etc/init.d/pure-ftpd start# yum install openssl |
Edit dan aktifkan TLS /etc/pure-ftpd/pure-ftpd.conf
1
| # vi /etc/pure-ftpd/pure-ftpd.conf |
1
2
3
4
5
6
7
8
9
10
11
12
13
| [...]# This option can accept three values :# 0 : disable SSL/TLS encryption layer (default).# 1 : accept both traditional and encrypted sessions.# 2 : refuse connections that don't use SSL/TLS security mechanisms,# including anonymous sessions.# Do _not_ uncomment this blindly. Be sure that :# 1) Your server has been compiled with SSL/TLS support (--with-tls),# 2) A valid certificate is in place,# 3) Only compatible clients will log in.TLS 1[...] |
Membuat sertifikat SSL untuk PureFTPd
1
2
3
4
| # mkdir -p /etc/ssl/private/#
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout
/etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem# chmod 600 /etc/ssl/private/pure-ftpd.pem# /etc/init.d/pure-ftpd restart |
Install Bind DNS Server
1
2
| # yum install bind bind-utils# vi /etc/sysconfig/named |
EDIT ROOTDIR=/var/named/chroot line is comment out:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
| # BIND named process options# ~~~~~~~~~~~~~~~~~~~~~~~~~~# Currently, you can use the following options:## ROOTDIR="/var/named/chroot" -- will run named in a chroot environment.# you must set up the chroot environment# (install the bind-chroot package) before# doing this.# NOTE:# Those directories are automatically mounted to chroot if they are# empty in the ROOTDIR directory. It will simplify maintenance of your# chroot environment.# - /var/named# - /etc/pki/dnssec-keys# - /etc/named# - /usr/lib64/bind or /usr/lib/bind (architecture dependent)## Those files are mounted as well if target file doesn't exist in# chroot.# - /etc/named.conf# - /etc/rndc.conf# - /etc/rndc.key# - /etc/named.rfc1912.zones# - /etc/named.dnssec.keys# - /etc/named.iscdlv.key## Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"# line to your /etc/rsyslog.conf file. Otherwise your logging becomes# broken when rsyslogd daemon is restarted (due update, for example).## OPTIONS="whatever" -- These additional options will be passed to named# at startup. Don't add -t here, use ROOTDIR instead.## KEYTAB_FILE="/dir/file" -- Specify named service keytab file (for GSS-TSIG)## DISABLE_ZONE_CHECKING -- By default, initscript calls named-checkzone# utility for every zone to ensure all zones are# valid before named starts. If you set this option# to 'yes' then initscript doesn't perform those# checks. |
Backup dan edit /etc/named.conf
1
2
3
| # cp /etc/named.conf /etc/named.conf_bak# cat /dev/null > /etc/named.conf# vi /etc/named.conf |
Masukkan kode /etc/named.conf berikut
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| //// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {listen-on port 53 { any; };listen-on-v6 port 53 { any; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { any; };recursion yes;};logging {channel default_debug {file "data/named.run";severity dynamic;};};zone "." IN {type hint;file "named.ca";};include "/etc/named.conf.local"; |
Jalankan service bind
1
2
3
| # touch /etc/named.conf.local# chkconfig --levels 235 named on# /etc/init.d/named start |
Install vlogger, webalizer, and awstats
1
2
3
4
5
6
7
| # yum install webalizer awstats perl-DateTime-Format-HTTP perl-DateTime-Format-Builder# cd /tmp# tar xvfz vlogger-1.3.tar.gz# mv vlogger-1.3/vlogger /usr/sbin/# rm -rf vlogger*# /etc/init.d/httpd restart |
Install Jailkit
1
2
3
4
5
6
7
8
9
10
| # cd /tmp# tar xvfz jailkit-2.14.tar.gz# cd jailkit-2.14# ./configure# make# make install# cd ..# rm -rf jailkit-2.14*# /etc/init.d/httpd restart |
Install fail2ban
1
2
| # yum install fail2ban# vi /etc/fail2ban/fail2ban.conf |
Edit logtarget = SYSLOG line and add logtarget = /var/log/fail2ban.log:
1
2
3
4
5
6
7
8
9
| [...]# Option: logtarget# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.# Only one log target can be specified.# Values: STDOUT STDERR SYSLOG file Default: /var/log/fail2ban.log##logtarget = SYSLOGlogtarget = /var/log/fail2ban.log[...] |
Jalankan service fail2ban
1
2
3
| # chkconfig --levels 235 fail2ban on# /etc/init.d/fail2ban start# /etc/init.d/httpd restart |
Install Rkhunter
1
2
| # yum install rkhunter# /etc/init.d/httpd restart |
Install Mailman
1
2
| # yum install mailman# /usr/lib/mailman/bin/newlist mailman |
Edit dan tambahkan kode /etc/aliases
1
| # vi /etc/aliases |
1
2
3
4
5
6
7
8
9
10
| mailman: "|/usr/lib/mailman/mail/mailman post mailman"mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman"mailman-join: "|/usr/lib/mailman/mail/mailman join mailman"mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman"mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman"mailman-request: "|/usr/lib/mailman/mail/mailman request mailman"mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman"mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman" |
Jalankan perintah newaliases
1
2
3
| # newaliases# /etc/init.d/postfix restart# /etc/init.d/httpd restart |
Edit dan tabmahkan kode /etc/httpd/conf.d/mailman.conf
1
| # vi /etc/httpd/conf.d/mailman.conf |
Tambahkan kode berikut pada /etc/httpd/conf.d/mailman.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| ## httpd configuration settings for use with mailman.#ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/AllowOverride NoneOptions ExecCGIOrder allow,denyAllow from all#Alias /pipermail/ /var/lib/mailman/archives/public/Alias /pipermail /var/lib/mailman/archives/public/Options Indexes MultiViews FollowSymLinksAllowOverride NoneOrder allow,denyAllow from allAddDefaultCharset Off# Uncomment the following line, to redirect queries to /mailman to the# listinfo page (recommended).# RedirectMatch ^/mailman[/]*$ /mailman/listinfo |
Restart service httpd dan jalankan service mailman
1
2
3
| # /etc/init.d/httpd restart# chkconfig --levels 235 mailman on# /etc/init.d/mailman start |
Install SquirrelMail
1
2
3
| # yum install squirrelmail# /etc/init.d/httpd restart# /usr/share/squirrelmail/config/conf.pl |
Pilih option ( D, courier, ENTER, S, Q)
Edit file /etc/squirrelmail/config_local.php
1
| # vi /etc/squirrelmail/config_local.php |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| <!--?php/** * Local config overrides. * * You can override the config.php settings here. * Don't do it unless you know what you're doing. * Use standard PHP syntax, see config.php for examples. * * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id: config_local.php,v 1.2 2006/07/11 03:33:47 wtogami Exp $ * @package squirrelmail * @subpackage config *///$default_folder_prefix = '';?--> |
UPDATE:
Jika mengalami kendala dengan web mail server, gunakan konfigurasi berikut untuk postfix
Download dan install system-switch-mail, dimana tool ini akan memudahkan anda dalam switch mail system
1
2
| # wget http://centos.idrepo.or.id/centos/5.8/os/i386/CentOS/system-switch-mail-0.5.25-13.el5.noarch.rpm# rpm -ivh system-switch-mail-0.5.25-13.el5.noarch.rpm |
Terlebih dahulu bakup file konfigurasi /etc/postfix/main.cf
1
| # cp /etc/postfix/main.cf /etc/postfix/main.cf-original |
Kosongkan file /etc/postfix/main.cf
1
| # echo "" > /etc/postfix/main.cf |
Tambahkan kode di file /etc/postfix/main.cf
1
| # vi /etc/postfix/main.cf |
Isi /etc/postfix/main.cf dengan kode berikut:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
| queue_directory = /var/spool/postfixcommand_directory = /usr/sbindaemon_directory = /usr/libexec/postfixmail_owner = postfixinet_interfaces = allmydestination = $myhostname, localhost.$mydomain, localhost, $mydomainunknown_local_recipient_reject_code = 550alias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliasesdebugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5sendmail_path = /usr/sbin/sendmail.postfixnewaliases_path = /usr/bin/newaliases.postfixmailq_path = /usr/bin/mailq.postfixsetgid_group = postdrophtml_directory = nomanpage_directory = /usr/share/mansample_directory = /usr/share/doc/postfix-2.3.3/samplesreadme_directory = /usr/share/doc/postfix-2.3.3/README_FILEShome_mailbox = Maildir/append_dot_mydomain = noreadme_directory = nomydomain = indoit.web.idmyorigin = $mydomainsmtp_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client pbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_non_fqdn_sender, permitmynetworks = /etc/postfix/mynetworkssmtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policy, permit |
Atau dapat mendownload file /etc/postfix/main.cf konfigurasi berikut:
1
2
3
| # unzip main.cf-postfix-indoit-centos.zip# cp main.cf-postfix-indoit-centos main.cf |
Jalankan service postfix
1
2
3
4
| # touch /etc/postfix/mynetworks# echo "192.168.10.0/24" > /etc/postfix/mynetworks# echo "127.0.0.0/8" >> /etc/postfix/mynetworks# /etc/init.d/postfix start |
Test koneksi postfix
1
| # telnet localhost 25 |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| [root@server]# telnet localhost 25Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.220 server.indoit.web.id ESMTP Postfixehlo localhost <=== "ehlo localhost" harus di ketik250-server.indoit.web.id250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN |
Install Dovecot
1
| # yum install dovecot |
Matikan service Courier-IMAP dan jalankan Dovecot
1
2
3
4
5
| # /etc/init.d/courier-imap stop# chkconfig --levels 235 courier-imap off# chkconfig --levels 235 dovecot on# /etc/init.d/dovecot start |
ketikkan "quit" untuk keluar Selanjut nya kita akan mengkonfigurasi Untuk Dovecot
1
| # cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf-original |
1
| # vi /etc/dovecot/dovecot.conf |
1
2
3
4
| # Protocols we want to be serving.# protocols = imap pop3 lmtp protocols = imap imaps pop3 pop3s |
1
| # vi /etc/dovecot/conf.d/10-mail.conf |
1
| mail_location = maildir:~/Maildir |
1
| # vi /etc/dovecot/conf.d/20-pop3.conf |
1
| pop3_uidl_format = %08Xu%08Xv |
1
| # /etc/init.d/dovecot start |
1
2
3
4
5
6
7
8
| # yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql# sa-update# chkconfig --levels 235 amavisd on# chkconfig --del clamd# chkconfig --levels 235 clamd.amavisd on# /usr/bin/freshclam# /etc/init.d/amavisd start# /etc/init.d/clamd.amavisd start |
Test kirim email dengan perintah berikut
1
| echo "Email body message"|mail -s "Header Mail" indoit@indoit.web.id |
Tidak ada komentar:
Posting Komentar