Attempt at LUSCA\u00a0 High performance caching server with tproxy and store rewrite.
\nMost of this stuff has been taken from forums, google etc…<\/p>\n
1. Install Ubuntu server 10.04.2 64 bit
\n2. Install dependencies
\napt-get install gcc make automake sharutils linux-headers-`uname -r` libcap libcap-dev<\/p>\n
Check if correct kernel modules gets loaded: 3. Obtain Lusca Head branch of Squid Configure Options Debian: Configure RH Options 5. Post install # Prepare cache and log dir with correct permissions <\/p>\n My squid.conf References: <\/p>\n","protected":false},"excerpt":{"rendered":" Attempt at LUSCA\u00a0 High performance caching server with tproxy and store rewrite. Most of this stuff has been taken from forums, google etc… 1. Install Ubuntu server 10.04.2 64 bit 2. Install dependencies apt-get install gcc make automake sharutils linux-headers-`uname -r` libcap libcap-dev Check if correct kernel modules gets loaded: cat \/boot\/config-`uname -r` | grep … Continue reading LUSCA Caching Server<\/span>
\n<\/code><\/p>\n\r\ncat \/boot\/config-`uname -r` | grep -E '(NF_CONNTRACK=|TPROXY|XT_MATCH_SOCKET|XT_TARGET_TPROXY)'\r\nThis is a good result:\r\nCONFIG_NF_CONNTRACK=m\r\nCONFIG_NETFILTER_TPROXY=m\r\nCONFIG_NETFILTER_XT_TARGET_TPROXY=m\r\nCONFIG_NETFILTER_XT_MATCH_SOCKET=m\r\n<\/pre>\n
<\/code><\/p>\n
\n<\/code><\/p>\n\r\ncd \/usr\/src\/\r\nwget http:\/\/lusca-cache.googlecode.com\/files\/LUSCA_HEAD-r14809.tar.gz\r\ntar -xvf LUSCA_HEAD-r14809.tar.gz\r\ncd LUSCA_HEAD-r14809\r\n<\/pre>\r\n4. Build Lusca\r\n# Start configuring and compiling\r\n<code>[bash]\r\n.\/bootstrap.sh\r\nmake distclean<\/pre>\n
<\/code><\/p>\n
\n<\/code><\/p>\n\r\n.\/configure '--prefix=\/usr\/local\/lusca\/' '--enable-async-io' '--with-pthreads' '--enable-storeio=aufs,coss,null' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-referer-log' '--enable-useragent-log' '--enable-follow-x-forwarded-for' '--with-large-files' '--with-maxfd=65536' 'amd64-debian-linux' '--enable-linux-tproxy4' 'build_alias=amd64-debian-linux' 'host_alias=amd64-debian-linux' 'target_alias=amd64-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='\r\n<\/pre>\n
<\/code><\/p>\n
\n<\/code><\/p>\n\r\n.\/configure '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu'\u00a0 '--program-prefix=' '--prefix=\/usr' '--exec-prefix=\/usr' '--bindir=\/usr\/bin'\u00a0 '--sbindir=\/usr\/sbin' '--sysconfdir=\/etc' '--includedir=\/usr\/include'\u00a0 '--libdir=\/usr\/lib64' '--libexecdir=\/usr\/libexec' '--sharedstatedir=\/var\/lib' '--mandir=\/usr\/share\/man' '--infodir=\/usr\/share\/info' '--exec_prefix=\/usr' '--bindir=\/usr\/sbin' '--libexecdir=\/usr\/lib64\/squid' '--localstatedir=\/var' '--datadir=\/usr\/share' '--sysconfdir=\/etc\/squid' '--disable-dependency-tracking' '--disable-arp-acl' '--disable-cache-digests' '--enable-cachemgr-hostname=localhost' '--disable-delay-pools' '--enable-epoll'\u00a0 '--enable-external-acl-helpers=ip_user,unix_group' '--enable-icap-client'\u00a0 '--disable-ident-lookups' '--enable-referer-log'\u00a0 '--enable-removal-policies=heap,lru' '--disable-snmp' '--enable-ssl' '--enable-storeio=aufs,coss' '--disable-useragent-log' '--disable-wccpv2' '--with-aio' '--with-default-user=squid' '--with-dl' '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu'\u00a0 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-fPIE -Os -g -pipe\u00a0 -fsigned-char -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'\u00a0 'LDFLAGS=-pie' 'CXXFLAGS=-fPIE -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2\u00a0 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64\u00a0 -mtune=generic' 'FFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic\u00a0 -I\/usr\/lib64\/gfortran\/modules' '--with-large-files' '--enable-linux-netfilter' '--with-maxfd=32000' '--disable-follow-x-forwarded-for' '--enable-truncate' '--disable-unlinkd'\u00a0 '--disable-htcp' '--enable-kill-parent-hack'\r\n\r\nmake all\r\nmake install\r\n<\/pre>\n
<\/code><\/p>\n
\n# Link install location to general file system locations
\n<\/code><\/p>\n\r\nln -s \/usr\/local\/lusca\/etc \/etc\/lusca\r\nln -s \/usr\/local\/lusca\/var\/logs \/var\/log\/lusca\r\nmkdir \/usr\/local\/lusca\/var\/cache\r\n<\/pre>\n
<\/code><\/p>\n
\n<\/code><\/p>\n\r\nchown nobody \/usr\/local\/lusca\/var\/cache \/usr\/local\/lusca\/var\/logs\r\nln -s \/usr\/local\/lusca\/sbin\/squid \/usr\/sbin\/squid\r\nln -s \/usr\/local\/lusca\/bin\/squidclient \/usr\/bin\/squidclient\r\n<\/pre>\r\n# Setup Cron\r\n4 * * * * \/usr\/sbin\/squid -k rotate\r\n\r\n# Copy rc startup script\r\n<code>[bash]\r\ncp \/usr\/src\/LUSCA_HEAD-r14809\/contrib\/lusca.rc \/etc\/init.d\/lusca\r\n# make executeable\r\nchmod +x \/etc\/init.d\/lusca\r\n<\/pre>\n
<\/code>
\n6. Configure Lusca:<\/p>\n
\n<\/code><\/p>\n\r\n#######################################################\r\n## Lusca High Performance Configuration\r\n## ====================================================\r\n## By. teukuri...@yahoo.com.sg\r\n## Updated:\u00a0\u00a0\u00a0 April 24,2011\r\n#######################################################\r\n##start of config\r\n#http_port 3128 tproxy transparent\r\nhttp_port 3128 transparent\r\n#http_port 3128 transparent\r\n#server_http11 on\r\n#icp_port 0\r\n# cache_peer 203.128.88.193 parent 8910 0 no-query no-netdb-exchange\r\nno-digest\r\n\r\n# File Squid\r\n#pid_filename \/var\/run\/lusca.pid\r\n#coredump_dir \/usr\/local\/lusca\/var\/cache\r\n#error_directory \/usr\/share\/squid\/errors\/English\r\n#icon_directory \/usr\/share\/squid\/icons\r\n#mime_table \/etc\/squid\/mime.conf\r\nvisible_hostname pcw_cache1\r\ncache_mgr support@example.com\r\n\r\n# Log Squid\r\naccess_log \/var\/log\/squid\/access.log squid\r\n#acces_log none\r\n#cache_log none\r\ncache_store_log none\r\n\r\n# Beberapa log yg tidak signifikan karena opsi2-nya jarang digunakan.\r\nlog_fqdn off\r\nlog_icp_queries off\r\nbuffered_logs off\r\nemulate_httpd_log off\r\n\r\n#===========================================================================\r\n# TAG: FTP section\r\n#---------------------------------------------------------------------------\r\n# Always use this option to reduce the traffic load. FTP passive mode\r\n# causes the client to not relate directly to an FTP server destination\r\n# and using squid as a relay so that the bandwidth for FTP connection\r\n# can be controlled possibly by a combination of IP filtering (PF (BSD) \/ IPTABLES).\r\n#===========================================================================\r\nftp_list_width 32\r\nftp_passive on\r\nftp_sanitycheck on\r\n\r\n#===================================================================\r\n# TAG: ACL Section\r\n#-------------------------------------------------------------------\r\n# Allow local network(s) on interface(s)\r\n# Example rule allowing access from your local networks.\r\n# Adapt to list your (internal) IP networks from where browsing\r\n# should be allowed\r\n#===================================================================\r\n# acl localnet src "\/etc\/squid\/ip-privadas"\u00a0\u00a0\u00a0 # IP LOCALES\r\nacl localnet src 192.168.0.0\/16\r\nacl localnet src 172.16.0.0\/12\r\nacl localnet src 172.101.0.0\/24\r\nacl localnet src 172.50.4.0\/24\r\nacl localnet src 10.0.0.0\/8\r\n\r\nuri_whitespace strip\r\n\r\n#DNS NAMESERVER\r\n\r\ndns_nameservers 172.16.1.2\r\ndns_nameservers 8.8.8.8\r\n\r\ncache_mem 780 MB\r\nmaximum_object_size_in_memory 16 KB\r\nmemory_replacement_policy lru\r\ncache_replacement_policy lru\r\n\r\ncache_dir aufs \/var\/spool\/squid\/ 51200 32 256\r\ncache_dir aufs \/cache\/cache1 51200 32 256\r\ncache_dir aufs \/cache\/cache2 51200 32 256\r\ncache_dir aufs \/cache\/cache3 51200 32 256\r\n\r\nminimum_object_size 0 bytes\r\nmaximum_object_size 704 MB\r\noffline_mode off\r\ncache_swap_low 80%\r\ncache_swap_high 100%\r\n\r\n# Setup some default acls\r\nacl all src 0.0.0.0\/0\r\nacl localhost src 127.0.0.1\/32\r\nacl Safe_ports port 21 # ftp\r\nacl Safe_ports port 70 # gopher\r\nacl Safe_ports port 80 # http\r\nacl Safe_ports port 81 #\r\nacl Safe_ports port 210 # wais\r\nacl Safe_ports port 280 # http-mgmt\r\nacl Safe_ports port 443 # https\r\nacl Safe_ports port 488 # gss-http\r\nacl Safe_ports port 563 #\r\nacl Safe_ports port 591 # filemaker\r\nacl Safe_ports port 631 #\r\nacl Safe_ports port 777 # multiling http\r\nacl Safe_ports port 901 3128 # multiling http\r\nacl Safe_ports port 1025-65535 # unregistered ports\r\n\r\nacl sslports port 443 563 81\r\nacl manager proto cache_object\r\nacl purge method PURGE\r\nacl connect method CONNECT\r\nacl dynamic urlpath_regex cgi-bin \\?\r\nhttp_access allow manager localhost all\r\nhttp_access deny manager\r\nhttp_access allow purge localhost\r\nhttp_access deny purge\r\nhttp_access deny !Safe_ports\r\nhttp_access deny CONNECT !sslports\r\n# Always allow localhost connections\r\nhttp_access allow localhost\r\n\r\n# Allow local network(s) on interface(s)\r\nhttp_access allow localnet\r\n\r\n### no cachear sitios especificos ###\r\n#acl no_cachear dstdomain "\/etc\/squid\/sitios-excluidos.conf"\r\n#no_cache deny no_cachear\r\n#always_direct allow no_cachear\r\n\r\n# Default block all to be sure\r\nvia off\r\nforwarded_for off\r\nhttp_access deny all\r\n#header_access From deny all\r\n#header_access Server deny all\r\n#header_access WWW-Authenticate deny all\r\n#header_access Link deny all\r\n#header_access Cache-Control deny all\r\n#header_access Proxy-Connection deny all\r\n#header_access X-Cache deny all\r\n#header_access X-Cache-Lookup deny all\r\nheader_access Via deny all\r\nheader_access Forwarded-For deny all\r\nheader_access X-Forwarded-For deny all\r\n#header_access Pragma deny all\r\n#header_access Keep-Alive deny all\r\n\r\n##follow_x_forwarded_for allow localnet\r\n##follow_x_forwarded_for allow localhost\r\n\r\nhttp_gzip on\r\nhttp_gzip_types text\/plain,text\/html,text\/xml,text\/css,application\/xml,application\/xhtml+xml,application\/rss+xml,application\/javascript,application\/x-javascript\r\n\r\n#=====================================================\r\n# TAG: ZPH\r\n#=====================================================\r\ntcp_outgoing_tos 0x30 localnet\r\nzph_mode tos\r\nzph_local 0x30\r\nzph_parent 0\r\n#zph_option 136\r\n\r\n#====================================================\r\n# TAG: STORE RULE\r\n#====================================================\r\n# Caching Youtube\r\nacl store_rewrite_list urlpath_regex \\\/(get_video|videoplayback\\?id|videoplayback.*id)\r\nacl store_rewrite_list urlpath_regex \\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\\?\r\nacl store_rewrite_list_domain url_regex ^http:\\\/\\\/([a-zA-Z-]+[0-9-]+)\\.[A-Za-z]*\\.[A-Za-z]*\r\nacl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\\.[a-z]*[0-9]?\\.[a-z]{3}\r\nacl store_rewrite_list_path urlpath_regex \\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$\r\nacl store_rewrite_list_domain_CDN url_regex \\.rapidshare\\.com.*\\\/[0-9]*\\\/.*\\\/[^\\\/]* ^http:\\\/\\\/(www\\.ziddu\\.com.*\\.[^\\\/]{3,4})\\\/(.*) \\.doubleclick\\.net.*\r\nacl store_rewrite_list_domain_CDN url_regex ^http:\\\/\\\/[.a-z0-9]*\\.photobucket\\.com.*\\.[a-z]{3}$ quantserve\\.com\r\nacl store_rewrite_list_domain_CDN url_regex ^http:\\\/\\\/[a-z]+[0-9]\\.google\\.co(m|\\.id)\r\nacl store_rewrite_list_domain_CDN url_regex ^http:\\\/\\\/\\.www[0-9][0-9]\\.indowebster\\.com\\\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)\r\nacl videocache_allow_url url_regex -i \\.googlevideo\\.com\\\/videoplayback \\.googlevideo\\.com\\\/videoplay \\.googlevideo\\.com\\\/get_video\\?\r\nacl videocache_allow_url url_regex -i \\.google\\.com\\\/videoplayback \\.google\\.com\\\/videoplay \\.google\\.com\\\/get_video\\?\r\nacl videocache_allow_url url_regex -i \\.google\\.[a-z][a-z]\\\/videoplayback \\.google\\.[a-z][a-z]\\\/videoplay \\.google\\.[a-z][a-z]\\\/get_video\\?\r\nacl videocache_allow_url url_regex -i proxy[a-z0-9\\-][a-z0-9][a-z0-9][a-z0-9]?\\.dailymotion\\.com\\\/\r\nacl videocache_allow_url url_regex -i vid\\.akm\\.dailymotion\\.com\\\/\r\nacl videocache_allow_url url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\\.xtube\\.com\\\/(.*)flv\r\nacl videocache_allow_url url_regex -i \\.vimeo\\.com\\\/(.*)\\.(flv|mp4)\r\nacl videocache_allow_url url_regex -i va\\.wrzuta\\.pl\\\/wa[0-9][0-9][0-9][0-9]?\r\nacl videocache_allow_url url_regex -i \\.youporn\\.com\\\/(.*)\\.flv\r\nacl videocache_allow_url url_regex -i \\.msn\\.com\\.edgesuite\\.net\\\/(.*)\\.flv\r\nacl videocache_allow_url url_regex -i \\.tube8\\.com\\\/(.*)\\.(flv|3gp)\r\nacl videocache_allow_url url_regex -i \\.mais\\.uol\\.com\\.br\\\/(.*)\\.flv\r\nacl videocache_allow_url url_regex -i \\.blip\\.tv\\\/(.*)\\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram|m4v)\r\nacl videocache_allow_url url_regex -i \\.break\\.com\\\/(.*)\\.(flv|mp4)\r\nacl videocache_allow_url url_regex -i redtube\\.com\\\/(.*)\\.flv\r\nacl videocache_allow_dom dstdomain .mccont.com .metacafe.com .cdn.dailymotion.com\r\nacl videocache_deny_dom\u00a0 dstdomain .download.youporn.com .static.blip.tv\r\nacl dontrewrite url_regex redbot\\.org \\.php\r\nacl getmethod method GET\r\n\r\nstoreurl_access deny dontrewrite\r\nstoreurl_access deny !getmethod\r\nstoreurl_access allow store_rewrite_list_domain_CDN\r\nstoreurl_access allow store_rewrite_list\r\nstoreurl_access allow store_rewrite_list_domain\r\nstoreurl_access allow store_rewrite_list_path\r\nstoreurl_access deny videocache_deny_dom\r\nstoreurl_access allow videocache_allow_url\r\nstoreurl_access allow videocache_allow_dom\r\nstoreurl_access deny all\r\n\r\nstoreurl_rewrite_program \/usr\/sbin\/storeurl.pl\r\nstoreurl_rewrite_children 1\r\nstoreurl_rewrite_concurrency 140\r\nstoreurl_bypass on\r\n\r\nhierarchy_stoplist (ini|ui|lst|inf||mh-|sc-)$ (afs.dat|update.txt|vdf.info.gz|captcha|reset.css|gamenotice|ickernew.css)\r\nacl QUERY urlpath_regex -i \\.(ini|ui|lst|inf|mh-|sc-)$\r\nacl QUERY urlpath_regex -i (afs.dat|captcha|reset.css|update.txt|gamenotice|vdf.info.gz)\r\ncache deny QUERY\r\n\r\n#=========================================================\r\n# TAG: Refresh Pattern\r\n#=========================================================\r\n# 1 year = 525600 mins, 1 month = 43200 mins, 1 day = 1440\r\n#=========================================================\r\nrefresh_pattern (get_video\\?|videoplayback\\?|videodownload\\?|\\.flv?) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale\r\nrefresh_pattern (get_video\\?|videoplayback\\?id|videoplayback.*id|videodownload\\?|\\.flv?) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale\r\nrefresh_pattern \\.(ico|video-stats) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale\r\nrefresh_pattern \\.etology\\? 43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale\r\nrefresh_pattern galleries\\.video(\\?|sz) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale\r\nrefresh_pattern brazzers\\? 43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale\r\nrefresh_pattern \\.adtology\\? 43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale\r\nrefresh_pattern ^.*(utm\\.gif|ads\\?|rmxads\\.com|ad\\.z5x\\.net|bh\\.contextweb\\.com|bstats\\.adbrite\\.com|a1\\.interclick\\.com|ad\\.trafficmp\\.com|ads\\.cubics\\.com|ad\\.xtendmedia\\.com|\\.googlesyndication\\.com|advertising\\.com|yieldmanager|game-advertising\\.com|pixel\\.quantserve\\.com|adperium\\.com|doubleclick\\.net|adserving\\.cpxinteractive\\.com|syndication\\.com|media.fastclick.net).* 43200 20% 43200 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10\r\nrefresh_pattern ^.*safebrowsing.*google\u00a0 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale\r\nrefresh_pattern ^http:\/\/((cbk|mt|khm|kh|mlt)[0-9]?)\\.google\\.co(m|\\.uk) 43200 999999% 43200 override-expire ignore-reload ignore-private store-stale negative-ttl=10080\r\nrefresh_pattern ytimg\\.com.*\\.jpg 43200 999999% 43200 override-expire ignore-reload store-stale refresh_pattern images\\.friendster\\.com.*\\.(png|gif) 43200 999999% 43200 override-expire ignore-reload store-stale\r\nrefresh_pattern garena\\.com 43200 999999% 43200 override-expire reload-into-ims store-stale\r\nrefresh_pattern photobucket.*\\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 43200 999999% 43200 override-expire ignore-reload store-stale\r\nrefresh_pattern vid\\.akm\\.dailymotion\\.com.*\\.on2\\? 43200 999999% 43200 ignore-no-cache override-expire override-lastmod store-stale\r\nrefresh_pattern mediafire.com\\\/images.*\\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 43200 999999% 43200 reload-into-ims override-expire ignore-private store-stale\r\nrefresh_pattern ^http:\\\/\\\/images|pics|thumbs[0-9]\\. 43200 999999% 43200 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale\r\nrefresh_pattern ^http:\\\/\\\/www.onemanga.com.*\\\/ 43200 999999% 43200 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale\r\nrefresh_pattern ^http:\/\/v\\.okezone\\.com\/get_video\\\/([a-zA-Z0-9]) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale\r\n\r\n# ANTI VIRUS\r\nrefresh_pattern guru.avg.com\/.*\\.(bin)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload\u00a0 reload-into-ims store-stale\r\nrefresh_pattern (avgate|avira).*(idx|gz)$\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload\u00a0 reload-into-ims store-stale\r\n##refresh_pattern ^http.*(\\.kaspersky-labs\\.com|\\.geo\\.kaspersky\\.com).*(\\.avc|\\.kdc|\\.klz|\\.bz2|\\.dat|\\.dif) 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale\r\n##refresh_pattern kaspersky.*\\.avc$ 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale\r\n##refresh_pattern kaspersky 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern update.nai.com\/.*\\.(gem|zip|mcs)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload\u00a0 reload-into-ims store-stale\r\nrefresh_pattern ^http:\\\/\\\/liveupdate.symantecliveupdate.com.*\\(zip)\u00a0\u00a0\u00a0\u00a0 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload\u00a0 reload-into-ims store-stale\r\nrefresh_pattern avast.com\/.*\\.(vpu|vpaa)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload\u00a0 reload-into-ims store-stale\r\n\r\n## WINDOWS UPDATE\r\nrefresh_pattern windowsupdate.com\/.*\\.(cab|exe)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 10080 999999%\u00a0 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale\r\nrefresh_pattern update.microsoft.com\/.*\\.(cab|exe)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 10080 999999%\u00a0 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale\r\nrefresh_pattern download.microsoft.com\/.*\\.(cab|exe)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 10080 999999%\u00a0 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale\r\n\r\n#images facebook\r\nrefresh_pattern -i \\.facebook.com.*\\.(jpg|png|gif) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale\r\nrefresh_pattern -i \\.fbcdn.net.*\\.(jpg|gif|png|swf|mp3) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale\r\nrefresh_pattern\u00a0 static\\.ak\\.fbcdn\\.net*\\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale\r\nrefresh_pattern ^http:\\\/\\\/profile\\.ak\\.fbcdn.net*\\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale\r\n\r\n# games facebook\r\nrefresh_pattern ^http:\\\/\\\/apps.facebook.com.*\\\/\u00a0\u00a0\u00a0 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale\r\nrefresh_pattern -i \\.zynga.com.*\\\/\u00a0\u00a0\u00a0\u00a0\u00a0 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale\r\nrefresh_pattern -i \\.farmville.com.*\\\/\u00a0 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale\r\nrefresh_pattern -i \\.ninjasaga.com.*\\\/\u00a0 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale\r\nrefresh_pattern -i \\.mafiawars.com.*\\\/\u00a0 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale\r\nrefresh_pattern -i \\.crowdstar.com.*\\\/\u00a0 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale\r\nrefresh_pattern -i \\.popcap.com.*\\\/\u00a0\u00a0\u00a0\u00a0 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale\r\n\r\n#banner IIX\r\nrefresh_pattern ^http:\\\/\\\/openx.*\\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims\u00a0 ignore-reload override-expire ignore-no-cache ignore-no-store\u00a0 store-stale\r\nrefresh_pattern ^http:\\\/\\\/ads(1|2|3).kompas.com.*\\\/\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 43200 99999% 129600 reload-into-ims\u00a0 ignore-reload override-expire ignore-no-cache ignore-no-store\u00a0 store-stale\r\nrefresh_pattern ^http:\\\/\\\/img.ads.kompas.com.*\\\/\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 43200 99999% 129600 reload-into-ims\u00a0 ignore-reload override-expire ignore-no-cache ignore-no-store\u00a0 store-stale\r\nrefresh_pattern .kompasimages.com.*\\.(jpg|gif|png|swf)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 43200 99999% 129600 reload-into-ims\u00a0 ignore-reload override-expire ignore-no-cache ignore-no-store\u00a0 store-stale\r\nrefresh_pattern ^http:\\\/\\\/openx.kompas.com.*\\\/\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 43200 99999% 129600 reload-into-ims\u00a0 ignore-reload override-expire ignore-no-cache ignore-no-store\u00a0 store-stale\r\nrefresh_pattern kaskus.\\us.*\\.(jp(e?g|e|2)|gif|png|swf)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 43200 99999% 129600 reload-into-ims\u00a0 ignore-reload override-expire ignore-no-cache ignore-no-store\u00a0 store-stale\r\nrefresh_pattern ^http:\\\/\\\/img.kaskus.us.*\\.(jpg|gif|png|swf)\u00a0\u00a0\u00a0 43200 99999% 129600 reload-into-ims\u00a0 ignore-reload override-expire ignore-no-cache ignore-no-store\u00a0 store-stale\r\n\r\n#IIX DOWNLOAD\r\nrefresh_pattern ^http:\\\/\\\/\\.www[0-9][0-9]\\.indowebster\\.com\\\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims\u00a0 ignore-reload override-expire ignore-no-cache ignore-no-store\u00a0 store-stale ignore-auth\r\n\r\n#All File\r\nrefresh_pattern -i \\.(class|css|js|tif)(\\?.*)?$ 1440 95% 100000080 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(jpe|jpg|jpeg|png|bmp|gif)(\\?.*)?$ 0 95% 1000000080 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(tiff|mov|avi|qt|mpeg|3gp)(\\?.*)?$ 0 95% 201600000 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(mpg|mpe|wav|au|mid|flv)(\\?.*)?$ 0 95% 2016000 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(zip|gz|arj|lha|lzh)(\\?.*)?$ 0 95% 2016000 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(rar|tgz|tar|exe|bin)(\\?.*)?$ 0 95% 2016000 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(cab|psf|part|0*|swf|gz|grf|gpf)(\\?.*)?$ 0 95% 2000160 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(pdf|rtf|doc|swf|txt|inf)(\\?.*)?$ 1 95% 2016000 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(inc|cab|ad|hqx|dll)(\\?.*)?$ 10080 95% 4320000 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(asp|acgi|pl|shtml|php3|php)(\\?.*)?$ 2 20% 432000 reload-into-ims override-lastmod\r\nrefresh_pattern -i \\.(ini)(\\?.*)?$ 2 5% 10800 reload-into-ims override-lastmod\r\n\r\nrefresh_pattern -i (\/cgi-bin\/|\\?)\u00a0 0\u00a0 0%\u00a0 0\r\nrefresh_pattern ^ftp:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1440\u00a0\u00a0\u00a0 20%\u00a0\u00a0\u00a0\u00a0 10080\r\nrefresh_pattern ^gopher:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1440\u00a0\u00a0\u00a0 0%\u00a0\u00a0\u00a0\u00a0\u00a0 1440\r\nrefresh_pattern .\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 40%\u00a0\u00a0\u00a0\u00a0 40320\r\n\r\n#==============================================\r\n# TAG: Extra Tuning Configuration\r\n#==============================================\r\nheader_access Accept-Encoding deny\u00a0 all\r\nclient_persistent_connections off\r\nserver_persistent_connections on\r\nhalf_closed_clients off\r\nstrip_query_terms off\r\nquick_abort_min 0 KB\r\nquick_abort_max 0 KB\r\nquick_abort_pct 100\r\nvary_ignore_expire on\r\nreload_into_ims on\r\npipeline_prefetch on\r\n#range_offset_limit 512 KB\r\nread_timeout 30 minutes\r\nclient_lifetime 6 hours\r\nnegative_ttl 30 seconds\r\npositive_dns_ttl 2 hours\r\nnegative_dns_ttl 1 minutes\r\npconn_timeout 15 seconds\r\nrequest_timeout 1 minute\r\nstore_avg_object_size 13 KB\r\nlog_icp_queries off\r\nipcache_size 8192\r\nipcache_low 90\r\nipcache_high 95\r\nlog_fqdn off\r\nfqdncache_size 1024\r\nmemory_pools off\r\nforwarded_for on\r\nlogfile_rotate 1\r\nstore_dir_select_algorithm round-robin\r\n#cache_effective_user nobody\r\n#cache_effective_group nobody\r\nmax_filedescriptors 8192\r\n\r\nuri_whitespace strip\r\nshutdown_lifetime 10 seconds\r\nload_check_stopen on\r\nload_check_stcreate on\r\ndownload_fastest_client_speed on\r\n\r\nurl_rewrite_program \/usr\/sbin\/updxlrator\r\nurl_rewrite_children 60\r\n\r\n##end of config\r\n\r\n7. Configure networking\r\n#Begin Script 1##################################################################################\r\n#!\/bin\/bash\r\nsysctl net.ipv4.ip_nonlocal_bind=1\r\nsysctl net.ipv4.ip_forward=1\r\n\/sbin\/modprobe ip_conntrack_ftp\r\n\/sbin\/modprobe ip_conntrack\r\n\/sbin\/modprobe nf_conntrack\r\n\/sbin\/modprobe ipt_state\r\n\/sbin\/modprobe ipt_limit\r\n\/sbin\/modprobe ipt_LOG\r\n\/bin\/echo "262144" > \/proc\/sys\/vm\/min_free_kbytes\r\n\/bin\/echo "60" > \/proc\/sys\/net\/ipv4\/netfilter\/ip_conntrack_tcp_timeout_time_wait\r\n\/bin\/echo "3276822" > \/proc\/sys\/net\/nf_conntrack_max\r\n\/bin\/echo "15" > \/proc\/sys\/net\/ipv4\/netfilter\/ip_conntrack_udp_timeout\r\n\/bin\/echo "90" > \/proc\/sys\/net\/ipv4\/netfilter\/ip_conntrack_udp_timeout_stream\r\n\/bin\/echo "300" > \/proc\/sys\/net\/ipv4\/netfilter\/ip_conntrack_tcp_timeout_established\r\n#End Script 1##################################################################################\r\n\r\n#Begin Script 2##################################################################################\r\n#!\/bin\/bash\r\n\r\nCACHE_PORT="8080"\r\nWAN="eth1"\r\nLAN="eth0"\r\nBRIDGE="br0"\r\n\r\n\/bin\/echo "1" > \/proc\/sys\/net\/ipv4\/ip_forward\r\n\r\n#########################################################################################################\r\n# BRIDGE MODE - 2 INTERFACES - TPROXY ON\r\n#########################################################################################################\r\n#\/sbin\/iptables -t nat -F\r\n#\/sbin\/iptables -t nat -X\r\n#\/sbin\/iptables -t mangle -F\r\n#\/sbin\/iptables -t mangle -X\r\n#\/sbin\/ebtables -t broute -F\r\n#\/sbin\/ebtables -t broute -X\r\n#\/sbin\/iptables -t mangle -N DIVERT\r\n#\/sbin\/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT\r\n#\/sbin\/iptables -t mangle -A DIVERT -j MARK --set-mark 1\r\n#\/sbin\/iptables -t mangle -A DIVERT -j ACCEPT\r\n#\/sbin\/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1\/0x1 --on-port $CACHE_PORT\r\n#\/sbin\/ebtables -t broute -A BROUTING -i $LAN -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target ACCEPT\r\n#\/sbin\/ebtables -t broute -A BROUTING -i $WAN -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target ACCEPT\r\n\r\n#########################################################################################################\r\n# BRIDGE MODE - 2 INTERFACES - TPROXY OFF\r\n#########################################################################################################\r\n#\/sbin\/iptables -t nat -F\r\n#\/sbin\/iptables -t nat -X\r\n#\/sbin\/iptables -t mangle -F\r\n#\/sbin\/iptables -t mangle -X\r\n#\/sbin\/ebtables -t broute -F\r\n#\/sbin\/ebtables -t broute -X\r\n#\/sbin\/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT\r\n#\/sbin\/iptables -t nat -A PREROUTING -i $BRIDGE -p tcp --dport 80 -j REDIRECT --to-port $CACHE_PORT\r\n\r\n#########################################################################################################\r\n# GATEWAY MODE - 2 INTERFACES - TPROXY ON\r\n#########################################################################################################\r\n#\/sbin\/iptables -t nat -F\r\n#\/sbin\/iptables -t nat -X\r\n#\/sbin\/iptables -t mangle -F\r\n#\/sbin\/iptables -t mangle -X\r\n#\/sbin\/ebtables -t broute -F\r\n#\/sbin\/ebtables -t broute -X\r\n#\/sbin\/iptables -t mangle -N DIVERT\r\n#\/sbin\/iptables -t mangle -A DIVERT -j MARK --set-mark 1\r\n#\/sbin\/iptables -t mangle -A DIVERT -j ACCEPT\r\n#\/sbin\/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT\r\n#\/sbin\/iptables -t mangle -A PREROUTING -i $LAN -p tcp --dport 80 -j TPROXY --tproxy-mark 1 --on-port $CACHE_PORT\r\n#\/sbin\/ip rule add fwmark 1 lookup 100\r\n#\/sbin\/ip route add local 0.0.0.0\/0 dev lo table 100\r\n#\/bin\/echo 1 > \/proc\/sys\/net\/ipv4\/conf\/$WAN\/proxy_arp\r\n\r\n#########################################################################################################\r\n# GATEWAY MODE - 2 INTERFACES - TPROXY OFF\r\n#########################################################################################################\r\n#\/sbin\/iptables -t nat -F\r\n#\/sbin\/iptables -t nat -X\r\n#\/sbin\/iptables -t mangle -F\r\n#\/sbin\/iptables -t mangle -X\r\n#\/sbin\/ebtables -t broute -F\r\n#\/sbin\/ebtables -t broute -X\r\n#\/sbin\/iptables -t nat -A PREROUTING -i $LAN -p tcp --dport 80 -j REDIRECT --to-port $CACHE_PORT\r\n#\/sbin\/iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE\r\n#End Script\r\n#########################################################################################################\r\n<\/pre>\n<\/code><\/p>\n
\nhttp:\/\/www.icez.net\/blog\/477\/lusca-cdn-installation\u00a0 # Good startup conf. Need to adapt for ubuntu server<\/p>\n