Tuesday, January 21, 2014

Cara Mudah Install squid3 3.5.7 ssl Support di Debian





apt-get update
apt-get install apt-transport-https

wget -O - http://dl.dropbox.com/u/228547674/debian/public-key.gpg | apt-key add -

echo "deb http://dl.dropbox.com/u/228547674/debian/ jessie-backports main"  >> /etc/apt/sources.list.d/squid.list

apt-get update

apt-get install squid/jessie-backports



# Generate Certificate
OPENSSL=/usr/bin/openssl
SSLDIR=/etc/squid/ssl_cert
mkdir -p $SSLDIR || exit 1
rm -rf $SSLDIR/*
[ -e $SSLDIR/myCA.pem ] || (echo -e "ID\nSulawesi Selatan\nMakassar\nFokusnet\nProxy\nFokusnet\nraja_malam72@hotmail.com\n"| $OPENSSL req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout $SSLDIR/myCA.pem -out $SSLDIR/myCA.pem)
[ -e $SSLDIR/myCA.der ] || $OPENSSL x509 -in $SSLDIR/myCA.pem -outform DER -out $SSLDIR/myCA.der

SQUIDSSLCRTDDIR=/etc/squid/ssl_db/
SSLCRTD=/usr/lib/squid/ssl_crtd
$SSLCRTD -c -s $SQUIDSSLCRTDDIR
[ -d $SQUIDSSLCRTDDIR ] && chown proxy.proxy -R $SQUIDSSLCRTDDIR 



# squid.conf
http_port 3128
http_port 3127 intercept
https_port 3129 intercept  ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem

sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db -M 4MB

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all

sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER


# Mikrotik
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=IP_PROXY routing-mark=proxy scope=30 target-scope=10
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=!IP_PROXY dst-port=80,443 new-routing-mark=proxy passthrough=yes protocol=tcp src-address=\
    IP_LAN


#Import certificate /etc/squid/ssl_cert/myCA.der

For example, in FireFox:
1. Open 'Preferences'
2. Go to the 'Advanced' section, 'Encryption' tab
3. Press the 'View Certificates' button and go to the 'Authorities' tab
4. Press the 'Import' button, select the .der file that was created previously and pres 'OK' 


#Remove Squid
apt-get --purge remove squid


#iptables
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3127
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129




Sunday, July 18, 2010

I WILL

sayonara ...
kitto (shiawase datta)
itsuno hikasou
omoe ruyouni
omoide ha mune ni kizan de
I WILL I WILL

munashi kunaru dakeno
koi nara mou iranai
asu mo mienai hodo nayan de
hanareta kimochi

mou nido to modore nai
ano goro ni ha
wakattete doushite kizutsu ketano?
anata wo itsudemo shinji tekitanda
dare yori taisetsu na hito datta

sayonara ...
kitto (shiawase datta)
itsuno hikasou
omoe ruyouni
omoide ha mune ni kizan de
I WILL I WILL

yakusoku ha nanno tame ?
mamoru tameni arun janai no ?
atari mae no sonzai nante
omowa naideyo ...

kitai ha shitenai mou kore ijou
nani ni mo nozoma nai ii kikasete
kirai ni naretara kantan nano ni
anata ga yakitsuite kie nai no

sayonara ...
zutto (shiawase datta)
itsuno hikasou
ie ruyouni
omoide ha mune ni kizan de
I WILL I WILL

sayonara ...
kitto (shiawase datta)
itsuno hikasou
omoe ruyouni
omoide ha mune ni kizan de
I WILL I WILL

sayonara ...
kitto (shiawase datta)
itsuno hikasou
omoe ruyouni
omoide ha mune ni kizan de
I WILL I WILL

Wednesday, June 30, 2010

Teman Hati

Kala itu mampu kulepaskan kepedihan dari hatimu
Semangatku pun bergelora menapaki jalan hidup ini
Sebelum bersua denganmu, kesepian aku berkelana
Biar kurasakan hangatnya jemarimu

Cinta senantiasa meninabobokkan
Tatkala? lelah dalam perjalanan
Ingatlah diriku sebagai teman hati

Bahkan hati yang saling percaya terlupa entah di mana
Mengapa orang-orang mengejar kebahagiaan yang telah berlalu
Pejamkan? matamu perlahan dan singkapkan jendela hatimu
Raih tanganku dan usaplah air matamu

Cinta senantiasa meninabobokkan
Manakala engkau lemah
Ingatlah diriku sebagai teman hati