apt-get update apt-get install vim apt-get install screen ----Solution 1 wget https://bootstrap.pypa.io/get-pip.py python get-pip.py rm -f get-pip.py pip install dnslib cd dns_redir screen python dnsd.py config.json Ctrl_D)> ----Solution2 (use this) apt-get install curl apt-get install sudo curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - sudo apt-get install -y nodejs npm install -g forever npm install -g forever-service cd dns_redir npm install native-dns var zone = 'tra.gov.ae'; var domainName = ['webmail.tra.gov.ae', 'dns.tra.gov.ae']; var zone = 'tra.gov.ae'; var authorative = '195.229.237.52'; //must be ip var responseIP = '185.162.235.106'; var server = dns.createServer(); forever-service install dns-server --script dnsd.js --start **-----------------------------------------------ta inja ipcocd icap screen python icap.py Ctrl_D)> cd /opt apt-get install openssl devscripts build-essential libssl-dev apache2 squid-langpack apt-get source squid3 apt-get build-dep squid3 cd squid3-3.4.8 vim debian/rules --enable-ssl \ --enable-ssl-crtd \ --with-open-ssl="/etc/ssl/openssl.cnf" \ debuild -us -uc cd .. dpkg -i *.deb apt-get install -f service apache2 stop service squid3 stop cd /etc/squid3/ mv squid.conf squid.conf.bckp vim squid.conf visible_hostname edge. #http_port 80 accel defaultsite= no-vhost #https_port 443 accel cert=/etc/letsencrypt/live//fullchain.pem key=/etc/letsencrypt/live//privkey.pem defaultsite= no-vhost #cache_peer parent 80 0 no-query originserver name=webmask #cache_peer parent 443 0 no-query originserver sslflags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN login=PASS ssl front-end-https=on name=webmask acl target_sites dstdomain http_access allow target_sites cache_peer_access webmask allow target_sites cache_peer_access webmask deny all icap_enable on icap_persistent_connections off adaptation_send_client_ip on adaptation_masterx_shared_names X-Data icap_service password_req reqmod_precache bypass=1 icap://127.0.0.1:1344/password #icap_service password_resp respmod_precache bypass=1 icap://127.0.0.1:1344/password icap_service cookie_req reqmod_precache bypass=1 icap://127.0.0.1:1344/cookie #icap_service cookie_resp respmod_precache bypass=1 icap://127.0.0.1:1344/cookie #icap_service inject_req reqmod_precache bypass=1 icap://127.0.0.1:1344/inject icap_service inject_resp respmod_precache bypass=1 icap://127.0.0.1:1344/inject icap_service headers_req reqmod_precache bypass=1 icap://127.0.0.1:1344/headers #icap_service headers_resp respmod_precache bypass=1 icap://127.0.0.1:1344/headers icap_service basic_req reqmod_precache bypass=1 icap://127.0.0.1:1344/basic #icap_service basic_resp respmod_precache bypass=1 icap://127.0.0.1:1344/basic adaptation_service_chain service_req password_req basic_req #adaptation_service_chain service_resp adaptation_access service_req allow all #adaptation_access service_resp allow all nmap -vvv apt-get install haproxy cd /etc/haproxy/ vim haproxy.cfg mode http option httplog frontend ft_ bind : mode tcp default_backend bk_ backend bk_ mode tcp balance roundrobin stick-table type ip size 200k expire 30m stick on src default-server inter 1s server s1 : check id 1 netstat -nlp service haproxy restart --------------------------------------------- --------------------------------------------- vim /etc/apt/sources.list deb http://ftp.debian.org/debian jessie-backports main deb-src http://ftp.debian.org/debian jessie-backports main apt-get update apt-get install certbot -t jessie-backports vim /etc/haproxy/haproxy.cfg service haproxy restart certbot certonly --standalone -n -m --agree-tos -d vim /etc/haproxy/haproxy.cfg service haproxy restart vim /etc/haproxy/haproxy.cfg service haproxy restart service squid3 start