From 75e4a085180362acd5f71a60f16c45c78d9ef204 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 15 Jan 2017 20:48:09 +0000
Subject: [PATCH] adjust squid config for proxies

---
 roles/kojipkgs/files/squid.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/kojipkgs/files/squid.conf b/roles/kojipkgs/files/squid.conf
index 71de1905a6..295344dc79 100644
--- a/roles/kojipkgs/files/squid.conf
+++ b/roles/kojipkgs/files/squid.conf
@@ -36,11 +36,12 @@ acl SSL_ports port 443
 acl Safe_ports port 80		# http
 acl Safe_ports port 443		# https
 acl CONNECT method CONNECT
-acl our_sites dstdomain kojipkgs.fedoraproject.org kojipkgs01.phx2.fedoraproject.org
+acl our_sites dstdomain kojipkgs.fedoraproject.org kojipkgs01.phx2.fedoraproject.org kojipkgs02.phx2.fedoraproject.org
 acl phx2 src 10.5.125.0/24 10.5.127.0/24 10.5.129.0/24
 # The stg builders in the createrepo channel need access to repos
 acl phx2-stg src 10.5.126.14/32 10.5.126.223/32 10.5.126.224/32 10.5.126.225/32 10.5.126.226/32
 acl pdc src 10.5.126.134/32
+acl proxies src 10.5.126.51/32 10.5.126.52/32 ::1
 acl repo_url urlpath_regex -i ^/repo/
 acl kojipkgs urlpath_regex -i \.(rpm|log|sig)$
 acl mash urlpath_regex -i ^/mash/
@@ -62,6 +63,10 @@ http_access deny cachemanager
 # Let the pdc-backend inspect the composes
 http_access allow pdc compose
 
+# Let the proxies access things
+http_access allow proxies
+follow_x_forwarded_for allow proxies
+
 # Do not allow non safe ports or connect on anything but ssl ports
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports