adjust squid config for proxies

roles/kojipkgs/files/squid.conf

@@ -36,11 +36,12 @@ acl SSL_ports port 443
 acl Safe_ports port 80		# http
 acl Safe_ports port 443		# https
 acl CONNECT method CONNECT
-acl our_sites dstdomain kojipkgs.fedoraproject.org kojipkgs01.phx2.fedoraproject.org
+acl our_sites dstdomain kojipkgs.fedoraproject.org kojipkgs01.phx2.fedoraproject.org kojipkgs02.phx2.fedoraproject.org
 acl phx2 src 10.5.125.0/24 10.5.127.0/24 10.5.129.0/24
 # The stg builders in the createrepo channel need access to repos
 acl phx2-stg src 10.5.126.14/32 10.5.126.223/32 10.5.126.224/32 10.5.126.225/32 10.5.126.226/32
 acl pdc src 10.5.126.134/32
+acl proxies src 10.5.126.51/32 10.5.126.52/32 ::1
 acl repo_url urlpath_regex -i ^/repo/
 acl kojipkgs urlpath_regex -i \.(rpm|log|sig)$
 acl mash urlpath_regex -i ^/mash/
@@ -62,6 +63,10 @@ http_access deny cachemanager
 # Let the pdc-backend inspect the composes
 http_access allow pdc compose
 
+# Let the proxies access things
+http_access allow proxies
+follow_x_forwarded_for allow proxies
+
 # Do not allow non safe ports or connect on anything but ssl ports
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports