infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
ansible/roles/flatpak-cache/templates/squid.conf
Leo Puvilland fca6a0390d enable and configure VM for flatpak-cache 
Signed-off-by: Leo Puvilland <leo@craftcat.dev>
2024-05-03 18:52:33 +00:00

59 lines
2 KiB
SquidConf
Raw Blame History

acl openqa src 10.3.174.21-10.3.174.64
acl batcave src 10.3.163.35
acl proxies src 10.128.4.1
acl SSL_ports port 443
acl Safe_ports port 80 443
acl CONNECT method CONNECT
acl intermediate_fetching transaction_initiator certificate-fetching
http_access allow intermediate_fetching
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from openqa
http_access allow openqa
http_access allow batcave
# Only cache flathub
acl cacheDomain dstdomain dl.flathub.org
cache deny !cacheDomain
# And finally deny all other access to this proxy
http_access deny all
# Trust proxies to have correct X-Forwarded-For
follow_x_forwarded_for allow proxies
http_port 3128 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/pki/squid/ca/ca.crt tls-key=/etc/pki/squid/key/ca.key tls-dh=prime256v1:/etc/pki/squid/dhparam/dh.pem
sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 20MB
sslcrtd_children 5
ssl_bump server-first all
ssl_bump stare all
sslproxy_cert_error deny all
# Uncomment and adjust the following to add a disk cache directory.
maximum_object_size 6 GB
cache_dir ufs /var/spool/squid 20000 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern -i dl.flathub.org\/.* 1440 20% 10080 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern . 0 20% 4320
pid_filename none
# <Client IP> <Username> [<Local Time>] "<Request Method> <Request URL> HTTP/<Protocol Version> <Response Status Code> \
# <Sent reply size (with hdrs)> <Referer> <User Agent> <Squid Request Status>:<Squid Hierarchy Status>
# logformat combined %>a %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/squid.log squid
access_log /var/log/squid/access.log combined
View git blame Copy permalink