WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-01 05:51:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
04dcafe578f9cd6d98ad525529341b35f424ad4e
fedora-infra_ansible/roles/flatpak-cache/templates/squid.conf
Nils Philippsen 6c85fda0c9 Mass remove/replace iad2 -> rdu3, 10.3. -> 10.16. 
Signed-off-by: Nils Philippsen <nils@redhat.com>
2025-07-03 20:05:02 +02:00

60 lines
2.0 KiB
SquidConf
Raw Blame History

acl openqa src 10.16.174.21-10.16.174.64
acl batcave src 10.16.163.35
acl proxies src 10.128.4.1
acl SSL_ports port 443
acl Safe_ports port 80 443
acl CONNECT method CONNECT
acl intermediate_fetching transaction_initiator certificate-fetching
http_access allow intermediate_fetching
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from openqa
http_access allow openqa
http_access allow batcave
# Only cache flathub
acl cacheDomain dstdomain dl.flathub.org
cache deny !cacheDomain
# And finally deny all other access to this proxy
http_access deny all
# Trust proxies to have correct X-Forwarded-For
follow_x_forwarded_for allow proxies
http_port 3128 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/pki/squid/ca.crt tls-key=/etc/pki/squid/ca.key tls-dh=prime256v1:/etc/pki/squid/dh.pem
sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 20MB
sslcrtd_children 5
ssl_bump server-first all
ssl_bump stare all
sslproxy_cert_error deny all
# Uncomment and adjust the following to add a disk cache directory.
maximum_object_size 6 GB
cache_dir ufs /var/spool/squid 20000 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern -i dl.flathub.org\/.* 1440 20% 10080 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern . 0 20% 4320
pid_filename none
# <Client IP> <Username> [<Local Time>] "<Request Method> <Request URL> HTTP/<Protocol Version> <Response Status Code> \
# <Sent reply size (with hdrs)> <Referer> <User Agent> <Squid Request Status>:<Squid Hierarchy Status>
# logformat combined %>a %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/squid.log squid
access_log /var/log/squid/access.log combined
Reference in New Issue View Git Blame Copy Permalink