-
Notifications
You must be signed in to change notification settings - Fork 1
/
squid.conf
67 lines (53 loc) · 2.3 KB
/
squid.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# squid.conf
# To be used for Spacewalk Proxy servers.
#
http_port 8080
http_port 8081 accel defaultsite=smgr4-pxy1.demo.lab no-vhost ignore-cc allow-direct
https_port 8443 cert=/etc/apache2/ssl.crt/server.crt key=/etc/apache2/ssl.key/server.key accel defaultsite=smgr4-pxy1.demo.lab no-vhost ignore-cc allow-direct
cache_mem 400 MB
maximum_object_size 200 MB
maximum_object_size_in_memory 1024 KB
access_log /var/log/squid/access.log squid
# Size should be about 60% of your free space
cache_dir ufs /var/cache/squid 14268 16 256
# Average object size, used to estimate number of objects your
# cache can hold. The default is 13 KB.
store_avg_object_size 817 KB
# We want to keep the largest objects around longer, and just download the smaller objects if we can.
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
# cache repodata only few minutes and then query parent whether it is fresh
refresh_pattern /XMLRPC/GET-REQ/.*/repodata/.*$ 0 1% 1440 ignore-no-cache reload-into-ims refresh-ims
# salt minions get the repodata via a different URL
refresh_pattern /rhn/manager/download/.*/repodata/.*$ 0 1% 1440 ignore-no-cache reload-into-ims refresh-ims
# rpm will hardly ever change, force to cache it for very long time
refresh_pattern \.rpm$ 10080 100% 525960 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern \.deb$ 10080 100% 525960 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern . 0 100% 525960
# secure squid
# allow request only from localhost and to http and https ports
acl localhost src 127.0.0.1/32
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 8443
acl CONNECT method CONNECT
acl nginx src 172.25.228.222
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow nginx
#http_access deny all
http_access allow all
icp_access allow all
miss_access allow all
# if transport is canceled, finish downloading anyway
quick_abort_pct -1
quick_abort_min -1 KB
# when range is required, download whole file anyway
# when we request rpm header, we will nearly always get
# request for the rest of the file
range_offset_limit none
# we download only from 1 server, default is 1024
# which is too much for us
fqdncache_size 4