File: squid-deb-proxy.conf

package info (click to toggle)
squid-deb-proxy 0.8.15%2Bnmu1
  • links: PTS
  • area: main
  • in suites: bookworm, sid
  • size: 252 kB
  • sloc: sh: 315; ansic: 145; python: 100; makefile: 32
file content (97 lines) | stat: -rw-r--r-- 3,311 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

#       WELCOME TO SQUID DEB PROXY
#       ------------------
#
#       This config file is a version of a squid proxy file optimized
#	as a configuration for a caching proxy for Debian/Ubuntu systems.
#
#       More information about squid and its configuration can be found here
#       http://www.squid-cache.org/ and in the FAQ

# settings that you may want to customize
# ---------------------------------------

# this file contains private networks (10.0.0.0/8, 172.16.0.0/12,
# 192.168.0.0/16) by default, you can add/remove additional allowed
# source networks in it to customize it for your setup
acl allowed_networks src "/etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl"

# this file contains the archive mirrors by default,
# if you use a different mirror, add it there
acl to_archive_mirrors dstdomain "/etc/squid-deb-proxy/autogenerated/mirror-dstdomain.acl"

# this contains the package blacklist
acl blockedpkgs urlpath_regex "/etc/squid-deb-proxy/autogenerated/pkg-blacklist-regexp.acl"

# default to a different port than stock squid
http_port 8000

# -------------------------------------------------
# settings below probably do not need customization

# user visible name
visible_hostname squid-deb-proxy

# we need a big cache, some debs are huge
maximum_object_size 512 MB

# use a different dir than stock squid and default to 40G
cache_dir aufs /var/cache/squid-deb-proxy 40000 16 256

# use different logs
cache_access_log /var/log/squid-deb-proxy/access.log
cache_log /var/log/squid-deb-proxy/cache.log
cache_store_log /var/log/squid-deb-proxy/store.log

# tweaks to speed things up
cache_mem 200 MB
maximum_object_size_in_memory 10240 KB

# pid
pid_filename /var/run/squid-deb-proxy.pid

# refresh pattern for debs and udebs
refresh_pattern deb$   129600 100% 129600
refresh_pattern udeb$   129600 100% 129600
refresh_pattern tar.gz$  129600 100% 129600
refresh_pattern tar.xz$  129600 100% 129600
refresh_pattern tar.bz2$  129600 100% 129600

# always refresh Packages and Release files
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims

# handle meta-release and changelogs.ubuntu.com special
# (fine to have this on debian too)
refresh_pattern changelogs.ubuntu.com\/.*  0  1% 1

# only allow connects to ports for http, https
acl Safe_ports port 80
acl Safe_ports port 443 563   

# only allow ports we trust
http_access deny !Safe_ports

# do not allow to download from the pkg blacklist
http_access deny blockedpkgs

# allow access only to official archive mirrors
# uncomment the third and fouth line to permit any unlisted domain
http_access deny !to_archive_mirrors
#http_access allow !to_archive_mirrors

# don't cache domains not listed in the mirrors file
# uncomment the third and fourth line to cache any unlisted domains
cache deny !to_archive_mirrors
#cache allow !to_archive_mirrors

# allow access from our network and localhost
http_access allow allowed_networks

# And finally deny all other access to this proxy
http_access deny all

# we don't want to clash with the squid netdb state file
netdb_filename stdio:/var/log/squid-deb-proxy/netdb.state