-
Notifications
You must be signed in to change notification settings - Fork 204
/
Copy pathsquid.conf
75 lines (60 loc) · 2.81 KB
/
squid.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# squid.conf
# To be used for Spacewalk Proxy servers.
#
http_port 8080
cache_mem 400 MB
# cached images can be large
maximum_object_size 10 GB
maximum_object_size_in_memory 1024 KB
access_log /var/log/squid/access.log squid
# Size should be about 60% of your free space
cache_dir aufs /var/cache/squid 15000 16 256
# Average object size, used to estimate number of objects your
# cache can hold. The default is 13 KB.
store_avg_object_size 817 KB
# We want to keep the largest objects around longer, and just download the smaller objects if we can.
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
# cache repodata only few minutes and then query parent whether it is fresh
refresh_pattern /XMLRPC/GET-REQ/.*/repodata/.*$ 0 1% 5 reload-into-ims refresh-ims
refresh_pattern /ks/.*/repodata/.*$ 0 1% 5 reload-into-ims refresh-ims
# salt minions get the repodata via a different URL
refresh_pattern /rhn/manager/download/.*/repodata/.*$ 0 1% 5 reload-into-ims refresh-ims
# bootstrap repos needs to be handled as well
refresh_pattern /pub/repositories/.*/repodata/.*$ 0 1% 5 reload-into-ims refresh-ims
refresh_pattern /pub/repositories/.*/venv-enabled-.*.txt$ 0 1% 5 reload-into-ims refresh-ims
# rpm will hardly ever change, force to cache it for very long time
refresh_pattern \.rpm$ 10080 100% 525600 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern \.deb$ 10080 100% 525600 override-expire override-lastmod ignore-reload reload-into-ims
# once downloaded images will never change. New image will have different revision number
refresh_pattern /os-images/.*$ 10080 100% 525600 ignore-no-store ignore-reload ignore-private
refresh_pattern /saltboot/.*$ 10080 100% 525600 ignore-no-store ignore-reload ignore-private
# kernel and initrd are tied to images, will never change as well
refresh_pattern /tftp/images/.*$ 10080 100% 525600 ignore-no-store ignore-reload ignore-private
# rest of tftp are config files prone to change frequently
refresh_pattern /tftp/.*$ 0 1% 5 reload-into-ims refresh-ims
refresh_pattern . 0 100% 525600
# secure squid
# allow request only from localhost and to http and https ports
acl all src all
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
miss_access allow all
# if transport is canceled, finish downloading anyway
quick_abort_pct -1
quick_abort_min -1 KB
# when range is required, download whole file anyway
# when we request rpm header, we will nearly always get
# request for the rest of the file
range_offset_limit none
# we download only from 1 server, default is 1024
# which is too much for us
fqdncache_size 4
pid_filename /run/squid/squid.pid