You've already forked fedora-repo-proxy-cache
Add current version.
This commit is contained in:
77
squid.conf
Normal file
77
squid.conf
Normal file
@@ -0,0 +1,77 @@
|
||||
# squid.conf
|
||||
# Cache Proxy for use with Fedora RPM/Yum Mirrors
|
||||
#
|
||||
|
||||
http_port 8888 # This should match the port you're exposing via docker-compose.yml
|
||||
|
||||
announce_host your.domain-or-host-name.tld
|
||||
visible_hostname your.domain-or-host-name.tld
|
||||
|
||||
dns_nameservers 10.0.0.2 # Optional: Only if you want to set a specific DNS server
|
||||
|
||||
cache_mem 400 MB
|
||||
maximum_object_size 200 MB
|
||||
maximum_object_size_in_memory 1024 KB
|
||||
|
||||
access_log stdio:/var/log/squid/access.log squid
|
||||
|
||||
# Configured to use a maximum of 15GB storage space
|
||||
cache_dir ufs /var/spool/squid 15000 16 256
|
||||
|
||||
# Average object size, used to estimate number of objects your
|
||||
# cache can hold. The default is 13 KB.
|
||||
store_avg_object_size 817 KB
|
||||
|
||||
# We want to keep the largest objects around longer, and just download the smaller objects if we can.
|
||||
cache_replacement_policy heap LFUDA
|
||||
memory_replacement_policy heap GDSF
|
||||
|
||||
# Cache repodata at least 30 minutes and then query parent whether it is fresh
|
||||
refresh_pattern \/repodata/.*$ 30 1% 1440 ignore-no-cache ignore-reload reload-into-ims
|
||||
|
||||
# RPMs will hardly ever change, force to cache them for a long time.
|
||||
refresh_pattern \.rpm$ 10080 100% 525960 override-expire override-lastmod ignore-reload reload-into-ims
|
||||
|
||||
# Everything else
|
||||
refresh_pattern . 0 100% 525960
|
||||
|
||||
# Only allow requests from the local network
|
||||
acl localnet src 0.0.0.1-0.255.255.255
|
||||
acl localnet src 172.24.0.0/8 # Make sure you adjust these to whatever your local network IP ranges are
|
||||
acl localnet src 192.168.0.0/8
|
||||
|
||||
# Only allow requests to the ports we specified.
|
||||
acl SSL_ports port 443
|
||||
acl Safe_ports port 80 # http
|
||||
acl Safe_ports port 443 # https
|
||||
acl Safe_ports port 8888 # Custom port you've exposed (see docker-compose.yml)
|
||||
|
||||
# Allow SSL requests to pass through.
|
||||
acl CONNECT method CONNECT
|
||||
|
||||
http_access deny !Safe_ports
|
||||
http_access deny CONNECT !SSL_ports
|
||||
http_access allow localhost manager
|
||||
http_access deny manager
|
||||
http_access allow localhost
|
||||
http_access allow localnet
|
||||
http_access deny all
|
||||
icp_access allow all
|
||||
miss_access allow all
|
||||
|
||||
# if transport is canceled, finish downloading anyway
|
||||
quick_abort_pct -1
|
||||
quick_abort_min -1 KB
|
||||
|
||||
# when range is required, download the whole file anyway
|
||||
# when we request rpm header, we will nearly always get
|
||||
# request for the rest of the file
|
||||
range_offset_limit none
|
||||
|
||||
# we download only from 1 server, default is 1024
|
||||
# which is too much for us
|
||||
fqdncache_size 4
|
||||
|
||||
# Specify the user cache files should be owned by
|
||||
cache_effective_user proxy
|
||||
#cache_effective_group proxy
|
||||
Reference in New Issue
Block a user