You've already forked fedora-repo-proxy-cache
78 lines
2.4 KiB
SquidConf
78 lines
2.4 KiB
SquidConf
# squid.conf
|
|
# Cache Proxy for use with Fedora RPM/Yum Mirrors
|
|
#
|
|
|
|
http_port 8888 # This should match the port you're exposing via docker-compose.yml
|
|
|
|
announce_host your.domain-or-host-name.tld
|
|
visible_hostname your.domain-or-host-name.tld
|
|
|
|
dns_nameservers 10.0.0.2 # Optional: Only if you want to set a specific DNS server
|
|
|
|
cache_mem 400 MB
|
|
maximum_object_size 200 MB
|
|
maximum_object_size_in_memory 1024 KB
|
|
|
|
access_log stdio:/var/log/squid/access.log squid
|
|
|
|
# Configured to use a maximum of 15GB storage space
|
|
cache_dir ufs /var/spool/squid 15000 16 256
|
|
|
|
# Average object size, used to estimate number of objects your
|
|
# cache can hold. The default is 13 KB.
|
|
store_avg_object_size 817 KB
|
|
|
|
# We want to keep the largest objects around longer, and just download the smaller objects if we can.
|
|
cache_replacement_policy heap LFUDA
|
|
memory_replacement_policy heap GDSF
|
|
|
|
# Cache repodata at least 30 minutes and then query parent whether it is fresh
|
|
refresh_pattern \/repodata/.*$ 30 1% 1440 ignore-no-cache ignore-reload reload-into-ims
|
|
|
|
# RPMs will hardly ever change, force to cache them for a long time.
|
|
refresh_pattern \.rpm$ 10080 100% 525960 override-expire override-lastmod ignore-reload reload-into-ims
|
|
|
|
# Everything else
|
|
refresh_pattern . 0 100% 525960
|
|
|
|
# Only allow requests from the local network
|
|
acl localnet src 0.0.0.1-0.255.255.255
|
|
acl localnet src 172.24.0.0/8 # Make sure you adjust these to whatever your local network IP ranges are
|
|
acl localnet src 192.168.0.0/8
|
|
|
|
# Only allow requests to the ports we specified.
|
|
acl SSL_ports port 443
|
|
acl Safe_ports port 80 # http
|
|
acl Safe_ports port 443 # https
|
|
acl Safe_ports port 8888 # Custom port you've exposed (see docker-compose.yml)
|
|
|
|
# Allow SSL requests to pass through.
|
|
acl CONNECT method CONNECT
|
|
|
|
http_access deny !Safe_ports
|
|
http_access deny CONNECT !SSL_ports
|
|
http_access allow localhost manager
|
|
http_access deny manager
|
|
http_access allow localhost
|
|
http_access allow localnet
|
|
http_access deny all
|
|
icp_access allow all
|
|
miss_access allow all
|
|
|
|
# if transport is canceled, finish downloading anyway
|
|
quick_abort_pct -1
|
|
quick_abort_min -1 KB
|
|
|
|
# when range is required, download the whole file anyway
|
|
# when we request rpm header, we will nearly always get
|
|
# request for the rest of the file
|
|
range_offset_limit none
|
|
|
|
# we download only from 1 server, default is 1024
|
|
# which is too much for us
|
|
fqdncache_size 4
|
|
|
|
# Specify the user cache files should be owned by
|
|
cache_effective_user proxy
|
|
#cache_effective_group proxy
|