| |
@@ -0,0 +1,53 @@
|
| |
+ acl openqa src 10.3.174.21-10.3.174.64
|
| |
+
|
| |
+ acl SSL_ports port 443
|
| |
+ acl Safe_ports port 80 443
|
| |
+ acl CONNECT method CONNECT
|
| |
+
|
| |
+ acl intermediate_fetching transaction_initiator certificate-fetching
|
| |
+ http_access allow intermediate_fetching
|
| |
+
|
| |
+ # Deny requests to certain unsafe ports
|
| |
+ http_access deny !Safe_ports
|
| |
+
|
| |
+ # Deny CONNECT to other than secure SSL ports
|
| |
+ http_access deny CONNECT !SSL_ports
|
| |
+
|
| |
+ # Only allow cachemgr access from openqa
|
| |
+ http_access allow openqa
|
| |
+
|
| |
+ # Only cache flathub
|
| |
+ acl cacheDomain dstdomain dl.flathub.org
|
| |
+ cache deny !cacheDomain
|
| |
+
|
| |
+ # And finally deny all other access to this proxy
|
| |
+ http_access deny all
|
| |
+
|
| |
+
|
| |
+ http_port 3128 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/pki/squid/ca/ca.crt tls-key=/etc/pki/squid/key/ca.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/pki/squid/dhparam/dh.pem
|
| |
+
|
| |
+ sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 20MB
|
| |
+ sslcrtd_children 5
|
| |
+ ssl_bump server-first all
|
| |
+ ssl_bump stare all
|
| |
+ sslproxy_cert_error deny all
|
| |
+
|
| |
+ # Uncomment and adjust the following to add a disk cache directory.
|
| |
+ maximum_object_size 6 GB
|
| |
+ cache_dir ufs /srv/squid 20000 16 256
|
| |
+
|
| |
+ # Leave coredumps in the first cache dir
|
| |
+ coredump_dir /var/spool/squid
|
| |
+
|
| |
+ #
|
| |
+ # Add any of your own refresh_pattern entries above these.
|
| |
+ #
|
| |
+ refresh_pattern -i dl.flathub.org\/.* 1440 20% 10080 override-expire ignore-no-cache ignore-no-store ignore-private
|
| |
+ refresh_pattern . 0 20% 4320
|
| |
+
|
| |
+
|
| |
+ # <Client IP> <Username> [<Local Time>] "<Request Method> <Request URL> HTTP/<Protocol Version> <Response Status Code> \
|
| |
+ # <Sent reply size (with hdrs)> <Referer> <User Agent> <Squid Request Status>:<Squid Hierarchy Status>
|
| |
+ logformat combined %>a %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
|
| |
+ access_log /var/log/squid/squid.log squid
|
| |
+ access_log /var/log/squid/access.log combined
|
| |
\ No newline at end of file
|
| |
This should implement a flatpak cache with
varnish
on openshift.