Last active
March 19, 2024 16:37
-
-
Save freyes/37230e5ea9982467f212844343dbfba1 to your computer and use it in GitHub Desktop.
Squid configured to be very aggressive at caching deb packages and other artifacts that are known to not change over time
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "DEBOOTSTRAP_PROXY=http://localhost:3128/" >> ~/.mk-sbuild.rc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
$mirror = "cl.archive.ubuntu.com"; | |
$| = 1; | |
while (<>) { | |
@line = split; | |
$_ = $line[0]; | |
if (m/^http:\/\/((?:[a-z0-9]+\.)?archive\.ubuntu\.com)\/(.*)/ && | |
$1 ne $mirror) { | |
print "http://" . $mirror . "/" . $2 . "\n"; | |
} else { | |
print $_ . "\n"; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
acl localnet src 10.10.0.0/16 | |
acl localnet src 10.0.3.0/24 | |
acl localnet src 10.0.4.0/24 | |
acl localnet src 192.168.0.0/16 | |
acl localnet src 172.20.20.0/24 | |
acl SSL_ports port 443 | |
acl Safe_ports port 80 | |
acl Safe_ports port 21 | |
acl Safe_ports port 443 | |
acl Safe_ports port 70 | |
acl Safe_ports port 210 | |
acl Safe_ports port 1025-65535 | |
acl Safe_ports port 280 | |
acl Safe_ports port 488 | |
acl Safe_ports port 591 | |
acl Safe_ports port 777 | |
acl CONNECT method CONNECT | |
http_access deny !Safe_ports | |
http_access deny CONNECT !SSL_ports | |
http_access allow localhost manager | |
http_access deny manager | |
http_access allow localnet | |
http_access allow localhost | |
http_access deny all | |
http_port 3128 | |
maximum_object_size 12 GB | |
cache_dir ufs /zfs/squid 20000 16 256 | |
coredump_dir /zfs/squid | |
refresh_pattern ^ftp: 1440 20% 10080 | |
refresh_pattern ^gopher: 1440 0% 1440 | |
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
refresh_pattern (Release|InRelease|Packages\.bz2|Packages(.gz)*)$ 600 20% 2880 | |
refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 | |
refresh_pattern -i \.(sjson|json)$ 0 20% 3600 | |
refresh_pattern -i (boot-kernel|di-kernel|boot-initrd|di-initrd|root-image\.gz) 604800 100% 2592000 override-expire ignore-no-cache ignore-no-store ignore-private | |
refresh_pattern . 0 20% 4320 | |
cache_store_log /var/log/squid/store.log | |
cache_log /var/log/squid/cache.log | |
# url_rewrite_program /etc/squid/rewrite.pl |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment