Last active
August 1, 2022 14:13
-
-
Save mjs/bfcea2e87e9a603420d7b32d25704b65 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# listen on 127.0.0.1 so that apt on the host machine can use the cache | |
http_port 127.0.0.1:8888 | |
# listen on lxdbr0 addresses | |
http_port 10.0.8.1:8888 | |
http_port [fdc1:e6b1:6aac:99f5::1]:8888 | |
acl allowed_src_networks src "/etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl" | |
acl blockedpkgs urlpath_regex "/etc/squid-deb-proxy/autogenerated/pkg-blacklist-regexp.acl" | |
url_rewrite_program /etc/squid-deb-proxy/rewrite.pl | |
visible_hostname squid-deb-proxy | |
# we need a big cache, some debs are huge | |
maximum_object_size 512 MB | |
# use a different dir than stock squid and default to 40G | |
cache_dir aufs /var/cache/squid-deb-proxy 40000 16 256 | |
# use different logs | |
cache_access_log /var/log/squid-deb-proxy/access.log | |
cache_log /var/log/squid-deb-proxy/cache.log | |
cache_store_log /var/log/squid-deb-proxy/store.log | |
# tweaks to speed things up | |
cache_mem 200 MB | |
maximum_object_size_in_memory 10240 KB | |
# pid | |
pid_filename /var/run/squid-deb-proxy.pid | |
# refresh pattern for debs and udebs | |
refresh_pattern deb$ 129600 100% 129600 | |
refresh_pattern udeb$ 129600 100% 129600 | |
refresh_pattern tar.gz$ 129600 100% 129600 | |
refresh_pattern tar.xz$ 129600 100% 129600 | |
refresh_pattern tar.bz2$ 129600 100% 129600 | |
# always refresh Packages and Release files | |
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims | |
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims | |
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims | |
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims | |
# handle meta-release and changelogs.ubuntu.com special | |
# (fine to have this on debian too) | |
refresh_pattern changelogs.ubuntu.com\/.* 0 1% 1 | |
# only allow connects to ports for http, https | |
acl Safe_ports port 80 | |
acl Safe_ports port 443 563 | |
# only allow ports we trust | |
http_access deny !Safe_ports | |
# do not allow to download from the pkg blacklist | |
http_access deny blockedpkgs | |
# only allow access from selected source networks | |
http_access deny !allowed_src_networks | |
# allow access to all destinations (to support all mirrors and PPAs) | |
http_access allow all | |
# cache everything (to support all mirrors and PPAs) | |
cache allow all | |
# we don't want to clash with the squid netdb state file | |
netdb_filename stdio:/var/log/squid-deb-proxy/netdb.state |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment