mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 11:42:08 +00:00
54 lines
2.1 KiB
Django/Jinja
54 lines
2.1 KiB
Django/Jinja
# This is /etc/squid/squid.conf <- roles/network/templates/squid/squid.conf.j2
|
|
|
|
# 2021-08-16 IIAB PR #2948 - April 2007 OLPC School Server legacy moved to:
|
|
# https://github.com/iiab/iiab/blob/master/roles/network/templates/squid/squid-iiab.conf.j2.unused
|
|
|
|
http_port 3129
|
|
http_port 3128 intercept
|
|
|
|
# Some measure of privacy: mask off the lowest byte of logged IP addresses
|
|
client_netmask 255.255.255.0
|
|
|
|
# https://wiki.squid-cache.org/Features/CacheManager
|
|
# https://wiki.squid-cache.org/SquidFaq/SecurityPitfalls#The_manager_ACLs
|
|
http_access allow localhost manager
|
|
http_access deny manager
|
|
|
|
# 2021-08-16: Squid's auto-creation of cache_dir (or the old way, 'squid -z')
|
|
# don't work well in recent years. So we do it manually, as explained here:
|
|
# https://github.com/iiab/iiab/blob/master/roles/network/tasks/squid.yml#L17-L45
|
|
|
|
# Where is the cache stored on disk? http://www.squid-cache.org/Doc/config/cache_dir/
|
|
#
|
|
# Type (ufs, aufs, or COSS)
|
|
# | Where
|
|
# | | Size (in MB)
|
|
# | | |
|
|
# | | | L1 (directories)
|
|
# | | | | L2 (directories)
|
|
# | | | | |
|
|
#cache_dir aufs /library/cache 20000 32 256
|
|
cache_dir ufs /library/cache 200 16 128
|
|
# Remove the line above IF YOU WANT SQUID'S CACHE IN MEMORY INSTEAD OF DISK!
|
|
|
|
{% if gw_squid_whitelist %}
|
|
#acl allow_src_ips src "/etc/squid/allow_src_ips"
|
|
acl allow_dst_domains dstdomain "/etc/squid/allow_dst_domains"
|
|
acl allow_url_regexs url_regex -i "/etc/squid/allow_url_regexs"
|
|
#acl allow_dst_ips dst "/etc/squid/allow_dst_ips"
|
|
#acl deny_url_regexs url_regex -i "/etc/squid/deny_url_regexs"
|
|
#acl deny_dst_ips src "/etc/squid/deny_dst_ips"
|
|
|
|
#http_access allow allow_src_ips
|
|
http_access allow allow_dst_domains
|
|
http_access allow allow_url_regexs
|
|
#http_access allow allow_dst_ips
|
|
#http_access deny deny_url_regexs
|
|
#http_access deny deny_dst_ips
|
|
{% endif %}
|
|
|
|
# 2021-08-16: DEFAULTS HAPPEN ANYWAY
|
|
# http_access deny all
|
|
# access_log /var/log/squid/access.log
|
|
# cache_log /var/log/squid/cache.log
|
|
# pid_filename /var/run/squid.pid
|