fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
812 Commits
1 Branch
0 Tags
7.5 MiB
 
 
 
 
 
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
ansible-roles/roles/squid/templates/squid.conf.j2

96 lines
3.6 KiB
Raw Permalink Blame History

{% for port in squid_http_ports %}
http_port {% if port.ip is defined %}{{ port.ip }}:{% endif %}{{ port.port }}{% if port.mode is defined %} {{ port.mode }}{% endif %}{% if port.options is defined %} {{ port.options | join(' ') }}{% endif %}
{% endfor %}
{% for port in squid_https_ports %}
https_port {% if port.ip is defined %}{{ port.ip }}:{% endif %}{{ port.port }}{% if port.mode is defined %} {{ port.mode }}{% endif %}{% if port.options is defined %} {{ port.options | join(' ') }}{% endif %}
{% endfor %}
logformat human %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
access_log daemon:/var/log/squid/access.log human
# Don't cache repo metadata
acl repomd url_regex /repomd\.xml$
cache deny repomd
{% if squid_no_cache | length > 0 %}
{% for item in squid_no_cache %}
acl no_cache url_regex {{ item }}
{% endfor %}
# Disable cache for specific URL
cache deny no_cache
{% endif %}
{% for acl in squid_acl %}
{% if acl['items'] | length < 1 %}
# Create an empty ACL
acl {{ acl.name }} {{ acl.type }}
{% else %}
{% for item in acl['items'] %}
acl {{ acl.name }} {{ acl.type }} {{ item }}
{% endfor %}
{% endif %}
{% endfor %}
{% for access in squid_http_access | sort(attribute='priority') %}
http_access {{ access.policy }} {{ access.match is string | ternary(access.match,access.match | join(' ')) }}
{% endfor %}
# Default deny all access
http_access deny all
{% for rule in squid_ssl_bump | sort(attribute='priority') %}
ssl_bump {{ rule.policy }} {{ rule.match is string | ternary(rule.match,rule.match | join(' ')) }}
{% endfor %}
cache_mgr {{ squid_admin_email | default(system_admin_email) | default('admin@' + ansible_domain) }}
client_lifetime 60 minutes
{% if squid_disk_cache %}
cache_dir aufs /var/spool/squid {{ squid_disk_cache_size }} 16 256
{% endif %}
cache_mem {{ squid_mem_cache_size }} MB
range_offset_limit 200 MB sys_domains sys_urls
maximum_object_size {{ squid_max_object_size }} MB
quick_abort_min -1
max_filedesc 8192
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
{% if squid_scan_av %}
icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squidclamav bypass=off
adaptation_access service_avi_req allow !admins_src !local_whitelist_domains !local_whitelist_urls !no_av_scan_req av_src
icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squidclamav bypass=on
adaptation_access service_avi_resp allow !admins_src !local_whitelist_domains !local_whitelist_urls !no_av_scan_rep av_src
{% endif %}
{% if squid_filter_url %}
url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
url_rewrite_program /usr/sbin/ufdbgclient -m 4 -l /var/log/squid/
url_rewrite_children 16 startup=8 idle=2 concurrency=4
{% endif %}
# Refresh patterns
# For package repo
refresh_pattern (Release|Packages(.gz)?)$ 0 20% 1440
refresh_pattern ((sqlite.bz2)*)$ 0 20% 1440
refresh_pattern (\.deb|\.udeb)$ 10080 100% 20160
refresh_pattern (\.rpm|\.srpm)$ 10080 100% 20160
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
# Default refresh pattern
refresh_pattern . 0 20% 4320
{{ squid_custom_config }}