You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
3.6 KiB
94 lines
3.6 KiB
{% for port in squid_http_ports %}
|
|
http_port {% if port.ip is defined %}{{ port.ip }}:{% endif %}{{ port.port }}{% if port.mode is defined %} {{ port.mode }}{% endif %}{% if port.options is defined %} {{ port.options | join(' ') }}{% endif %}
|
|
|
|
{% endfor %}
|
|
{% for port in squid_https_ports %}
|
|
https_port {% if port.ip is defined %}{{ port.ip }}:{% endif %}{{ port.port }}{% if port.mode is defined %} {{ port.mode }}{% endif %}{% if port.options is defined %} {{ port.options | join(' ') }}{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
logformat human %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
|
|
access_log daemon:/var/log/squid/access.log human
|
|
|
|
# Don't cache repo metadata
|
|
acl repomd url_regex /repomd\.xml$
|
|
cache deny repomd
|
|
{% if squid_no_cache | length > 0 %}
|
|
{% for item in squid_no_cache %}
|
|
acl no_cache url_regex {{ item }}
|
|
{% endfor %}
|
|
# Disable cache for specific URL
|
|
cache deny no_cache
|
|
{% endif %}
|
|
|
|
{% for acl in squid_acl %}
|
|
{% if acl['items'] | length < 1 %}
|
|
# Create an empty ACL
|
|
acl {{ acl.name }} {{ acl.type }}
|
|
{% else %}
|
|
{% for item in acl['items'] %}
|
|
acl {{ acl.name }} {{ acl.type }} {{ item }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
{% for access in squid_http_access | sort(attribute='priority') %}
|
|
http_access {{ access.policy }} {{ access.match is string | ternary(access.match,access.match | join(' ')) }}
|
|
{% endfor %}
|
|
|
|
# Default deny all access
|
|
http_access deny all
|
|
|
|
{% for rule in squid_ssl_bump | sort(attribute='priority') %}
|
|
ssl_bump {{ rule.policy }} {{ rule.match is string | ternary(rule.match,rule.match | join(' ')) }}
|
|
{% endfor %}
|
|
|
|
cache_mgr {{ squid_admin_email | default(system_admin_email) | default('admin@' + ansible_domain) }}
|
|
|
|
client_lifetime 60 minutes
|
|
|
|
{% if squid_disk_cache %}
|
|
cache_dir aufs /var/spool/squid {{ squid_disk_cache_size }} 16 256
|
|
{% endif %}
|
|
cache_mem {{ squid_mem_cache_size }} MB
|
|
|
|
range_offset_limit 200 MB sys_domains sys_urls
|
|
maximum_object_size {{ squid_max_object_size }} MB
|
|
quick_abort_min -1
|
|
|
|
max_filedesc 8192
|
|
|
|
icap_enable on
|
|
icap_send_client_ip on
|
|
icap_send_client_username on
|
|
icap_client_username_encode off
|
|
icap_client_username_header X-Authenticated-User
|
|
icap_preview_enable on
|
|
icap_preview_size 1024
|
|
|
|
{% if squid_scan_av %}
|
|
icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squidclamav bypass=off
|
|
adaptation_access service_avi_req allow !admins_src !local_whitelist_domains !local_whitelist_urls !no_av_scan_req av_src
|
|
icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squidclamav bypass=on
|
|
adaptation_access service_avi_resp allow !admins_src !local_whitelist_domains !local_whitelist_urls !no_av_scan_rep av_src
|
|
{% endif %}
|
|
|
|
{% if squid_filter_url %}
|
|
url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
|
|
url_rewrite_program /usr/sbin/ufdbgclient -m 4 -l /var/log/squid/
|
|
url_rewrite_children 16 startup=8 idle=2 concurrency=4
|
|
{% endif %}
|
|
|
|
# Refresh patterns
|
|
# For package repo
|
|
refresh_pattern (Release|Packages(.gz)?)$ 0 20% 1440
|
|
refresh_pattern ((sqlite.bz2)*)$ 0 20% 1440
|
|
refresh_pattern (\.deb|\.udeb)$ 10080 100% 20160
|
|
refresh_pattern (\.rpm|\.srpm)$ 10080 100% 20160
|
|
|
|
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
|
|
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
|
|
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
|
|
|
|
# Default refresh pattern
|
|
refresh_pattern . 0 20% 4320
|
|
|