# WELCOME TO SQUID DEB PROXY # ------------------ # # This config file is a version of a squid proxy file optimized # as a configuration for a caching proxy for Ubuntu systems. # # More information about squid and its configuration can be found here # http://www.squid-cache.org/ and in the FAQ # settings that you may want to customize # --------------------------------------- # this file contains private networks (10.0.0.0/8, 172.16.0.0/12, # 192.168.0.0/16) by default, you can add/remove additional allowed # source networks in it to customize it for your setup acl allowed_networks src "/etc/squid-deb-proxy/allowed-networks-src.acl" # this file contains the *archive.ubuntu.com mirrors by default, # if you use a different mirror, add it there acl to_ubuntu_mirrors dstdomain "/etc/squid-deb-proxy/mirror-dstdomain.acl" # default to a different port than stock squid http_port 127.0.0.1:8000 # force outgoing IPv4 # tcp_outgoing_address 192.168.1.17 # ------------------------------------------------- # settings below probably do not need customization # user visible name visible_hostname squid-deb-proxy # quicker - and non-graceful - shutdown shutdown_lifetime 1 seconds # we need a big cache, some debs are huge maximum_object_size 512 MB # use a different dir than stock squid and default to 10G cache_dir aufs /var/cache/squid-deb-proxy 10000 16 256 # use different logs cache_access_log /var/log/squid-deb-proxy/access.log cache_log /var/log/squid-deb-proxy/cache.log cache_store_log /var/log/squid-deb-proxy/store.log # tweaks to speed things up cache_mem 1024 MB maximum_object_size_in_memory 10240 KB # write the PID in a directory writable by proxy user pid_filename /var/run/squid-deb-proxy/squid-deb-proxy.pid cache_replacement_policy heap LFUDA # refresh patterns refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern deb$ 129600 100% 129600 refresh_pattern udeb$ 129600 100% 129600 refresh_pattern tar.gz$ 129600 100% 129600 refresh_pattern DiffIndex$ 0 20% 4320 refresh-ims refresh_pattern PackagesIndex$ 0 20% 4320 refresh-ims refresh_pattern Packages\.bz2$ 0 20% 4320 refresh-ims refresh_pattern Packages\.gz$ 0 20% 4320 refresh-ims refresh_pattern Packages\.lzma$ 0 20% 4320 refresh-ims refresh_pattern SourcesIndex$ 0 20% 4320 refresh-ims refresh_pattern Sources\.bz2$ 0 20% 4320 refresh-ims refresh_pattern Sources\.gz$ 0 20% 4320 refresh-ims refresh_pattern Sources\.lzma$ 0 20% 4320 refresh-ims refresh_pattern Release$ 0 20% 4320 refresh-ims refresh_pattern Release\.gpg$ 0 20% 4320 refresh-ims refresh_pattern Translation-en\.bzip2$ 0 20% 4320 refresh-ims refresh_pattern Translation-en\.bz2$ 0 20% 4320 refresh-ims refresh_pattern Translation-en\.gz$ 0 20% 4320 refresh-ims refresh_pattern Translation-en\.lzma$ 0 20% 4320 refresh-ims refresh_pattern Translation-fr\.bzip2$ 0 20% 4320 refresh-ims refresh_pattern Translation-fr\.bz2$ 0 20% 4320 refresh-ims refresh_pattern Translation-fr\.gz$ 0 20% 4320 refresh-ims refresh_pattern Translation-fr\.lzma$ 0 20% 4320 refresh-ims refresh_pattern . 0 20% 4320 # handle meta-release and changelogs.ubuntu.com special refresh_pattern changelogs.ubuntu.com/* 0 1% 1 # see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499379 refresh_all_ims on # default acl acl all src all acl localhost src 127.0.0.1/32 acl manager proto cache_object acl purge method PURGE # only allow connects to ports for http, https acl Safe_ports port 80 acl Safe_ports port 443 # Only allow cachemgr access from localhost http_access deny manager !localhost http_access deny purge !localhost # Password for the cachemgr # cachemgr_passwd secret all # only allow port we trust http_access deny !Safe_ports # and only to ubuntu http_access deny !to_ubuntu_mirrors # allow access from our network and localhost http_access allow allowed_networks http_access allow localhost # And finally deny all other access to this proxy http_access deny all ## Offline mode # offline_mode on # connect_timeout 10 seconds # dns_timeout 10 seconds