source: n4d-proxy/trunk/fuentes/install.n4d-proxy/usr/share/n4d/templates/squid/squid.conf

Last change on this file was 5079, checked in by hectorgh, 4 years ago

using resolv.conf as a resolver instead of dns server ip

File size: 2.7 KB
Line 
1### BEGIN LLIUREX_CHANGES ###
2# /etc/squid/squid.conf
3#
4######################################################
5##       Some sections of this file are             ##
6## AUTOMATICALLY GENERATED or MODIFIED by LliureX,  ##
7######################################################
8##
9#
10http_port {{ SRV_IP }}:{{ PROXY_HTTP_PORT }}
11http_port 127.0.0.1:{{ PROXY_HTTP_PORT }}
12visible_hostname {{ PROXY_HOST }}
13
14# Use /etc/resolv.conf instead
15#dns_nameservers 127.0.0.1
16
17# enabling single-word hostnames resolution
18dns_defnames on
19#enabling ipv4 resolution first
20dns_v4_first on
21acl SSL_ports port "/etc/squid/lliurex/allow-SSL-ports.conf"
22acl our_networks src "/etc/squid/lliurex/allow-src-networks.conf"
23acl allow_dst dst "/etc/squid/lliurex/allow-dst-networks.conf"
24acl deny_dst dst "/etc/squid/lliurex/deny-dst-networks.conf"
25acl allow_domain dstdomain "/etc/squid/lliurex/allow-dst-domains.conf"
26acl deny_domain dstdomain "/etc/squid/lliurex/deny-dst-domains.conf"
27acl deny_domain_expr dstdom_regex "/etc/squid/lliurex/deny-dst-domains-expr.conf"
28
29
30acl HOSTS dst "/etc/squid/lliurex/no_cache_networks.conf"
31no_cache deny HOSTS
32deny_info http://{{ PROXY_HOST }}/lliurex-proxy/deny allow_dst
33deny_info http://{{ PROXY_HOST }}/lliurex-proxy/deny deny_dst
34# set cache dir size in MB in 16 folders with 256 subfolders, aufs--> multithread with POSIX threads mode
35cache_dir aufs /var/spool/squid 4000 16 256
36# set the RAM memory used by squid (recommends 1/3 of total ram memory)
37cache_mem 512 MB
38# objects bigger than this size aren't stored in cache
39maximum_object_size {{ PROXY_MAX_FILE_SIZE }} KB
40pid_filename /var/run/squid.pid
41
42
43#acl manager proto cache_object
44acl localhost src 127.0.0.1/32
45acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
46
47acl Safe_ports port 80           # http
48acl Safe_ports port 21           # ftp
49acl Safe_ports port 443          # https
50acl Safe_ports port 70           # gopher
51acl Safe_ports port 210          # wais
52acl Safe_ports port 1025-65535   # unregistered ports
53acl Safe_ports port 280          # http-mgmt
54acl Safe_ports port 488          # gss-http
55acl Safe_ports port 591          # filemaker
56acl Safe_ports port 777          # multiling http
57acl CONNECT method CONNECT
58
59http_access deny manager
60
61http_access deny CONNECT !SSL_ports
62
63http_access allow allow_dst
64http_access deny deny_dst
65http_access deny deny_domain
66http_access deny deny_domain_expr
67http_access allow allow_domain
68http_access deny !Safe_ports
69http_access allow our_networks
70http_access allow localhost
71http_access deny all
72
73icp_access deny all
74
75access_log /var/log/squid/access.log squid
76
77refresh_pattern ^ftp:           1440  20%       10080
78refresh_pattern ^gopher:        1440   0%       1440
79refresh_pattern (cgi-bin|\?)    0      0%       0
80refresh_pattern .               00    20%       4320
81
82icp_port 3130
83
84coredump_dir /var/spool/squid
Note: See TracBrowser for help on using the repository browser.