source: n4d-proxy/trunk/fuentes/install.n4d-proxy/usr/share/n4d/templates/squid/squid.conf @ 1176

Last change on this file since 1176 was 1176, checked in by mabarracus, 4 years ago

Fix squid.conf template to use dns_nameserver with ip instead dnsname, fixes navigation in clients avoiding "idnsSendQuery: Can't send query, no DNS nameservers known!" error

File size: 2.7 KB
Line 
1### BEGIN LLIUREX_CHANGES ###
2# /etc/squid/squid.conf
3#
4######################################################
5##       Some sections of this file are             ##
6## AUTOMATICALLY GENERATED or MODIFIED by LliureX,  ##
7######################################################
8##
9#
10http_port {{ SRV_IP }}:{{ PROXY_HTTP_PORT }}
11http_port 127.0.0.1:{{ PROXY_HTTP_PORT }}
12visible_hostname {{ PROXY_HOST }}
13dns_nameservers 127.0.0.1
14# enabling single-word hostnames resolution
15dns_defnames on
16#enabling ipv4 resolution first
17dns_v4_first on
18acl SSL_ports port "/etc/squid/lliurex/allow-SSL-ports.conf"
19acl our_networks src "/etc/squid/lliurex/allow-src-networks.conf"
20acl allow_dst dst "/etc/squid/lliurex/allow-dst-networks.conf"
21acl deny_dst dst "/etc/squid/lliurex/deny-dst-networks.conf"
22acl allow_domain dstdomain "/etc/squid/lliurex/allow-dst-domains.conf"
23acl deny_domain dstdomain "/etc/squid/lliurex/deny-dst-domains.conf"
24acl deny_domain_expr dstdom_regex "/etc/squid/lliurex/deny-dst-domains-expr.conf"
25
26
27acl HOSTS dst "/etc/squid/lliurex/no_cache_networks.conf"
28no_cache deny HOSTS
29deny_info http://{{ PROXY_HOST }}/lliurex-proxy/deny allow_dst
30deny_info http://{{ PROXY_HOST }}/lliurex-proxy/deny deny_dst
31# set cache dir size in MB in 16 folders with 256 subfolders, aufs--> multithread with POSIX threads mode
32cache_dir aufs /var/spool/squid 4000 16 256
33# set the RAM memory used by squid (recommends 1/3 of total ram memory)
34cache_mem 512 MB
35# objects bigger than this size aren't stored in cache
36maximum_object_size {{ PROXY_MAX_FILE_SIZE }} KB
37pid_filename /var/run/squid.pid
38
39
40#acl manager proto cache_object
41acl localhost src 127.0.0.1/32
42acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
43
44acl Safe_ports port 80           # http
45acl Safe_ports port 21           # ftp
46acl Safe_ports port 443          # https
47acl Safe_ports port 70           # gopher
48acl Safe_ports port 210          # wais
49acl Safe_ports port 1025-65535   # unregistered ports
50acl Safe_ports port 280          # http-mgmt
51acl Safe_ports port 488          # gss-http
52acl Safe_ports port 591          # filemaker
53acl Safe_ports port 777          # multiling http
54acl CONNECT method CONNECT
55
56http_access deny manager
57
58http_access deny CONNECT !SSL_ports
59
60http_access allow allow_dst
61http_access deny deny_dst
62http_access deny deny_domain
63http_access deny deny_domain_expr
64http_access allow allow_domain
65http_access deny !Safe_ports
66http_access allow our_networks
67http_access allow localhost
68http_access deny all
69
70icp_access deny all
71
72access_log /var/log/squid/access.log squid
73
74refresh_pattern ^ftp:           1440  20%       10080
75refresh_pattern ^gopher:        1440   0%       1440
76refresh_pattern (cgi-bin|\?)    0      0%       0
77refresh_pattern .               00    20%       4320
78
79icp_port 3130
80
81coredump_dir /var/spool/squid
Note: See TracBrowser for help on using the repository browser.