# squid.conf # To be used for Spacewalk Proxy servers. # http_port 8080 cache_mem 400 MB maximum_object_size 200 MB maximum_object_size_in_memory 1024 KB access_log /var/log/squid/access.log squid # Size should be about 60% of your free space cache_dir ufs /var/cache/squid 15000 16 256 # Average object size, used to estimate number of objects your # cache can hold. The default is 13 KB. store_avg_object_size 817 KB # We want to keep the largest objects around longer, and just download the smaller objects if we can. cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF # cache repodata only few minutes and then query parent whether it is fresh refresh_pattern /XMLRPC/GET-REQ/.*/repodata/.*$ 0 1% 1440 reload-into-ims refresh-ims refresh_pattern /ks/.*/repodata/.*$ 0 1% 1440 reload-into-ims refresh-ims # salt minions get the repodata via a different URL refresh_pattern /rhn/manager/download/.*/repodata/.*$ 0 1% 1440 reload-into-ims refresh-ims # bootstrap repos needs to be handled as well refresh_pattern /pub/repositories/.*/repodata/.*$ 0 1% 1440 reload-into-ims refresh-ims # rpm will hardly ever change, force to cache it for very long time refresh_pattern \.rpm$ 10080 100% 525600 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern \.deb$ 10080 100% 525600 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern . 0 100% 525600 # secure squid # allow request only from localhost and to http and https ports acl all src 0.0.0.0/0.0.0.0 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all icp_access allow all miss_access allow all # if transport is canceled, finish downloading anyway quick_abort_pct -1 quick_abort_min -1 KB # when range is required, download whole file anyway # when we request rpm header, we will nearly always get # request for the rest of the file range_offset_limit none # we download only from 1 server, default is 1024 # which is too much for us fqdncache_size 4