# WELCOME TO SQUID DEB PROXY # ------------------ # # This config file is a version of a squid proxy file optimized # as a configuration for a caching proxy for Ubuntu systems. # # More information about squid and its configuration can be found here # http://www.squid-cache.org/ and in the FAQ # settings that you may want to customize # --------------------------------------- # this file contains private networks (10.0.0.0/8, 172.16.0.0/12, # 192.168.0.0/16) by default, you can add/remove additional allowed # source networks in it to customize it for your setup acl allowed_networks src "/etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl" # this file contains the *archive.ubuntu.com mirrors by default, # if you use a different mirror, add it there acl to_ubuntu_mirrors dstdomain "/etc/squid-deb-proxy/autogenerated/mirror-dstdomain.acl" # this contains the package blacklist acl blockedpkgs urlpath_regex "/etc/squid-deb-proxy/autogenerated/pkg-blacklist-regexp.acl" # default to a different port than stock squid http_port 8000 # ------------------------------------------------- # settings below probably do not need customization # user visible name visible_hostname squid-deb-proxy # we need a big cache, some debs are huge maximum_object_size 512 MB # use a different dir than stock squid and default to 40G cache_dir ufs /var/cache/squid-deb-proxy 40000 16 256 # use different logs cache_access_log /var/log/squid-deb-proxy/access.log cache_log /var/log/squid-deb-proxy/cache.log cache_store_log /var/log/squid-deb-proxy/store.log # tweaks to speed things up cache_mem 200 MB maximum_object_size_in_memory 10240 KB # pid pid_filename /var/run/squid-deb-proxy.pid # refresh pattern for debs and udebs refresh_pattern deb$ 129600 100% 129600 refresh_pattern udeb$ 129600 100% 129600 refresh_pattern tar.gz$ 129600 100% 129600 # handle meta-release and changelogs.ubuntu.com special refresh_pattern changelogs.ubuntu.com/* 0 1% 1 refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz)$ 0 0% 0 #refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz)$ 0 0% 0 # default acl acl all src all acl localhost src 127.0.0.1/32 # only allow connects to ports for http, https acl Safe_ports port 80 acl Safe_ports port 443 563 # only allow ports we trust http_access deny !Safe_ports # do not allow to download from the pkg blacklist http_access deny blockedpkgs # allow access only to official ubuntu mirrors # uncomment the third and fouth line to permit any unlisted domain http_access deny !to_ubuntu_mirrors #http_access allow !to_ubuntu_mirrors # don't cache domains not listed in the mirrors file # uncomment the third and fourth line to cache any unlisted domains cache deny !to_ubuntu_mirrors #cache allow !to_ubuntu_mirrors # allow access from our network and localhost http_access allow allowed_networks # And finally deny all other access to this proxy http_access deny all