squid-4/docker-squid/squid.conf.p2

47 lines
1.3 KiB
Plaintext

# TEMPLATED CONFIGURATION FILE. UPDATED ON EACH RUN.
# Default all logs to stdout and stderr
logfile_rotate 0
access_log stdio:/dev/stdout combined
cache_store_log stdio:/dev/stdout
cache_log /dev/stderr
netdb_filename stdio:/var/cache/squid4/netdb.state
# Visible hostname to allow multi-squid
visible_hostname {{VISIBLE_HOSTNAME|default:"docker-squid4"}}
{% if DISABLE_CACHE|default:"" != "yes" %}
# Cache directory is fixed since we'll bind mount.
cache_dir aufs /var/cache/squid4 {{MAX_CACHE_SIZE|default:"40000"}} 16 256
{% endif %}
maximum_object_size {{MAX_OBJECT_SIZE|default:"1536 MB"}}
cache_mem {{MEM_CACHE_SIZE|default:"128 MB"}}
tls_outgoing_options capath=/etc/ssl/certs \
options=NO_SSLv3,NO_TLSv1 \
cipher=ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
http_port {{HTTP_PORT}} {% if MITM_PROXY|default:"" == "yes" %} ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=4MB \
cert=/etc/squid4/ssl_cert/mitm.crt \
key=/etc/squid4/ssl_cert/mitm.pem
{% endif %}
{% if MITM_PROXY|default:"" == "yes" %}
ssl_bump server-first all
{% endif %}
{% if ICP_PORT|default:"" != "" %}
icp_port {{ICP_PORT}}
icp_access allow all
{% endif %}
{% if HTCP_PORT|default:"" != "" %}
htcp_port {{HTCP_PORT}}
htcp_access allow all
{% endif %}
http_access allow all