47 lines
1.3 KiB
Plaintext
47 lines
1.3 KiB
Plaintext
# TEMPLATED CONFIGURATION FILE. UPDATED ON EACH RUN.
|
|
|
|
# Default all logs to stdout and stderr
|
|
logfile_rotate 0
|
|
access_log stdio:/dev/stdout combined
|
|
cache_store_log stdio:/dev/stdout
|
|
cache_log /dev/stderr
|
|
netdb_filename stdio:/var/cache/squid4/netdb.state
|
|
|
|
# Visible hostname to allow multi-squid
|
|
visible_hostname {{VISIBLE_HOSTNAME|default:"docker-squid4"}}
|
|
|
|
{% if DISABLE_CACHE|default:"" != "yes" %}
|
|
# Cache directory is fixed since we'll bind mount.
|
|
cache_dir aufs /var/cache/squid4 {{MAX_CACHE_SIZE|default:"40000"}} 16 256
|
|
{% endif %}
|
|
|
|
maximum_object_size {{MAX_OBJECT_SIZE|default:"1536 MB"}}
|
|
cache_mem {{MEM_CACHE_SIZE|default:"128 MB"}}
|
|
|
|
tls_outgoing_options capath=/etc/ssl/certs \
|
|
options=NO_SSLv3,NO_TLSv1 \
|
|
cipher=ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
|
|
|
|
http_port {{HTTP_PORT}} {% if MITM_PROXY|default:"" == "yes" %} ssl-bump \
|
|
generate-host-certificates=on \
|
|
dynamic_cert_mem_cache_size=4MB \
|
|
cert=/etc/squid4/ssl_cert/mitm.crt \
|
|
key=/etc/squid4/ssl_cert/mitm.pem
|
|
{% endif %}
|
|
|
|
{% if MITM_PROXY|default:"" == "yes" %}
|
|
ssl_bump server-first all
|
|
{% endif %}
|
|
|
|
{% if ICP_PORT|default:"" != "" %}
|
|
icp_port {{ICP_PORT}}
|
|
icp_access allow all
|
|
{% endif %}
|
|
|
|
{% if HTCP_PORT|default:"" != "" %}
|
|
htcp_port {{HTCP_PORT}}
|
|
htcp_access allow all
|
|
{% endif %}
|
|
|
|
http_access allow all
|