apt cacher for debian
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

68 lines
1.9 KiB

  1. version: "3.7"
  2. services:
  3. squid-4:
  4. deploy:
  5. placement:
  6. constraints: [node.labels.com.sigyl.git-stack == yes]
  7. replicas: 1
  8. restart_policy:
  9. condition: any
  10. image: sigyl/squid-4:1.1.0
  11. environment:
  12. - MITM_PROXY=yes
  13. - HTTP_PORT=3128
  14. - MITM_CERT=/run/secrets/ca.crt
  15. - MITM_KEY=/run/secrets/ca.key
  16. - VISIBLE_HOSTNAME=$LOCAL_DOMAIN
  17. - >
  18. EXTRA_CONFIG1=tls_outgoing_options
  19. capath=/etc/ssl/certs
  20. options=NO_SSLv3,NO_TLSv1 min-version=1.2
  21. # - EXTRA_CONFIG2=sslproxy_cipher ECDHE+ECDSA+AESGCM:ECDHE+RSA+AESGCM:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM #:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
  22. # these are basically to make everything canched
  23. - 'EXTRA_CONFIG2=refresh_pattern ^http: 999999999 1000000000% 999999999 override-expire'
  24. - 'EXTRA_CONFIG3=refresh_pattern ^https: 999999999 1000000000% 999999999 override-expire'
  25. - EXTRA_CONFIG4= acl no_cache_domains dstdomain auth.docker.io
  26. - EXTRA_CONFIG5=cache deny no_cache_domains
  27. volumes:
  28. - squid-4-cache:/var/cache/squid4
  29. ports:
  30. - 3128:3128
  31. networks:
  32. - appnet
  33. - externalnet
  34. secrets:
  35. - ca.crt
  36. - ca.key
  37. squid-deb:
  38. deploy:
  39. placement:
  40. constraints: [node.labels.com.sigyl.git-stack == yes]
  41. replicas: 1
  42. restart_policy:
  43. condition: any
  44. image: sigyl/squid-deb-proxy:1.0.0
  45. volumes:
  46. - squid-deb-cache:/cachedir
  47. ports:
  48. - 8000:8000
  49. networks:
  50. - appnet
  51. - externalnet
  52. volumes:
  53. squid-4-cache:
  54. squid-deb-cache:
  55. networks:
  56. appnet:
  57. driver: overlay
  58. externalnet:
  59. driver: overlay
  60. external: true
  61. secrets:
  62. 'ca.crt':
  63. file: .secrets/ca.crt
  64. 'ca.key':
  65. file: .secrets/ca.key