commit | author | age
|
181529
|
1 |
|
L |
2 |
# This configuration file requires squid 2.5+. It is untested with squid 3.x. |
|
3 |
|
|
4 |
# BASIC CONFIGURATION |
|
5 |
# ------------------------------------------------------------------------------ |
|
6 |
|
|
7 |
visible_hostname {server_name} |
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
# port on which to listen |
|
12 |
|
|
13 |
http_port {ip_address}:80 vhost defaultsite={server_name} |
|
14 |
|
|
15 |
|
|
16 |
# set cache directory and size (1000 MB) - be sure to set the cache size to |
|
17 |
# about 10% less than the physical space available to leave room for squid's |
|
18 |
# swap files and other temp files |
|
19 |
cache_dir ufs /var/spool/squid 100 16 256 |
|
20 |
cache_mgr webmaster@{server_name} |
|
21 |
|
|
22 |
|
|
23 |
|
|
24 |
|
|
25 |
# LOGS |
|
26 |
# ------------------------------------------------------------------------------ |
|
27 |
log_icp_queries off |
|
28 |
cache_access_log /var/log/squid/access.log |
|
29 |
cache_log /var/log/squid/cache.log |
|
30 |
cache_store_log /var/log/squid/store.log |
|
31 |
cache_effective_user nobody |
|
32 |
cache_effective_group nogroup |
|
33 |
# emulate_httpd_log off |
|
34 |
|
|
35 |
|
|
36 |
# RESOURCES |
|
37 |
# ------------------------------------------------------------------------------ |
|
38 |
# amount of memory used for caching recently accessed objects - defaults to 8 MB |
|
39 |
cache_mem 64 MB |
|
40 |
maximum_object_size 10 MB # max cached object size |
|
41 |
maximum_object_size_in_memory 300 KB # max cached-in-memory object size |
|
42 |
|
|
43 |
|
|
44 |
# ACCESS CONTROL |
|
45 |
# ------------------------------------------------------------------------------ |
|
46 |
|
|
47 |
# Basic ACLs |
|
48 |
acl all src 0.0.0.0/0.0.0.0 |
|
49 |
acl localhost src 127.0.0.1/32 |
|
50 |
acl ssl_ports port 443 563 |
|
51 |
acl safe_ports port 80 443 |
|
52 |
|
|
53 |
acl openvz_instances src 192.168.1.0/24 |
|
54 |
acl squid_server src localhost |
|
55 |
acl manager proto cache_object |
|
56 |
acl connect method connect |
|
57 |
|
|
58 |
|
|
59 |
# deny requests to unknown ports |
|
60 |
http_access deny !safe_ports |
|
61 |
|
|
62 |
acl accelerated_protocols proto http https |
|
63 |
acl accelerated_domains dstdomain url_regex -i "{config_dir}/domains.txt" |
|
64 |
acl accelerated_ports myport 80 443 |
|
65 |
|
|
66 |
http_access allow accelerated_domains |
|
67 |
http_access allow accelerated_ports |
|
68 |
http_access allow accelerated_protocols |
|
69 |
|
|
70 |
|
|
71 |
acl purge method PURGE |
|
72 |
http_access allow squid_server purge |
|
73 |
http_access allow openvz_instances purge |
|
74 |
http_access deny purge |
|
75 |
|
|
76 |
# Reply access |
|
77 |
http_reply_access allow all |
|
78 |
|
|
79 |
# Cache manager setup - cache manager can only connect from localhost |
|
80 |
# only allow cache manager access from localhost |
|
81 |
http_access allow manager localhost |
|
82 |
http_access deny manager |
|
83 |
# deny connect to other than ssl ports |
|
84 |
http_access deny connect !ssl_ports |
|
85 |
|
|
86 |
# ICP access - anybody can access icp methods |
|
87 |
icp_access allow localhost |
|
88 |
|
|
89 |
# And finally deny all other access to this proxy |
|
90 |
http_access deny all |
|
91 |
|
|
92 |
|
|
93 |
# CACHE PEERS |
|
94 |
# ------------------------------------------------------------------------------ |
|
95 |
|
|
96 |
# CONFIGURE THE CACHE PEERS. FIRST PORT IS THE HTTP PORT, SECOND PORT |
|
97 |
# IS THE ICP PORT. REMEMBER TO ENABLE 'icp-server' ON YOUR 'zope.conf' |
|
98 |
# LISTENING ON THE ICP PORT YOU USE HERE. |
|
99 |
# acl in_backendpool dstdomain backendpool |
|
100 |
# cache_peer 127.0.0.1 parent 8080 9090 no-digest no-netdb-exchange |
|
101 |
# cache_peer 192.168.0.3 parent 8081 9091 no-digest no-netdb-exchange |
|
102 |
|
|
103 |
# cache_peer_access 127.0.0.1 allow in_backendpool |
|
104 |
# cache_peer_access 127.0.0.1 deny all |
|
105 |
|
|
106 |
# cache_peer_access 192.168.0.3 allow in_backendpool |
|
107 |
# cache_peer_access 192.168.0.3 deny all |
|
108 |
|
|
109 |
# IF YOU NEED TO FORWARD REQUESTS TO HOSTS NOT IN THE POOL THIS IS |
|
110 |
# WHERE YOU ALLOW THE TARGET DOMAINS |
|
111 |
# acl local_servers dstdomain some.mysite.com other.mysite.com |
|
112 |
always_direct allow all |
|
113 |
|
|
114 |
# THE FOLLOWING DIRECTIVE IS NEEDED TO MAKE 'backendpool' RESOLVE TO |
|
115 |
# THE POOL OF CACHE PEERS. |
|
116 |
# never_direct allow all |
|
117 |
# icp_access allow all |
|
118 |
|
|
119 |
# PROXY ON, NEEDED TO MAKE CACHE PEERS INTERCOMMUNICATE |
|
120 |
# httpd_accel_with_proxy on |
|
121 |
|
|
122 |
|
|
123 |
# REDIRECTOR PROGRAM |
|
124 |
# ------------------------------------------------------------------------------ |
|
125 |
|
|
126 |
|
|
127 |
url_rewrite_program {config_dir}/iRedirector.py |
|
128 |
url_rewrite_children 1 |
|
129 |
url_rewrite_concurrency 20 |
|
130 |
url_rewrite_host_header off |
|
131 |
|
|
132 |
|
|
133 |
# SPECIFY WHAT REQUESTS SQUID SHOULD CACHE |
|
134 |
# ------------------------------------------------------------------------------ |
|
135 |
|
|
136 |
# Control what squid caches. We want to have squid handle content that is not |
|
137 |
# personalized and that does not require any kind of authorization. |
|
138 |
# |
|
139 |
# 1) Always cache static content in squid |
|
140 |
|
|
141 |
acl static_content urlpath_regex -i \.(jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|css|js|vsd|doc|ppt|pps|xls|pdf|mp3|mp4|m4a|ogg|mov|avi|wmv|sxw|zip|gz|bz2|tgz|tar|rar|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw|dmg|torrent|deb|msi|iso|rpm)$ |
|
142 |
no_cache allow static_content |
|
143 |
|
|
144 |
# 2) (OPTIONAL) Prevent squid from caching an item that is the result of a POST |
|
145 |
|
|
146 |
acl post_requests method POST |
|
147 |
no_cache deny post_requests |
|
148 |
|
|
149 |
# 3) (OPTIONAL) Prevent squid from caching items with items in the query string |
|
150 |
# If this is uncommented, squid will treat a url with 2 different query strings |
|
151 |
# as 2 different urls when caching. |
|
152 |
|
|
153 |
# XXX: where did this example go? |
|
154 |
|
|
155 |
# 4) Prevent squid from caching requests from authenticated users or conditional |
|
156 |
# GETs with an If-None-Match header (since squid doesn't know about ETags) |
|
157 |
# We use an external python method to check these conditions and pass in the |
|
158 |
# value of the __ac cookie (two different ways to allow for different cookie |
|
159 |
# delimiters), the HTTP Authorization header, and the If-None-Match header. |
|
160 |
# |
|
161 |
# Squid caches the results of the external python method, so for debugging, set |
|
162 |
# the options ttl=0 negative_ttl=0 so you can see what is going on |
|
163 |
|
|
164 |
# external_acl_type is_cacheable_type children=20 ttl=0 negative_ttl=0 %{Cookie:__ac} %{Cookie:;__ac} %{Authorization} %{If-None-Match} /etc/squid/squidAcl.py |
|
165 |
|
|
166 |
#external_acl_type is_cacheable_type protocol=2.5 children=20 %{Cookie:__ac} %{Cookie:;__ac} %{Authorization} %{If-None-Match} /etc/squid/squidAcl.py |
|
167 |
#acl is_cacheable external is_cacheable_type |
|
168 |
#no_cache allow is_cacheable |
|
169 |
|
|
170 |
|
|
171 |
collapsed_forwarding on |
|
172 |
#refresh_stale_hit on |
|
173 |
|
|
174 |
|
|
175 |
# Explicitly disallow squid from handling anything else |
|
176 |
no_cache deny all |
|
177 |
|
|
178 |
|
|
179 |
# SPECIFY EFFECTS OF A BROWSER REFRESH |
|
180 |
# ------------------------------------------------------------------------------ |
|
181 |
|
|
182 |
# RELOAD_INTO_IMS CAUSES WEIRD SQUID BEHAVIOR - IT APPEARS TO CAUSE FILES WITH |
|
183 |
# INAPPROPRIATE HEADERS TO END UP IN THE CACHE, AND AS A RESULT BROWSERS END |
|
184 |
# UP MAKING LOTS OF EXTRA (CONDITIONAL) REQUESTS WHEN THEY WOULD OTHERWISE MAKE |
|
185 |
# NO REQUESTS. DO NOT USE! |
|
186 |
|
|
187 |
# Tell squid how to handle expiration times for content with no explicit expiration |
|
188 |
# Assume static content is fresh for at least an hour and at most a day |
|
189 |
#refresh_pattern -i \.(jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|css|js|vsd|doc|ppt|pps|xls|pdf|mp3|mp4|m4a|ogg|mov|avi|wmv|sxw|zip|gz|bz2|tar|rar|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw|dmg|torrent|deb|msi|iso|rpm)$ 60 50% 1440 reload-into-ims |
|
190 |
#refresh_pattern . 0 20% 1440 |
|
191 |
|
|
192 |
# Change force-refresh requests into conditional gets using if-modified-since |
|
193 |
#reload_into_ims on |
|
194 |
|
|
195 |
# DEBUGGING |
|
196 |
# ------------------------------------------------------------------------------ |
|
197 |
# debug_options ALL,1 33,2 # use this for debugging acls |
|
198 |
debug_options ALL,8 |
|
199 |
|
|
200 |
|
|
201 |
# MISCELLANEOUS |
|
202 |
# ------------------------------------------------------------------------------ |
|
203 |
# have squid handle all requests with ranges |
|
204 |
# range_offset_limit -1 |
|
205 |
|
|
206 |
# amount of time squid waits for existing requests to be serviced before shutting down |
|
207 |
shutdown_lifetime 1 seconds |
|
208 |
|
|
209 |
# allow squid to process multiple requests simultaneously if client is pipelining |
|
210 |
pipeline_prefetch on |
|
211 |
|
|
212 |
# allow white spaces to be included in URLs |
|
213 |
uri_whitespace allow |
|
214 |
|
|
215 |
|
|
216 |
# OTHER PARAMETERS THAT MAY BE OF INTEREST |
|
217 |
# ------------------------------------------------------------------------------ |
|
218 |
|
|
219 |
# logfile_rotate 0 |
|
220 |
# reload_into_ims off |
|
221 |
#error_directory /usr/local/squid/share/errors/English |
|
222 |
|
|
223 |
|
|
224 |
|