...
Code Block | ||
---|---|---|
| ||
# # Recommended minimum configuration: # # Define your parent Squid proxy # cache_peer 172.16.33.250 parent 3128 7 no-query login=csadmin:caringo no-digest no-netdb-exchange prefer_direct off never_direct allow all # tls sslcert=/etc/squid/ssl/parent_rootCA1.pem # cache_peer 172.16.33.250 parent 3128 0 no-query login=admin:datacore no-digest no-netdb-exchange prefer_direct off never_direct allow all cache_peer 172.16.33.250 parent 3128 7 no-query login=admin:datacore prefer_direct off ssl sslflags=DONT_VERIFY_PEER # ssl sslcert=/etc/squid/root_-CA.pem never_direct allow all # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) acl localnet src 172.16.0.0/16 # RFC 1918 local storage network (LAN) acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports # http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports # http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # This default configuration only allows localhost requests because a more # permissive Squid installation could introduce new attack vectors into the # network by proxying external TCP connections to unprotected services. http_access allow localhost # The two deny rules below are unnecessary in this default configuration # because they are followed by a "deny all" rule. However, they may become # critically important when you start allowing external requests below them. # Protect web applications running on the same server as Squid. They often # assume that only local users can access them at "localhost" ports. # http_access deny to_localhost # Protect cloud servers that provide local users with sensitive info about # their server via certain well-known link-local (a.k.a. APIPA) addresses. # http_access deny to_linklocal # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # For example, to allow access from your local networks, you may uncomment the # following rule (and/or add rules that match your definition of "local"): # http_access allow localnet # And finally deny all other access to this proxy # http_access deny all # http_access allow all http_access allow localnet http_access allow localhost http_access deny all # Squid normally listens to port 3128 http_port 3128 # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/cache/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/cache/squid # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 |
...
Code Block |
---|
podman run -d --name squid-container --restart on-failure --rm --security-opt seccomp=unconfined -e TZ=UTC -p 3128:3128 -v /etc/squid/squid.conf:/etc/squid/squid.conf -v /var/spool/squid/cache:/var/spool/squid -v /var/log/squid:/var/log/squid/ -v /etc/squid/root-CA.pem:/etc/squid/root-CA.pem ubuntu/squid:4.10-20.04_beta |
...