Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
#
# Recommended minimum configuration:
#

# Define your parent Squid proxy
# cache_peer 172.16.33.250 parent 3128 7 no-query login=csadmin:caringo no-digest no-netdb-exchange prefer_direct off never_direct allow all # tls sslcert=/etc/squid/ssl/parent_rootCA1.pem
# cache_peer 172.16.33.250 parent 3128 0 no-query login=admin:datacore no-digest no-netdb-exchange prefer_direct off never_direct allow all
cache_peer 172.16.33.250 parent 3128 7 no-query login=admin:datacore prefer_direct off ssl sslflags=DONT_VERIFY_PEER # ssl sslcert=/etc/squid/root_-CA.pem
never_direct allow all

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8		    # RFC 1918 local private network (LAN)
acl localnet src 172.16.0.0/16		# RFC 1918 local storage network (LAN)

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
# http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
# http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# This default configuration only allows localhost requests because a more
# permissive Squid installation could introduce new attack vectors into the
# network by proxying external TCP connections to unprotected services.
http_access allow localhost

# The two deny rules below are unnecessary in this default configuration
# because they are followed by a "deny all" rule. However, they may become
# critically important when you start allowing external requests below them.

# Protect web applications running on the same server as Squid. They often
# assume that only local users can access them at "localhost" ports.
# http_access deny to_localhost

# Protect cloud servers that provide local users with sensitive info about
# their server via certain well-known link-local (a.k.a. APIPA) addresses.
# http_access deny to_linklocal

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# For example, to allow access from your local networks, you may uncomment the
# following rule (and/or add rules that match your definition of "local"):
# http_access allow localnet

# And finally deny all other access to this proxy
# http_access deny all
# http_access allow all
http_access allow localnet
http_access allow localhost
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

...

Code Block
podman run -d --name squid-container --restart on-failure --rm --security-opt seccomp=unconfined -e TZ=UTC -p 3128:3128 -v /etc/squid/squid.conf:/etc/squid/squid.conf -v /var/spool/squid/cache:/var/spool/squid -v /var/log/squid:/var/log/squid/ -v /etc/squid/root-CA.pem:/etc/squid/root-CA.pem ubuntu/squid:4.10-20.04_beta

...