apt-cacher/files/acng.conf.Debian - salt-formulas/aptcacher - Gitiles

 {%- from "apt-cacher-ng/map.jinja" import server with context %}
 # This is a configuration file for apt-cacher-ng, a smart caching proxy for
 # software package downloads. It's supposed to be in a directory specified by
 # the -c option of apt-cacher-ng, see apt-cacher-ng(8) for details.
 #
 # NOTE: command line switches and other configuration files matching the same
 # file naming scheme (*.conf) can override values from this file.

 # Letter case in variable names does not matter, names and values should be
 # separated with colons. For boolean variables, zero number is considered false,
 # non-zero considered true. If a default value is not explicitly mentioned in
 # the description, the commented value assignments mostly represent the default
 # values of the particular variables.

 # Storage directory for downloaded data and related maintenance activity.
 #
 CacheDir: /var/cache/apt-cacher-ng

 # Log file directory, can be set empty to disable logging
 #
 LogDir: /var/log/apt-cacher-ng

 # A place to look for additional configuration and resource files if they are not
 # found in the configuration directory
 #
 # SupportDir: /usr/lib/apt-cacher-ng

 # TCP server port for incoming http (or HTTP proxy) connections.
 # Can be set to 9999 to emulate apt-proxy.
 #
 Port: {{ server.bind.port }}

 # Addresses or hostnames to listen on. Multiple addresses must be separated by
 # spaces. Each entry must be an exact local address which is associated with a
 # local interface. DNS resolution is performed using getaddrinfo(3) for all
 # available protocols (IPv4, IPv6, ...). Using a protocol specific format will
 # create binding(s) only on protocol specific socket(s), e.g. 0.0.0.0 will
 # listen only to IPv4.
 #
 # Default: listens on all interfaces and protocols
 #
 # BindAddress: localhost 192.168.7.254 publicNameOnMainInterface
 BindAddress {{ server.bind.address }}
 # The specification of another HTTP proxy which shall be used for downloads.
 # It can include user name and password but see the manual for limitations.
 #
 # Default: uses direct connection
 #
 # Proxy: http://www-proxy.example.net:3128
 # Proxy: https://username:proxypassword@proxy.example.net:3129

 # Repository remapping. See manual for details.
 # In this example, some backends files might be generated during package
 # installation using information collected on the system.
 # Examples:
 Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives
 Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives
 Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol # Debian Volatile Archives
 Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here
 Remap-sfnet:  file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here
 Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux
 Remap-fedora: file:fedora_mirrors # Fedora Linux
 Remap-epel:   file:epel_mirrors # Fedora EPEL
 Remap-slrep:  file:sl_mirrors # Scientific Linux
 Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo # Gentoo Archives

 # This is usually not needed for security.debian.org because it's always the
 # same DNS hostname. However, it might be enabled in order to use hooks
 # or ForceManaged mode or special flags in this context. Not set by default.
 # Remap-secdeb: security.debian.org

 # Virtual page accessible in a web browser to see statistics and status
 # information, i.e. under http://localhost:3142/acng-report.html
 #
 # Default: not set, should be set by the system administrator
 #
 ReportPage: acng-report.html

 # Socket file for accessing through local UNIX socket instead of TCP/IP. Can be
 # used with inetd bridge or cron client.
 # Default: not set, UNIX socket bridge is disabled.
 #
 # SocketPath:/var/run/apt-cacher-ng/socket

 # If set to 1, makes log files be written to disk on every new line. Default
 # is 0, buffers are flushed after the client disconnects. Technically,
 # it's a convenience alias for the Debug option, see below for details.
 #
 # UnbufferLogs: 0

 # Enables extended client information in log entries. When set to 0, only
 # activity type, time and transfer sizes are logged.
 #
 # VerboseLog: 1

 # Don't detach from the starting console.
 #
 # ForeGround: 0

 # Store the pid of the daemon process in the specified text file.
 # Default: disabled
 #
 # PidFile: /var/run/apt-cacher-ng/pid

 # Forbid outgoing connections and work without an internet connection or
 # respond with 503 error where it's not possible.
 #
 # Offlinemode: 0

 # Forbid downloads from locations that are directly specified in the user
 # request, i.e. all downloads must be processed by the preconfigured remapping
 # backends (see above).
 #
 # ForceManaged: 0

 # Days before considering an unreferenced file expired (to be deleted).
 # WARNING: if the value is set too low and particular index files are not
 # available for some days (mirror downtime) then there is a risk of removal of
 # still useful package files.
 #
 ExTreshold: 4

 # Stop expiration when a critical problem appears, issue like a failed update
 # of an index file in the preparation step.
 #
 # WARNING: don't set this option to zero or empty without considering possible
 # consequences like a sudden and complete cache data loss.
 #
 # ExAbortOnProblems: 1

 # Number of failed nightly expiration runs which are considered acceptable and
 # do not trigger an error notification to the admin (e.g. via daily cron job)
 # before the (day) count is reached. Might be useful with whacky internet
 # connections.
 #
 # Default: a guessed value, 1 if ExTreshold is 5 or more, 0 otherwise.
 #
 # ExSuppressAdminNotification: 1

 # Modify file names to work around limitations of some file systems.
 # WARNING: experimental feature, subject to change
 #
 # StupidFs: 0

 # Experimental feature for apt-listbugs: pass-through SOAP requests and
 # responses to/from bugs.debian.org.
 # Default: guessed value, true unless ForceManaged is enabled
 #
 # ForwardBtsSoap: 1

 # There is a small in-memory cache for DNS resolution data, expired by
 # this timeout (in seconds). Internal caching is disabled if set to a value
 # less than zero.
 #
 # DnsCacheSeconds: 1800

 ###############################################################################
 #
 # WARNING: don't modify thread and file matching parameters without a clear
 # idea of what is happening behind the scene!
 #
 # Max. count of connection threads kept ready (for faster response in the
 # future). Should be a sane value between 0 and average number of connections,
 # and depend on the amount of spare RAM.
 # MaxStandbyConThreads: 8
 #
 # Hard limit of active thread count for incoming connections, i.e. operation
 # is refused when this value is reached (below zero = unlimited).
 # MaxConThreads: -1
 #
 # Pigeonholing files with regular expressions (static/volatile). Can be
 # overriden here but not should not be done permanently because future update
 # of default settings would not be applied later.
 # VfilePattern = (^|.*/)(Index|Packages(\.gz|\.bz2|\.lzma|\.xz)?|InRelease|Release|Release\.gpg|custom\.gpg|mirrors.txt|Sources(\.gz|\.bz2|\.lzma|\.xz)?|release|index\.db-.*\.gz|Contents-[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|meta-release[^/]*|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|((setup|setup-legacy)(\.ini|\.bz2|\.hint)(\.sig)?)|mirrors\.lst|repo(index|md)\.xml(\.asc|\.key)?|directory\.yast|products|content(\.asc|\.key)?|media|filelists\.xml\.gz|filelists\.sqlite\.bz2|repomd\.xml|packages\.[a-zA-Z][a-zA-Z]\.gz|info\.txt|license\.tar\.gz|license\.zip|.*\.(db|files|abs)(\.tar(\.gz|\.bz2|\.lzma|\.xz))?|metalink\?repo|.*prestodelta\.xml\.gz|repodata/.*\.(xml|sqlite)(\.gz|\.bz2|\.lzma|\.xz))$|/dists/.*/installer-[^/]+/[^0-9][^/]+/images/.*
 # PfilePattern = .*(\.d?deb|\.rpm|\.drpm|\.dsc|\.tar(\.gz|\.bz2|\.lzma|\.xz)(\.gpg)?|\.diff(\.gz|\.bz2|\.lzma|\.xz)|\.jigdo|\.template|changelog|copyright|\.udeb|\.debdelta|\.diff/.*\.gz|(Devel)?ReleaseAnnouncement(\?.*)?|[a-f0-9]+-(susedata|updateinfo|primary|deltainfo).xml.gz|fonts/(final/)?[a-z]+32.exe(\?download.*)?|/dists/.*/installer-[^/]+/[0-9][^/]+/images/.*)$
 #
 # Whitelist for expiration, file types not to be removed even when being
 # unreferenced. Default: many parts from VfilePattern where no parent index
 # exists or might be unknown.
 # WfilePattern = (^|.*/)(Release|InRelease|Release\.gpg|custom\.gpg|(Packages|Sources)(\.gz|\.bz2|\.lzma|\.xz)?|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|.*\.xml|.*\.(db|files|abs)(\.tar(\.gz|\.bz2|\.lzma|\.xz))?|[a-z]+32.exe)$|/dists/.*/installer-.*/images/.*
 #
 ###############################################################################

 # A bitmask type value declaring the loging verbosity and behavior of the error
 # log writing. Non-zero value triggers at least faster log file flushing.
 #
 # Some higher bits only working with a special debug build of apt-cacher-ng,
 # see the manual for details. The setting has an alias named UnbufferLogs.
 #
 # WARNING: this can write significant amount of data into apt-cacher.err logfile.
 #
 # Default: 0
 #
 # Debug:3

 # Usually, general purpose proxies like Squid expose the IP address of the
 # client user to the remote server using the X-Forwarded-For HTTP header. This
 # behaviour can be optionally turned on with the Expose-Origin option.
 #
 # ExposeOrigin: 0

 # When logging the originating IP address, trust the information supplied by
 # the client in the X-Forwarded-For header.
 #
 # LogSubmittedOrigin: 0

 # The version string reported to the peer, to be displayed as HTTP client (and
 # version) in the logs of the mirror.
 #
 # WARNING: Expect side effects! Some archives use this header to guess
 # capabilities of the client (i.e. allow redirection and/or https links) and
 # change their behaviour accordingly but ACNG might not support the expected
 # features.
 #
 # Default:
 #
 # UserAgent: Yet Another HTTP Client/1.2.3p4

 # In some cases the Import and Expiration tasks might create fresh volatile
 # data for internal use by reconstructing them using patch files. This
 # by-product might be recompressed with bzip2 and with some luck the resulting
 # file becomes identical to the *.bz2 file on the server which can be used by
 # APT when requesting a complete version of this file.
 # The downside of this feature is higher CPU load on the server during
 # the maintenance tasks, and the outcome might have not much value in a LAN
 # where all clients update their data often and regularly and therefore usually
 # don't need the full version of the index file.
 #
 # RecompBz2: 0

 # Network timeout for outgoing connections, in seconds.
 #
 # NetworkTimeout: 60

 # Sometimes it makes sense to not store the data in cache and just return the
 # package data to client while it comes in. The following DontCache* parameters
 # can enable this behaviour for certain URL types. The tokens are extended
 # regular expressions which the URLs are evaluated against.
 #
 # DontCacheRequested is applied to the URL as it comes in from the client.
 # Example: exclude packages built with kernel-package for x86
 # DontCacheRequested: linux-.*_10\...\.Custo._i386
 # Example usecase: exclude popular private IP ranges from caching
 # DontCacheRequested: 192.168.0 ^10\..* 172.30
 #
 # DontCacheResolved is applied to URLs after mapping to the target server. If
 # multiple backend servers are specified then it's only matched against the
 # download link for the FIRST possible source (due to implementation limits).
 #
 # Example usecase: all Ubuntu stuff comes from a local mirror (specified as
 # backend), don't cache it again:
 # DontCacheResolved: ubuntumirror.local.net
 #
 # DontCache directive sets (overrides) both, DontCacheResolved and
 # DontCacheRequested.  Provided for convenience, see those directives for
 # details.
 #
 # Example:
 # DontCache: .*.local.university.int

 # Default permission set of freshly created files and directories, as octal
 # numbers (see chmod(1) for details).
 # Can by limited by the umask value (see umask(2) for details) if it's set in
 # the environment of the starting shell, e.g. in apt-cacher-ng init script or
 # in its configuration file.
 #
 # DirPerms: 00755
 # FilePerms: 00664

 # It's possible to use use apt-cacher-ng as a regular web server with a limited
 # feature set, i.e. directory browsing, downloads of any files, Content-Type
 # based on /etc/mime.types, but without sorting, CGI execution, index page
 # redirection and other funny things.
 # To get this behavior, mappings between virtual directories and real
 # directories on the server must be defined with the LocalDirs directive.
 # Virtual and real directories are separated by spaces, multiple pairs are
 # separated by semi-colons. Real directories must be absolute paths.
 # NOTE: Since the names of that key directories share the same namespace as
 # repository names (see Remap-...) it is administrator's job to avoid conflicts
 # between them or explicitly create them.
 #
 # LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm
 LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng

 # Precache a set of files referenced by specified index files. This can be used
 # to create a partial mirror usable for offline work. There are certain limits
 # and restrictions on the path specification, see manual and the cache control
 # web site for details. A list of (maybe) relevant index files could be
 # retrieved via "apt-get --print-uris update" on a client machine.
 #
 # Example:
 # PrecacheFor: debrep/dists/unstable/*/source/Sources* debrep/dists/unstable/*/binary-amd64/Packages*

 # Arbitrary set of data to append to request headers sent over the wire. Should
 # be a well formated HTTP headers part including newlines (DOS style) which
 # can be entered as escape sequences (\r\n).
 #
 # RequestAppendix: X-Tracking-Choice: do-not-track\r\n

 # Specifies the IP protocol families to use for remote connections. Order does
 # matter, first specified are considered first. Possible combinations:
 # v6 v4
 # v4 v6
 # v6
 # v4
 # Default: use native order of the system's TCP/IP stack
 #
 # ConnectProto: v6 v4

 # Regular expiration algorithm finds package files which are no longer listed
 # in any index file and removes them of them after a safety period.
 # This option allows to keep more versions of a package in the cache after
 # safety period is over.
 #
 # KeepExtraVersions: 1

 # Optionally uses TCP access control provided by libwrap, see hosts_access(5)
 # for details. Daemon name is apt-cacher-ng.
 #
 # Default: guessed on startup by looking for explicit mention of apt-cacher-ng
 # in /etc/hosts.allow or /etc/hosts.deny files.
 #
 # UseWrap: 0

 # If many machines from the same local network attempt to update index files
 # (apt-get update) at nearly the same time, the known state of these index file
 # is temporarily frozen and multiple requests receive the cached response
 # without contacting the remote server again. This parameter (in seconds)
 # specifies the length of this period before these (volatile) files are
 # considered outdated.
 # Setting this value too low transfers more data and increases remote server
 # load, setting this too high (more than a couple of minutes) increases the
 # risk of delivering inconsistent responses to the clients.
 #
 # FreshIndexMaxAge: 27

 # Usually the users are not allowed to specify custom TCP ports of remote
 # mirrors in the requests, only the default HTTP port can be used (as
 # workaround, proxy administrator can create Remap- rules with custom ports).
 # This restriction can be disabled by specifying a list of allowed ports or 0
 # for any port.
 #
 # AllowUserPorts: 80

 # Normally the HTTP redirection responses are forwarded to the original caller
 # (i.e. APT) which starts a new download attempt from the new URL. This
 # solution is ok for client configurations with proxy mode but doesn't work
 # well with configurations using URL prefixes in sources.list. To work around
 # this the server can restart its own download with a redirection URL,
 # configured with the following option. The downside is that this might be used
 # to circumvent download source policies by malicious users.
 # The RedirMax option specifies how many such redirects the server is allowed
 # to follow per request, 0 disables the internal redirection.
 # Default: guessed on startup, 0 if ForceManaged is used and 5 otherwise.
 #
 # RedirMax: 5

 # There some broken HTTP servers and proxy servers in the wild which don't
 # support the If-Range header correctly and return incorrect data when the
 # contents of a (volatile) file changed. Setting VfileUseRangeOps to zero
 # disables Range-based requests while retrieving volatile files, using
 # If-Modified-Since and requesting the complete file instead. Setting it to
 # a negative value removes even If-Modified-Since headers.
 #
 # VfileUseRangeOps: 1

 # Allow data pass-through mode for certain hosts when requested by the client
 # using a CONNECT request. This is particularly useful to allow access to SSL
 # sites (https proxying). The string is a regular expression which should cover
 # the server name with port and must be correctly formated and terminated.
 # Examples:
 # PassThroughPattern: private-ppa\.launchpad\.net:443$
 # PassThroughPattern: .* # this would allow CONNECT to everything

 # It's possible that an evil client requests a volatile file but does not
 # retrieve the response and keeps the connection effectively stuck over
 # many hours, blocking the particular file for other download attempts (which
 # leads to not reporting file changes on server side to other users). The work
 # around is the use of alternative file descriptors inside of apt-cacher-ng,
 # however this might cost some extra download traffic due to worse cache usage.
 # The ResponseFreezeDetectTime value specifies when a file descriptor in the
 # mentioned state is to be considered defect and will require special handling.
 # Default time is 500 seconds.
 #
 # ResponseFreezeDetectTime: 500

 # Keep outgoing connections alive and reuse them for later downloads from
 # the same server as long as possible.
 #
 # ReuseConnections: 1

 # Maximum number of requests sent in a batch to remote servers before the first
 # response is expected. Using higher values can greatly improve average
 # throughput depending on network latency and the implementation of remote
 # servers. Makes most sense when also enabled on the client side, see apt.conf
 # documentation for details.
 #
 # Default: 255 if ReuseConnections is set, 1 otherwise
 #
 # PipelineDepth: 255

 # Path to the system directory containing trusted CA certificates used for
 # outgoing connections, see OpenSSL documentation for details.
 #
 # CApath: /etc/ssl/certs
 #
 # Path to a single trusted trusted CA certificate used for outgoing
 # connections, see OpenSSL documentation for details.
 #
 # CAfile:


 # If this value is set to a (positive) number of seconds then the proxy host
 # specified by Proxy setting will be ignored if a connection to this host
 # could not be established within this time span. The connection will then
 # be made without HTTP proxy for the life time of the particular download
 # stream and it may also affect other users on multiuser systems.
 #
 # NOTE: this feature is highly experimental and is subject to change! It can
 # interfere badly with the per-repository proxy setting.
 #
 # OptProxyTimeout: -1
	{%- from "apt-cacher-ng/map.jinja" import server with context %}
	# This is a configuration file for apt-cacher-ng, a smart caching proxy for
	# software package downloads. It's supposed to be in a directory specified by
	# the -c option of apt-cacher-ng, see apt-cacher-ng(8) for details.
	#
	# NOTE: command line switches and other configuration files matching the same
	# file naming scheme (*.conf) can override values from this file.

	# Letter case in variable names does not matter, names and values should be
	# separated with colons. For boolean variables, zero number is considered false,
	# non-zero considered true. If a default value is not explicitly mentioned in
	# the description, the commented value assignments mostly represent the default
	# values of the particular variables.

	# Storage directory for downloaded data and related maintenance activity.
	#
	CacheDir: /var/cache/apt-cacher-ng

	# Log file directory, can be set empty to disable logging
	#
	LogDir: /var/log/apt-cacher-ng

	# A place to look for additional configuration and resource files if they are not
	# found in the configuration directory
	#
	# SupportDir: /usr/lib/apt-cacher-ng

	# TCP server port for incoming http (or HTTP proxy) connections.
	# Can be set to 9999 to emulate apt-proxy.
	#
	Port: {{ server.bind.port }}

	# Addresses or hostnames to listen on. Multiple addresses must be separated by
	# spaces. Each entry must be an exact local address which is associated with a
	# local interface. DNS resolution is performed using getaddrinfo(3) for all
	# available protocols (IPv4, IPv6, ...). Using a protocol specific format will
	# create binding(s) only on protocol specific socket(s), e.g. 0.0.0.0 will
	# listen only to IPv4.
	#
	# Default: listens on all interfaces and protocols
	#
	# BindAddress: localhost 192.168.7.254 publicNameOnMainInterface
	BindAddress {{ server.bind.address }}
	# The specification of another HTTP proxy which shall be used for downloads.
	# It can include user name and password but see the manual for limitations.
	#
	# Default: uses direct connection
	#
	# Proxy: http://www-proxy.example.net:3128
	# Proxy: https://username:proxypassword@proxy.example.net:3129

	# Repository remapping. See manual for details.
	# In this example, some backends files might be generated during package
	# installation using information collected on the system.
	# Examples:
	Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives
	Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives
	Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol # Debian Volatile Archives
	Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here
	Remap-sfnet: file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here
	Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux
	Remap-fedora: file:fedora_mirrors # Fedora Linux
	Remap-epel: file:epel_mirrors # Fedora EPEL
	Remap-slrep: file:sl_mirrors # Scientific Linux
	Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo # Gentoo Archives

	# This is usually not needed for security.debian.org because it's always the
	# same DNS hostname. However, it might be enabled in order to use hooks
	# or ForceManaged mode or special flags in this context. Not set by default.
	# Remap-secdeb: security.debian.org

	# Virtual page accessible in a web browser to see statistics and status
	# information, i.e. under http://localhost:3142/acng-report.html
	#
	# Default: not set, should be set by the system administrator
	#
	ReportPage: acng-report.html

	# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be
	# used with inetd bridge or cron client.
	# Default: not set, UNIX socket bridge is disabled.
	#
	# SocketPath:/var/run/apt-cacher-ng/socket

	# If set to 1, makes log files be written to disk on every new line. Default
	# is 0, buffers are flushed after the client disconnects. Technically,
	# it's a convenience alias for the Debug option, see below for details.
	#
	# UnbufferLogs: 0

	# Enables extended client information in log entries. When set to 0, only
	# activity type, time and transfer sizes are logged.
	#
	# VerboseLog: 1

	# Don't detach from the starting console.
	#
	# ForeGround: 0

	# Store the pid of the daemon process in the specified text file.
	# Default: disabled
	#
	# PidFile: /var/run/apt-cacher-ng/pid

	# Forbid outgoing connections and work without an internet connection or
	# respond with 503 error where it's not possible.
	#
	# Offlinemode: 0

	# Forbid downloads from locations that are directly specified in the user
	# request, i.e. all downloads must be processed by the preconfigured remapping
	# backends (see above).
	#
	# ForceManaged: 0

	# Days before considering an unreferenced file expired (to be deleted).
	# WARNING: if the value is set too low and particular index files are not
	# available for some days (mirror downtime) then there is a risk of removal of
	# still useful package files.
	#
	ExTreshold: 4

	# Stop expiration when a critical problem appears, issue like a failed update
	# of an index file in the preparation step.
	#
	# WARNING: don't set this option to zero or empty without considering possible
	# consequences like a sudden and complete cache data loss.
	#
	# ExAbortOnProblems: 1

	# Number of failed nightly expiration runs which are considered acceptable and
	# do not trigger an error notification to the admin (e.g. via daily cron job)
	# before the (day) count is reached. Might be useful with whacky internet
	# connections.
	#
	# Default: a guessed value, 1 if ExTreshold is 5 or more, 0 otherwise.
	#
	# ExSuppressAdminNotification: 1

	# Modify file names to work around limitations of some file systems.
	# WARNING: experimental feature, subject to change
	#
	# StupidFs: 0

	# Experimental feature for apt-listbugs: pass-through SOAP requests and
	# responses to/from bugs.debian.org.
	# Default: guessed value, true unless ForceManaged is enabled
	#
	# ForwardBtsSoap: 1

	# There is a small in-memory cache for DNS resolution data, expired by
	# this timeout (in seconds). Internal caching is disabled if set to a value
	# less than zero.
	#
	# DnsCacheSeconds: 1800

	###############################################################################
	#
	# WARNING: don't modify thread and file matching parameters without a clear
	# idea of what is happening behind the scene!
	#
	# Max. count of connection threads kept ready (for faster response in the
	# future). Should be a sane value between 0 and average number of connections,
	# and depend on the amount of spare RAM.
	# MaxStandbyConThreads: 8
	#
	# Hard limit of active thread count for incoming connections, i.e. operation
	# is refused when this value is reached (below zero = unlimited).
	# MaxConThreads: -1
	#
	# Pigeonholing files with regular expressions (static/volatile). Can be
	# overriden here but not should not be done permanently because future update
	# of default settings would not be applied later.
	# VfilePattern = (^\|./)(Index\|Packages(\.gz\|\.bz2\|\.lzma\|\.xz)?\|InRelease\|Release\|Release\.gpg\|custom\.gpg\|mirrors.txt\|Sources(\.gz\|\.bz2\|\.lzma\|\.xz)?\|release\|index\.db-.\.gz\|Contents-[^/](\.gz\|\.bz2\|\.lzma\|\.xz)?\|pkglist[^/]\.bz2\|rclist[^/]\.bz2\|meta-release[^/]\|Translation[^/](\.gz\|\.bz2\|\.lzma\|\.xz)?\|MD5SUMS\|SHA1SUMS\|((setup\|setup-legacy)(\.ini\|\.bz2\|\.hint)(\.sig)?)\|mirrors\.lst\|repo(index\|md)\.xml(\.asc\|\.key)?\|directory\.yast\|products\|content(\.asc\|\.key)?\|media\|filelists\.xml\.gz\|filelists\.sqlite\.bz2\|repomd\.xml\|packages\.[a-zA-Z][a-zA-Z]\.gz\|info\.txt\|license\.tar\.gz\|license\.zip\|.\.(db\|files\|abs)(\.tar(\.gz\|\.bz2\|\.lzma\|\.xz))?\|metalink\?repo\|.prestodelta\.xml\.gz\|repodata/.\.(xml\|sqlite)(\.gz\|\.bz2\|\.lzma\|\.xz))$\|/dists/./installer-[^/]+/[^0-9][^/]+/images/.
	# PfilePattern = .(\.d?deb\|\.rpm\|\.drpm\|\.dsc\|\.tar(\.gz\|\.bz2\|\.lzma\|\.xz)(\.gpg)?\|\.diff(\.gz\|\.bz2\|\.lzma\|\.xz)\|\.jigdo\|\.template\|changelog\|copyright\|\.udeb\|\.debdelta\|\.diff/.\.gz\|(Devel)?ReleaseAnnouncement(\?.)?\|[a-f0-9]+-(susedata\|updateinfo\|primary\|deltainfo).xml.gz\|fonts/(final/)?[a-z]+32.exe(\?download.)?\|/dists/./installer-[^/]+/[0-9][^/]+/images/.)$
	#
	# Whitelist for expiration, file types not to be removed even when being
	# unreferenced. Default: many parts from VfilePattern where no parent index
	# exists or might be unknown.
	# WfilePattern = (^\|./)(Release\|InRelease\|Release\.gpg\|custom\.gpg\|(Packages\|Sources)(\.gz\|\.bz2\|\.lzma\|\.xz)?\|Translation[^/](\.gz\|\.bz2\|\.lzma\|\.xz)?\|MD5SUMS\|SHA1SUMS\|.\.xml\|.\.(db\|files\|abs)(\.tar(\.gz\|\.bz2\|\.lzma\|\.xz))?\|[a-z]+32.exe)$\|/dists/./installer-./images/.*
	#
	###############################################################################

	# A bitmask type value declaring the loging verbosity and behavior of the error
	# log writing. Non-zero value triggers at least faster log file flushing.
	#
	# Some higher bits only working with a special debug build of apt-cacher-ng,
	# see the manual for details. The setting has an alias named UnbufferLogs.
	#
	# WARNING: this can write significant amount of data into apt-cacher.err logfile.
	#
	# Default: 0
	#
	# Debug:3

	# Usually, general purpose proxies like Squid expose the IP address of the
	# client user to the remote server using the X-Forwarded-For HTTP header. This
	# behaviour can be optionally turned on with the Expose-Origin option.
	#
	# ExposeOrigin: 0

	# When logging the originating IP address, trust the information supplied by
	# the client in the X-Forwarded-For header.
	#
	# LogSubmittedOrigin: 0

	# The version string reported to the peer, to be displayed as HTTP client (and
	# version) in the logs of the mirror.
	#
	# WARNING: Expect side effects! Some archives use this header to guess
	# capabilities of the client (i.e. allow redirection and/or https links) and
	# change their behaviour accordingly but ACNG might not support the expected
	# features.
	#
	# Default:
	#
	# UserAgent: Yet Another HTTP Client/1.2.3p4

	# In some cases the Import and Expiration tasks might create fresh volatile
	# data for internal use by reconstructing them using patch files. This
	# by-product might be recompressed with bzip2 and with some luck the resulting
	# file becomes identical to the *.bz2 file on the server which can be used by
	# APT when requesting a complete version of this file.
	# The downside of this feature is higher CPU load on the server during
	# the maintenance tasks, and the outcome might have not much value in a LAN
	# where all clients update their data often and regularly and therefore usually
	# don't need the full version of the index file.
	#
	# RecompBz2: 0

	# Network timeout for outgoing connections, in seconds.
	#
	# NetworkTimeout: 60

	# Sometimes it makes sense to not store the data in cache and just return the
	# package data to client while it comes in. The following DontCache* parameters
	# can enable this behaviour for certain URL types. The tokens are extended
	# regular expressions which the URLs are evaluated against.
	#
	# DontCacheRequested is applied to the URL as it comes in from the client.
	# Example: exclude packages built with kernel-package for x86
	# DontCacheRequested: linux-.*_10\...\.Custo._i386
	# Example usecase: exclude popular private IP ranges from caching
	# DontCacheRequested: 192.168.0 ^10\..* 172.30
	#
	# DontCacheResolved is applied to URLs after mapping to the target server. If
	# multiple backend servers are specified then it's only matched against the
	# download link for the FIRST possible source (due to implementation limits).
	#
	# Example usecase: all Ubuntu stuff comes from a local mirror (specified as
	# backend), don't cache it again:
	# DontCacheResolved: ubuntumirror.local.net
	#
	# DontCache directive sets (overrides) both, DontCacheResolved and
	# DontCacheRequested. Provided for convenience, see those directives for
	# details.
	#
	# Example:
	# DontCache: .*.local.university.int

	# Default permission set of freshly created files and directories, as octal
	# numbers (see chmod(1) for details).
	# Can by limited by the umask value (see umask(2) for details) if it's set in
	# the environment of the starting shell, e.g. in apt-cacher-ng init script or
	# in its configuration file.
	#
	# DirPerms: 00755
	# FilePerms: 00664

	# It's possible to use use apt-cacher-ng as a regular web server with a limited
	# feature set, i.e. directory browsing, downloads of any files, Content-Type
	# based on /etc/mime.types, but without sorting, CGI execution, index page
	# redirection and other funny things.
	# To get this behavior, mappings between virtual directories and real
	# directories on the server must be defined with the LocalDirs directive.
	# Virtual and real directories are separated by spaces, multiple pairs are
	# separated by semi-colons. Real directories must be absolute paths.
	# NOTE: Since the names of that key directories share the same namespace as
	# repository names (see Remap-...) it is administrator's job to avoid conflicts
	# between them or explicitly create them.
	#
	# LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm
	LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng

	# Precache a set of files referenced by specified index files. This can be used
	# to create a partial mirror usable for offline work. There are certain limits
	# and restrictions on the path specification, see manual and the cache control
	# web site for details. A list of (maybe) relevant index files could be
	# retrieved via "apt-get --print-uris update" on a client machine.
	#
	# Example:
	# PrecacheFor: debrep/dists/unstable//source/Sources debrep/dists/unstable//binary-amd64/Packages

	# Arbitrary set of data to append to request headers sent over the wire. Should
	# be a well formated HTTP headers part including newlines (DOS style) which
	# can be entered as escape sequences (\r\n).
	#
	# RequestAppendix: X-Tracking-Choice: do-not-track\r\n

	# Specifies the IP protocol families to use for remote connections. Order does
	# matter, first specified are considered first. Possible combinations:
	# v6 v4
	# v4 v6
	# v6
	# v4
	# Default: use native order of the system's TCP/IP stack
	#
	# ConnectProto: v6 v4

	# Regular expiration algorithm finds package files which are no longer listed
	# in any index file and removes them of them after a safety period.
	# This option allows to keep more versions of a package in the cache after
	# safety period is over.
	#
	# KeepExtraVersions: 1

	# Optionally uses TCP access control provided by libwrap, see hosts_access(5)
	# for details. Daemon name is apt-cacher-ng.
	#
	# Default: guessed on startup by looking for explicit mention of apt-cacher-ng
	# in /etc/hosts.allow or /etc/hosts.deny files.
	#
	# UseWrap: 0

	# If many machines from the same local network attempt to update index files
	# (apt-get update) at nearly the same time, the known state of these index file
	# is temporarily frozen and multiple requests receive the cached response
	# without contacting the remote server again. This parameter (in seconds)
	# specifies the length of this period before these (volatile) files are
	# considered outdated.
	# Setting this value too low transfers more data and increases remote server
	# load, setting this too high (more than a couple of minutes) increases the
	# risk of delivering inconsistent responses to the clients.
	#
	# FreshIndexMaxAge: 27

	# Usually the users are not allowed to specify custom TCP ports of remote
	# mirrors in the requests, only the default HTTP port can be used (as
	# workaround, proxy administrator can create Remap- rules with custom ports).
	# This restriction can be disabled by specifying a list of allowed ports or 0
	# for any port.
	#
	# AllowUserPorts: 80

	# Normally the HTTP redirection responses are forwarded to the original caller
	# (i.e. APT) which starts a new download attempt from the new URL. This
	# solution is ok for client configurations with proxy mode but doesn't work
	# well with configurations using URL prefixes in sources.list. To work around
	# this the server can restart its own download with a redirection URL,
	# configured with the following option. The downside is that this might be used
	# to circumvent download source policies by malicious users.
	# The RedirMax option specifies how many such redirects the server is allowed
	# to follow per request, 0 disables the internal redirection.
	# Default: guessed on startup, 0 if ForceManaged is used and 5 otherwise.
	#
	# RedirMax: 5

	# There some broken HTTP servers and proxy servers in the wild which don't
	# support the If-Range header correctly and return incorrect data when the
	# contents of a (volatile) file changed. Setting VfileUseRangeOps to zero
	# disables Range-based requests while retrieving volatile files, using
	# If-Modified-Since and requesting the complete file instead. Setting it to
	# a negative value removes even If-Modified-Since headers.
	#
	# VfileUseRangeOps: 1

	# Allow data pass-through mode for certain hosts when requested by the client
	# using a CONNECT request. This is particularly useful to allow access to SSL
	# sites (https proxying). The string is a regular expression which should cover
	# the server name with port and must be correctly formated and terminated.
	# Examples:
	# PassThroughPattern: private-ppa\.launchpad\.net:443$
	# PassThroughPattern: .* # this would allow CONNECT to everything

	# It's possible that an evil client requests a volatile file but does not
	# retrieve the response and keeps the connection effectively stuck over
	# many hours, blocking the particular file for other download attempts (which
	# leads to not reporting file changes on server side to other users). The work
	# around is the use of alternative file descriptors inside of apt-cacher-ng,
	# however this might cost some extra download traffic due to worse cache usage.
	# The ResponseFreezeDetectTime value specifies when a file descriptor in the
	# mentioned state is to be considered defect and will require special handling.
	# Default time is 500 seconds.
	#
	# ResponseFreezeDetectTime: 500

	# Keep outgoing connections alive and reuse them for later downloads from
	# the same server as long as possible.
	#
	# ReuseConnections: 1

	# Maximum number of requests sent in a batch to remote servers before the first
	# response is expected. Using higher values can greatly improve average
	# throughput depending on network latency and the implementation of remote
	# servers. Makes most sense when also enabled on the client side, see apt.conf
	# documentation for details.
	#
	# Default: 255 if ReuseConnections is set, 1 otherwise
	#
	# PipelineDepth: 255

	# Path to the system directory containing trusted CA certificates used for
	# outgoing connections, see OpenSSL documentation for details.
	#
	# CApath: /etc/ssl/certs
	#
	# Path to a single trusted trusted CA certificate used for outgoing
	# connections, see OpenSSL documentation for details.
	#
	# CAfile:


	# If this value is set to a (positive) number of seconds then the proxy host
	# specified by Proxy setting will be ignored if a connection to this host
	# could not be established within this time span. The connection will then
	# be made without HTTP proxy for the life time of the particular download
	# stream and it may also affect other users on multiuser systems.
	#
	# NOTE: this feature is highly experimental and is subject to change! It can
	# interfere badly with the per-repository proxy setting.
	#
	# OptProxyTimeout: -1