maas/files/maas-proxy.conf.template - salt-formulas/maas - Gitiles

 {%- from "maas/map.jinja" import region with context %}
 {% raw %}
 # DO NOT EDIT.  This file is automatically created by MAAS.
 # Last updated at {{modified}}.

 # Inspired by UDS's conference proxy

 acl maas_proxy_manager proto cache_object
 # Make sure that localnet has at least one entry in it, to avoid errors.
 acl localnet src 127.0.0.0/8
 {{for cidr in cidrs}}
 acl localnet src {{cidr}}
 {{endfor}}
 acl SSL_ports port 443
 acl SSL_ports port 8969         # nginx salt api https proxy
 acl SSL_ports port 50000        # jenkins slave
 acl Safe_ports port 80          # http
 acl Safe_ports port 21          # ftp
 acl Safe_ports port 443         # https
 acl Safe_ports port 1025-65535  # unregistered ports
 acl CONNECT method CONNECT
 http_access allow maas_proxy_manager localhost
 http_access deny maas_proxy_manager
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports
 http_access allow localnet
 http_access allow localhost
 http_access deny all
 http_port 3128 transparent
 http_port 8000
 refresh_pattern ^ftp:           1440    20%     10080
 refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
 refresh_pattern \/Release(|\.gpg)$                        0    0%    0 refresh-ims
 refresh_pattern \/InRelease$                              0    0%    0 refresh-ims
 refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$   0    0%    0 refresh-ims
 refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$     0    0%    0 refresh-ims
 refresh_pattern .               0       20%     4320
 forwarded_for delete
 visible_hostname {{fqdn}}
 cache_mem 512 MB
 minimum_object_size 0 MB
 maximum_object_size 1024 MB
 maximum_object_size_in_memory 100 MB
 {{if running_in_snap}}
 pid_filename {{snap_data_path}}/proxy/squid.pid
 mime_table {{snap_path}}/usr/share/squid/mime.conf
 pinger_program {{snap_path}}/usr/lib/squid/pinger
 unlinkd_program {{snap_path}}/usr/lib/squid/unlinkd
 logfile_daemon {{snap_path}}/usr/lib/squid/log_file_daemon
 icon_directory {{snap_path}}/usr/share/squid/icons
 error_directory {{snap_path}}/usr/share/squid-langpack/en
 coredump_dir {{snap_common_path}}/proxy/spool
 cache_dir aufs {{snap_common_path}}/proxy/cache 40000 16 256
 cache_access_log {{snap_common_path}}/log/proxy/access.log
 cache_log {{snap_common_path}}/log/proxy/cache.log
 cache_store_log {{snap_common_path}}/log/proxy/store.log
 {{else}}
 coredump_dir /var/spool/maas-proxy
 cache_dir aufs /var/spool/maas-proxy 40000 16 256
 cache_access_log /var/log/maas/proxy/access.log
 cache_log /var/log/maas/proxy/cache.log
 cache_store_log /var/log/maas/proxy/store.log
 {{endif}}
 {% endraw %}
 {% if region.upstream_proxy is defined %}
 cache_peer {{ region.upstream_proxy.address }} parent {{ region.upstream_proxy.port }} 0 no-query default {% if region.upstream_proxy.user is defined -%}
 login={{ region.upstream_proxy.user }}:{{ region.upstream_proxy.password }}
 {%- endif %}
 never_direct allow all
 {%- endif %}
	{%- from "maas/map.jinja" import region with context %}
	{% raw %}
	# DO NOT EDIT. This file is automatically created by MAAS.
	# Last updated at {{modified}}.

	# Inspired by UDS's conference proxy

	acl maas_proxy_manager proto cache_object
	# Make sure that localnet has at least one entry in it, to avoid errors.
	acl localnet src 127.0.0.0/8
	{{for cidr in cidrs}}
	acl localnet src {{cidr}}
	{{endfor}}
	acl SSL_ports port 443
	acl SSL_ports port 8969 # nginx salt api https proxy
	acl SSL_ports port 50000 # jenkins slave
	acl Safe_ports port 80 # http
	acl Safe_ports port 21 # ftp
	acl Safe_ports port 443 # https
	acl Safe_ports port 1025-65535 # unregistered ports
	acl CONNECT method CONNECT
	http_access allow maas_proxy_manager localhost
	http_access deny maas_proxy_manager
	http_access deny !Safe_ports
	http_access deny CONNECT !SSL_ports
	http_access allow localnet
	http_access allow localhost
	http_access deny all
	http_port 3128 transparent
	http_port 8000
	refresh_pattern ^ftp: 1440 20% 10080
	refresh_pattern -i (/cgi-bin/\|\?) 0 0% 0
	refresh_pattern \/Release(\|\.gpg)$ 0 0% 0 refresh-ims
	refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
	refresh_pattern \/(Packages\|Sources)(\|\.bz2\|\.gz\|\.xz)$ 0 0% 0 refresh-ims
	refresh_pattern \/(Translation-.*)(\|\.bz2\|\.gz\|\.xz)$ 0 0% 0 refresh-ims
	refresh_pattern . 0 20% 4320
	forwarded_for delete
	visible_hostname {{fqdn}}
	cache_mem 512 MB
	minimum_object_size 0 MB
	maximum_object_size 1024 MB
	maximum_object_size_in_memory 100 MB
	{{if running_in_snap}}
	pid_filename {{snap_data_path}}/proxy/squid.pid
	mime_table {{snap_path}}/usr/share/squid/mime.conf
	pinger_program {{snap_path}}/usr/lib/squid/pinger
	unlinkd_program {{snap_path}}/usr/lib/squid/unlinkd
	logfile_daemon {{snap_path}}/usr/lib/squid/log_file_daemon
	icon_directory {{snap_path}}/usr/share/squid/icons
	error_directory {{snap_path}}/usr/share/squid-langpack/en
	coredump_dir {{snap_common_path}}/proxy/spool
	cache_dir aufs {{snap_common_path}}/proxy/cache 40000 16 256
	cache_access_log {{snap_common_path}}/log/proxy/access.log
	cache_log {{snap_common_path}}/log/proxy/cache.log
	cache_store_log {{snap_common_path}}/log/proxy/store.log
	{{else}}
	coredump_dir /var/spool/maas-proxy
	cache_dir aufs /var/spool/maas-proxy 40000 16 256
	cache_access_log /var/log/maas/proxy/access.log
	cache_log /var/log/maas/proxy/cache.log
	cache_store_log /var/log/maas/proxy/store.log
	{{endif}}
	{% endraw %}
	{% if region.upstream_proxy is defined %}
	cache_peer {{ region.upstream_proxy.address }} parent {{ region.upstream_proxy.port }} 0 no-query default {% if region.upstream_proxy.user is defined -%}
	login={{ region.upstream_proxy.user }}:{{ region.upstream_proxy.password }}
	{%- endif %}
	never_direct allow all
	{%- endif %}