forked from saltstack-formulas/squid-formula
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pillar.example
96 lines (79 loc) · 2.11 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
---
# If no configuration is set, a default one
# (potentially wrong and insecure) is generated
squid:
# listen to HTTP on these ports
http_port:
- 3128
- 127.0.0.1:8080
# listen to HTTPS on these ports
https_port:
- 443
- 127.0.0.1:443
# configure cache manager
cache_manager:
email: 'root@domain.tld'
password: 'mypassword'
# creates ACL and allow http_access from localhost
# if not set, you need to create the access rules
defaults: True
# define ACLs here
acl:
localnet:
# optional comment
comment: 'authorized clients from localnet'
# type comes directly from the squid documentation (src, dst, myip...)
type: 'src'
targets:
- 192.168.0.1/32
CONNECT:
type: 'method'
targets:
- CONNECT
restricted_net:
type: 'src'
targets:
- 192.168.100.0/24
SSL_ports:
type: 'port'
targets:
- 443
safe_ports:
type: 'port'
targets:
- 80
- 443
restricted_domains:
type: 'dstdomain'
targets:
- 'restricted_domain.tld'
forbidden_domains:
type: 'dstdomain'
targets:
- 'forbidden_domain.tld'
# define HTTP access lists here
http_access:
- allow localnet
- deny !Safe_ports
- deny CONNECT !SSL_ports
- deny forbidden_domains
- deny restricted_net restricted_domains
- allow all
- deny all # not set by default so don't forget it
# you can specify several cache_dir, or none will be setup
#cache_dir:
# - ufs /var/spool/squid3/cache 1000 16 256
# default refresh patterns are set with this configuration
#refresh_pattern: defaults
# or define your own
refresh_pattern:
- '. 0 20% 4320'
cache_peer:
- '192.168.100.1 parent 80 0 no-query originserver name=cache1'
cache_peer_access:
- 'cache1 allow localnet'
# define the visible hostname of Squid, else the minion ID will be used
visible_hostname: some.name
extra_configuration: |
refresh_pattern bla 0 20% 4320
refresh_pattern foo 0 20% 4320