Skip to content
Snippets Groups Projects
Commit e5b0f62b authored by Klas Arvidsson's avatar Klas Arvidsson
Browse files

Squid rules for scikit-learn, updates to squid.conf

parent ef23acb5
No related branches found
No related tags found
1 merge request!53Devel
...@@ -25,3 +25,9 @@ ...@@ -25,3 +25,9 @@
^https?://docs\.scipy\.org/doc/scipy/reference/.* true ^https?://docs\.scipy\.org/doc/scipy/reference/.* true
^https?://docs\.scipy\.org/doc/scipy/_static/.* true ^https?://docs\.scipy\.org/doc/scipy/_static/.* true
^https?://img\.shields\.io/badge/release-1.8.0-980F0F?style=for-the-badge true ^https?://img\.shields\.io/badge/release-1.8.0-980F0F?style=for-the-badge true
// extra for 732A80 2024-10-23
^https?://scikit-learn\.org/stable/api/.* true
^https?://scikit-learn\.org/stable/modules/.* true
^https?://scikit-learn\.org/stable/_static/.* true
^https?://scikit-learn\.org/dev/_static/.* true
# klaar@ida 2015,2016,2019: # klaar@ida 2024
# #
# Inititate cache dir: # Generate new cert:
# /home/examadm/lsw/sbin/squid -z # ~klaar36/make_certificate.sh
# requires certutil (sudo yum provides */certutil)
# #
# Rotate logs: # Reinit SSL-db:
# /home/examadm/lsw/sbin/squid -k rotate # mv /var/lib/squid/ssl_db /var/lib/squid/ssl_db.old
# /usr/lib64/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 4MB
# chown squid:squid /var/lib/squid/ssl_db
# #
# Starting: (ssl_crtd not running stable on nfs, locking problem) # Clear squid cache:
# ulimit -Sn 4096 # mv /var/cache/squid /var/cache/squid.old
# mkdir -p /tmp/squid/var/lib # mkdir /var/cache/squid
# /home/examadm/lsw/libexec/ssl_crtd -c -s /tmp/squid/var/lib/ssl_db # chown squid:squid /var/cache/squid
# /home/examadm/lsw/sbin/squid -YC # squid -z
#
# Stopping:
# /home/examadm/lsw/sbin/squid -k shutdown
#
# Manager-URL:
# http://tentix.ida.liu.se:3128/squid-internal-mgr/info
#
# Yearly update of certificate:
# run make_certificate.sh
# restart squid service
# update dotfiles
#
# OLD
# 1. Generate certificate:
# openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
# openssl x509 -in myCA.pem -outform DER -out myCA.der
#
# 2. Change config option "http_port" below
# 3. Add the "-----BEGIN CERTIFICATE-----" part from the PEM file to
# ~/.config/curl/curl_ca_bundle.crt
# to let curl know about the new CA (needed for RStudio HTTPS
# downloads, the module for RStudio will set CURL_CA_BUNDLE
# environment variable.)
# 4.
# nytt cert i ~/certificate/..
# certutil -d sql:./.pki/nssdb -A -t 'CT,c,c' -n "exam.ida.liu.se - Linkoping university" -i myCA.der
# certutil -d sql:./.pki/nssdb -D -n "exam.ida.liu.se - Linkoping university"
# certutil -d sql:./.pki/nssdb -L
# OLDER: Change in exam environment, (after added in Chromium myCA.der end up "somewhere" in ~/.pki/*
# Use this command to edit chrome exam template settings:
# env -i XAUTHORITY=/home/examadm/.Xauthority DISPLAY=$DISPLAY HOME=/home/examadm/Version-3.1/sea/env/courses/template_student_home_files/owned_by_uid chromium-browser --proxy-server="exam.ida.liu.se:3128" --temp-profile
# #
# Recommended minimum configuration: # Recommended minimum configuration:
...@@ -131,13 +102,12 @@ always_direct allow all ...@@ -131,13 +102,12 @@ always_direct allow all
ssl_bump server-first all ssl_bump server-first all
# Inititate with: # Inititate with:
# /usr/lib64/squid/security_file_certgen -c -s /var/lib/ssl_db
sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 4MB sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 4MB
sslcrtd_children 32 startup=5 idle=1 sslcrtd_children 32 startup=5 idle=1
# the following two options are unsafe and not always necessary: # the following two options are unsafe and not always necessary:
sslproxy_cert_error allow all sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER # sslproxy_flags DONT_VERIFY_PEER
workers 8 workers 8
# Uncomment and adjust the following to add a disk cache directory. # Uncomment and adjust the following to add a disk cache directory.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment