mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-21 08:23:08 +01:00
Master Module - acng allow ssl for docker and salt
This commit is contained in:
Mike Reeves
@@ -0,0 +1,90 @@
|
||||
# This is a configuration file for apt-cacher-ng, a smart caching proxy for
|
||||
CacheDir: /var/cache/apt-cacher-ng
|
||||
LogDir: /var/log/apt-cacher-ng
|
||||
Port: 3142
|
||||
# BindAddress: localhost 192.168.7.254 publicNameOnMainInterface
|
||||
Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives
|
||||
Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu.us # Ubuntu Archives
|
||||
Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here
|
||||
Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux
|
||||
Remap-centosmirrorlist: mirrorlist.centos.org
|
||||
Remap-centos: file:centos_mirrors ; file:backends_centos.us # Fedora Linux
|
||||
Remap-fedora: file:fedora_mirrors ; file:backends_fedora.us # Fedora Linux
|
||||
Remap-epel: file:epel_mirrors ; file:backends_epel.us # Fedora EPEL
|
||||
Remap-slrep: file:sl_mirrors # Scientific Linux
|
||||
Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo # Gentoo Archives
|
||||
#Remap-alpine: file:alpine_mirrors /alpine #; dl-cdn.alpinelinux.org # Alpine Archives
|
||||
Remap-alpine: dl-cdn.alpinelinux.org
|
||||
Remap-yarn: registry.yarnpkg.com
|
||||
Remap-npm: registry.npmjs.org
|
||||
Remap-node: nodejs.org
|
||||
Remap-apache: file:apache_mirrors ; file:backends_apache.us
|
||||
# Remap-secdeb: security.debian.org
|
||||
ReportPage: acng-report.html
|
||||
# SocketPath:/var/run/apt-cacher-ng/socket
|
||||
UnbufferLogs: 1
|
||||
VerboseLog: 2
|
||||
ForeGround: 1
|
||||
# PidFile: /var/run/apt-cacher-ng/pid
|
||||
# Offlinemode: 0
|
||||
# ForceManaged: 0
|
||||
ExTreshold: 8
|
||||
# ExAbortOnProblems: 1
|
||||
# ExSuppressAdminNotification: 1
|
||||
# StupidFs: 0
|
||||
# ForwardBtsSoap: 1
|
||||
# DnsCacheSeconds: 1800
|
||||
# MaxStandbyConThreads: 8
|
||||
MaxConThreads: 120
|
||||
#
|
||||
# - static data that doesn't change silently ont he server (PFilePattern)
|
||||
# - volatile data that can be changed like every hour (VFilePattern)
|
||||
# - special static data that shared some file names with volatile data,
|
||||
# and in doubt should be identified as static (SPfilePattern)
|
||||
# - a "whitelist pattern" with hints for the regular expiration job telling
|
||||
# to keep the files even if they are not referenced by others, like crypto
|
||||
# signatures with which clients begin their downloads (WfilePattern)
|
||||
#
|
||||
VfilePatternEx: (metalink\?repo=[0-9a-zA-Z-]+&arch=[0-9a-zA-Z_-]+|/\?release=[0-9]+&arch=|repodata/.*\.(xml|sqlite)\.(gz|bz2)|APKINDEX.tar.gz|filelists\.xml\.gz|filelists\.sqlite\.bz2|repomd\.xml|packages\.[a-zA-Z][a-zA-Z]\.gz)
|
||||
PfilePatternEx: (/dists/.*/by-hash/.*|\.tgz|\.tar|\.xz|\.bz2|\.rpm|\.apk)$
|
||||
# WfilePatternEx:
|
||||
# SPfilePatternEx:
|
||||
|
||||
Debug:1
|
||||
# ExposeOrigin: 0
|
||||
# LogSubmittedOrigin: 0
|
||||
# UserAgent: Yet Another HTTP Client/1.2.3p4
|
||||
# RecompBz2: 0
|
||||
# NetworkTimeout: 60
|
||||
|
||||
# DontCacheRequested: linux-.*_10\...\.Custo._i386
|
||||
# DontCacheRequested: 192.168.0 ^10\..* 172.30
|
||||
# DontCacheResolved: ubuntumirror.local.net
|
||||
DontCache: mirrorlist.centos.org
|
||||
|
||||
# DirPerms: 00755
|
||||
# FilePerms: 00664
|
||||
|
||||
LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng
|
||||
# PrecacheFor: debrep/dists/unstable/*/source/Sources* debrep/dists/unstable/*/binary-amd64/Packages*
|
||||
# RequestAppendix: X-Tracking-Choice: do-not-track\r\n
|
||||
# ConnectProto: v6 v4
|
||||
# KeepExtraVersions: 0
|
||||
# UseWrap: 0
|
||||
FreshIndexMaxAge: 300
|
||||
# AllowUserPorts: 80
|
||||
RedirMax: 6
|
||||
# VfileUseRangeOps is set for fedora volatile files on mirrors that dont to range
|
||||
VfileUseRangeOps: 0
|
||||
# PassThroughPattern: private-ppa\.launchpad\.net:443$
|
||||
# PassThroughPattern: .* # this would allow CONNECT to everything
|
||||
PassThroughPattern: (download\.docker\.com:443|repo\.saltstack\.com:443|yum\.dockerproject\.org:443|download\.docker\.com:443|registry\.npmjs\.org:443|registry\.yarnpkg\.com:443)$ # yarn/npm pkg, cant to http :/
|
||||
# ResponseFreezeDetectTime: 500
|
||||
# ReuseConnections: 1
|
||||
# PipelineDepth: 255
|
||||
# CApath: /etc/ssl/certs
|
||||
# CAfile:
|
||||
# OptProxyTimeout: -1
|
||||
# MaxDlSpeed: 500
|
||||
# MaxInresponsiveDlSize: 64000
|
||||
# BadRedirDetectMime: text/html
|
||||
@@ -19,6 +19,13 @@
|
||||
|
||||
# Create the directories for apt-cacher-ng
|
||||
aptcacherconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/aptcacher-ng/etc
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
aptcachercachedir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/aptcacher-ng/cache
|
||||
- user: 939
|
||||
@@ -33,6 +40,12 @@ aptcacherlogdir:
|
||||
- makedirs: true
|
||||
|
||||
# Copy the config
|
||||
|
||||
acngcopyconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/aptcacher-ng/etc/acng.conf
|
||||
- source: salt://master/files/acng/acng.conf
|
||||
|
||||
# Install the apt-cacher-ng container - TODO Create a so-docker for it
|
||||
so-aptcacherng:
|
||||
docker_container.running:
|
||||
@@ -42,6 +55,7 @@ so-aptcacherng:
|
||||
- 0.0.0.0:3142:3142
|
||||
- binds:
|
||||
- /opt/so/conf/aptcacher-ng/cache:/var/cache/apt-cacher-ng:rw
|
||||
- /opt/so/conf/aptcacher-ng/etc/acng.conf:/etc/apr-cacher-ng/acng.conf:ro
|
||||
|
||||
|
||||
# Create the config directory for the docker registry
|
||||
|
||||
Reference in New Issue
Block a user