My concern about your last configuration is that it appears to change your squid deb proxy into an open proxy by which anything can make a request to any website. At least that is my understanding of: http_access allow all
(Its no longer a 'deb' proxy, its just a plain http proxy.) That may be what you want, but I'm not sure I would put it in "everyone who wants a faster experience, just do this" page. John =:-> On Tue, Aug 16, 2016 at 2:07 AM, Reed O'Brien <reed.obr...@canonical.com> wrote: > Yes thanks for doing the work to share this menn0. It is much appreciated. > > I also needed to change the following in squid-deb-proxy (even though I > added a bunch of domains to /etc/squid-deb-proxy/mirror- > dstdomain.acl.d/10-default): > --- a/squid-deb-proxy/squid-deb-proxy.conf > +++ b/squid-deb-proxy/squid-deb-proxy.conf > @@ -80,12 +80,12 @@ http_access deny blockedpkgs > # allow access only to official archive mirrors > # uncomment the third and fouth line to permit any unlisted domain > #http_access deny !to_archive_mirrors > -http_access allow !to_archive_mirrors > +http_access allow all #!to_archive_mirrors > > # don't cache domains not listed in the mirrors file > # uncomment the third and fourth line to cache any unlisted domains > #cache deny !to_archive_mirrors > -cache allow !to_archive_mirrors > +cache allow all > > # allow access from our network and localhost > http_access allow allowed_networks > > And update some firewall rules aside from the ones shipped with squid (tcp > only is prolly fine here): > diff --git a/ufw/user.rules b/ufw/user.rules > index 121b5b5..4cca3b0 100644 > --- a/ufw/user.rules > +++ b/ufw/user.rules > @@ -47,6 +47,10 @@ > ### tuple ### allow tcp 2048,3128,3130,3401,4827 0.0.0.0/0 any 0.0.0.0/0 > Squid - in > -A ufw-user-input -p tcp -m multiport --dports 2048,3128,3130,3401,4827 > -j ACCEPT -m comment --comment 'dapp_Squid' > > +### tuple ### allow any 8000 0.0.0.0/0 any 0.0.0.0/0 in > +-A ufw-user-input -p tcp --dport 8000 -j ACCEPT > +-A ufw-user-input -p udp --dport 8000 -j ACCEPT > + > ### END RULES ### > > ### LOGGING ### > diff --git a/ufw/user6.rules b/ufw/user6.rules > index 2c1aac4..d48de60 100644 > --- a/ufw/user6.rules > +++ b/ufw/user6.rules > @@ -47,6 +47,10 @@ > ### tuple ### allow tcp 2048,3128,3130,3401,4827 ::/0 any ::/0 Squid - in > -A ufw6-user-input -p tcp -m multiport --dports 2048,3128,3130,3401,4827 > -j ACCEPT -m comment --comment 'dapp_Squid' > > +### tuple ### allow any 8000 ::/0 any ::/0 in > +-A ufw6-user-input -p tcp --dport 8000 -j ACCEPT > +-A ufw6-user-input -p udp --dport 8000 -j ACCEPT > > I've also added the config items to clouds.yaml and they work there. I'll > update the wiki later this or next week. > > > On Mon, Aug 15, 2016 at 2:27 PM Casey Marshall < > casey.marsh...@canonical.com> wrote: > >> Menno, >> This is great and thanks for sharing! >> >> In case anyone else runs into this.. charms that install from PPAs will >> fail with this squid-deb-proxy setup. You'll need to allow archive mirrors >> for this to work. See https://1337.tips/ubuntu- >> cache-packages-using-squid-deb-proxy/ for an example. >> >> On Mon, Aug 15, 2016 at 9:31 AM, Rafael Gonzalez < >> rafael.gonza...@canonical.com> wrote: >> >>> Hi Menno, >>> >>> Thanks for putting this together, great tips. I recently ran into an >>> issue which others could see as well. >>> >>> One may need to adjust the following for large bundle deployments on >>> LXD. A bundle deployment fails with errors about "Too many files open." >>> This will increase number of max open files: >>> >>> echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf >>> && sudo sysctl -p >>> >>> >>> Regards, >>> >>> Rafael O. Gonzalez >>> Canonical, Solutions Architect >>> rgo...@canonical.com >>> 1-646-481-7232 >>> >>> >>> >>> On Sun, Aug 14, 2016 at 8:07 PM, Menno Smits <menno.sm...@canonical.com> >>> wrote: >>> >>>> I've put together a few tips on the wiki for speeding up bootstrap and >>>> provisioning times when using the Juju lxd provider. I find these >>>> techniques helpful when checking my work or investigating bugs - situations >>>> where you end up bootstrapping and deploying many times. >>>> >>>> https://github.com/juju/juju/wiki/Faster-LXD >>>> >>>> If you have your own techniques, or improvements to what I'm doing, >>>> please update the article. >>>> >>>> - Menno >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Juju-dev mailing list >>>> juju-...@lists.ubuntu.com >>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/ >>>> mailman/listinfo/juju-dev >>>> >>>> >>> >>> -- >>> Juju-dev mailing list >>> juju-...@lists.ubuntu.com >>> Modify settings or unsubscribe at: https://lists.ubuntu.com/ >>> mailman/listinfo/juju-dev >>> >>> >> -- >> Juju-dev mailing list >> juju-...@lists.ubuntu.com >> Modify settings or unsubscribe at: https://lists.ubuntu.com/ >> mailman/listinfo/juju-dev >> > > -- > Juju-dev mailing list > juju-...@lists.ubuntu.com > Modify settings or unsubscribe at: https://lists.ubuntu.com/ > mailman/listinfo/juju-dev > >
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju