squid.conf

access_log stdio:/var/log/squid/access.log squid

# http://marek.helion.pl/install/squid.html
http_access allow all
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/squid.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4 MB

acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
acl nobumpSites ssl::server_name "/etc/squid/nobump-sites.txt"
ssl_bump peek step1 all               # at step 1 we're peeking at client TLS-request in order to find the "SNI"
ssl_bump peek step2 nobumpSites       # here we're peeking at server certificate
ssl_bump splice step3 nobumpSites     # here we're splicing connections which match the whitelist
ssl_bump stare step2                  # here we're staring at server certificate
ssl_bump bump step3                   # finally we're bumping all other SSL connections at step 3

cache_mem 128 MB
maximum_object_size 4096 MB

coredump_dir /var/cache/squid
cache_dir ufs /var/cache/squid 2000 16 256

refresh_pattern registry.npmjs.org                                                  10800 20% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
# compressed files
refresh_pattern -i \.(7z|a|ace|afa|alz|ar|arc|arj|b1|b6z|ba|bh|bz2|cab)             10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(car|cfs|cpio|cpt|dar|dd|dgc|dmg|ear|ecc|gca|gz|ha|hki)        10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(ice|iso|kgb|lbr|LBR|lha|lz|lzh|lzma|lzo|lzx|mar)              10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pak|partimg|pea|pim|pit|qda|rar|rev|rk|rz|s7z|sbx|sda)        10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(sea|sen|sfark|sfx|shar|shk|sit|sitx|sqx|sz|tar|tbz2|tgz)      10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(txz|uc|uc0|uc2|uca|ucn|ue2|uha|ur2|wim|xar|xp3|xz)            10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(yz1|zip|zipx|zoo|zpaq|zz)                                     10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims


# image files
refresh_pattern -i \.(ani|anim|apng|art|bmp|bpg|bsave|cal|cin|cpc|cpt|cur|dds)      10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(dpx|ecw|exr|fits|flic|flif|fpx|gif|hdri|hevc|icer|icns)       10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(ico|ics|ilbm|jbig|jbig2|jng|jpeg|kra|miff|mng|nrrd|ora)       10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pam|pbm|pcx|pgf|pgm|png|pnm|ppm|psb|psd|psp|qtvr|ras)         10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rgbe|sgi|tga|tiff|ufo|ufp|wbmp|webp|xbm|xcf|xpm|xr|xt|xwd)    10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims


# video files
refresh_pattern -i \.(3g2|3gp|amv|asf|avi|drc|f4a|f4b|f4p|f4v|flv|gif|gifv|m2ts)    10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(m2v|m4v|mkv|mng|mov|mp2|mp4|mpe|mpeg|mpg|mpv|mts|mxf|nsv)     10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(ogv|qt|rmvb|roq|svi|vob|webm|wmv|yuv)                         10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims


# audio files
refresh_pattern -i \.(8svx|aa|aac|aax|act|aiff|amr|ape|au|awb|dct|dss|dvf|flac)     10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(gsm|iklax|ivs|m4a|m4b|m4p|mmf|mogg|mp3|mpc|msv|nsf|oga)       10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(ogg|opus|ra|raw|rm|sln|tta|vox|wav|wma|wv)                    10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims


# package managers
refresh_pattern -i \.(apk|appx|appxbundle|deb|ebuild|orb|pet|pisi|pkg|pup|rpm|snap) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims


# applications
refresh_pattern -i \.(jar|war|phar)                                                 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims


# documents
refresh_pattern -i \.(doc|docb|docm|docx|dot|dotm|dotx|pot|potm|potx|ppam|pps)      10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(ppsm|ppsx|ppt|pptm|pptx|sldm|sldx|wbk|xla|xlam|xll|xlm)       10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(xls|xlsb|xlsm|xlsx|xlt|xltm|xltx|xlw)                         10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(odf|odg|odm|odp|ods|odt|org|otg|oth|otp|ots|ott)              10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pdf)                                                          10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims


refresh_pattern ^ftp:             1440    20% 10080
refresh_pattern ^gopher:          1440     0% 1440
refresh_pattern (/cgi-bin/|\?)       0     0% 0
refresh_pattern .                    0    20% 4320