github.com/filecoin-project/bacalhau@v0.3.23-0.20230228154132-45c989550ace/pkg/executor/docker/gateway/squid.conf

github.com/filecoin-project/bacalhau@v0.3.23-0.20230228154132-45c989550ace/pkg/executor/docker/gateway/squid.conf (about)

     1  # Bacalhau config file for Squid
     2  #
     3  # This config file sets up a list of allowed domains that the client is allowed
     4  # to access. The list of clients is restricted to just executors running the job
     5  # (so even if there is some misconfiguration of the Docker networking, this acts
     6  # as another line of defence). 
     7  #
     8  # Both of these access lists are expected to be in /etc/bacalhau somehow.
     9  
    10  # The syntax for the allowed-domains list is one qualified domain per line e.g.:
    11  #
    12  #     .domain1.com
    13  #     .domain2.com
    14  acl allowed-domains dstdomain "/etc/bacalhau/allowed-domains.txt"
    15  
    16  # The syntax for the allowed-clients list is one IP addr/subnet per line e.g.:
    17  #
    18  #     172.1.2.0/16
    19  #     172.2.3.4
    20  acl allowed-clients src "/etc/bacalhau/allowed-clients.txt"
    21  
    22  # A valid request has to be for an allowed domain and from an allowed client:
    23  acl valid_reqs_from_executor all-of allowed-domains allowed-clients
    24  
    25  # Allow valid requests to happen and deny all others:
    26  http_access allow valid_reqs_from_executor
    27  http_access deny all
    28  
    29  # Run the HTTP proxy on port:
    30  http_port 8080
    31  
    32  # Don't log Docker health checks
    33  acl exclude req_header Docker-Health-Check .*
    34  access_log none exclude