gw1/squid: Allow UniFi controller to OCI registries
The UniFi Network server needs to be able access the _linuxserver.io_/GitHub and Docker Hub OCI image registries for the Unifi Network and Caddy container images, respectively.frigate-exporter
parent
805a900f8a
commit
3214d4b9b2
|
|
@ -9,6 +9,8 @@ squid_acl:
|
||||||
- src 172.30.0.0/26
|
- src 172.30.0.0/26
|
||||||
kubernetes:
|
kubernetes:
|
||||||
- src 172.30.0.160/28
|
- src 172.30.0.160/28
|
||||||
|
unifi_controller:
|
||||||
|
- src 172.30.0.242/32
|
||||||
SSL_ports:
|
SSL_ports:
|
||||||
- port 443
|
- port 443
|
||||||
Safe_ports:
|
Safe_ports:
|
||||||
|
|
@ -36,6 +38,15 @@ squid_acl:
|
||||||
- dstdomain rpm.grafana.com
|
- dstdomain rpm.grafana.com
|
||||||
stripe_api:
|
stripe_api:
|
||||||
- dstdomain api.stripe.com
|
- dstdomain api.stripe.com
|
||||||
|
dockerhub:
|
||||||
|
- dstdomain registry-1.docker.io
|
||||||
|
- dstdomain docker.io
|
||||||
|
- dstdomain auth.docker.io
|
||||||
|
- dstdomain production.cloudflare.docker.com
|
||||||
|
linuxserverio:
|
||||||
|
- dstdomain lscr.io
|
||||||
|
- dstdomain ghcr.io
|
||||||
|
- dstdomain pkg-containers.githubusercontent.com
|
||||||
|
|
||||||
squid_http_access:
|
squid_http_access:
|
||||||
- 'deny !Safe_ports'
|
- 'deny !Safe_ports'
|
||||||
|
|
@ -50,6 +61,8 @@ squid_http_access:
|
||||||
- allow trusted kickstart
|
- allow trusted kickstart
|
||||||
- allow trusted dch_repo
|
- allow trusted dch_repo
|
||||||
- allow kubernetes stripe_api
|
- allow kubernetes stripe_api
|
||||||
|
- allow unifi_controller dockerhub
|
||||||
|
- allow unifi_controller linuxserverio
|
||||||
- deny all
|
- deny all
|
||||||
|
|
||||||
squid_cache_dir:
|
squid_cache_dir:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue