gw1/squid: Allow UniFi controller to OCI registries
The UniFi Network server needs to be able access the _linuxserver.io_/GitHub and Docker Hub OCI image registries for the Unifi Network and Caddy container images, respectively.frigate-exporter
parent
805a900f8a
commit
3214d4b9b2
|
|
@ -9,6 +9,8 @@ squid_acl:
|
|||
- src 172.30.0.0/26
|
||||
kubernetes:
|
||||
- src 172.30.0.160/28
|
||||
unifi_controller:
|
||||
- src 172.30.0.242/32
|
||||
SSL_ports:
|
||||
- port 443
|
||||
Safe_ports:
|
||||
|
|
@ -36,6 +38,15 @@ squid_acl:
|
|||
- dstdomain rpm.grafana.com
|
||||
stripe_api:
|
||||
- dstdomain api.stripe.com
|
||||
dockerhub:
|
||||
- dstdomain registry-1.docker.io
|
||||
- dstdomain docker.io
|
||||
- dstdomain auth.docker.io
|
||||
- dstdomain production.cloudflare.docker.com
|
||||
linuxserverio:
|
||||
- dstdomain lscr.io
|
||||
- dstdomain ghcr.io
|
||||
- dstdomain pkg-containers.githubusercontent.com
|
||||
|
||||
squid_http_access:
|
||||
- 'deny !Safe_ports'
|
||||
|
|
@ -50,6 +61,8 @@ squid_http_access:
|
|||
- allow trusted kickstart
|
||||
- allow trusted dch_repo
|
||||
- allow kubernetes stripe_api
|
||||
- allow unifi_controller dockerhub
|
||||
- allow unifi_controller linuxserverio
|
||||
- deny all
|
||||
|
||||
squid_cache_dir:
|
||||
|
|
|
|||
Loading…
Reference in New Issue