http_access allow localnet

http_port 3128 ssl-bump \
          generate-host-certificates=on \
          dynamic_cert_mem_cache_size=4MB \
          tls-cert=/etc/ssl/certs/squid-ca.pem \
          tls-key=/etc/ssl/private/squid-ca.key

# We do not (cannot! it's a Squid limitation, apparently?) ssl-bump on
# HTTPS connections to the proxy. So what use is it? The answer: it's
# a means by which clients can download the cert of the proxy and then
# add it to their trusted roots (!!!).
#
https_port 3127 \
           tls-cert=/etc/ssl/certs/squid-ca.pem \
           tls-key=/etc/ssl/private/squid-ca.key

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
ssl_bump splice all

cache_dir aufs /var/spool/squid 262144 16 256 min-size=0
refresh_pattern . 10080 9999% 43200

maximum_object_size 10240 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 0 MB
offline_mode on

# cache_store_log stdio:/var/log/squid/store.log
strip_query_terms off