agent: more robust squid config

examples/agent/Dockerfile.squid

@@ -1,4 +1,4 @@
-FROM debian:latest
+FROM debian:stable
 
 ENV SQUID_CACHE_DIR=/var/spool/squid \
     SQUID_LOG_DIR=/var/log/squid

examples/agent/docker-compose.yml

@@ -61,10 +61,10 @@ services:
       dockerfile: Dockerfile.squid
     volumes:
       - ./squid/conf/squid.conf:/etc/squid/squid.conf:ro
-      - ./squid/cache:/var/spool/squid
-      - ./squid/logs:/var/log/squid
+      - ./squid/cache:/var/spool/squid:rw
+      - ./squid/logs:/var/log/squid:rw
       - ./squid/ssl_cert:/etc/squid/ssl_cert:ro
-      - ./squid/ssl_db:/var/spool/squid/ssl_db
+      - ./squid/ssl_db:/var/spool/squid/ssl_db:rw
     extra_hosts:
       - host.docker.internal:host-gateway
     networks:

examples/agent/squid/conf/squid.conf

@@ -5,11 +5,16 @@
 http_port 3128 ssl-bump cert=/etc/squid/ssl_cert/squidCA.pem tls-cafile=/etc/squid/ssl_cert/squidCA.crt
 
 sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/spool/squid/ssl_db/db -M 20MB
-sslcrtd_children 5
+sslcrtd_children 5 startup=1
 acl step1 at_step SslBump1
 ssl_bump peek step1
 ssl_bump bump all
 
+dns_nameservers 8.8.8.8 8.8.4.4
+dns_timeout 5 seconds
+positive_dns_ttl 24 hours
+negative_dns_ttl 1 minutes
+
 # Forbid access to the host.
 # If you want to allow tools to call llama-server on the host (e.g. embeddings, or recursive thoughts),
 # you can comment out the next two lines.
@@ -31,11 +36,12 @@ refresh_pattern \.debian\.org/.*?\.(deb|udeb|tar\.(gz|xz|bz2))$   129600 100% 12
 
 # Configure cache
 cache_dir ufs /var/spool/squid 10000 16 256
-cache_mem 200 MB
+cache_mem 256 MB
 maximum_object_size 1024 MB
+maximum_object_size_in_memory 512 MB
 
 # Configure logs
 strip_query_terms off
-cache_log /var/log/squid/cache.log
-access_log /var/log/squid/access.log squid
+cache_log stdio:/var/log/squid/cache.log
+access_log stdio:/var/log/squid/access.log squid
 cache_store_log none