config cdn_cache 'main'
	option enabled '0'
	option cache_dir '/var/cache/cdn-squid'
	option cache_size '2048'
	option max_object_size '1024'
	option cache_valid '10080'
	option listen_port '3128'
	option transparent '1'
	option ssl_bump '0'
	option log_level '1'

config cache_policy 'windows_update'
	option enabled '1'
	option name 'Windows Update'
	option domains 'windowsupdate.com download.microsoft.com'
	option extensions 'exe msu cab msi'
	option cache_time '10080'
	option max_size '2048'
	option priority '10'

config cache_policy 'linux_repos'
	option enabled '1'
	option name 'Linux Repositories'
	option domains 'archive.ubuntu.com deb.debian.org mirrors.kernel.org'
	option extensions 'deb rpm pkg.tar.zst'
	option cache_time '4320'
	option max_size '1024'
	option priority '10'

config cache_policy 'android_apps'
	option enabled '1'
	option name 'Android Apps'
	option domains 'play.googleapis.com apk-dl.com'
	option extensions 'apk obb'
	option cache_time '10080'
	option max_size '512'
	option priority '5'

config cache_policy 'steam_games'
	option enabled '1'
	option name 'Steam/Gaming'
	option domains 'steampowered.com steamcontent.com steamcdn-a.akamaihd.net epicgames-download1.akamaized.net origin-a.akamaihd.net'
	option extensions 'zip pak vpk depot manifest'
	option cache_time '43200'
	option max_size '10240'
	option priority '1'

config cache_policy 'apple_updates'
	option enabled '1'
	option name 'Apple Updates'
	option domains 'swcdn.apple.com swscan.apple.com itunes.apple.com'
	option extensions 'ipa pkg dmg'
	option cache_time '10080'
	option max_size '4096'
	option priority '8'

config cache_policy 'openwrt_packages'
	option enabled '1'
	option name 'OpenWrt Packages'
	option domains 'downloads.openwrt.org'
	option extensions 'ipk'
	option cache_time '10080'
	option max_size '512'
	option priority '10'

config cache_policy 'static_content'
	option enabled '1'
	option name 'Static Web Content'
	option domains '*'
	option extensions 'js css woff woff2 ttf png jpg jpeg gif svg ico webp'
	option cache_time '1440'
	option max_size '50'
	option priority '1'

config exclusion 'bypass_https'
	option enabled '1'
	option name 'HTTPS Banking'
	option domains 'bank paypal stripe'
	option reason 'Security sensitive'

config exclusion 'bypass_streaming'
	option enabled '1'
	option name 'Video Streaming'
	option domains 'netflix.com youtube.com twitch.tv'
	option reason 'Real-time content'

config statistics 'stats'
	option retention_days '30'
	option sample_interval '60'

# API Failover configuration - serve stale content on backend errors
config api_failover 'api_failover'
	option enabled '1'
	# Serve stale content for this many seconds after backend failure
	option stale_if_error '86400'
	# Offline mode - serve stale content for all requests (set by hotplug)
	option offline_mode '0'
	# Enable collapsed forwarding (combine duplicate requests)
	option collapsed_forwarding '1'
	# API URL patterns to cache aggressively
	list api_patterns '/api/'
	list api_patterns '.json'
	# Connection timeouts (seconds)
	option connect_timeout '5'
	option read_timeout '30'
