squid forwardproxy #3

  • By charmers
  • Latest version (#3)
  • precise
  • Stable
  • Edge

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Squid version 3 is a major rewrite of Squid in C++ and introduces a number of new features including ICAP and ESI support.
Requires the following relation settings from clients:

ip: service ip address
port: service port
sitenames: space-delimited list of vhosts to whitelist


Overview

Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, and HTTP data objects.

Squid version 3 is a major rewrite of Squid in C++ and introduces a number of
new features including ICAP and ESI support.

http://www.squid-cache.org/

Usage

General

This charm provides squid in a forward proxy setup.

http://en.wikipedia.org/wiki/Proxy_server#Open_proxies

The most common scenario is having a service that you do not want to grant
direct Internet access use the forward proxy. It can both filter outgoing
http requests and cache frequent requests to the same targets.

Another scenario is providing a proxy server for an office environment.

The charm can be deployed in a single or multi-unit setup.

To deploy a single unit:

juju deploy squid-forwardproxy

To add more units:

juju add-unit squid-forwardproxy

Once deployed, you can ssh into the deployed service:

juju ssh <unit>

To list running units:

juju status

To start monitoring Squid using Nagios:

juju deploy nrpe-external-master
juju add-relation squid-forwardproxy nrpe-external-master

This charm requires the following relation settings from clients:

ip: service ip address
port: service port
sitenames: space-delimited list of sites to whitelist

The options that can be configured in config.yaml should be self-explanatory. If not, please file a bug against this charm.

Monitoring

This charm provides relations that support monitoring via Nagios using nrpe_external_master as a subordinate charm.

Configuration

auth_list
(string) YAML-formatted list of squid auth dictionaries. For example: '[{dstdomain: [www.ubuntu.com], src: [1.2.3.4, 5.6.7.0/24]}, {url_regex: ["https?://[^/]+[.]internal(/.*)?"], src: [192.168.0.0/16]}]' NOTE: you can use the following oneliner to verify your YAML string: python -c 'import yaml;import sys;print yaml.dump(yaml.load(sys.argv[1]))' '<string>'
cache_mem_mb
(int) Maximum size of in-memory object cache (MB). Should be smaller than cache_size_mb.
256
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-postgresql-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
snmp_community
(string) SNMP community string for monitoring the service.
snmp_allowed_ips
(string) Single, or json-formatted list of, IP (with optional subnet mask) allowed to query SNMP.
max_obj_size_kb
(int) Maximum size of an object to be cached (KB).
8192
avg_obj_size_kb
(int) Estimated average size of a cached object.
16
cache_size_mb
(int) Maximum size of the on-disk object cache (MB).
512
cache_dir
(string) The top-level directory where cache swap files will be stored.
/var/spool/squid3
nagios_check_url
(string) The URL to check squid has access to
http://www.ubuntu.com
target_objs_per_dir
(int) Target number of objects to store in L2 directories.
400
refresh_patterns
(string) YAML-formatted list of refresh patterns. For example: '{"http://www.ubuntu.com": {min: 0, percent: 20, max: 60}, "http://www.canonical.com": {min: 0, percent: 20, max: 120}}' NOTE: you can use the following oneliner to verify your YAML string: python -c 'import yaml;import sys;print yaml.dump(yaml.load(sys.argv[1]))' '<string>'
log_format
(string) Format of the squid log.
%>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
nagios_service_type
(string) What service this component forms part of e.g. productsearch, uccs etc. Used by nrpe
generic
port
(int) Squid listening port.
3128