squid reverseproxy #32

  • By sidnei
  • Latest version (#32)
  • precise
  • Stable
  • Edge

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Squid version 3 is a major rewrite of Squid in C++ and introduces a number of new features including ICAP and ESI support.
Requires the following relation settings from consuming services:

ip: service ip address
port: service port
sitenames: space-delimited list of list of vhosts provided

Although squid can be configured as a traditional forward proxy, this charm supports only a reverse proxy configuration.


Overview

Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, and HTTP data objects.

Squid version 3 is a major rewrite of Squid in C++ and introduces a number of
new features including ICAP and ESI support.

http://www.squid-cache.org/

Usage

General

This charm provides squid in a reverse proxy setup.

http://en.wikipedia.org/wiki/Reverse_proxy

The most common scenario is to accelerate a web service:
You run squid on your outside edge, forwarding queries to
one or multiple internal web application servers.

The charm can be deployed in a single or multi-unit setup.

To deploy a single unit:

juju deploy squid-reverseproxy

To add more units:

juju add-unit squid-reverseproxy

Example with apache:

juju deploy apache2
juju deploy squid-reverseproxy
juju add-relation apache2:website-cache squid-reverseproxy:cached-website

This will put squid in front of apache2.

Once deployed, you can ssh into the deployed service:

juju ssh <unit>

To list running units:

juju status

To start monitoring Squid using Nagios:

juju deploy nrpe-external-master
juju add-relation squid-reverseproxy nrpe-external-master

This charm requires the following relation settings from clients:

ip: service ip address
port: service port
sitenames: space-delimited list of virtual hosts to whitelist

The options that can be configured in config.yaml should be self-explanatory.
If not, please file a bug against this charm.

HTTPS Reverse Proxying

Assuming you have a squid3 deb compiled with --enable-ssl, you can setup a
single https reverse proxy.

An example of this would be:

juju set squid-reverseproxy enable_https=true ssl_key="$(base64 < /path/to/cert.key)" ssl_cert="$(base64 < /path/to/cert.crt)"

This should enable https access to the default website.

A current implementation limitation is that it doesn't support multiple https vhosts.

Monitoring

This charm provides relations that support monitoring via Nagios using
nrpe_external_master as a subordinate charm.

Caveats

The example above is just for reference. In order to make it usable, you
will have to supply a proper virtual host configuration for apache2.

Configuration

ssl_key
(string) Base64 encoded ssl key file
via
(string) Add 'Via' header to outgoing requests.
on
https_port
(int) Squid https listening port
443
target_objs_per_dir
(int) Target number of objects to store in L2 directories.
400
refresh_patterns
(string) JSON- or YAML-formatted list of refresh patterns. For example: '{"http://www.ubuntu.com": {"min": 0, "percent": 20, "max": 60}, "http://www.canonical.com": {"min": 0, "percent": 20, "max": 120}}'
nagios_service_type
(string) What service this component forms part of, e.g. supermassive-squid-cluster. Used by nrpe.
generic
port
(int) Squid listening port.
3128
x_balancer_name_allowed
(boolean) Route based on X-Balancer-Name header set by Apache charm.
snmp_allowed_ips
(string) Single, or json-formatted list of, IP (with optional subnet mask) allowed to query SNMP.
ssl_keyfile
(string) File path to ssl key file inside deployed units
/etc/squid3/ssl/cert.key
nagios_check_http_params
(string) The parameters to pass to the nrpe plugin check_http.
ssl_certfile
(string) File path to ssl cert file inside deployed units
/etc/squid3/ssl/cert.crt
snmp_community
(string) SNMP community string for monitoring the service.
https_options
(string) Options for https port
accel vhost
port_options
(string) Squid listening port options
accel vhost
max_obj_size_kb
(int) Maximum size of an object to be cached (KB).
8192
cache_size_mb
(int) Maximum size of the on-disk object cache (MB). Set to zero to disable disk caching.
512
avg_obj_size_kb
(int) Estimated average size of a cached object.
16
package_status
(string) The status of service-affecting packages will be set to this value in the dpkg database. Useful valid values are "install" and "hold".
install
services
(string) Services definition(s). Although the variable type is a string, this is interpreted by the charm as yaml. To use multiple services within the same instance, specify all of the variables (service_name, service_host, service_port) with a "-" before the first variable, service_name, as below. - service_name: example_proxy service_domain: example.com servers: - [foo.internal, 80] - [bar.internal, 80]
cache_mem_mb
(int) Maximum size of in-memory object cache (MB). Should be smaller than cache_size_mb. Set to zero to disable caching completely.
256
ssl_cert
(string) Base64 encoded ssl cert file
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-squid-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
enable_https
(boolean) Enable https access for squid, requires a squid compiled with --enable-ssl, certificate and private key
enable_forward_proxy
(boolean) Enables forward proxying
cache_dir
(string) The top-level directory where cache swap files will be stored.
/var/spool/squid3
log_format
(string) Format of the squid log.
%>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh