Ansible Role: squid

This role sets up Squid on Ubuntu 16.04 LTS and possibly future LTS versions. It also includes support for the squid-deb-proxy package.

Role Variables

Here are the variables you can use, with default values (see defaults/main.yml):

• squid_hostname: Set to the value of ansible_host.

  squid_hostname: "{{ ansible_host }}"
  

• squid_allowed_networks: A list of networks allowed to connect, defaulting to common private IP ranges.

  squid_allowed_networks:
    - 10.0.0.0/8
    - 172.16.0.0/12
    - 192.168.0.0/16
    - 127.0.0.1
    - fe80::/64
    - ::1
  

• squid_acls: List entries for access control lists (ACLs) to be added.

  squid_acls: []
  

• squid_log_xff_acls: ACLs to use for logging the X-Forwarded-For header.

  squid_log_xff_acls: []
  

• squid_logformat: Specify the log format Squid should use.

  squid_logformat: <fallback to default>
  

• squid_deb_proxy: Set to true for a proxy optimized for Ubuntu mirrors.

  squid_deb_proxy: false
  

• squid_deb_proxy_avahi: Set to true to broadcast the deb proxy using Avahi.

  squid_deb_proxy_avahi: false
  

• Repository settings depending on the type of server.

  squid_mirror_debian: true  # on Debian servers
  squid_mirror_ubuntu: true   # on Ubuntu servers
  squid_mirror_default: true
  squid_mirror_3rdparty: true
  squid_mirror_changelogs: true
  squid_mirror_ppas: false
  squid_mirror_custom: []
  

• To match all repository formats, set:

  squid_mirror_match_all_repositories: false
  

• Support for OpenDNS/Cisco Umbrella redirects:

  squid_mirror_opendns: false
  

• To use cache peers, list them as dictionaries.

  squid_cache_peers:
    - host: parent.example.org
      type: parent
      port: 8080
      query_type: htcp
      options:
        - default
        - htcp
  

• Specify shortcuts for parent and sibling proxies if you prefer:

  squid_parent_proxies: http://parent.example.org:8080
  squid_sibling_proxies:
    - sibling.example.org
    - sibling.example.net:3129
  

• Handle direct connections to origin servers:

  squid_direct_connections: always  # Options: always, never, prefer, fallback
  

• Bypass parent proxies for specific servers:

  squid_bypass_parent:
    - server1.example.net
    - server2.example.com
  

• ICAP service settings:

  squid_icap_policy:
    - name: service
      direction: in
      bypass: false
      url: icap://127.0.0.1:1344/service
      access:
        - acl: all
          allow: true
  

• Set the listening port for Squid:

  squid_http_port: 3128
  

• Maximum object size to cache:

  squid_maximum_object_size: "512 MB"
  

• Cache directory settings:

  squid_cache_type: 'aufs'
  squid_cache_path: '/var/spool/squid' 
  squid_cache_size: 40000  # Size in MB
  

• Memory settings for caching:

  squid_cache_mem: "200 MB"
  squid_max_object_mem_size: "10240 KB"
  

• Custom nameservers:

  squid_nameservers: 127.0.0.53
  

Example Playbook

- hosts: proxies
  vars:
    squid_deb_proxy: true
    squid_mirror_custom:
      - .ftp.acc.umu.se
    squid_cache_size: 8000
  roles:
    - vcc_caeit.squid

License

GPLv2

Author Information

This role was created in 2018 by Nafallo Bjälevik during a consultancy project for Volvo Cars Corporation.