squid

Ansible Role: Squid

ubuntu-18 ubuntu-20 debian-9 debian-10 centos-7 centos-8

License GitHub issues GitHub tag GitHub action

Description

Install and configure an Squid Proxy on CentOS/RHEL or Debian systems using ansible. See: Squid Config Snippets

Requirements

  • Ansible >= 3
  • Community Packages
  • ansible-galaxy collection install community.general
  • ansible-galaxy collection install ansible.posix
  • ansible-galaxy collection install onkeldom.caddyserver

After you have installed dante socks, you van use to following tag to only change the configuration and reload the service

ansible-playbook <playbook>.yml --tags squid_acls

Role Variables

All variables which can be overridden are stored in defaults/main.yml file as well as in table below.

Name Default Value Description
proxy_env {} Set proxy environment variables
squid_port 3128 Default bind Port
squid_src_acls [] default source acls
squid_dst_acls [] default destination acls
squid_ssl_ports [443] default ssl ports
squid_safe_ports [80,443] default safe ports
squid_logformat_name squid_json logformat as json
squid_logformat defaults/main.yml#L65 logformat as json
squid_logrotate_days 28 logrotate days
squid_log_dir /var/log/squid log folder
squid_allow_firewall false allow access on firewall
squid_config_custom [] define config params (not defaults defined)
squid_config_refresh_pattern [] define refresh pattern per line
squid_caddy_generate_html_output false generate config and acls as html file
squid_caddy_webserver_path /var/www/ webserver path
squid_caddy_user caddy webserver user name
squid_caddy_group caddy webserver group name
squid_template false override original templates
squid_template_file squid_errors.html.j2 squid deny page template
squid_template_errors defaults/main.yml#L87 defined template files

Example

---
- hosts: all
  roles:
  - onkeldom.squid
  vars:
    squid_src_acls:
      - name: client_net
        comment: Client Networks
        source: |
          10.0.0.0/8
    ## OR with source file in ansible-role-squid/proxy_{{ ansible_proxy }}
        file: client_net # (filename: acl_src_client_net.lst)
    squid_dst_acls: []
      - name: blacklist
        comment: Blacklist
        access: deny
        type: dstdomain
        deny_info: custom_access_blocked # Define Squid deny_info pages defined in squid_template_errors
        source: client_net
        file: blacklist (filename: acl_dst_blacklist.lst)
      - name: whitelist_domains
        comment: Internal Domains
        access: allow
        type: dstdomain
        source: client_net
    ## With destination file
        file: whitelist_domains (filename: acl_dst_whitelist_domains.lst)
    ## OR with destination definition
        destination: |
          .onkeldom.eu
          .cloudflare.com

Contributing

See contributor guideline.

License

This project is licensed under MIT License. See LICENSE for more details.

About

Ansible role for installing and configuring squid proxy

Install
ansible-galaxy install OnkelDom/ansible-role-squid
GitHub repository
License
mit
Downloads
27