squid
Ansible Role: Squid
Description
Install and configure an Squid Proxy on CentOS/RHEL or Debian systems using ansible. See: Squid Config Snippets
Requirements
- Ansible >= 3
- Community Packages
ansible-galaxy collection install community.general
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install onkeldom.caddyserver
After you have installed dante socks, you van use to following tag to only change the configuration and reload the service
ansible-playbook <playbook>.yml --tags squid_acls
Role Variables
All variables which can be overridden are stored in defaults/main.yml file as well as in table below.
Name | Default Value | Description |
---|---|---|
proxy_env |
{} | Set proxy environment variables |
squid_port |
3128 | Default bind Port |
squid_src_acls |
[] | default source acls |
squid_dst_acls |
[] | default destination acls |
squid_ssl_ports |
[443] | default ssl ports |
squid_safe_ports |
[80,443] | default safe ports |
squid_logformat_name |
squid_json | logformat as json |
squid_logformat |
defaults/main.yml#L65 | logformat as json |
squid_logrotate_days |
28 | logrotate days |
squid_log_dir |
/var/log/squid | log folder |
squid_allow_firewall |
false | allow access on firewall |
squid_config_custom |
[] | define config params (not defaults defined) |
squid_config_refresh_pattern |
[] | define refresh pattern per line |
squid_caddy_generate_html_output |
false | generate config and acls as html file |
squid_caddy_webserver_path |
/var/www/ | webserver path |
squid_caddy_user |
caddy | webserver user name |
squid_caddy_group |
caddy | webserver group name |
squid_template |
false | override original templates |
squid_template_file |
squid_errors.html.j2 | squid deny page template |
squid_template_errors |
defaults/main.yml#L87 | defined template files |
Example
---
- hosts: all
roles:
- onkeldom.squid
vars:
squid_src_acls:
- name: client_net
comment: Client Networks
source: |
10.0.0.0/8
## OR with source file in ansible-role-squid/proxy_{{ ansible_proxy }}
file: client_net # (filename: acl_src_client_net.lst)
squid_dst_acls: []
- name: blacklist
comment: Blacklist
access: deny
type: dstdomain
deny_info: custom_access_blocked # Define Squid deny_info pages defined in squid_template_errors
source: client_net
file: blacklist (filename: acl_dst_blacklist.lst)
- name: whitelist_domains
comment: Internal Domains
access: allow
type: dstdomain
source: client_net
## With destination file
file: whitelist_domains (filename: acl_dst_whitelist_domains.lst)
## OR with destination definition
destination: |
.onkeldom.eu
.cloudflare.com
Contributing
License
This project is licensed under MIT License. See LICENSE for more details.