Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sous-chefs/squid
Development repository for the squid cookbook
https://github.com/sous-chefs/squid
chef chef-cookbook chef-resource hacktoberfest managed-by-terraform squid
Last synced: about 1 month ago
JSON representation
Development repository for the squid cookbook
- Host: GitHub
- URL: https://github.com/sous-chefs/squid
- Owner: sous-chefs
- License: apache-2.0
- Created: 2013-02-13T15:17:53.000Z (almost 12 years ago)
- Default Branch: main
- Last Pushed: 2024-02-01T01:55:17.000Z (11 months ago)
- Last Synced: 2024-04-14T06:09:21.335Z (8 months ago)
- Topics: chef, chef-cookbook, chef-resource, hacktoberfest, managed-by-terraform, squid
- Language: Ruby
- Homepage: https://supermarket.chef.io/cookbooks/squid
- Size: 580 KB
- Stars: 28
- Watchers: 52
- Forks: 91
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# squid Cookbook
[](https://supermarket.chef.io/cookbooks/squid)
[](https://circleci.com/gh/sous-chefs/squid)
[](#backers)
[](#sponsors)
[](https://opensource.org/licenses/Apache-2.0)
Installs and configures Squid as a caching proxy.
## Maintainers
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
## Requirements
### Platforms
- Debian 10+
- Ubuntu 16.04+
- RHEL/CentOS/Scientific 7+
- openSUSE / openSUSE Leap
- FreeBSD 11+
### Chef
- Chef 13+
### Cookbooks
- none
## Recipes
### default
The default recipe installs squid and sets up simple proxy caching. As of now, the options you may change are the port (`node['squid']['port']`) and the network the caching proxy is available on the subnet from `node.ipaddress` (ie. "192.168.1.0/24") but may be overridden with `node['squid']['network']`. The size of objects allowed to be stored has been bumped up to allow for caching of installation files. An optional (`node['squid']['cache_peer']`), if set, will be written verbatim to the template. On redhat based platforms, this cookbook supports customizing the max number of file descriptors that Squid may open (`node['squid']['max_file_descriptors']`). The default value is 1024.
## Usage
Include the squid recipe on the server. Other nodes may search for this node as their caching proxy and use the `node.ipaddress` and `node['squid']['port']` to point at it.
Databags are able to be used for storing host & url acls and also which hosts/nets are able to access which hosts/url
### LDAP Authentication
- Set (`node['squid']['enable_ldap']`) to true.
- Modify the ldap attributes for your environment.
- If you use anonymous bindings, two attributes are optional, `['squid']['ldap_binddn']` and `['squid']['ldap_bindpassword']`.
- All other attributes are required.
- See for further help.
- To create the ldap acls in squid.conf, you also need the two ldap_auth databag items as shown in the LDAP Databags below.
## Example Databags
### squid_urls - yubikey item
```javascript
{
"urls": [
"^https://api.yubico.com/wsapi/2.0/verify"
],
"id": "yubikey"
}
```
### squid_hosts - bastion item
```javascript
{
"type": "src",
"id": "bastion",
"net": [
"192.168.0.2/32"
]
}
```
### squid_acls - bastion item
```javascript
{
"id": "bastion",
"acl": [
[
"yubikey",
"allow"
],
[
"yubikey",
"deny",
"!"
],
[
"all",
"deny"
]
]
}
```
## LDAP Databags
The following two data bags are only required if you are using LDAP Authentication.
### squid_hosts - ldap_auth item
```javascript
{
"type": "proxy_auth",
"id": "ldap_auth",
"net": [
"REQUIRED"
]
}
```
### squid_acls - ldap_auth item
```javascript
{
"id": "ldap_auth",
"acl": [
[
"",
"allow"
]
]
}
```
### Additional configuration files
- Set (`node['squid']['config_include_dir']`) to the directory of your additional files, ex. /etc/squid/conf.d
- It is recommended that you set `node['squid']['http_access_deny_all']` and `node['squid']['icp_access_deny_all']` to false because the include statement is at the bottom of squid.conf. Otherwise http_access allow statements may not be evaluated in the additional configuration files.
## Contributors
This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false)
### Backers
Thank you to all our backers!
### Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
