README.md

A simple yet useful role to configure squid server. A working proxy can be set up with minimal effort. This role tries to balance the sensible defaults distributed with squid but with the option to extended them or disregard them. This role also allows for multiple http and https ports to be configured along with all the usual things like acls and http_access rules.

Tested on openSUSE and on CentOS. Should work on most platforms. Requires Ansible version >=2.0

The current defaults can be found in defaults/main.yml - These should be mostly self explanatory.

squid_acl_localnet - a list defining the src network values for the default acl "allow localnet" - does not have to be set but the reference to the acl in http_access must be removed.

squid_default_acl - populated with the distributed squid default acl

squid_custom_acl - defines an additional acl

squid_http_access - populated with the default http_access rules. Any additional rules must refined the entire list

squid_http_ports - a list of http_port parameters to use. Defaults to 3128. Redefine as an empty list to not listen with http. Use this to run on multiple ports

squid_https_ports - a list of https_port parameters to use e.g. "3129 cert=/etc/squid/squid.crt"

squid_access_log - set a value for access_log

squid_cache_dir - set a value for squid_cache_dir

squid_coredump_dir - sets the associated value, defaults to /var/cache/squid - likely to be useful on different platforms that use a different value

squid_custom_refresh_patterns - a list of additional refresh pattern parameters

squid_default_refresh_patterns - a list populated with the default refresh pattern parameters

Setting just squid_acl_localnet will provide a working squid proxy

---
squid_acl_localnet: 
 - 10.1.2.0/24

A contrite example but one that does demonstrate how to set acls in addition to the default and with a new http_access ruleset. Notice also that squid_acl_localnet is set to an empty list as this acl is not used in http_access

---
squid_acl_localnet:

squid_custom_acl:
  - homeworker src 1.2.3.4
  - homeworker src 7.8.9.10
  - restricted_sites dstdomain .bbc.co.uk

squid_http_access:
  - deny !Safe_ports
  - deny CONNECT !SSL_ports
  - allow localhost manager
  - deny manager
  - deny to_localhost
  - deny homeworker restricted_sites
  - allow homeworker
  - allow localhost
  - deny all

---
squid_acl_localnet:
  - 10.1.2.0/24
  - 10.2.3.0/24

squid_http_ports:

squid_https_ports:
  - 3129 cert=/etc/squid/squid.crt

squid_access_log: none

MIT