squid reverseproxy #6

Supports: precise

Add to new model

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Squid version 3 is a major rewrite of Squid in C++ and introduces a number of new features including ICAP and ESI support.
Requires the following relation settings from consuming services:

ip: service ip address port: service port sitenames: space-delimited list of list of vhosts provided

Although squid can be configured as a traditional forward proxy, this charm supports only a reverse proxy configuration.


Overview

Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, and HTTP data objects.

Squid version 3 is a major rewrite of Squid in C++ and introduces a number of
new features including ICAP and ESI support.

http://www.squid-cache.org/

Usage

General

This charm provides squid in a reverse proxy setup.

http://en.wikipedia.org/wiki/Reverse_proxy

The most common scenario is to accelerate a web service:
You run squid on your outside edge, forwarding queries to
one or multiple internal web application servers.

The charm can be deployed in a single or multi-unit setup.

To deploy a single unit:

juju deploy squid-reverseproxy

To add more units:

juju add-unit squid-reverseproxy

Example with apache:

juju deploy apache2
juju deploy squid-reverseproxy
juju add-relation apache2:website-cache squid-reverseproxy:cached-website

This will put squid in front of apache2.

Once deployed, you can ssh into the deployed service:

juju ssh <unit>

To list running units:

juju status

To start monitoring Squid using Nagios:

juju deploy nrpe-external-master
juju add-relation squid-reverseproxy nrpe-external-master

This charm requires the following relation settings from clients:

ip: service ip address
port: service port
sitenames: space-delimited list of virtual hosts to whitelist

The options that can be configured in config.yaml should be self-explanatory.
If not, please file a bug against this charm.

HTTPS Reverse Proxying

Assuming you have a squid3 deb compiled with --enable-ssl, you can setup a
single https reverse proxy.

An example of this would be:

juju set squid-reverseproxy enable_https=true ssl_key="$(base64 < /path/to/cert.key)" ssl_cert="$(base64 < /path/to/cert.crt)"

This should enable https access to the default website.

A current implementation limitation is that it doesn't support multiple https vhosts.

Monitoring

This charm provides relations that support monitoring via Nagios using
nrpe_external_master as a subordinate charm.

Caveats

The example above is just for reference. In order to make it usable, you
will have to supply a proper virtual host configuration for apache2.


Configuration

avg_obj_size_kb
(int) Estimated average size of a cached object.
16
cache_dir
(string) The top-level directory where cache swap files will be stored.
/var/spool/squid3
cache_mem_mb
(int) Maximum size of in-memory object cache (MB). Should be smaller than cache_size_mb.
256
cache_size_mb
(int) Maximum size of the on-disk object cache (MB).
512
enable_https
(string) Enable https access for squid, requires a squid compiled with --enable-ssl, certificate and private key
https_options
(string) Options for https port
accel vhost
https_port
(int) Squid https listening port
443
log_format
(string) Format of the squid log.
%>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
max_obj_size_kb
(int) Maximum size of an object to be cached (KB).
8192
nagios_check_url
(string) The URL to check squid has access to, most likely inside your web server farm
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-squid-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
nagios_service_type
(string) What service this component forms part of, e.g. supermassive-squid-cluster. Used by nrpe.
generic
port
(int) Squid listening port.
3128
refresh_patterns
(string) JSON-formatted list of refresh patterns. For example: '{"http://www.ubuntu.com": {"min": 0, "percent": 20, "max": 60}, "http://www.canonical.com": {"min": 0, "percent": 20, "max": 120}}'
snmp_allowed_ips
(string) Single, or json-formatted list of, IP (with optional subnet mask) allowed to query SNMP.
snmp_community
(string) SNMP community string for monitoring the service.
ssl_cert
(string) Base64 encoded ssl cert file
ssl_certfile
(string) File path to ssl cert file inside deployed units
/etc/squid3/ssl/cert.crt
ssl_key
(string) Base64 encoded ssl key file
ssl_keyfile
(string) File path to ssl key file inside deployed units
/etc/squid3/ssl/cert.key
target_objs_per_dir
(int) Target number of objects to store in L2 directories.
400