squid reverseproxy #9

Supports: precise

Add to new model

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Squid version 3 is a major rewrite of Squid in C++ and introduces a number of new features including ICAP and ESI support.
Requires the following relation settings from consuming services:

ip: service ip address port: service port sitenames: space-delimited list of list of vhosts provided

Although squid can be configured as a traditional forward proxy, this charm supports only a reverse proxy configuration.


Overview

Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, and HTTP data objects.

Squid version 3 is a major rewrite of Squid in C++ and introduces a number of
new features including ICAP and ESI support.

http://www.squid-cache.org/

Usage

General

This charm provides squid in a reverse proxy setup.

http://en.wikipedia.org/wiki/Reverse_proxy

The most common scenario is to accelerate a web service:
You run squid on your outside edge, forwarding queries to
one or multiple internal web application servers.

The charm can be deployed in a single or multi-unit setup.

To deploy a single unit:

juju deploy squid-reverseproxy

To add more units:

juju add-unit squid-reverseproxy

Example with apache:

juju deploy apache2
juju deploy squid-reverseproxy
juju add-relation apache2:website-cache squid-reverseproxy:cached-website

This will put squid in front of apache2.

Once deployed, you can ssh into the deployed service:

juju ssh <unit>

To list running units:

juju status

To start monitoring Squid using Nagios:

juju deploy nrpe-external-master
juju add-relation squid-reverseproxy nrpe-external-master

This charm requires the following relation settings from clients:

ip: service ip address
port: service port
sitenames: space-delimited list of virtual hosts to whitelist

The options that can be configured in config.yaml should be self-explanatory.
If not, please file a bug against this charm.

HTTPS Reverse Proxying

Assuming you have a squid3 deb compiled with --enable-ssl, you can setup a
single https reverse proxy.

An example of this would be:

juju set squid-reverseproxy enable_https=true ssl_key="$(base64 < /path/to/cert.key)" ssl_cert="$(base64 < /path/to/cert.crt)"

This should enable https access to the default website.

A current implementation limitation is that it doesn't support multiple https vhosts.

Monitoring

This charm provides relations that support monitoring via Nagios using
nrpe_external_master as a subordinate charm.

Caveats

The example above is just for reference. In order to make it usable, you
will have to supply a proper virtual host configuration for apache2.


Configuration

avg_obj_size_kb
(int) Estimated average size of a cached object.
16
cache_dir
(string) The top-level directory where cache swap files will be stored.
/var/spool/squid3
cache_mem_mb
(int) Maximum size of in-memory object cache (MB). Should be smaller than cache_size_mb. Set to zero to disable caching completely.
256
cache_size_mb
(int) Maximum size of the on-disk object cache (MB). Set to zero to disable disk caching.
512
enable_forward_proxy
(boolean) Enables forward proxying
enable_https
(boolean) Enable https access for squid, requires a squid compiled with --enable-ssl, certificate and private key
https_options
(string) Options for https port
accel vhost
https_port
(int) Squid https listening port
443
log_format
(string) Format of the squid log.
%>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
max_obj_size_kb
(int) Maximum size of an object to be cached (KB).
8192
metrics
(string) List of SNMP metrics to be exported. Names should match Squid's SNMP names at http://wiki.squid-cache.org/Features/Snmp#Squid_OIDs. By default, this charm uses the 5min sampling when averages are used and specifies the .5 measurements explicitly. If you want to use 1m or 60m timings, you should be explicit (.1/.60, and probably change the cron job frequency. Warning: any metric starting with 'cachePeer...' will produce 1 metric per configured peer, so can increase the number of metrics rapidly if you have lots of peers.
cacheCpuUsage cacheCurrentSwapSize cacheDnsSvcTime.5 cacheHttpErrors cacheHttpAllSvcTime.5 cacheHttpHitSvcTime.5 cacheHttpMissSvcTime.5 cacheHttpNhSvcTime.5 cacheHttpNmSvcTime.5 cacheHttpInKb cacheHttpOutKb cacheMaxResSize cacheMemMaxSize cacheMemUsage cacheNumObjCount cachePeerRtt cacheRequestByteRatio.5 cacheRequestHitRatio.5 cacheSwapHighWM cacheSwapLowWM cacheSwapMaxSize cacheSysNumReads cacheSysPageFaults cacheSysStorage cacheSysVMsize
metrics_sample_interval
(int) Period for metrics cron job to run in minutes
5
metrics_scheme
(string) Naming scheme for metrics. Special values $UNIT and $METRIC can be used for more complex schemes, e.g. for suffixes for graphite processing .
dev.$UNIT.squid.$METRIC
metrics_target
(string) Destination for metrics, format "host:port". If not present and valid, metrics disabled.
nagios_check_http_params
(string) The parameters to pass to the nrpe plugin check_http. String will be formatted with config data
nagios_check_https_params
(string) The parameters to pass to the nrpe plugin check_http. String will be formatted with config data
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-squid-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
nagios_service_type
(string) What service this component forms part of, e.g. supermassive-squid-cluster. Used by nrpe.
generic
package_status
(string) The status of service-affecting packages will be set to this value in the dpkg database. Useful valid values are "install" and "hold".
install
port
(int) Squid listening port.
3128
port_options
(string) Squid listening port options
accel vhost
refresh_patterns
(string) JSON- or YAML-formatted list of refresh patterns. For example: '{"http://www.ubuntu.com": {"min": 0, "percent": 20, "max": 60}, "http://www.canonical.com": {"min": 0, "percent": 20, "max": 120}}'
services
(string) Services definition(s). Although the variable type is a string, this is interpreted by the charm as yaml. To use multiple services within the same instance, specify all of the variables (service_name, service_host, service_port) with a "-" before the first variable, service_name, as below. - service_name: example_proxy service_domain: example.com servers: - [foo.internal, 80] - [bar.internal, 80]
snmp_allowed_ips
(string) Single, or json-formatted list of, IP (with optional subnet mask) allowed to query SNMP.
snmp_community
(string) SNMP community string for monitoring the service. Required for metrics to be enabled.
snmp_port
(int) Port for snmp service
3401
ssl_cert
(string) Base64 encoded ssl cert file
ssl_certfile
(string) File path to ssl cert file inside deployed units
/etc/squid3/ssl/cert.crt
ssl_key
(string) Base64 encoded ssl key file
ssl_keyfile
(string) File path to ssl key file inside deployed units
/etc/squid3/ssl/cert.key
target_objs_per_dir
(int) Target number of objects to store in L2 directories.
400
via
(string) Add 'Via' header to outgoing requests.
on
x_balancer_name_allowed
(boolean) Route based on X-Balancer-Name header set by Apache charm.