squid Cookbook

Installs and configures Squid as a caching proxy with the squid custom resource.

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Requirements

Platforms

• Debian 12+
• Ubuntu 22.04+
• RHEL-compatible platforms 8+
• Amazon Linux 2023+
• openSUSE Leap 16+
• FreeBSD 13+

Chef

• Chef 15.3+

Cookbooks

• none

Resources

• squid

Migration

This release removes recipes and attributes in favor of the squid custom resource. See migration.md for the breaking-change guide.

Usage

Declare the squid resource on the server.

squid 'default' do
  cache_size 10
  cache_mem 10
end

Databags are able to be used for storing host & url acls and also which hosts/nets are able to access which hosts/url

LDAP Authentication

• Set enable_ldap true.

• Set the LDAP properties for your environment.

  • If you use anonymous bindings, ldap_binddn and ldap_bindpassword are optional.
  • All other LDAP properties are required.
  • See http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap for further help.

• To create the ldap acls in squid.conf, you also need the two ldap_auth databag items as shown in the LDAP Databags below.

Example Databags

squid_urls - yubikey item

{
  "urls": [
    "^https://api.yubico.com/wsapi/2.0/verify"
  ],
  "id": "yubikey"
}

squid_hosts - bastion item

{
  "type": "src",
  "id": "bastion",
  "net": [
    "192.168.0.2/32"
  ]
}

squid_acls - bastion item

{
  "id": "bastion",
  "acl": [
    [
      "yubikey",
      "allow"
    ],
    [
      "yubikey",
      "deny",
      "!"
    ],
    [
      "all",
      "deny"
    ]
  ]
}

LDAP Databags

The following two data bags are only required if you are using LDAP Authentication.

squid_hosts - ldap_auth item

{
  "type": "proxy_auth",
  "id": "ldap_auth",
  "net": [
    "REQUIRED"
  ]
}

squid_acls - ldap_auth item

{
  "id": "ldap_auth",
  "acl": [
    [
      "",
      "allow"
    ]
  ]
}

Additional configuration files

• Set config_include_dir to the directory of your additional files, such as /etc/squid/conf.d.
• It is recommended that you set http_access_deny_all false and icp_access_deny_all false because the include statement is at the bottom of squid.conf. Otherwise http_access allow statements may not be evaluated in the additional configuration files.

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.