Squid Reverseproxy

Squid Reverse Proxy Charmers
Networking

Architecture:

Base version:

Channel	Revision	Published	Runs on
latest/stable	24	19 Feb 2024	Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04 Ubuntu 14.04
latest/stable	20	16 Sep 2021	Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04 Ubuntu 14.04
latest/candidate	24	21 Feb 2024	Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04 Ubuntu 14.04
latest/candidate	14	11 Nov 2020	Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04 Ubuntu 14.04
latest/edge	24	21 Feb 2024	Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
latest/edge	21	01 Aug 2023	Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04

Learn to deploy on juju >

Platform:

22.04 20.04 18.04 16.04 14.04

Learn about configurations >

auth_list | string

YAML-formatted list of squid auth dictionaries. For example: auth_list: |
- dstdomain: [www.ubuntu.com] src:
  - 1.2.3.4
  - 5.6.7.0/24
- "!port": [80] http_access: deny
- url_regex: ["https?://[^/]+[.]internal(/.*)?"] src: [192.168.0.0/16]
You can use the following command to verify your YAML list, passed on stdin:

python3 -c 'import sys, yaml; print(yaml.dump(yaml.safe_load(sys.stdin.read())))'
avg_obj_size_kb | int

Default: 16

Estimated average size of a cached object.
cache_dir | string

The top-level directory where cache swap files will be stored.
cache_mem_mb | int

Default: 256

Maximum size of in-memory object cache (MB). Should be smaller than cache_size_mb. Set to zero to disable caching completely.
cache_size_mb | int

Default: 512

Maximum size of the on-disk object cache (MB). Set to zero to disable disk caching.
continue_retrieve_on_abort | boolean

Always continue if they are being cached when the request is aborted
dns_v4_first | boolean

If true, prefer IPv4 addresses for dual-stack sites.
enable_forward_proxy | boolean

Enables forward proxying
enable_https | boolean

Enable https access for squid, requires a squid compiled with --enable-ssl, certificate and private key
force_https | boolean

Force HTTPS connections with a 301 redirect from HTTP. Requires "enable_https".
https_options | string

Default: accel vhost

Options for https port
https_port | int

Default: 443

Squid https listening port
log_format | string

Default: %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

Format of the squid log.
log_hosts_allow | string

Hosts that should be allowed to rsync logs. This will only work if the nrpe charm is related to this one. If possible, use something like filebeat to ship out logs to an observability stack instead.
max_obj_size_in_mem_kb | int

Default: 512

Maximum size of an object to be cached in memory (KB).
max_obj_size_kb | int

Default: 8192

Maximum size of an object to be cached (KB).
metrics | string

Default: cacheCpuUsage cacheCurrentSwapSize cacheDnsSvcTime.5 cacheHttpErrors cacheHttpAllSvcTime.5 cacheHttpHitSvcTime.5 cacheHttpMissSvcTime.5 cacheHttpNhSvcTime.5 cacheHttpNmSvcTime.5 cacheHttpInKb cacheHttpOutKb cacheMaxResSize cacheMemMaxSize cacheMemUsage cacheNumObjCount cachePeerRtt cacheRequestByteRatio.5 cacheRequestHitRatio.5 cacheSwapHighWM cacheSwapLowWM cacheSwapMaxSize cacheSysNumReads cacheSysPageFaults cacheSysStorage cacheSysVMsize

List of SNMP metrics to be exported. Names should match Squid's SNMP names at http://wiki.squid-cache.org/Features/Snmp#Squid_OIDs. By default, this charm uses the 5min sampling when averages are used and specifies the .5 measurements explicitly. If you want to use 1m or 60m timings, you should be explicit (.1/.60, and probably change the cron job frequency. Warning: any metric starting with 'cachePeer...' will produce 1 metric per configured peer, so can increase the number of metrics rapidly if you have lots of peers.
metrics_sample_interval | int

Default: 5

Period for metrics cron job to run in minutes
metrics_scheme | string

Default: dev.$UNIT.squid.$METRIC

Naming scheme for metrics. Special values $UNIT and $METRIC can be used for more complex schemes, e.g. for suffixes for graphite processing .
metrics_target | string

Destination for metrics, format "host:port". If not present and valid, metrics disabled.
nagios_check_http_params | string

The parameters to pass to the nrpe plugin check_http. String will be formatted with config data
nagios_check_https_params | string

The parameters to pass to the nrpe plugin check_http. String will be formatted with config data
nagios_context | string

Default: juju

Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-squid-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
nagios_down_threshold | int

Default: 50

The percentage of downed squid peers that we care to alert on.
nagios_service_type | string

Default: generic

What service this component forms part of, e.g. supermassive-squid-cluster. Used by nrpe.
nagios_servicegroups | string

A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup.
package_status | string

Default: install

The status of service-affecting packages will be set to this value in the dpkg database. Useful valid values are "install" and "hold".
port | int

Default: 3128

Squid listening port.
port_options | string

Default: accel vhost

Squid listening port options
refresh_patterns | string

JSON- or YAML-formatted list of refresh patterns. For example: '{"http://www.ubuntu.com": {"min": 0, "percent": 20, "max": 60}, "http://www.canonical.com": {"min": 0, "percent": 20, "max": 120}}'
services | string

Services definition(s). Although the variable type is a string, this is interpreted by the charm as yaml. To use multiple services within the same instance, specify all of the variables (service_name, service_host, service_port) with a "-" before the first variable, service_name, as below.
- service_name: example_proxy service_domain: example.com servers:
  - [foo.internal, 80]
  - [bar.internal, 80]
services_only_from_config | boolean

Ignore services from relations unless configured in 'services'.
snmp_allowed_ips | string

Single, or json-formatted list of, IP (with optional subnet mask) allowed to query SNMP.
snmp_community | string

SNMP community string for monitoring the service. Required for metrics to be enabled.
snmp_port | int

Default: 3401

Port for snmp service
ssl_cert | string

Base64 encoded ssl cert file
ssl_certfile | string

Default: /etc/squid3/ssl/cert.crt

File path to ssl cert file inside deployed units
ssl_cipher_suite | string

Default: EECDH+AESGCM+AES128:EDH+AESGCM+AES128:EECDH+AES128:EDH+AES128:ECDH+AESGCM+AES128:aRSA+AESGCM+AES128:ECDH+AES128:DH+AES128:aRSA+AES128:EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:ECDH+AESGCM:aRSA+AESGCM:ECDH:DH:aRSA:HIGH:!MEDIUM:!aNULL:!NULL:!LOW:!3DES:!DSS:!EXP:!PSK:!SRP

SSL cipher suites.
ssl_key | string

Base64 encoded ssl key file
ssl_keyfile | string

Default: /etc/squid3/ssl/cert.key

File path to ssl key file inside deployed units
ssl_options | string

Default: NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE,SINGLE_DH_USE

SSL configuration options.
target_objs_per_dir | int

Default: 400

Target number of objects to store in L2 directories.
via | string

Default: on

Add 'Via' header to outgoing requests.
wait_for_auth_helper | boolean

If true, do not start squid until an auth-helper relation is joined. This is useful if auth_list configuration (e.g. "proxy_auth REQUIRED") will cause squid to fail to start until an auth helper is available.
x_balancer_name_allowed | boolean

Route based on X-Balancer-Name header set by Apache charm.