← Back to branch summary

~thedac/charms/trusty/squid-reverseproxy/venv-testing 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

# Overview

Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, and HTTP data objects.
 
Squid version 3 is a major rewrite of Squid in C++ and introduces a number of
new features including ICAP and ESI support.

http://www.squid-cache.org/

# Usage

## General

This charm provides squid in a reverse proxy setup. 


http://en.wikipedia.org/wiki/Reverse_proxy

The most common scenario is to accelerate a web service:
You run squid on your outside edge, forwarding queries to
one or multiple internal web application servers.

The charm can be deployed in a single or multi-unit setup.

To deploy a single unit:

    juju deploy squid-reverseproxy

To add more units:

    juju add-unit squid-reverseproxy 

Example with apache:

    juju deploy apache2
    juju deploy squid-reverseproxy
    juju add-relation apache2:website-cache squid-reverseproxy:cached-website

This will put squid in front of apache2.

Once deployed, you can ssh into the deployed service:

    juju ssh <unit>

To list running units:

    juju status

To start monitoring Squid using Nagios:

    juju deploy nrpe-external-master
    juju add-relation squid-reverseproxy nrpe-external-master



This charm requires the following relation settings from clients:

    ip: service ip address
    port: service port
    sitenames: space-delimited list of virtual hosts to whitelist

The options that can be configured in config.yaml should be self-explanatory.
If not, please file a bug against this charm.

## HTTPS Reverse Proxying

Assuming you have a squid3 deb compiled with --enable-ssl, you can setup a
single https reverse proxy.

An example of this would be:

    juju set squid-reverseproxy enable_https=true ssl_key="$(base64 < /path/to/cert.key)" ssl_cert="$(base64 < /path/to/cert.crt)"

This should enable https access to the default website.

A current implementation limitation is that it doesn't support multiple https vhosts.

## Monitoring

This charm provides relations that support monitoring via Nagios using 
nrpe_external_master as a subordinate charm.

## Caveats
The example above is just for reference. In order to make it usable, you 
will have to supply a proper virtual host configuration for apache2.