-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathinstall-and-configure-squid.yaml
93 lines (82 loc) · 2.81 KB
/
install-and-configure-squid.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
---
- name: Install and configure squid
# https://linuxize.com/post/how-to-install-and-configure-squid-proxy-on-ubuntu-20-04/
hosts: all
gather_facts: True
vars:
config_location: /etc/squid/squid.conf
passwords_loc: /etc/squid/squid_password
tasks:
- name: Install the package
become: True
apt:
update_cache: yes
pkg:
- squid
state: latest
- name: "Backup {{ config_location }}"
become: True
copy:
remote_src: True
src: "{{ config_location }}"
dest: "{{ config_location }}.bak"
- name: "Change default port from 3128 to {{ squid.port }}"
become: True
replace:
path: "{{ config_location }}"
regexp: '^host_port'
replace: "http_port {{ squid.port }}"
- name: "Generate authentication information"
shell: "echo {{ squid.username }}:$(openssl passwd -6 {{ squid.password }})\n"
register: auth_output
- name: "Ensure {{ passwords_loc }} exists"
become: True
file:
path: "{{ passwords_loc }}"
state: touch
mode: 0644
- name: "Add authentication line to {{ passwords_loc }}"
become: True
lineinfile:
dest: "{{ passwords_loc }}"
line: "{{ auth_output.stdout }}"
- name: Find basic_ncsa_auth file location
become: True
ansible.builtin.find:
paths: "/usr"
patterns: "basic_ncsa_auth"
recurse: yes
register: basic_ncsa_auth_location
- name: "Add ACL config to {{ config_location }}"
become: True
blockinfile:
dest: "{{ config_location }}"
marker: "### ANSIBLE MANAGED BLOCK for ACL CONFIG"
insertafter: "include /etc/squid/conf.d/*"
block: |
auth_param basic program {{ basic_ncsa_auth_location.files[0].path }} {{ passwords_loc }}
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
- name: "Add access config to {{ config_location }}"
become: True
blockinfile:
marker: "### ANSIBLE MANAGED BLOCK for access config"
dest: "{{ config_location }}"
insertafter: "http_access allow localhost"
block: |
http_access allow authenticated
- name: Reload systemd service
include_tasks: tasks-reload-systemd-service.yaml
vars:
service_name: "squid"
become: True
- include_tasks: tasks-allow-ports.yaml
vars:
ports:
- "{{ squid.port }}"
- debug:
msg: >-
You can now use this server as a proxy. The hostname is
"{{ hostvars[inventory_hostname]['ansible_env'].SSH_CONNECTION.split(' ')[2] }}"
and port is "{{ squid.port }}". Please expose this port on your router too for external access.
Use the username and password as the auth details.