mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Squid won't auto-create /library/cache, hence 'proxy_user: proxy'
This commit is contained in:
parent
a8114e65dd
commit
e2bf2578e2
2 changed files with 24 additions and 8 deletions
|
@ -20,12 +20,24 @@
|
||||||
createhome: False
|
createhome: False
|
||||||
shell: /bin/false
|
shell: /bin/false
|
||||||
|
|
||||||
|
# 2021-08-16: Squid runs as 'nobody' when started as root:
|
||||||
|
# http://www.squid-cache.org/Doc/config/cache_effective_user/
|
||||||
|
# Much more detail here, but neither directive is recommended:
|
||||||
|
# http://www.squid-cache.org/Doc/config/cache_effective_group/
|
||||||
|
#
|
||||||
|
# So nobody:root or root:root ownership don't work for cache_dir /library/cache
|
||||||
|
#
|
||||||
|
# Squid auto-creation of cache_dir (or the old way, 'squid -z') both fail:
|
||||||
|
# "FATAL: Failed to make swap directory /library/cache: (13) Permission denied"
|
||||||
|
#
|
||||||
|
# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/network/templates/squid/squid.conf.j2#L10-L30
|
||||||
|
|
||||||
- name: Create Squid directory /library/cache ({{ proxy_user }}:{{ proxy_user }}, 0750)
|
- name: Create Squid directory /library/cache ({{ proxy_user }}:{{ proxy_user }}, 0750)
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: /library/cache
|
path: /library/cache
|
||||||
owner: "{{ proxy_user }}" # Squid runs as 'nobody' according to http://www.squid-cache.org/Doc/config/cache_effective_user/
|
owner: "{{ proxy_user }}"
|
||||||
group: "{{ proxy_user }}" # So root:root ownership doesn't work for dir /library/cache
|
group: "{{ proxy_user }}"
|
||||||
mode: 0750
|
mode: 0750
|
||||||
|
|
||||||
- name: Install site allowlists/whitelists /etc/{{ proxy }}/allow_dst_domains, /etc/{{ proxy }}/allow_url_regexs from template (root:root, 0644 by default)
|
- name: Install site allowlists/whitelists /etc/{{ proxy }}/allow_dst_domains, /etc/{{ proxy }}/allow_url_regexs from template (root:root, 0644 by default)
|
||||||
|
|
|
@ -12,18 +12,22 @@ client_netmask 255.255.255.0
|
||||||
http_access allow localhost manager
|
http_access allow localhost manager
|
||||||
http_access deny manager
|
http_access deny manager
|
||||||
|
|
||||||
# Where is the cache stored on disk ?
|
# 2021-08-16: Squid's auto-creation of cache_dir (or the old way, 'squid -z')
|
||||||
# Parameters
|
# don't work well in recent years. So we do it manually, as explained here:
|
||||||
|
# https://github.com/iiab/iiab/blob/master/roles/network/tasks/squid.yml#L17-L41
|
||||||
|
|
||||||
|
# Where is the cache stored on disk? http://www.squid-cache.org/Doc/config/cache_dir/
|
||||||
|
#
|
||||||
# Type (ufs, aufs, or COSS)
|
# Type (ufs, aufs, or COSS)
|
||||||
# | Where
|
# | Where
|
||||||
# | | Size (in MB)
|
# | | Size (in MB)
|
||||||
# | | |
|
# | | |
|
||||||
# | | | L1 (directories)
|
# | | | L1 (directories)
|
||||||
# | | | | L2 (directories)
|
# | | | | L2 (directories)
|
||||||
# | | | | |
|
# | | | | |
|
||||||
#cache_dir aufs /library/cache 20000 32 256
|
#cache_dir aufs /library/cache 20000 32 256
|
||||||
cache_dir ufs /library/cache 200 16 128
|
cache_dir ufs /library/cache 200 16 128
|
||||||
# Remove the line above IF YOU WANT SQUID'S CACHE IN MEMORY INSTEAD OF DISK
|
# Remove the line above IF YOU WANT SQUID'S CACHE IN MEMORY INSTEAD OF DISK!
|
||||||
|
|
||||||
{% if gw_squid_whitelist %}
|
{% if gw_squid_whitelist %}
|
||||||
#acl allow_src_ips src "/etc/squid/allow_src_ips"
|
#acl allow_src_ips src "/etc/squid/allow_src_ips"
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue