Create own role for the usersquid http_proxy functionality

2025-03-31 18:13:50 +02:00 · 2025-03-31 18:13:50 +02:00 · ce40cb885f
commit ce40cb885f
parent 68215897a6
10 changed files with 584 additions and 535 deletions
--- a/doc/localproxy.md
+++ b/doc/localproxy.md
@ -0,0 +1,44 @@
+# Local http proxy
+
+Some clients encounter difficulties with Kerberos authentication on the HTTP proxy server. To address this issue, we propose setting up a local Squid HTTP proxy that operates as a systemd process in user kontext. This local proxy will authenticate with the parent proxy using the user's Kerberos ticket. Additionally, this setup is ideal for accessing the parent proxy from virtual machines as anonymous user.
+
+The decision to install the local proxy is contingent upon the value of the variable `localproxy`.
+
+Choices:
+
+* `false` <- (default)
+* `true`
+
+The parent proxy can be set with the variable `localproxy_parent`.
+
+Default: `firewall.{{ domain }}`
+
+## Configuration / Variables
+
+  * **localproxy**
+    This flag indicates whether to install the local proxy.
+    If set to `true` local Squid proxy will be installed.
+    Type: *Boolean*
+    Values:
+    * `false` <-- (default)
+    * "username"
+  * **localproxy_parent**
+    This variable specifies the name of the parent HTTP proxy that accepts the user's Kerberos ticket.
+    Default: "firewall.{{ domain }}"
+    Type: *String*
+
+## Example
+
+* Enable the local proxy on all devices.
+* The parent proxy will be set to `firewall.{{ domain }}` (default).
+
+inventory.yml
+
+```yaml
+all:
+  vars:
+    localproxy: true
+classrooms:
+  hosts:
+    10.0.10.[1:80]
+```