44 lines
1.3 KiB
Markdown
44 lines
1.3 KiB
Markdown
# Local http proxy
|
|
|
|
Some clients encounter difficulties with Kerberos authentication on the HTTP proxy server. To address this issue, we propose setting up a local Squid HTTP proxy that operates as a systemd process in user kontext. This local proxy will authenticate with the parent proxy using the user's Kerberos ticket. Additionally, this setup is ideal for accessing the parent proxy from virtual machines as anonymous user.
|
|
|
|
The decision to install the local proxy is contingent upon the value of the variable `localproxy`.
|
|
|
|
Choices:
|
|
|
|
* `false` <- (default)
|
|
* `true`
|
|
|
|
The parent proxy can be set with the variable `localproxy_parent`.
|
|
|
|
Default: `firewall.{{ domain }}`
|
|
|
|
## Configuration / Variables
|
|
|
|
* **localproxy**
|
|
This flag indicates whether to install the local proxy.
|
|
If set to `true` local Squid proxy will be installed.
|
|
Type: *Boolean*
|
|
Values:
|
|
* `false` <-- (default)
|
|
* "username"
|
|
* **localproxy_parent**
|
|
This variable specifies the name of the parent HTTP proxy that accepts the user's Kerberos ticket.
|
|
Default: "firewall.{{ domain }}"
|
|
Type: *String*
|
|
|
|
## Example
|
|
|
|
* Enable the local proxy on all devices.
|
|
* The parent proxy will be set to `firewall.{{ domain }}` (default).
|
|
|
|
inventory.yml
|
|
|
|
```yaml
|
|
all:
|
|
vars:
|
|
localproxy: true
|
|
classrooms:
|
|
hosts:
|
|
10.0.10.[1:80]
|
|
```
|