Commit 82aac1bf authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

squid: Squid use entrance port for acl

parent ecd0a327
......@@ -41,7 +41,7 @@ class Recipe(GenericBaseRecipe):
cache-path -- location of the cache directory
XXXX No good, specific...
public_ipv4 -- public ipv4 of the server
open_port -- entrance port to the host and allowed to use cache
ip -- ip of the squid server
......@@ -69,7 +69,7 @@ class Recipe(GenericBaseRecipe):
access_log_path=self.options['access-log-path'],
cache_log_path=self.options['cache-log-path'],
pid_filename_path=self.options['pid-filename-path'],
public_ipv4=self.options['public-ipv4'],
open_port=self.options['open-port'],
)
template_filename = self.getTemplateFilename('squid.conf.in')
......
......@@ -8,7 +8,7 @@ http_port %(ip)s:%(port)s accel defaultsite=%(ip)s
cache_peer %(backend_ip)s parent %(backend_port)s 0 no-query originserver name=backend
acl our_sites dst %(public_ipv4)s
acl our_sites port %(open_port)s
http_access allow our_sites
cache_peer_access backend allow our_sites
cache_peer_access backend deny all
......
......@@ -82,6 +82,7 @@ configuration.plain_http_port = 8080
configuration.server-admin = admin@example.com
configuration.apache_custom_https = ""
configuration.apache_custom_http = ""
configuration.open-port = 80 443
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
......@@ -398,7 +399,7 @@ ip = $${instance-parameter:ipv4-random}
port = $${apache-configuration:cache-port}
backend-ip = $${instance-parameter:ipv4-random}
backend-port = $${apache-configuration:cache-through-port}
public-ipv4 = $${instance-parameter:configuration.public-ipv4}
open-port = $${instance-parameter:configuration.open-port}
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment