Merge pull request #1691 from 007hacky007/squid-proxy

feat: add squid proxy script

ct/headers/squid

@@ -0,0 +1,6 @@
+   _____             _     __
+  / ___/____ ___  __(_)___/ /
+  \__ \/ __ `/ / / / / __  / 
+ ___/ / /_/ / /_/ / / /_/ /  
+/____/\__, /\__,_/_/\__,_/   
+        /_/                  

ct/squid.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: 007hacky007
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://www.squid-cache.org/
+
+APP="Squid"
+var_tags="${var_tags:-proxy}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-512}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -f /etc/squid/squid.conf ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+  msg_info "Updating Squid"
+  $STD apt update
+  $STD apt upgrade -y
+  msg_ok "Updated Squid"
+
+  msg_info "Validating Squid Configuration"
+  $STD squid -k parse
+  msg_ok "Validated Squid Configuration"
+
+  msg_info "Restarting Squid"
+  systemctl restart squid
+  msg_ok "Restarted Squid"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Proxy endpoint:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}${IP}:3128${CL}"
+echo -e "${INFO}${YW} Add a proxy user inside the container with:${CL}"
+echo -e "${TAB}${BGN}htpasswd /etc/squid/passwords <username>${CL}"

install/squid-install.sh

@@ -0,0 +1,88 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: 007hacky007
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://www.squid-cache.org/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Configuring Squid"
+mkdir -p /etc/squid
+cat <<EOF >/etc/squid/squid.conf
+acl localnet src 0.0.0.1-0.255.255.255
+acl localnet src 10.0.0.0/8
+acl localnet src 100.64.0.0/10
+acl localnet src 169.254.0.0/16
+acl localnet src 172.16.0.0/12
+acl localnet src 192.168.0.0/16
+acl localnet src fc00::/7
+acl localnet src fe80::/10
+
+acl SSL_ports port 443
+acl Safe_ports port 80
+acl Safe_ports port 21
+acl Safe_ports port 443
+acl Safe_ports port 70
+acl Safe_ports port 210
+acl Safe_ports port 1025-65535
+acl Safe_ports port 280
+acl Safe_ports port 488
+acl Safe_ports port 591
+acl Safe_ports port 777
+acl CONNECT method CONNECT
+
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access allow localhost manager
+http_access deny manager
+
+auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
+auth_param basic realm proxy
+acl authenticated proxy_auth REQUIRED
+http_access allow authenticated
+http_access deny all
+
+http_port 3128
+
+coredump_dir /var/spool/squid
+
+refresh_pattern ^ftp:        1440    20%    10080
+refresh_pattern ^gopher:     1440    0%     1440
+refresh_pattern -i (/cgi-bin/|\\?) 0  0%     0
+refresh_pattern .            0       20%    4320
+
+# Privacy / hardening
+httpd_suppress_version_string on
+visible_hostname $(hostname)
+forwarded_for delete
+request_header_access X-Forwarded-For deny all
+EOF
+msg_ok "Configured Squid"
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  squid \
+  apache2-utils
+msg_ok "Installed Dependencies"
+
+msg_info "Configuring Squid Authentication"
+touch /etc/squid/passwords
+chown proxy:proxy /etc/squid/passwords
+chmod 640 /etc/squid/passwords
+$STD squid -k parse
+msg_ok "Configured Squid Authentication"
+
+msg_info "Starting Service"
+systemctl enable -q --now squid
+msg_ok "Started Service"
+
+motd_ssh
+customize
+cleanup_lxc

json/squid.json

@@ -0,0 +1,40 @@
+{
+  "name": "Squid",
+  "slug": "squid",
+  "categories": [
+    4
+  ],
+  "date_created": "2026-04-13",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 3128,
+  "documentation": "https://wiki.squid-cache.org/SquidFaq",
+  "website": "https://www.squid-cache.org/",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/squid.webp",
+  "config_path": "/etc/squid/squid.conf",
+  "description": "Squid is a mature caching and forwarding proxy server that can operate as an authenticated HTTP forward proxy for outbound web traffic. This container deploys Squid with basic authentication, generated initial credentials, and a guided MOTD for simple user management.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/squid.sh",
+      "resources": {
+        "cpu": 1,
+        "ram": 512,
+        "hdd": 4,
+        "os": "debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "type": "info",
+      "text": "Create a proxy user after installation with `htpasswd /etc/squid/passwords <username>`."
+    }
+  ]
+}