diff --git a/ct/headers/squid b/ct/headers/squid new file mode 100644 index 00000000..3d826ef7 --- /dev/null +++ b/ct/headers/squid @@ -0,0 +1,6 @@ + _____ _ __ + / ___/____ ___ __(_)___/ / + \__ \/ __ `/ / / / / __ / + ___/ / /_/ / /_/ / / /_/ / +/____/\__, /\__,_/_/\__,_/ + /_/ diff --git a/ct/squid.sh b/ct/squid.sh new file mode 100644 index 00000000..f48fe95c --- /dev/null +++ b/ct/squid.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2026 community-scripts ORG +# Author: 007hacky007 +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.squid-cache.org/ + +APP="Squid" +var_tags="${var_tags:-proxy}" +var_cpu="${var_cpu:-1}" +var_ram="${var_ram:-512}" +var_disk="${var_disk:-4}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + if [[ ! -f /etc/squid/squid.conf ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + msg_info "Updating Squid" + $STD apt update + $STD apt upgrade -y + msg_ok "Updated Squid" + + msg_info "Validating Squid Configuration" + $STD squid -k parse + msg_ok "Validated Squid Configuration" + + msg_info "Restarting Squid" + systemctl restart squid + msg_ok "Restarted Squid" + exit +} + +start +build_container +description + +msg_ok "Completed successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Proxy endpoint:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}${IP}:3128${CL}" +echo -e "${INFO}${YW} Add a proxy user inside the container with:${CL}" +echo -e "${TAB}${BGN}htpasswd /etc/squid/passwords ${CL}" diff --git a/install/squid-install.sh b/install/squid-install.sh new file mode 100644 index 00000000..aa011082 --- /dev/null +++ b/install/squid-install.sh @@ -0,0 +1,88 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: 007hacky007 +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.squid-cache.org/ + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Configuring Squid" +mkdir -p /etc/squid +cat </etc/squid/squid.conf +acl localnet src 0.0.0.1-0.255.255.255 +acl localnet src 10.0.0.0/8 +acl localnet src 100.64.0.0/10 +acl localnet src 169.254.0.0/16 +acl localnet src 172.16.0.0/12 +acl localnet src 192.168.0.0/16 +acl localnet src fc00::/7 +acl localnet src fe80::/10 + +acl SSL_ports port 443 +acl Safe_ports port 80 +acl Safe_ports port 21 +acl Safe_ports port 443 +acl Safe_ports port 70 +acl Safe_ports port 210 +acl Safe_ports port 1025-65535 +acl Safe_ports port 280 +acl Safe_ports port 488 +acl Safe_ports port 591 +acl Safe_ports port 777 +acl CONNECT method CONNECT + +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +http_access allow localhost manager +http_access deny manager + +auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords +auth_param basic realm proxy +acl authenticated proxy_auth REQUIRED +http_access allow authenticated +http_access deny all + +http_port 3128 + +coredump_dir /var/spool/squid + +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern -i (/cgi-bin/|\\?) 0 0% 0 +refresh_pattern . 0 20% 4320 + +# Privacy / hardening +httpd_suppress_version_string on +visible_hostname $(hostname) +forwarded_for delete +request_header_access X-Forwarded-For deny all +EOF +msg_ok "Configured Squid" + +msg_info "Installing Dependencies" +$STD apt install -y \ + squid \ + apache2-utils +msg_ok "Installed Dependencies" + +msg_info "Configuring Squid Authentication" +touch /etc/squid/passwords +chown proxy:proxy /etc/squid/passwords +chmod 640 /etc/squid/passwords +$STD squid -k parse +msg_ok "Configured Squid Authentication" + +msg_info "Starting Service" +systemctl enable -q --now squid +msg_ok "Started Service" + +motd_ssh +customize +cleanup_lxc diff --git a/json/squid.json b/json/squid.json new file mode 100644 index 00000000..88a3aa82 --- /dev/null +++ b/json/squid.json @@ -0,0 +1,40 @@ +{ + "name": "Squid", + "slug": "squid", + "categories": [ + 4 + ], + "date_created": "2026-04-13", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 3128, + "documentation": "https://wiki.squid-cache.org/SquidFaq", + "website": "https://www.squid-cache.org/", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/squid.webp", + "config_path": "/etc/squid/squid.conf", + "description": "Squid is a mature caching and forwarding proxy server that can operate as an authenticated HTTP forward proxy for outbound web traffic. This container deploys Squid with basic authentication, generated initial credentials, and a guided MOTD for simple user management.", + "install_methods": [ + { + "type": "default", + "script": "ct/squid.sh", + "resources": { + "cpu": 1, + "ram": 512, + "hdd": 4, + "os": "debian", + "version": "13" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "type": "info", + "text": "Create a proxy user after installation with `htpasswd /etc/squid/passwords `." + } + ] +}