From 713d1bd113744a35b0f79d4f717d3993865a4bdb Mon Sep 17 00:00:00 2001 From: 007hacky007 <007hacky007@users.noreply.github.com> Date: Mon, 13 Apr 2026 22:21:16 +0200 Subject: [PATCH 1/8] feat: add squid proxy script --- ct/headers/squid | 6 +++ ct/squid.sh | 66 +++++++++++++++++++++++ install/squid-install.sh | 113 +++++++++++++++++++++++++++++++++++++++ json/squid.json | 44 +++++++++++++++ 4 files changed, 229 insertions(+) create mode 100644 ct/headers/squid create mode 100644 ct/squid.sh create mode 100644 install/squid-install.sh create mode 100644 json/squid.json diff --git a/ct/headers/squid b/ct/headers/squid new file mode 100644 index 00000000..40b4c257 --- /dev/null +++ b/ct/headers/squid @@ -0,0 +1,6 @@ + _____ _ __ + / ___/____ ___ __(_)___/ / + \__ \/ __ `/ / / / / __ / + ___/ / /_/ / /_/ / / /_/ / +/____/\__, /\__,_/_/\__,_/ + /_/ diff --git a/ct/squid.sh b/ct/squid.sh new file mode 100644 index 00000000..f5286be9 --- /dev/null +++ b/ct/squid.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2026 community-scripts ORG +# Author: 007hacky007 +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.squid-cache.org/ + +APP="Squid" +var_tags="${var_tags:-proxy}" +var_cpu="${var_cpu:-1}" +var_ram="${var_ram:-512}" +var_disk="${var_disk:-4}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + if [[ ! -f /etc/squid/squid.conf ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + msg_info "Updating ${APP}" + $STD apt-get update + $STD apt-get -y upgrade + msg_info "Validating Squid Configuration" + $STD squid -k parse + msg_ok "Validated Squid Configuration" + msg_info "Restarting Squid" + systemctl restart squid + msg_ok "Restarted Squid" + msg_ok "Updated ${APP}" + msg_ok "Updated successfully!" + exit +} + +start +build_container +description + +SQUID_USER="" +SQUID_PASS="" +if pct exec "$CTID" -- test -f /root/squid.creds 2>/dev/null; then + SQUID_USER=$(pct exec "$CTID" -- awk -F': ' '/^Username:/ {print $2}' /root/squid.creds 2>/dev/null | tr -d '\r') + SQUID_PASS=$(pct exec "$CTID" -- awk -F': ' '/^Password:/ {print $2}' /root/squid.creds 2>/dev/null | tr -d '\r') +fi + +msg_ok "Completed successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Proxy endpoint:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}${IP}:3128${CL}" +if [[ -n "$SQUID_USER" && -n "$SQUID_PASS" ]]; then + echo -e "${INFO}${YW} Credentials:${CL}" + echo -e "${TAB}${BGN}Username: ${SQUID_USER}${CL}" + echo -e "${TAB}${BGN}Password: ${SQUID_PASS}${CL}" +else + echo -e "${INFO}${YW} Credentials are stored in the container at /root/squid.creds.${CL}" +fi +echo -e "${INFO}${YW} These details are also available in the container MOTD.${CL}" diff --git a/install/squid-install.sh b/install/squid-install.sh new file mode 100644 index 00000000..7ada90fd --- /dev/null +++ b/install/squid-install.sh @@ -0,0 +1,113 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: 007hacky007 +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.squid-cache.org/ + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt install -y squid apache2-utils +msg_ok "Installed Dependencies" + +msg_info "Configuring Squid" +rm -f /etc/squid/conf.d/* +cat </etc/squid/squid.conf +acl localnet src 0.0.0.1-0.255.255.255 +acl localnet src 10.0.0.0/8 +acl localnet src 100.64.0.0/10 +acl localnet src 169.254.0.0/16 +acl localnet src 172.16.0.0/12 +acl localnet src 192.168.0.0/16 +acl localnet src fc00::/7 +acl localnet src fe80::/10 + +acl SSL_ports port 443 +acl Safe_ports port 80 +acl Safe_ports port 21 +acl Safe_ports port 443 +acl Safe_ports port 70 +acl Safe_ports port 210 +acl Safe_ports port 1025-65535 +acl Safe_ports port 280 +acl Safe_ports port 488 +acl Safe_ports port 591 +acl Safe_ports port 777 +acl CONNECT method CONNECT + +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +http_access allow localhost manager +http_access deny manager + +auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords +auth_param basic realm proxy +acl authenticated proxy_auth REQUIRED +http_access allow authenticated +http_access deny all + +http_port 3128 + +coredump_dir /var/spool/squid + +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern -i (/cgi-bin/|\\?) 0 0% 0 +refresh_pattern . 0 20% 4320 + +# Privacy / hardening +httpd_suppress_version_string on +visible_hostname $(hostname) +forwarded_for delete +request_header_access X-Forwarded-For deny all +EOF +msg_ok "Configured Squid" + +msg_info "Generating Proxy Credentials" +SQUID_USER="proxy" +SQUID_PASS="$(dd if=/dev/urandom bs=32 count=1 status=none | base64 | tr -dc 'A-Za-z0-9' | cut -c1-16)" +$STD htpasswd -cb /etc/squid/passwords "$SQUID_USER" "$SQUID_PASS" +cat </root/squid.creds +Proxy endpoint: $(hostname -I | awk '{print $1}'):3128 +Proxy type: HTTP Forward Proxy +Username: ${SQUID_USER} +Password: ${SQUID_PASS} +EOF +chmod 600 /root/squid.creds +msg_ok "Generated Proxy Credentials" +msg_ok "Username: ${SQUID_USER}" +msg_ok "Password: ${SQUID_PASS}" + +msg_info "Validating Squid Configuration" +$STD squid -k parse +msg_ok "Validated Squid Configuration" + +msg_info "Starting Service" +systemctl enable -q squid +systemctl restart squid +msg_ok "Started Service" + +motd_ssh +cat <>/etc/profile.d/00_lxc-details.sh +echo "" +echo -e "${BOLD} Squid Proxy${CL}" +echo -e " Type: ${GN}HTTP Forward Proxy${CL}" +echo -e " Port: ${GN}3128${CL}" +echo -e " Default user: ${GN}${SQUID_USER}${CL}" +echo -e " Initial password: ${GN}${SQUID_PASS}${CL}" +echo "" +echo -e "${BOLD} Manage users:${CL}" +echo -e " Reset password: ${GN}htpasswd /etc/squid/passwords proxy${CL}" +echo -e " Add user: ${GN}htpasswd /etc/squid/passwords ${CL}" +echo -e " Remove user: ${GN}htpasswd -D /etc/squid/passwords ${CL}" +EOF + +customize +cleanup_lxc diff --git a/json/squid.json b/json/squid.json new file mode 100644 index 00000000..e3d1199c --- /dev/null +++ b/json/squid.json @@ -0,0 +1,44 @@ +{ + "name": "Squid", + "slug": "squid", + "categories": [ + 4 + ], + "date_created": "2026-04-13", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 3128, + "documentation": "https://wiki.squid-cache.org/SquidFaq", + "website": "https://www.squid-cache.org/", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/squid.webp", + "config_path": "/etc/squid/squid.conf", + "description": "Squid is a mature caching and forwarding proxy server that can operate as an authenticated HTTP forward proxy for outbound web traffic. This container deploys Squid with basic authentication, generated initial credentials, and a guided MOTD for simple user management.", + "install_methods": [ + { + "type": "default", + "script": "ct/squid.sh", + "resources": { + "cpu": 1, + "ram": 512, + "hdd": 4, + "os": "debian", + "version": "13" + } + } + ], + "default_credentials": { + "username": "proxy", + "password": null + }, + "notes": [ + { + "type": "info", + "text": "Initial generated credentials are shown in the completion output, written to `/root/squid.creds`, and displayed in the container MOTD." + }, + { + "type": "info", + "text": "Manage proxy users with `htpasswd /etc/squid/passwords ` and remove users with `htpasswd -D /etc/squid/passwords `." + } + ] +} From 9177cb5f23ee0876ac973df00eccd9cb34328105 Mon Sep 17 00:00:00 2001 From: 007hacky007 <007hacky007@users.noreply.github.com> Date: Tue, 14 Apr 2026 14:32:50 +0200 Subject: [PATCH 2/8] fix: simplify squid auth onboarding --- ct/squid.sh | 21 ++++----------------- install/squid-install.sh | 29 +++++++++-------------------- json/squid.json | 8 ++------ 3 files changed, 15 insertions(+), 43 deletions(-) diff --git a/ct/squid.sh b/ct/squid.sh index f5286be9..8ab803ec 100644 --- a/ct/squid.sh +++ b/ct/squid.sh @@ -28,8 +28,8 @@ function update_script() { exit fi msg_info "Updating ${APP}" - $STD apt-get update - $STD apt-get -y upgrade + $STD apt update + $STD apt upgrade -y msg_info "Validating Squid Configuration" $STD squid -k parse msg_ok "Validated Squid Configuration" @@ -45,22 +45,9 @@ start build_container description -SQUID_USER="" -SQUID_PASS="" -if pct exec "$CTID" -- test -f /root/squid.creds 2>/dev/null; then - SQUID_USER=$(pct exec "$CTID" -- awk -F': ' '/^Username:/ {print $2}' /root/squid.creds 2>/dev/null | tr -d '\r') - SQUID_PASS=$(pct exec "$CTID" -- awk -F': ' '/^Password:/ {print $2}' /root/squid.creds 2>/dev/null | tr -d '\r') -fi - msg_ok "Completed successfully!\n" echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" echo -e "${INFO}${YW} Proxy endpoint:${CL}" echo -e "${TAB}${GATEWAY}${BGN}${IP}:3128${CL}" -if [[ -n "$SQUID_USER" && -n "$SQUID_PASS" ]]; then - echo -e "${INFO}${YW} Credentials:${CL}" - echo -e "${TAB}${BGN}Username: ${SQUID_USER}${CL}" - echo -e "${TAB}${BGN}Password: ${SQUID_PASS}${CL}" -else - echo -e "${INFO}${YW} Credentials are stored in the container at /root/squid.creds.${CL}" -fi -echo -e "${INFO}${YW} These details are also available in the container MOTD.${CL}" +echo -e "${INFO}${YW} Add a proxy user inside the container with:${CL}" +echo -e "${TAB}${BGN}htpasswd /etc/squid/passwords ${CL}" diff --git a/install/squid-install.sh b/install/squid-install.sh index 7ada90fd..69780f13 100644 --- a/install/squid-install.sh +++ b/install/squid-install.sh @@ -70,20 +70,10 @@ request_header_access X-Forwarded-For deny all EOF msg_ok "Configured Squid" -msg_info "Generating Proxy Credentials" -SQUID_USER="proxy" -SQUID_PASS="$(dd if=/dev/urandom bs=32 count=1 status=none | base64 | tr -dc 'A-Za-z0-9' | cut -c1-16)" -$STD htpasswd -cb /etc/squid/passwords "$SQUID_USER" "$SQUID_PASS" -cat </root/squid.creds -Proxy endpoint: $(hostname -I | awk '{print $1}'):3128 -Proxy type: HTTP Forward Proxy -Username: ${SQUID_USER} -Password: ${SQUID_PASS} -EOF -chmod 600 /root/squid.creds -msg_ok "Generated Proxy Credentials" -msg_ok "Username: ${SQUID_USER}" -msg_ok "Password: ${SQUID_PASS}" +msg_info "Preparing Authentication" +touch /etc/squid/passwords +chmod 600 /etc/squid/passwords +msg_ok "Initialized Password File" msg_info "Validating Squid Configuration" $STD squid -k parse @@ -100,14 +90,13 @@ echo "" echo -e "${BOLD} Squid Proxy${CL}" echo -e " Type: ${GN}HTTP Forward Proxy${CL}" echo -e " Port: ${GN}3128${CL}" -echo -e " Default user: ${GN}${SQUID_USER}${CL}" -echo -e " Initial password: ${GN}${SQUID_PASS}${CL}" echo "" -echo -e "${BOLD} Manage users:${CL}" -echo -e " Reset password: ${GN}htpasswd /etc/squid/passwords proxy${CL}" -echo -e " Add user: ${GN}htpasswd /etc/squid/passwords ${CL}" -echo -e " Remove user: ${GN}htpasswd -D /etc/squid/passwords ${CL}" +echo -e "${BOLD} Configure Authentication:${CL}" +echo -e " Add user: ${GN}htpasswd /etc/squid/passwords ${CL}" EOF +msg_info "Configure Proxy Authentication" +echo -e "${TAB}${BGN}Run inside the container: htpasswd /etc/squid/passwords ${CL}" + customize cleanup_lxc diff --git a/json/squid.json b/json/squid.json index e3d1199c..88a3aa82 100644 --- a/json/squid.json +++ b/json/squid.json @@ -28,17 +28,13 @@ } ], "default_credentials": { - "username": "proxy", + "username": null, "password": null }, "notes": [ { "type": "info", - "text": "Initial generated credentials are shown in the completion output, written to `/root/squid.creds`, and displayed in the container MOTD." - }, - { - "type": "info", - "text": "Manage proxy users with `htpasswd /etc/squid/passwords ` and remove users with `htpasswd -D /etc/squid/passwords `." + "text": "Create a proxy user after installation with `htpasswd /etc/squid/passwords `." } ] } From b36d1e08f2165ae6360466e371193328d1a72154 Mon Sep 17 00:00:00 2001 From: 007hacky007 <007hacky007@users.noreply.github.com> Date: Tue, 14 Apr 2026 14:42:46 +0200 Subject: [PATCH 3/8] style: update squid header --- ct/headers/squid | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ct/headers/squid b/ct/headers/squid index 40b4c257..3d826ef7 100644 --- a/ct/headers/squid +++ b/ct/headers/squid @@ -1,6 +1,6 @@ _____ _ __ / ___/____ ___ __(_)___/ / - \__ \/ __ `/ / / / / __ / - ___/ / /_/ / /_/ / / /_/ / -/____/\__, /\__,_/_/\__,_/ - /_/ + \__ \/ __ `/ / / / / __ / + ___/ / /_/ / /_/ / / /_/ / +/____/\__, /\__,_/_/\__,_/ + /_/ From d8161abc2e139fed0636d8ddacd511a85e9b9fc6 Mon Sep 17 00:00:00 2001 From: 007hacky007 <007hacky007@users.noreply.github.com> Date: Tue, 14 Apr 2026 15:01:00 +0200 Subject: [PATCH 4/8] fix: precreate squid config before package install --- install/squid-install.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/install/squid-install.sh b/install/squid-install.sh index 69780f13..fae576a6 100644 --- a/install/squid-install.sh +++ b/install/squid-install.sh @@ -13,12 +13,8 @@ setting_up_container network_check update_os -msg_info "Installing Dependencies" -$STD apt install -y squid apache2-utils -msg_ok "Installed Dependencies" - msg_info "Configuring Squid" -rm -f /etc/squid/conf.d/* +mkdir -p /etc/squid cat </etc/squid/squid.conf acl localnet src 0.0.0.1-0.255.255.255 acl localnet src 10.0.0.0/8 @@ -70,6 +66,10 @@ request_header_access X-Forwarded-For deny all EOF msg_ok "Configured Squid" +msg_info "Installing Dependencies" +$STD apt install -y squid apache2-utils +msg_ok "Installed Dependencies" + msg_info "Preparing Authentication" touch /etc/squid/passwords chmod 600 /etc/squid/passwords @@ -80,8 +80,7 @@ $STD squid -k parse msg_ok "Validated Squid Configuration" msg_info "Starting Service" -systemctl enable -q squid -systemctl restart squid +systemctl enable -q --now squid msg_ok "Started Service" motd_ssh From 492719059218a63c4dce7edee1bd039a20116ee9 Mon Sep 17 00:00:00 2001 From: 007hacky007 <007hacky007@users.noreply.github.com> Date: Tue, 14 Apr 2026 15:49:15 +0200 Subject: [PATCH 5/8] refactor: use package install helper for squid deps --- install/squid-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/squid-install.sh b/install/squid-install.sh index fae576a6..cb0e3998 100644 --- a/install/squid-install.sh +++ b/install/squid-install.sh @@ -67,7 +67,7 @@ EOF msg_ok "Configured Squid" msg_info "Installing Dependencies" -$STD apt install -y squid apache2-utils +install_packages_with_retry squid apache2-utils msg_ok "Installed Dependencies" msg_info "Preparing Authentication" From fb1a95a418f4654e199627557cc22044052b183f Mon Sep 17 00:00:00 2001 From: 007hacky007 <007hacky007@users.noreply.github.com> Date: Tue, 14 Apr 2026 15:58:51 +0200 Subject: [PATCH 6/8] refactor: use service helpers for squid lifecycle --- ct/squid.sh | 2 +- install/squid-install.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ct/squid.sh b/ct/squid.sh index 8ab803ec..5a0eeb69 100644 --- a/ct/squid.sh +++ b/ct/squid.sh @@ -34,7 +34,7 @@ function update_script() { $STD squid -k parse msg_ok "Validated Squid Configuration" msg_info "Restarting Squid" - systemctl restart squid + safe_service_restart "squid" msg_ok "Restarted Squid" msg_ok "Updated ${APP}" msg_ok "Updated successfully!" diff --git a/install/squid-install.sh b/install/squid-install.sh index cb0e3998..a92528c3 100644 --- a/install/squid-install.sh +++ b/install/squid-install.sh @@ -80,7 +80,7 @@ $STD squid -k parse msg_ok "Validated Squid Configuration" msg_info "Starting Service" -systemctl enable -q --now squid +enable_and_start_service "squid" msg_ok "Started Service" motd_ssh From 3255b25b9e6a741a3d83e74d4d678f2b05c237bd Mon Sep 17 00:00:00 2001 From: 007hacky007 <007hacky007@users.noreply.github.com> Date: Tue, 14 Apr 2026 16:10:52 +0200 Subject: [PATCH 7/8] fix: allow squid auth helper to read passwords --- install/squid-install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/install/squid-install.sh b/install/squid-install.sh index a92528c3..0d19afe8 100644 --- a/install/squid-install.sh +++ b/install/squid-install.sh @@ -72,7 +72,8 @@ msg_ok "Installed Dependencies" msg_info "Preparing Authentication" touch /etc/squid/passwords -chmod 600 /etc/squid/passwords +chown proxy:proxy /etc/squid/passwords +chmod 640 /etc/squid/passwords msg_ok "Initialized Password File" msg_info "Validating Squid Configuration" From 01577008e40c7f74d8df91d3be853f6807b0123b Mon Sep 17 00:00:00 2001 From: 007hacky007 <007hacky007@users.noreply.github.com> Date: Tue, 28 Apr 2026 19:08:12 +0200 Subject: [PATCH 8/8] refactor: address MickLesk review feedback Use literal 'Squid' in msg_* labels, add missing msg_ok and spacing in update_script. Replace install_packages_with_retry/enable_and_start_service/ safe_service_restart helpers with plain apt and systemctl commands. Merge auth setup and config validation into a single msg block. Drop the custom /etc/profile.d MOTD heredoc and trailing htpasswd echo. --- ct/squid.sh | 9 +++++---- install/squid-install.sh | 26 ++++++-------------------- 2 files changed, 11 insertions(+), 24 deletions(-) diff --git a/ct/squid.sh b/ct/squid.sh index 5a0eeb69..f48fe95c 100644 --- a/ct/squid.sh +++ b/ct/squid.sh @@ -27,17 +27,18 @@ function update_script() { msg_error "No ${APP} Installation Found!" exit fi - msg_info "Updating ${APP}" + msg_info "Updating Squid" $STD apt update $STD apt upgrade -y + msg_ok "Updated Squid" + msg_info "Validating Squid Configuration" $STD squid -k parse msg_ok "Validated Squid Configuration" + msg_info "Restarting Squid" - safe_service_restart "squid" + systemctl restart squid msg_ok "Restarted Squid" - msg_ok "Updated ${APP}" - msg_ok "Updated successfully!" exit } diff --git a/install/squid-install.sh b/install/squid-install.sh index 0d19afe8..aa011082 100644 --- a/install/squid-install.sh +++ b/install/squid-install.sh @@ -67,36 +67,22 @@ EOF msg_ok "Configured Squid" msg_info "Installing Dependencies" -install_packages_with_retry squid apache2-utils +$STD apt install -y \ + squid \ + apache2-utils msg_ok "Installed Dependencies" -msg_info "Preparing Authentication" +msg_info "Configuring Squid Authentication" touch /etc/squid/passwords chown proxy:proxy /etc/squid/passwords chmod 640 /etc/squid/passwords -msg_ok "Initialized Password File" - -msg_info "Validating Squid Configuration" $STD squid -k parse -msg_ok "Validated Squid Configuration" +msg_ok "Configured Squid Authentication" msg_info "Starting Service" -enable_and_start_service "squid" +systemctl enable -q --now squid msg_ok "Started Service" motd_ssh -cat <>/etc/profile.d/00_lxc-details.sh -echo "" -echo -e "${BOLD} Squid Proxy${CL}" -echo -e " Type: ${GN}HTTP Forward Proxy${CL}" -echo -e " Port: ${GN}3128${CL}" -echo "" -echo -e "${BOLD} Configure Authentication:${CL}" -echo -e " Add user: ${GN}htpasswd /etc/squid/passwords ${CL}" -EOF - -msg_info "Configure Proxy Authentication" -echo -e "${TAB}${BGN}Run inside the container: htpasswd /etc/squid/passwords ${CL}" - customize cleanup_lxc