diff --git a/ct/headers/squid b/ct/headers/squid new file mode 100644 index 00000000..40b4c257 --- /dev/null +++ b/ct/headers/squid @@ -0,0 +1,6 @@ + _____ _ __ + / ___/____ ___ __(_)___/ / + \__ \/ __ `/ / / / / __ / + ___/ / /_/ / /_/ / / /_/ / +/____/\__, /\__,_/_/\__,_/ + /_/ diff --git a/ct/squid.sh b/ct/squid.sh new file mode 100644 index 00000000..f5286be9 --- /dev/null +++ b/ct/squid.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2026 community-scripts ORG +# Author: 007hacky007 +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.squid-cache.org/ + +APP="Squid" +var_tags="${var_tags:-proxy}" +var_cpu="${var_cpu:-1}" +var_ram="${var_ram:-512}" +var_disk="${var_disk:-4}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + if [[ ! -f /etc/squid/squid.conf ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + msg_info "Updating ${APP}" + $STD apt-get update + $STD apt-get -y upgrade + msg_info "Validating Squid Configuration" + $STD squid -k parse + msg_ok "Validated Squid Configuration" + msg_info "Restarting Squid" + systemctl restart squid + msg_ok "Restarted Squid" + msg_ok "Updated ${APP}" + msg_ok "Updated successfully!" + exit +} + +start +build_container +description + +SQUID_USER="" +SQUID_PASS="" +if pct exec "$CTID" -- test -f /root/squid.creds 2>/dev/null; then + SQUID_USER=$(pct exec "$CTID" -- awk -F': ' '/^Username:/ {print $2}' /root/squid.creds 2>/dev/null | tr -d '\r') + SQUID_PASS=$(pct exec "$CTID" -- awk -F': ' '/^Password:/ {print $2}' /root/squid.creds 2>/dev/null | tr -d '\r') +fi + +msg_ok "Completed successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Proxy endpoint:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}${IP}:3128${CL}" +if [[ -n "$SQUID_USER" && -n "$SQUID_PASS" ]]; then + echo -e "${INFO}${YW} Credentials:${CL}" + echo -e "${TAB}${BGN}Username: ${SQUID_USER}${CL}" + echo -e "${TAB}${BGN}Password: ${SQUID_PASS}${CL}" +else + echo -e "${INFO}${YW} Credentials are stored in the container at /root/squid.creds.${CL}" +fi +echo -e "${INFO}${YW} These details are also available in the container MOTD.${CL}" diff --git a/install/squid-install.sh b/install/squid-install.sh new file mode 100644 index 00000000..7ada90fd --- /dev/null +++ b/install/squid-install.sh @@ -0,0 +1,113 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: 007hacky007 +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.squid-cache.org/ + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt install -y squid apache2-utils +msg_ok "Installed Dependencies" + +msg_info "Configuring Squid" +rm -f /etc/squid/conf.d/* +cat </etc/squid/squid.conf +acl localnet src 0.0.0.1-0.255.255.255 +acl localnet src 10.0.0.0/8 +acl localnet src 100.64.0.0/10 +acl localnet src 169.254.0.0/16 +acl localnet src 172.16.0.0/12 +acl localnet src 192.168.0.0/16 +acl localnet src fc00::/7 +acl localnet src fe80::/10 + +acl SSL_ports port 443 +acl Safe_ports port 80 +acl Safe_ports port 21 +acl Safe_ports port 443 +acl Safe_ports port 70 +acl Safe_ports port 210 +acl Safe_ports port 1025-65535 +acl Safe_ports port 280 +acl Safe_ports port 488 +acl Safe_ports port 591 +acl Safe_ports port 777 +acl CONNECT method CONNECT + +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +http_access allow localhost manager +http_access deny manager + +auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords +auth_param basic realm proxy +acl authenticated proxy_auth REQUIRED +http_access allow authenticated +http_access deny all + +http_port 3128 + +coredump_dir /var/spool/squid + +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern -i (/cgi-bin/|\\?) 0 0% 0 +refresh_pattern . 0 20% 4320 + +# Privacy / hardening +httpd_suppress_version_string on +visible_hostname $(hostname) +forwarded_for delete +request_header_access X-Forwarded-For deny all +EOF +msg_ok "Configured Squid" + +msg_info "Generating Proxy Credentials" +SQUID_USER="proxy" +SQUID_PASS="$(dd if=/dev/urandom bs=32 count=1 status=none | base64 | tr -dc 'A-Za-z0-9' | cut -c1-16)" +$STD htpasswd -cb /etc/squid/passwords "$SQUID_USER" "$SQUID_PASS" +cat </root/squid.creds +Proxy endpoint: $(hostname -I | awk '{print $1}'):3128 +Proxy type: HTTP Forward Proxy +Username: ${SQUID_USER} +Password: ${SQUID_PASS} +EOF +chmod 600 /root/squid.creds +msg_ok "Generated Proxy Credentials" +msg_ok "Username: ${SQUID_USER}" +msg_ok "Password: ${SQUID_PASS}" + +msg_info "Validating Squid Configuration" +$STD squid -k parse +msg_ok "Validated Squid Configuration" + +msg_info "Starting Service" +systemctl enable -q squid +systemctl restart squid +msg_ok "Started Service" + +motd_ssh +cat <>/etc/profile.d/00_lxc-details.sh +echo "" +echo -e "${BOLD} Squid Proxy${CL}" +echo -e " Type: ${GN}HTTP Forward Proxy${CL}" +echo -e " Port: ${GN}3128${CL}" +echo -e " Default user: ${GN}${SQUID_USER}${CL}" +echo -e " Initial password: ${GN}${SQUID_PASS}${CL}" +echo "" +echo -e "${BOLD} Manage users:${CL}" +echo -e " Reset password: ${GN}htpasswd /etc/squid/passwords proxy${CL}" +echo -e " Add user: ${GN}htpasswd /etc/squid/passwords ${CL}" +echo -e " Remove user: ${GN}htpasswd -D /etc/squid/passwords ${CL}" +EOF + +customize +cleanup_lxc diff --git a/json/squid.json b/json/squid.json new file mode 100644 index 00000000..e3d1199c --- /dev/null +++ b/json/squid.json @@ -0,0 +1,44 @@ +{ + "name": "Squid", + "slug": "squid", + "categories": [ + 4 + ], + "date_created": "2026-04-13", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 3128, + "documentation": "https://wiki.squid-cache.org/SquidFaq", + "website": "https://www.squid-cache.org/", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/squid.webp", + "config_path": "/etc/squid/squid.conf", + "description": "Squid is a mature caching and forwarding proxy server that can operate as an authenticated HTTP forward proxy for outbound web traffic. This container deploys Squid with basic authentication, generated initial credentials, and a guided MOTD for simple user management.", + "install_methods": [ + { + "type": "default", + "script": "ct/squid.sh", + "resources": { + "cpu": 1, + "ram": 512, + "hdd": 4, + "os": "debian", + "version": "13" + } + } + ], + "default_credentials": { + "username": "proxy", + "password": null + }, + "notes": [ + { + "type": "info", + "text": "Initial generated credentials are shown in the completion output, written to `/root/squid.creds`, and displayed in the container MOTD." + }, + { + "type": "info", + "text": "Manage proxy users with `htpasswd /etc/squid/passwords ` and remove users with `htpasswd -D /etc/squid/passwords `." + } + ] +}