T-Gander/ProxmoxVEDHelperScripts
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
fb1a95a418f4654e199627557cc22044052b183f
ProxmoxVEDHelperScripts/install/squid-install.sh
007hacky007 fb1a95a418 refactor: use service helpers for squid lifecycle
2026-04-14 15:58:51 +02:00

102 lines
2.6 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: 007hacky007
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://www.squid-cache.org/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Configuring Squid"
mkdir -p /etc/squid
cat <<EOF >/etc/squid/squid.conf
acl localnet src 0.0.0.1-0.255.255.255
acl localnet src 10.0.0.0/8
acl localnet src 100.64.0.0/10
acl localnet src 169.254.0.0/16
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\\?) 0 0% 0
refresh_pattern . 0 20% 4320
# Privacy / hardening
httpd_suppress_version_string on
visible_hostname $(hostname)
forwarded_for delete
request_header_access X-Forwarded-For deny all
EOF
msg_ok "Configured Squid"
msg_info "Installing Dependencies"
install_packages_with_retry squid apache2-utils
msg_ok "Installed Dependencies"
msg_info "Preparing Authentication"
touch /etc/squid/passwords
chmod 600 /etc/squid/passwords
msg_ok "Initialized Password File"
msg_info "Validating Squid Configuration"
$STD squid -k parse
msg_ok "Validated Squid Configuration"
msg_info "Starting Service"
enable_and_start_service "squid"
msg_ok "Started Service"
motd_ssh
cat <<EOF >>/etc/profile.d/00_lxc-details.sh
echo ""
echo -e "${BOLD} Squid Proxy${CL}"
echo -e " Type: ${GN}HTTP Forward Proxy${CL}"
echo -e " Port: ${GN}3128${CL}"
echo ""
echo -e "${BOLD} Configure Authentication:${CL}"
echo -e " Add user: ${GN}htpasswd /etc/squid/passwords <username>${CL}"
EOF
msg_info "Configure Proxy Authentication"
echo -e "${TAB}${BGN}Run inside the container: htpasswd /etc/squid/passwords <username>${CL}"
customize
cleanup_lxc
Reference in New Issue View Git Blame Copy Permalink