Squid Proxy

Pre-configured Squid caching proxy image with sensible defaults for outbound web filtering and bandwidth optimisation. Includes ACL templates, access logging, and hardened base OS. Available as VM images for all major cloud and virtualisation platforms, and as a container for Kubernetes workloads.

All software in this project is the intellectual property of its respective owners. CloudSOE packages and distributes these images under applicable licences and does not claim ownership of the underlying software. Original software by CloudSOE.

Documentation
AW AWS AZ Azure D Docker OS OpenStack OC OpenShift VM VMware VG Vagrant

Deployment Guides

Choose your platform for step-by-step deployment instructions.

AW

AWS

Launch via CLI

aws ec2 run-instances \
  --image-id ami-cloudsoe-squid-proxy \
  --instance-type t3.medium \
  --key-name my-key \
  --security-group-ids sg-xxxxxxxx \
  --subnet-id subnet-xxxxxxxx \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=squid-proxy-01}]'

Security Group

Allow inbound traffic from your client networks:

  • TCP 22 — SSH access
  • TCP 3128 — Squid proxy listener

Test the Proxy

ssh ubuntu@<PUBLIC_IP>
curl -x http://<PUBLIC_IP>:3128 https://example.com

Edit /etc/squid/squid.conf to tighten ACLs to your client CIDR.

Verify the Image

All CloudSOE VM images carry /etc/cloudsoe-support-information and a signed CHECKSUM file. Public keys are at cloudsoe.com/keys.

AZ

Azure

Create the VM

az vm create \
  --resource-group myResourceGroup \
  --name squid-proxy-01 \
  --image /subscriptions/<SUB>/resourceGroups/clouds-images-rg/providers/Microsoft.Compute/galleries/CloudSOEGallery/images/squid-proxy \
  --size Standard_D2s_v3 \
  --admin-username ubuntu \
  --ssh-key-values @~/.ssh/id_rsa.pub

Open the Proxy Port

az vm open-port --port 3128 \
  --resource-group myResourceGroup \
  --name squid-proxy-01

Test the Proxy

ssh ubuntu@<PUBLIC_IP>
curl -x http://<PUBLIC_IP>:3128 https://example.com

Verify the Image

All CloudSOE VM images carry /etc/cloudsoe-support-information and a signed CHECKSUM file. Public keys are at cloudsoe.com/keys.

D

Docker

Quick Start

docker pull cloudsoe/squid-proxy:latest
docker run -d \
  --name squid-proxy \
  -p 3128:3128 \
  cloudsoe/squid-proxy:latest

Docker Compose

services:
  squid:
    image: cloudsoe/squid-proxy:latest
    ports:
      - "3128:3128"
    volumes:
      - ./squid.conf:/etc/squid/squid.conf:ro
    restart: unless-stopped

Verify the Image

The image is signed with cosign. Verify with:

cosign verify --key cosign.pub cloudsoe/squid-proxy:latest

The public key is available at cloudsoe.com/keys.

OC

OpenShift

Import the ContainerDisk

The image is published as an OCI ContainerDisk for KubeVirt. Pull it into your cluster registry, then reference it in a VirtualMachine:

apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: squid-proxy
spec:
  running: true
  template:
    spec:
      domain:
        cpu:
          cores: 2
        memory:
          guest: 2Gi
        devices:
          disks:
            - name: rootdisk
              disk:
                bus: virtio
      volumes:
        - name: rootdisk
          containerDisk:
            image: quay.io/cloudsoe/squid-proxy:latest

Expose the Service

oc expose vm squid-proxy --port=3128 --name=squid-proxy

Verify the Image

Public keys for image attestation are at cloudsoe.com/keys.

OS

OpenStack

Upload the Image

Download the QCOW2 from the release page and upload to Glance:

openstack image create "cloudsoe-squid-proxy" \
  --file cloudsoe-squid-proxy-openstack-<version>.qcow2 \
  --disk-format qcow2 \
  --container-format bare \
  --public

Launch an Instance

openstack server create \
  --image cloudsoe-squid-proxy \
  --flavor m1.medium \
  --key-name my-key \
  --network my-network \
  squid-proxy-01

Test the Proxy

ssh cloudsoe@<FLOATING_IP>
curl -x http://<FLOATING_IP>:3128 https://example.com

Verify the Image

Download CHECKSUM and CHECKSUM.sig from the release page, then:

gpg --import gpg.pub
gpg --verify CHECKSUM.sig CHECKSUM
sha256sum -c CHECKSUM

Public keys are at cloudsoe.com/keys.

VG

Vagrant

Quick Start

vagrant init cloudsoe/squid-proxy
vagrant up

Vagrantfile

Vagrant.configure("2") do |config|
  config.vm.box = "cloudsoe/squid-proxy"
  config.vm.network "forwarded_port", guest: 3128, host: 3128
  config.vm.provider "libvirt" do |v|
    v.memory = 2048
    v.cpus   = 2
  end
end

Test the Proxy

vagrant ssh
curl -x http://localhost:3128 https://example.com

Verify the Image

Public keys for box verification are at cloudsoe.com/keys.

VM

VMware

Import the OVA

Download the OVA bundle from the release page and import into vCenter:

ovftool \
  --acceptAllEulas \
  --name=squid-proxy-01 \
  --datastore=datastore1 \
  --network="VM Network" \
  cloudsoe-squid-proxy-vmware-<version>.ova \
  vi://administrator@vsphere.local@vcenter.local/Datacenter/host/Cluster

Or upload via the vSphere web UI (File → Deploy OVF Template).

Power On and Test

ssh cloudsoe@<VM_IP>
curl -x http://<VM_IP>:3128 https://example.com

Verify the Image

Download CHECKSUM and CHECKSUM.sig from the release page, then:

gpg --import gpg.pub
gpg --verify CHECKSUM.sig CHECKSUM
sha256sum -c CHECKSUM

Public keys are at cloudsoe.com/keys.