Create a Proxy VM on Google Cloud
graph TB
%% External Components
User((User IP 4.23.4.2/32))
Internet((Internet))
%% GCP Cloud
subgraph GCP[GCP Region: us-west1]
subgraph VPC[Default Network]
%% Compute Instance
subgraph Zone[Zone: us-west1-a]
VM[Compute Engine Instance Squid Proxy e2-micro Ubuntu 22.04 LTS]
end
FW[Firewall Rule Inbound: 8080/TCP from allowed IP]
end
end
%% Network Connections
User -->|Port 8080| FW
FW -->|Allow| VM
VM -->|Allow All| Internet
%% VM Components
subgraph VM_Config[VM Configuration]
Boot[Boot Disk Ubuntu 22.04]
Network[Network Interface Ephemeral Public IP]
Tags[Network Tags: squid-proxy]
end
%% Component Relationships
Boot --> VM
Network --> VM
Tags --> VM
Tags -.->|Target| FW
%% Styling
classDef gcp fill:#4285F4,stroke:#232F3E,stroke-width:2px,color:white;
classDef external fill:#85BBF0,stroke:#232F3E,stroke-width:2px,color:black;
classDef resource fill:#FFFFFF,stroke:#232F3E,stroke-width:2px,color:black;
classDef config fill:#E1E1E1,stroke:#232F3E,stroke-width:2px,color:black;
class GCP,VPC,Zone gcp;
class User,Internet external;
class VM,FW resource;
class Boot,Network,Tags,VM_Config config;
Here’s the AI generated code.
# Variables
variable "project" {
description = "The GCP project ID"
type = string
default = "google-project-id" # Replace with your actual GCP project ID
}
variable "region" {
description = "The GCP region to deploy resources in"
type = string
default = "us-west1"
}
variable "zone" {
description = "The GCP zone to deploy resources in"
type = string
default = "us-west1-a"
}
variable "allowed_ip" {
description = "The IP address that is allowed to access the Squid proxy"
type = string
default = "4.23.4.2/32" # Modify this IP to your liking. Go to http://checkip.amazonaws.com/ and get your public IP address.
}
# Provider Configuration
provider "google" {
project = var.project
region = var.region
zone = var.zone
}
# Fetch the default network
data "google_compute_network" "default" {
name = "default"
}
# Firewall Rule to Allow Inbound Traffic on Port 8080
resource "google_compute_firewall" "squid_proxy_firewall" {
name = "squid-proxy-firewall"
network = data.google_compute_network.default.self_link
allow {
protocol = "tcp"
ports = ["8080"]
}
source_ranges = [var.allowed_ip]
target_tags = ["squid-proxy"]
}
# Compute Engine Instance
resource "google_compute_instance" "squid_proxy_vm" {
name = "squid-proxy-vm"
machine_type = "e2-micro"
zone = var.zone
boot_disk {
initialize_params {
image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts"
}
}
network_interface {
network = data.google_compute_network.default.self_link
access_config {
# Ephemeral public IP
}
}
metadata_startup_script = <<-EOF
#!/bin/bash
# Update the system
apt-get update -y
# Install Squid
apt-get install squid -y
# Configure Squid
cat <<EOT > /etc/squid/squid.conf
acl allowed_ips src ${var.allowed_ip}
http_access allow allowed_ips
http_port 8080
EOT
# Restart Squid to apply the new configuration
systemctl restart squid
EOF
tags = ["squid-proxy"]
}
# Output the Public IP Address
output "proxy_vm_public_ip" {
description = "The public IP address of the Compute Engine instance"
value = google_compute_instance.squid_proxy_vm.network_interface[0].access_config[0].nat_ip
}