St
Developer Tools Azure

Squash TM on Ubuntu 24.04 on Azure User Guide

| Product: Squash TM on Ubuntu 24.04 LTS on Azure

Overview

Squash TM is Henix's open source test and requirement management platform. Teams capture requirements, write and organise reusable test cases into structured libraries, plan and run test campaigns and iterations, and track execution results and coverage — all from a single web application. The cloudimg image installs the Squash TM 12 open-source core (the LGPL-v3 squash-tm.war on the OpenJDK 21 JRE) behind nginx as a reverse proxy, with PostgreSQL as the application database. Only the LGPL open-source core is shipped: the commercial Squash TM Premium plugin bundle that ships in the upstream tarball is removed at build time.

The Squash TM server listens on 127.0.0.1:8080 under the /squash context path and is reached through nginx on port 80; PostgreSQL binds to the loopback interface only. The upstream distribution seeds a default admin/admin login, which is not kept: on the first boot of every deployed VM, two secrets are generated uniquely — the PostgreSQL role password and the Squash TM administrator web password — and the administrator login is written to /root/squash-tm-credentials.txt with mode 0600. The default admin/admin no longer works after first boot, and this happens before the application is exposed. Backed by 24/7 cloudimg support.

What is included:

  • Squash TM 12.0.8 open-source core (/opt/squash-tm, LGPL-v3) on the OpenJDK 21 JRE — the commercial premium plugin is removed
  • nginx reverse proxy on :80 in front of the Squash TM server (bound to loopback :8080)
  • PostgreSQL as the application database, bound to loopback only, with the uuid-ossp extension enabled
  • Per-VM administrator web password and PostgreSQL password generated at first boot, in a root-only file
  • squash-tm.service, postgresql.service and nginx.service as systemd units, enabled and active
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2ms (2 vCPU / 8 GiB RAM) is a good starting point — Squash TM runs on the JVM (a 2 GiB heap) alongside PostgreSQL, and benefits from memory; scale up for more users or larger repositories. NSG inbound: allow 22/tcp from your management network and 80/tcp from the networks your users will reach Squash TM on (front port 80 with TLS for public exposure — see Enabling HTTPS).

Step 1 — Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Squash TM by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Then Review + createCreate.

First-boot initialisation takes approximately one to three minutes after the VM starts — Squash TM rotates its secrets, starts the application and its database migrations, and then opens port 80.

Step 2 — Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name squash-tm \
  --image <marketplace-image-urn> \
  --size Standard_B2ms \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name squash-tm --port 80 --priority 1010

Step 3 — Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 — Confirm the services are running

Squash TM runs as three systemd units: the application on loopback :8080, PostgreSQL as its database, and nginx as the reverse proxy on :80. Squash TM exposes an unauthenticated liveness endpoint at /squash/isSquashAlive.

systemctl is-active squash-tm.service postgresql.service nginx.service
ss -tlnp | grep -E ':8080 |:80 ' | awk '{print $1, $4}'
curl -s -o /dev/null -w 'health: HTTP %{http_code}\n' http://127.0.0.1/squash/isSquashAlive

All three services report active, the application listens on 127.0.0.1:8080 (loopback only) with nginx on :80, and the health check returns HTTP 200.

Squash TM services, listeners and health check on the terminal

Step 5 — Retrieve your administrator login

The administrator web password is generated uniquely on this VM's first boot and written to a root-only file. Read it over SSH:

sudo cat /root/squash-tm-credentials.txt

The file contains the site URL, the administrator login (admin) and its per-VM password, and the PostgreSQL database name, user and password. Keep it safe.

The per-VM Squash TM credentials file, administrator password masked

Step 6 — Verify the image is secure by default

The upstream distribution ships a default admin/admin login. On the cloudimg image this credential is rotated away on first boot, before nginx is started, so it is never reachable. You can confirm the default no longer works and that unauthenticated requests are redirected to the login page:

j=$(mktemp); curl -s -c "$j" -o /dev/null http://127.0.0.1/squash/login
t=$(awk '/XSRF-TOKEN/{print $7}' "$j" | tail -1)
echo -n 'admin/admin -> '; curl -s -b "$j" -H "X-XSRF-TOKEN: $t" \
  --data-urlencode 'username=admin' --data-urlencode 'password=admin' \
  http://127.0.0.1/squash/backend/login; echo
curl -s -o /dev/null -w 'GET /squash/ (no session) -> HTTP %{http_code}\n' http://127.0.0.1/squash/
rm -f "$j"

The default admin/admin returns {"authenticated":false} and the unauthenticated page returns a redirect (HTTP 302/303) to the login form.

Proof the default admin/admin login is rotated away and auth is enforced

Step 7 — Sign in to Squash TM

Browse to http://<vm-public-ip>/ — the bare root redirects to the Squash TM login page at /squash/. Sign in with the login admin and the per-VM password from Step 5.

The Squash TM login page served by the cloudimg image

After signing in you land on the Home workspace, with the left-hand navigation giving access to Requirements, Test cases, Executions, Reporting and Administration.

The Squash TM home workspace after signing in

Change the administrator password under the My account menu (top-right) after your first sign-in, and create additional users and projects from the Administration menu.

Step 8 — Organise test cases

Open the Test cases workspace to build your test case library. Create projects, folders and test cases, add test steps, parameters and datasets, and link test cases to the requirements they cover. Test cases are reusable across campaigns.

The Squash TM test case workspace

Step 9 — Plan and run campaigns

Open the Campaigns workspace to plan execution. Create a campaign, add iterations and test suites, populate the test plan from your test case library, assign testers, then record execution status and results as testing progresses. The Reporting workspace summarises coverage and execution progress.

The Squash TM campaign workspace

Step 10 — Confirm the shipped build

The image ships the LGPL-v3 open-source core with its default open-source plugins; the commercial premium plugin bundle is removed.

ls /opt/squash-tm/plugins/*.jar | xargs -n1 basename
test -d /opt/squash-tm/plugin-files/squash-tm-premium && echo "premium present" || echo "premium removed (LGPL core only)"
java -version

Squash TM 12 LGPL core plugins and runtime versions

Enabling HTTPS

For public exposure, terminate TLS at nginx. Point a DNS record at the VM's public IP, allow 443/tcp in the NSG, then install a certificate with Certbot:

sudo apt-get update && sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d squash.your-domain.com

Certbot edits the nginx server block to listen on 443 with your certificate and sets up automatic renewal. Squash TM sits behind nginx and needs no change.

Backup and maintenance

Squash TM's state lives entirely in its PostgreSQL database. Back it up with pg_dump:

sudo -u postgres pg_dump squashtm | gzip > "squashtm-$(date +%F).sql.gz"

To restore, create a fresh empty database and load the dump into it. The application and configuration live under /opt/squash-tm; the datasource credentials are in /opt/squash-tm/conf/squash.tm.cfg.properties. Manage the service with systemctl restart squash-tm.service, and read application logs under /opt/squash-tm/logs or with journalctl -u squash-tm.service.

The image installs OS security updates unattended. To upgrade Squash TM itself, follow Henix's upgrade procedure for the version you are moving to (take a database backup first).

Support

Every cloudimg image includes 24/7 support. Contact support@cloudimg.co.uk for help deploying or operating Squash TM on Azure.