diff options
author | Martin Fuchs <martin.fuchs@trendchiller.com> | 2011-09-29 14:53:45 +0200 |
---|---|---|
committer | Martin Fuchs <martin.fuchs@trendchiller.com> | 2011-09-29 14:53:45 +0200 |
commit | 468c21369d8f8357916204fc584651f01bd14659 (patch) | |
tree | 58760a9eac7a43c91be27c7a0a1a899877a9b33a | |
parent | ae1cfe7f86d39dd291a3af92f57f911bb64341b9 (diff) | |
download | pfsense-packages-468c21369d8f8357916204fc584651f01bd14659.tar.gz pfsense-packages-468c21369d8f8357916204fc584651f01bd14659.tar.bz2 pfsense-packages-468c21369d8f8357916204fc584651f01bd14659.zip |
proxy https definition and cert writeout working
-rw-r--r-- | config/squid-reverse/squid.inc | 23 | ||||
-rw-r--r-- | config/squid-reverse/squid_reverse.xml | 4 |
2 files changed, 21 insertions, 6 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 32f7d387..8cd05136 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -958,6 +958,21 @@ function squid_resync_reverse() { $conf = ''; $conf .= "# Reverse Proxy settings\n"; + + if(isset($settings["reverse_ssl_cert"]) && $settings["reverse_ssl_cert"] != "none") { + $svr_cert = lookup_cert($settings["reverse_ssl_cert"]); + if ($svr_cert != false) { + if(base64_decode($svr_cert['crt'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt", + base64_decode($svr_cert['crt'])); + $reverse_crt = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt"; + } + if(base64_decode($svr_cert['prv'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key", + base64_decode($svr_cert['prv'])); + $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key"; + }}} + $ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan'); $real_ifaces = array(); foreach (explode(",", $ifaces) as $i => $iface) { @@ -969,10 +984,10 @@ function squid_resync_reverse() { if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_http_defsite']} vhost\n"; if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_http_defsite']} vhost\n"; //HTTPS - if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']}\n"; - if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']} vhost\n"; - if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n"; - if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n"; + if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_external_fqdn']}\n"; + if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_external_fqdn']} vhost\n"; + if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_https_defsite']} vhost\n"; + if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_https_defsite']} vhost\n"; } } diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml index 4c520ff7..62379c35 100644 --- a/config/squid-reverse/squid_reverse.xml +++ b/config/squid-reverse/squid_reverse.xml @@ -110,7 +110,7 @@ <field> <fielddescr>Enable HTTP reverse mode.</fielddescr> <fieldname>reverse_http</fieldname> - <description>If this field is checked, the proxy-server will act in HTTP reverse mode.</description> + <description>If this field is checked, the proxy-server will act in HTTP reverse mode. (You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> <enablefields>reverse_http_port,reverse_http_defsite</enablefields> <required/> @@ -136,7 +136,7 @@ <field> <fielddescr>Enable HTTPS reverse mode.</fielddescr> <fieldname>reverse_https</fieldname> - <description>If this field is checked, the proxy-server will act in HTTPS reverse mode.</description> + <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. (You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> <enablefields>reverse_https_port,reverse_ssl_cert,reverse_https_defsite,ignore_ssl_valid</enablefields> <required/> |