aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-29 13:42:34 +0200
committerMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-29 13:42:34 +0200
commitae1cfe7f86d39dd291a3af92f57f911bb64341b9 (patch)
tree96e506e4fb6ce4328a3c435c5e13e58a4fd1b973
parent1b82519a84d11c23ce4e62d5e0934005977a01b7 (diff)
downloadpfsense-packages-ae1cfe7f86d39dd291a3af92f57f911bb64341b9.tar.gz
pfsense-packages-ae1cfe7f86d39dd291a3af92f57f911bb64341b9.tar.bz2
pfsense-packages-ae1cfe7f86d39dd291a3af92f57f911bb64341b9.zip
proxy http port definition working
-rw-r--r--config/squid-reverse/squid.inc50
-rw-r--r--config/squid-reverse/squid_reverse.xml10
2 files changed, 43 insertions, 17 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index cbd18b68..32f7d387 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -117,16 +117,6 @@ function squid_is_valid_acl($acl) {
return in_array($acl, $valid_acls);
}
-function squid_get_server_certs() {
- global $config;
- $cert_arr = array();
- $cert_arr[] = array('refid' => 'none', 'descr' => 'none');
- foreach ($config['cert'] as $cert) {
- $cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']);
- }
- return $cert_arr;
-}
-
function squid_install_command() {
global $config;
global $g;
@@ -489,7 +479,16 @@ function squid_validate_traffic($post, $input_errors) {
function squid_validate_reverse($post, $input_errors) {
-// CONF
+ $port = trim($post['reverse_http_port']);
+ if (!empty($port) && !is_port($port))
+ $input_errors[] = 'The field \'reverse HTTP port\' must contain a valid port number';
+
+ $port = trim($post['reverse_https_port']);
+ if (!empty($port) && !is_port($port))
+ $input_errors[] = 'The field \'reverse HTTPS port\' must contain a valid port number';
+
+ if ($post['reverse_ssl_cert'] == 'none')
+ $input_errors[] = 'A valid certificate for the external interface must be selected';
}
@@ -941,6 +940,16 @@ EOD;
return $conf;
}
+function squid_get_server_certs() {
+ global $config;
+ $cert_arr = array();
+ $cert_arr[] = array('refid' => 'none', 'descr' => 'none');
+ foreach ($config['cert'] as $cert) {
+ $cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']);
+ }
+ return $cert_arr;
+}
+
function squid_resync_reverse() {
global $config, $valid_acls;
if(!is_array($valid_acls))
@@ -948,8 +957,25 @@ function squid_resync_reverse() {
$settings = $config['installedpackages']['squidreverse']['config'][0];
$conf = '';
-// CONF
$conf .= "# Reverse Proxy settings\n";
+ $ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan');
+ $real_ifaces = array();
+ foreach (explode(",", $ifaces) as $i => $iface) {
+ $real_ifaces[] = squid_get_real_interface_address($iface);
+ if($real_ifaces[$i][0]) {
+ //HTTP
+ if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && empty($settings['reverse_http_defsite'])) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_external_fqdn']} vhost\n";
+ if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && empty($settings['reverse_http_defsite'])) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_external_fqdn']} vhost\n";
+ if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_http_defsite']} vhost\n";
+ if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_http_defsite']} vhost\n";
+ //HTTPS
+ if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']}\n";
+ if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']} vhost\n";
+ if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n";
+ if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n";
+ }
+ }
+
if (!empty($settings['extension_methods'])) $conf .= "extension_methods {$settings['extension_methods']}\n";
if (!empty($settings['deny_info_tcp_reset'])) $conf .= "deny_info TCP_RESET all\n";
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
index 525f620f..4c520ff7 100644
--- a/config/squid-reverse/squid_reverse.xml
+++ b/config/squid-reverse/squid_reverse.xml
@@ -119,7 +119,7 @@
<field>
<fielddescr>reverse HTTP port</fielddescr>
<fieldname>reverse_http_port</fieldname>
- <description>This is the port the HTTP reverse-proxy will listen on.</description>
+ <description>This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80)</description>
<type>input</type>
<size>5</size>
<default_value>80</default_value>
@@ -127,7 +127,7 @@
<field>
<fielddescr>reverse HTTP default site</fielddescr>
<fieldname>reverse_http_defsite</fieldname>
- <description>This is the HTTP reverse default site.</description>
+ <description>This is the HTTP reverse default site. (leave empty to use the external fqdn)</description>
<type>input</type>
<size>60</size>
<default_value>localhost</default_value>
@@ -145,7 +145,7 @@
<field>
<fielddescr>reverse HTTPS port</fielddescr>
<fieldname>reverse_https_port</fieldname>
- <description>This is the port the HTTPS reverse-proxy will listen on.</description>
+ <description>This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443)</description>
<type>input</type>
<size>5</size>
<default_value>443</default_value>
@@ -153,7 +153,7 @@
<field>
<fielddescr>reverse HTTPS default site</fielddescr>
<fieldname>reverse_https_defsite</fieldname>
- <description>This is the HTTPS reverse default site.</description>
+ <description>This is the HTTPS reverse default site. (leave empty to use the external fqdn)</description>
<type>input</type>
<size>60</size>
<default_value>localhost</default_value>
@@ -180,7 +180,7 @@
<field>
<fielddescr>extension methods</fielddescr>
<fieldname>extension_methods</fieldname>
- <description>This field defines more extension methods for the proxy to use. (RPC_IN_DATA RPC_OUT_DATA for RPC over HTTP -> Outlook Anywhere)</description>
+ <description>This field defines additional extension methods for the proxy to use. (RPC_IN_DATA RPC_OUT_DATA for RPC over HTTP -> Outlook Anywhere)</description>
<type>input</type>
<size>80</size>
<default_value>RPC_IN_DATA RPC_OUT_DATA</default_value>