aboutsummaryrefslogtreecommitdiffstats
path: root/config/squid-reverse
diff options
context:
space:
mode:
authorMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-29 14:53:45 +0200
committerMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-29 14:53:45 +0200
commit468c21369d8f8357916204fc584651f01bd14659 (patch)
tree58760a9eac7a43c91be27c7a0a1a899877a9b33a /config/squid-reverse
parentae1cfe7f86d39dd291a3af92f57f911bb64341b9 (diff)
downloadpfsense-packages-468c21369d8f8357916204fc584651f01bd14659.tar.gz
pfsense-packages-468c21369d8f8357916204fc584651f01bd14659.tar.bz2
pfsense-packages-468c21369d8f8357916204fc584651f01bd14659.zip
proxy https definition and cert writeout working
Diffstat (limited to 'config/squid-reverse')
-rw-r--r--config/squid-reverse/squid.inc23
-rw-r--r--config/squid-reverse/squid_reverse.xml4
2 files changed, 21 insertions, 6 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index 32f7d387..8cd05136 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -958,6 +958,21 @@ function squid_resync_reverse() {
$conf = '';
$conf .= "# Reverse Proxy settings\n";
+
+ if(isset($settings["reverse_ssl_cert"]) && $settings["reverse_ssl_cert"] != "none") {
+ $svr_cert = lookup_cert($settings["reverse_ssl_cert"]);
+ if ($svr_cert != false) {
+ if(base64_decode($svr_cert['crt'])) {
+ file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt",
+ base64_decode($svr_cert['crt']));
+ $reverse_crt = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt";
+ }
+ if(base64_decode($svr_cert['prv'])) {
+ file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key",
+ base64_decode($svr_cert['prv']));
+ $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key";
+ }}}
+
$ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan');
$real_ifaces = array();
foreach (explode(",", $ifaces) as $i => $iface) {
@@ -969,10 +984,10 @@ function squid_resync_reverse() {
if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_http_defsite']} vhost\n";
if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_http_defsite']} vhost\n";
//HTTPS
- if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']}\n";
- if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']} vhost\n";
- if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n";
- if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n";
+ if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_external_fqdn']}\n";
+ if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_external_fqdn']} vhost\n";
+ if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_https_defsite']} vhost\n";
+ if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_https_defsite']} vhost\n";
}
}
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
index 4c520ff7..62379c35 100644
--- a/config/squid-reverse/squid_reverse.xml
+++ b/config/squid-reverse/squid_reverse.xml
@@ -110,7 +110,7 @@
<field>
<fielddescr>Enable HTTP reverse mode.</fielddescr>
<fieldname>reverse_http</fieldname>
- <description>If this field is checked, the proxy-server will act in HTTP reverse mode.</description>
+ <description>If this field is checked, the proxy-server will act in HTTP reverse mode. (You have to add a rule with destination "WAN-address")</description>
<type>checkbox</type>
<enablefields>reverse_http_port,reverse_http_defsite</enablefields>
<required/>
@@ -136,7 +136,7 @@
<field>
<fielddescr>Enable HTTPS reverse mode.</fielddescr>
<fieldname>reverse_https</fieldname>
- <description>If this field is checked, the proxy-server will act in HTTPS reverse mode.</description>
+ <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. (You have to add a rule with destination "WAN-address")</description>
<type>checkbox</type>
<enablefields>reverse_https_port,reverse_ssl_cert,reverse_https_defsite,ignore_ssl_valid</enablefields>
<required/>