aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2012-06-28 23:49:53 -0300
committermarcelloc <marcellocoutinho@gmail.com>2012-06-28 23:49:53 -0300
commit3218802e1f1d6cbe4f4f592188b6bd93324c6ed9 (patch)
tree081374dfb41e8516d321ab4509b86269c40efbcb /config
parent933e86301a3bcbfd157e029f43e172bd8c90d245 (diff)
downloadpfsense-packages-3218802e1f1d6cbe4f4f592188b6bd93324c6ed9.tar.gz
pfsense-packages-3218802e1f1d6cbe4f4f592188b6bd93324c6ed9.tar.bz2
pfsense-packages-3218802e1f1d6cbe4f4f592188b6bd93324c6ed9.zip
squid3 - some fixes and improvements to squid reverse code
Diffstat (limited to 'config')
-rw-r--r--config/squid-reverse/squid.inc44
-rw-r--r--config/squid-reverse/squid_reverse.inc30
-rw-r--r--config/squid-reverse/squid_reverse_uri.xml12
3 files changed, 53 insertions, 33 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index c1a29ae6..cec4ff32 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -86,6 +86,11 @@ function squid_chown_recursive($dir, $user, $group) {
/* setup cache */
function squid_dash_z() {
global $config;
+
+ //Do nothing if there is no cache config
+ if (!is_array($config['installedpackages']['squidcache']['config']))
+ return;
+
$settings = $config['installedpackages']['squidcache']['config'][0];
// If the cache system is null, there is no need to initialize the (irrelevant) cache dir.
@@ -752,7 +757,10 @@ function squid_resync_general() {
$email = ($settings['admin_email'] ? $settings['admin_email'] : 'admin@localhost');
$logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs');
-
+ if (! is_dir($logdir)){
+ make_dirs($logdir);
+ squid_chown_recursive($logdir, 'proxy', 'proxy');
+ }
$logdir_cache = $logdir . '/cache.log';
$logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null');
@@ -818,9 +826,11 @@ EOD;
function squid_resync_cache() {
global $config, $g;
-
- $settings = $config['installedpackages']['squidcache']['config'][0];
-
+ if (is_array($config['installedpackages']['squidcache']))
+ $settings = $config['installedpackages']['squidcache']['config'][0];
+ else
+ $settings = array();
+ //apply cache settings
$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
$disk_cache_size = ($settings['harddisk_cache_size'] ? $settings['harddisk_cache_size'] : 100);
$level1 = ($settings['level1_subdirs'] ? $settings['level1_subdirs'] : 16);
@@ -832,16 +842,15 @@ function squid_resync_cache() {
$memory_policy = ($settings['memory_replacement_policy'] ? $settings['memory_replacement_policy'] : 'heap GDSF');
$offline_mode = ($settings['enable_offline'] == 'on' ? 'on' : 'off');
$conf = '';
-
if (!isset($settings['harddisk_cache_system'])) {
- if ($g['platform'] == "nanobsd") {
+ if ($g['platform'] == "nanobsd" || !is_array ($config['installedpackages']['squidcache']['config']))
$disk_cache_system = 'null';
- } else {
+ else
$disk_cache_system = 'ufs';
}
- } else {
+ else{
$disk_cache_system = $settings['harddisk_cache_system'];
- }
+ }
#'null' storage type dropped. In-memory cache is always present. Remove all cache_dir options to prevent on-disk caching.
if ($disk_cache_system != "null") {
$disk_cache_opts = "cache_dir {$disk_cache_system} {$cachedir} {$disk_cache_size} {$level1} 256";
@@ -1374,18 +1383,27 @@ function squid_resync() {
/* make sure pinger is executable */
if(file_exists("/usr/local/libexec/squid/pinger"))
exec("chmod a+x /usr/local/libexec/squid/pinger");
-
+
+ $log_dir="";
+ #check if squid is enabled
if (is_array($config['installedpackages']['squid']['config'])){
+ if ($config['installedpackages']['squid']['config'][0]['active_interface']!= "")
$log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'].'/';
-
+ }
+ #check if squidreverse is enabled
+ else if (is_array($config['installedpackages']['squidreversegeneral']['config'])){
+ if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'] != "")
+ $log_dir="/var/squid/logs/";
+ }
+ #do not start squid if there is no log dir
+ if ($log_dir != ""){
if(!is_dir($log_dir)) {
log_error("Creating squid log dir $log_dir");
make_dirs($log_dir);
squid_chown_recursive($log_dir, 'proxy', 'proxy');
- }
+ }
squid_dash_z();
-
if (!is_service_running('squid')) {
log_error("Starting Squid");
diff --git a/config/squid-reverse/squid_reverse.inc b/config/squid-reverse/squid_reverse.inc
index b208b7b1..6c34b4cb 100644
--- a/config/squid-reverse/squid_reverse.inc
+++ b/config/squid-reverse/squid_reverse.inc
@@ -104,10 +104,10 @@ function squid_resync_reverse() {
foreach ($reverse_peers as $rp){
if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){
$conf_peer = "#{$rp['description']}\n";
- $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query originserver login=PASS ";
+ $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS ";
if($rp['protocol'] == 'HTTPS')
$conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto ";
- $conf_peer .= "name={$rp['name']}\n\n";
+ $conf_peer .= "name=rvp_{$rp['name']}\n\n";
// add peer only if reverse proxy is enabled for http
if($rp['protocol'] == 'HTTP' && $settings['reverse_http'] =="on"){
@@ -116,8 +116,10 @@ function squid_resync_reverse() {
}
// add peer only if if reverse proxy is enabled for https
if($rp['protocol'] == 'HTTPS' && $settings['reverse_https'] =="on"){
- $conf .= $conf_peer;
- array_push($active_peers,$rp['name']);
+ if (!in_array($rp['name'],$active_peers)){
+ $conf .= $conf_peer;
+ array_push($active_peers,$rp['name']);
+ }
}
}
}
@@ -150,14 +152,18 @@ function squid_resync_reverse() {
if ($rm['enable'] == "on" && $rm['name']!="" && $rm['peers']!=""){
if (is_array($rm['row']))
foreach ($rm['row'] as $uri){
- $url_regex=($uri['vhost'] == ''?$settings['reverse_external_fqdn']:$uri['vhost']);
- $conf .= "acl {$rm['name']} url_regex -i {$url_regex}/{$uri['uri']}.*$\n";
- $cache_peer_never_direct_conf .= "never_direct allow {$rm['name']}\n";
- $http_access_conf .= "http_access allow {$rm['name']}\n";
- foreach (explode(',',$rm['peers']) as $map_peer)
- if (in_array($map_peer,$active_peers)){
- $cache_peer_allow_conf .= "cache_peer_access {$map_peer} allow {$rm['name']}\n";
- $cache_peer_deny_conf .= "cache_peer_access {$map_peer} deny allsrc\n";
+ $url_regex=($uri['uri'] == '' ? $settings['reverse_external_fqdn'] : $uri['uri'] );
+ //$conf .= "acl rvm_{$rm['name']} url_regex -i {$uri['uri']}{$url_regex}.*$\n";
+ $conf .= "acl rvm_{$rm['name']} url_regex -i {$url_regex}\n";
+ if($rm['name'] != $last_rm_name){
+ $cache_peer_never_direct_conf .= "never_direct allow rvm_{$rm['name']}\n";
+ $http_access_conf .= "http_access allow rvm_{$rm['name']}\n";
+ foreach (explode(',',$rm['peers']) as $map_peer)
+ if (in_array($map_peer,$active_peers)){
+ $cache_peer_allow_conf .= "cache_peer_access rvp_{$map_peer} allow rvm_{$rm['name']}\n";
+ $cache_peer_deny_conf .= "cache_peer_access rvp_{$map_peer} deny allsrc\n";
+ }
+ $last_rm_name=$rm['name'];
}
}
}
diff --git a/config/squid-reverse/squid_reverse_uri.xml b/config/squid-reverse/squid_reverse_uri.xml
index e2d64fe9..81c9af3b 100644
--- a/config/squid-reverse/squid_reverse_uri.xml
+++ b/config/squid-reverse/squid_reverse_uri.xml
@@ -135,16 +135,12 @@
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
- <fielddescr>URI</fielddescr>
+ <fielddescr><![CDATA[<strong>Url regex to match</strong><br><br>
+ Samples: .mydomain.com .mydomain.com/test<br>
+ www.mydomain.com http://www.mydomain.com/ ^http://www.mydomain.com/.*$]]></fielddescr>
<fieldname>uri</fieldname>
<type>input</type>
- <size>25</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>[http://|https://]vhost fqdn(optional)</fielddescr>
- <fieldname>vhost</fieldname>
- <type>input</type>
- <size>40</size>
+ <size>70</size>
</rowhelperfield>
</rowhelper>
</field>