diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-06-28 23:49:53 -0300 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2012-06-28 23:49:53 -0300 |
commit | 3218802e1f1d6cbe4f4f592188b6bd93324c6ed9 (patch) | |
tree | 081374dfb41e8516d321ab4509b86269c40efbcb /config | |
parent | 933e86301a3bcbfd157e029f43e172bd8c90d245 (diff) | |
download | pfsense-packages-3218802e1f1d6cbe4f4f592188b6bd93324c6ed9.tar.gz pfsense-packages-3218802e1f1d6cbe4f4f592188b6bd93324c6ed9.tar.bz2 pfsense-packages-3218802e1f1d6cbe4f4f592188b6bd93324c6ed9.zip |
squid3 - some fixes and improvements to squid reverse code
Diffstat (limited to 'config')
-rw-r--r-- | config/squid-reverse/squid.inc | 44 | ||||
-rw-r--r-- | config/squid-reverse/squid_reverse.inc | 30 | ||||
-rw-r--r-- | config/squid-reverse/squid_reverse_uri.xml | 12 |
3 files changed, 53 insertions, 33 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index c1a29ae6..cec4ff32 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -86,6 +86,11 @@ function squid_chown_recursive($dir, $user, $group) { /* setup cache */ function squid_dash_z() { global $config; + + //Do nothing if there is no cache config + if (!is_array($config['installedpackages']['squidcache']['config'])) + return; + $settings = $config['installedpackages']['squidcache']['config'][0]; // If the cache system is null, there is no need to initialize the (irrelevant) cache dir. @@ -752,7 +757,10 @@ function squid_resync_general() { $email = ($settings['admin_email'] ? $settings['admin_email'] : 'admin@localhost'); $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs'); - + if (! is_dir($logdir)){ + make_dirs($logdir); + squid_chown_recursive($logdir, 'proxy', 'proxy'); + } $logdir_cache = $logdir . '/cache.log'; $logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null'); @@ -818,9 +826,11 @@ EOD; function squid_resync_cache() { global $config, $g; - - $settings = $config['installedpackages']['squidcache']['config'][0]; - + if (is_array($config['installedpackages']['squidcache'])) + $settings = $config['installedpackages']['squidcache']['config'][0]; + else + $settings = array(); + //apply cache settings $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); $disk_cache_size = ($settings['harddisk_cache_size'] ? $settings['harddisk_cache_size'] : 100); $level1 = ($settings['level1_subdirs'] ? $settings['level1_subdirs'] : 16); @@ -832,16 +842,15 @@ function squid_resync_cache() { $memory_policy = ($settings['memory_replacement_policy'] ? $settings['memory_replacement_policy'] : 'heap GDSF'); $offline_mode = ($settings['enable_offline'] == 'on' ? 'on' : 'off'); $conf = ''; - if (!isset($settings['harddisk_cache_system'])) { - if ($g['platform'] == "nanobsd") { + if ($g['platform'] == "nanobsd" || !is_array ($config['installedpackages']['squidcache']['config'])) $disk_cache_system = 'null'; - } else { + else $disk_cache_system = 'ufs'; } - } else { + else{ $disk_cache_system = $settings['harddisk_cache_system']; - } + } #'null' storage type dropped. In-memory cache is always present. Remove all cache_dir options to prevent on-disk caching. if ($disk_cache_system != "null") { $disk_cache_opts = "cache_dir {$disk_cache_system} {$cachedir} {$disk_cache_size} {$level1} 256"; @@ -1374,18 +1383,27 @@ function squid_resync() { /* make sure pinger is executable */ if(file_exists("/usr/local/libexec/squid/pinger")) exec("chmod a+x /usr/local/libexec/squid/pinger"); - + + $log_dir=""; + #check if squid is enabled if (is_array($config['installedpackages']['squid']['config'])){ + if ($config['installedpackages']['squid']['config'][0]['active_interface']!= "") $log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'].'/'; - + } + #check if squidreverse is enabled + else if (is_array($config['installedpackages']['squidreversegeneral']['config'])){ + if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'] != "") + $log_dir="/var/squid/logs/"; + } + #do not start squid if there is no log dir + if ($log_dir != ""){ if(!is_dir($log_dir)) { log_error("Creating squid log dir $log_dir"); make_dirs($log_dir); squid_chown_recursive($log_dir, 'proxy', 'proxy'); - } + } squid_dash_z(); - if (!is_service_running('squid')) { log_error("Starting Squid"); diff --git a/config/squid-reverse/squid_reverse.inc b/config/squid-reverse/squid_reverse.inc index b208b7b1..6c34b4cb 100644 --- a/config/squid-reverse/squid_reverse.inc +++ b/config/squid-reverse/squid_reverse.inc @@ -104,10 +104,10 @@ function squid_resync_reverse() { foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query originserver login=PASS "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; - $conf_peer .= "name={$rp['name']}\n\n"; + $conf_peer .= "name=rvp_{$rp['name']}\n\n"; // add peer only if reverse proxy is enabled for http if($rp['protocol'] == 'HTTP' && $settings['reverse_http'] =="on"){ @@ -116,8 +116,10 @@ function squid_resync_reverse() { } // add peer only if if reverse proxy is enabled for https if($rp['protocol'] == 'HTTPS' && $settings['reverse_https'] =="on"){ - $conf .= $conf_peer; - array_push($active_peers,$rp['name']); + if (!in_array($rp['name'],$active_peers)){ + $conf .= $conf_peer; + array_push($active_peers,$rp['name']); + } } } } @@ -150,14 +152,18 @@ function squid_resync_reverse() { if ($rm['enable'] == "on" && $rm['name']!="" && $rm['peers']!=""){ if (is_array($rm['row'])) foreach ($rm['row'] as $uri){ - $url_regex=($uri['vhost'] == ''?$settings['reverse_external_fqdn']:$uri['vhost']); - $conf .= "acl {$rm['name']} url_regex -i {$url_regex}/{$uri['uri']}.*$\n"; - $cache_peer_never_direct_conf .= "never_direct allow {$rm['name']}\n"; - $http_access_conf .= "http_access allow {$rm['name']}\n"; - foreach (explode(',',$rm['peers']) as $map_peer) - if (in_array($map_peer,$active_peers)){ - $cache_peer_allow_conf .= "cache_peer_access {$map_peer} allow {$rm['name']}\n"; - $cache_peer_deny_conf .= "cache_peer_access {$map_peer} deny allsrc\n"; + $url_regex=($uri['uri'] == '' ? $settings['reverse_external_fqdn'] : $uri['uri'] ); + //$conf .= "acl rvm_{$rm['name']} url_regex -i {$uri['uri']}{$url_regex}.*$\n"; + $conf .= "acl rvm_{$rm['name']} url_regex -i {$url_regex}\n"; + if($rm['name'] != $last_rm_name){ + $cache_peer_never_direct_conf .= "never_direct allow rvm_{$rm['name']}\n"; + $http_access_conf .= "http_access allow rvm_{$rm['name']}\n"; + foreach (explode(',',$rm['peers']) as $map_peer) + if (in_array($map_peer,$active_peers)){ + $cache_peer_allow_conf .= "cache_peer_access rvp_{$map_peer} allow rvm_{$rm['name']}\n"; + $cache_peer_deny_conf .= "cache_peer_access rvp_{$map_peer} deny allsrc\n"; + } + $last_rm_name=$rm['name']; } } } diff --git a/config/squid-reverse/squid_reverse_uri.xml b/config/squid-reverse/squid_reverse_uri.xml index e2d64fe9..81c9af3b 100644 --- a/config/squid-reverse/squid_reverse_uri.xml +++ b/config/squid-reverse/squid_reverse_uri.xml @@ -135,16 +135,12 @@ <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr>URI</fielddescr> + <fielddescr><![CDATA[<strong>Url regex to match</strong><br><br> + Samples: .mydomain.com .mydomain.com/test<br> + www.mydomain.com http://www.mydomain.com/ ^http://www.mydomain.com/.*$]]></fielddescr> <fieldname>uri</fieldname> <type>input</type> - <size>25</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>[http://|https://]vhost fqdn(optional)</fielddescr> - <fieldname>vhost</fieldname> - <type>input</type> - <size>40</size> + <size>70</size> </rowhelperfield> </rowhelper> </field> |