fix default port for HTTPS

author: Martin Fuchs <mfuchs77@gmail.com> 2012-12-07 13:11:34 +0100
committer: Martin Fuchs <mfuchs77@gmail.com> 2012-12-07 13:11:34 +0100
commit: fdfd7b1a900cf6c1921e4aea0cf66b01116d35bd (patch)
tree: d09b6f09830845ad7f2c49eceb7996be10f2ea80 /config
parent: cce226127a4ddacc4d46a353770fbf7d47119a70 (diff)
download: pfsense-packages-fdfd7b1a900cf6c1921e4aea0cf66b01116d35bd.tar.gz
pfsense-packages-fdfd7b1a900cf6c1921e4aea0cf66b01116d35bd.tar.bz2
pfsense-packages-fdfd7b1a900cf6c1921e4aea0cf66b01116d35bd.zip
1 files changed, 187 insertions, 187 deletions
diff --git a/config/squid-reverse/squid_reverse.inc b/config/squid-reverse/squid_reverse.inc
index 81d1c8f9..728a81b2 100644
--- a/config/squid-reverse/squid_reverse.inc
+++ b/config/squid-reverse/squid_reverse.inc
@@ -1,187 +1,187 @@
-<?php
-/* $Id$ */
-/*
-	squid_reverse.inc
-	Copyright (C) 2012 Martin Fuchs	
-	Copyright (C) 2012 Marcello Coutinho
-	All rights reserved.
-
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-function squid_resync_reverse() {
-	global $config;
-	//if(!is_array($valid_acls))
-	//	return;
-
-	//CONFIG FILE
-	if (is_array($config['installedpackages']['squidreversegeneral']))
-		$settings = $config['installedpackages']['squidreversegeneral']['config'][0];
-	if (is_array($config['installedpackages']['squidreversepeer']))
-		$reverse_peers=$config['installedpackages']['squidreversepeer']['config'];
-	if (is_array($config['installedpackages']['squidreverseuri']))
-		$reverse_maps=$config['installedpackages']['squidreverseuri']['config'];
-
-	$conf = "# Reverse Proxy settings\n";
-
-	if(isset($settings["reverse_ssl_cert"]) && $settings["reverse_ssl_cert"] != "none") {
-    	$svr_cert = lookup_cert($settings["reverse_ssl_cert"]);
-		if ($svr_cert != false) {
-			if(base64_decode($svr_cert['crt'])) {
-				file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt",sq_text_area_decode($svr_cert['crt']));
-				$reverse_crt = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt";
-				}
-			if(base64_decode($svr_cert['prv'])) {
-				file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key",sq_text_area_decode($svr_cert['prv']));
-				$reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key";
-       			}
-			}
-		}
-       
-	if (!empty($settings['reverse_int_ca']))
-		file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX);
-
-	$ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan');
-	$real_ifaces = array();
-	
-	#set HTTP port and defsite
-	$http_port=(empty($settings['reverse_http_port'])?"80":$settings['reverse_http_port']);
-	$http_defsite=(empty($settings['reverse_http_defsite'])?$settings['reverse_external_fqdn']:$settings['reverse_http_defsite']);
-	
-	#set HTTPS port and defsite
-	$https_port=(empty($settings['reverse_https_port'])?"80":$settings['reverse_https_port']);
-	$https_defsite=(empty($settings['reverse_https_defsite'])?$settings['reverse_external_fqdn']:$settings['reverse_https_defsite']);
-	
-	foreach (explode(",", $ifaces) as $i => $iface) {
-		$real_ifaces[] = squid_get_real_interface_address($iface);
-		if($real_ifaces[$i][0]) {
-		      //HTTP
-		      if (!empty($settings['reverse_http']))
-		      		$conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
-		      //HTTPS
-		      if (!empty($settings['reverse_https']))
-		      		$conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n";
-			}
-		}
-		
-	if(!empty($settings['reverse_ip'])) {
-		$reverse_ip = explode(";", ($settings['reverse_ip']));
-		foreach ($reverse_ip as $reip) {
-		      //HTTP
-		      if (!empty($settings['reverse_http']))
-		      		$conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
-		      //HTTPS
-		      if (!empty($settings['reverse_https']))
-		      		$conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n";
-			}
-	 	}
-
-	//PEERS
- 	if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])))
- 		$conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n";
-
- 	$active_peers=array();
- 	if (is_array($reverse_peers))
- 	 foreach ($reverse_peers as $rp){
- 		if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){
- 			$conf_peer = "#{$rp['description']}\n";
- 			$conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS ";
- 			if($rp['protocol'] == 'HTTPS')
-	            	$conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto ";
-			$conf_peer .= "name=rvp_{$rp['name']}\n\n";
-			
-			// add peer only if reverse proxy is enabled for http
-			if($rp['protocol'] == 'HTTP' && $settings['reverse_http'] =="on"){
-				$conf .= $conf_peer;
-				array_push($active_peers,$rp['name']);
-				}
-			// add peer only if if reverse proxy is enabled for https
-			if($rp['protocol'] == 'HTTPS' && $settings['reverse_https'] =="on"){
-				if (!in_array($rp['name'],$active_peers)){
-					$conf .= $conf_peer;
- 					array_push($active_peers,$rp['name']);
-					}
-				}
- 			}
- 	}
-  	
-	//ACLS and MAPPINGS
-
- 	//create an empty owa_dirs to populate based on user selected options
-	$owa_dirs=array();
-	if (($settings['reverse_owa'] == 'on') && $settings['reverse_https'] =="on"){
-		if(!empty($settings['reverse_owa_ip'])){
-			array_push($owa_dirs,'owa','exchange','public','exchweb','ecp','OAB');
-			if($settings['reverse_owa_activesync'])
-					array_push($owa_dirs,'Microsoft-Server-ActiveSync');
-			if($settings['reverse_owa_rpchttp'])	
-					array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll');
-			if($settings['reverse_owa_autodiscover'])
-					array_push($owa_dirs,'autodiscover');
-			if($settings['reverse_owa_webservice']){
-					array_push($owa_dirs,'EWS');
-					$conf .= "ignore_expect_100 on\n";
-					}
-			}
-		if (is_array($owa_dirs))
-		  foreach ($owa_dirs as $owa_dir)
-			$conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/$owa_dir.*$\n";
-		}	
-	//$conf .= "ssl_unclean_shutdown on";
-	if (is_array($reverse_maps))
-	 foreach ($reverse_maps as $rm){
-		if ($rm['enable'] == "on" && $rm['name']!="" && $rm['peers']!=""){
-		    if (is_array($rm['row']))
-				foreach ($rm['row'] as $uri){
-					$url_regex=($uri['uri'] == '' ? $settings['reverse_external_fqdn'] : $uri['uri'] );
-					//$conf .= "acl rvm_{$rm['name']} url_regex -i {$uri['uri']}{$url_regex}.*$\n";
-					$conf .= "acl rvm_{$rm['name']} url_regex -i {$url_regex}\n";
-					if($rm['name'] != $last_rm_name){
-						$cache_peer_never_direct_conf .= "never_direct allow rvm_{$rm['name']}\n";
-						$http_access_conf .= "http_access allow rvm_{$rm['name']}\n";
-						foreach (explode(',',$rm['peers']) as $map_peer)
-							if (in_array($map_peer,$active_peers)){
-								$cache_peer_allow_conf .= "cache_peer_access rvp_{$map_peer} allow rvm_{$rm['name']}\n";
-								$cache_peer_deny_conf .= "cache_peer_access rvp_{$map_peer} deny allsrc\n";
-							}
-						$last_rm_name=$rm['name'];
-						}
-				}
-	 	}
-	}
-
-	//ACCESS
-  	if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") {
-		$conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n";
-		$conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n";
-		$conf .= "never_direct allow OWA_URI_pfs\n";
-		$conf .= "http_access allow OWA_URI_pfs\n";        
-		}
-
-	$conf .= $cache_peer_allow_conf.$cache_peer_deny_conf.$cache_peer_never_direct_conf.$http_access_conf."\n";
-
-	if (!empty($settings['deny_info_tcp_reset']))
-		$conf .= "deny_info TCP_RESET allsrc\n";                                                                                          
-
-	return $conf;
-}
-?>
+<?php
+/* $Id$ */
+/*
+	squid_reverse.inc
+	Copyright (C) 2012 Martin Fuchs	
+	Copyright (C) 2012 Marcello Coutinho
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function squid_resync_reverse() {
+	global $config;
+	//if(!is_array($valid_acls))
+	//	return;
+
+	//CONFIG FILE
+	if (is_array($config['installedpackages']['squidreversegeneral']))
+		$settings = $config['installedpackages']['squidreversegeneral']['config'][0];
+	if (is_array($config['installedpackages']['squidreversepeer']))
+		$reverse_peers=$config['installedpackages']['squidreversepeer']['config'];
+	if (is_array($config['installedpackages']['squidreverseuri']))
+		$reverse_maps=$config['installedpackages']['squidreverseuri']['config'];
+
+	$conf = "# Reverse Proxy settings\n";
+
+	if(isset($settings["reverse_ssl_cert"]) && $settings["reverse_ssl_cert"] != "none") {
+    	$svr_cert = lookup_cert($settings["reverse_ssl_cert"]);
+		if ($svr_cert != false) {
+			if(base64_decode($svr_cert['crt'])) {
+				file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt",sq_text_area_decode($svr_cert['crt']));
+				$reverse_crt = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt";
+				}
+			if(base64_decode($svr_cert['prv'])) {
+				file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key",sq_text_area_decode($svr_cert['prv']));
+				$reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key";
+       			}
+			}
+		}
+       
+	if (!empty($settings['reverse_int_ca']))
+		file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX);
+
+	$ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan');
+	$real_ifaces = array();
+	
+	#set HTTP port and defsite
+	$http_port=(empty($settings['reverse_http_port'])?"80":$settings['reverse_http_port']);
+	$http_defsite=(empty($settings['reverse_http_defsite'])?$settings['reverse_external_fqdn']:$settings['reverse_http_defsite']);
+	
+	#set HTTPS port and defsite
+	$https_port=(empty($settings['reverse_https_port'])?"443":$settings['reverse_https_port']);
+	$https_defsite=(empty($settings['reverse_https_defsite'])?$settings['reverse_external_fqdn']:$settings['reverse_https_defsite']);
+	
+	foreach (explode(",", $ifaces) as $i => $iface) {
+		$real_ifaces[] = squid_get_real_interface_address($iface);
+		if($real_ifaces[$i][0]) {
+		      //HTTP
+		      if (!empty($settings['reverse_http']))
+		      		$conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
+		      //HTTPS
+		      if (!empty($settings['reverse_https']))
+		      		$conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n";
+			}
+		}
+		
+	if(!empty($settings['reverse_ip'])) {
+		$reverse_ip = explode(";", ($settings['reverse_ip']));
+		foreach ($reverse_ip as $reip) {
+		      //HTTP
+		      if (!empty($settings['reverse_http']))
+		      		$conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
+		      //HTTPS
+		      if (!empty($settings['reverse_https']))
+		      		$conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n";
+			}
+	 	}
+
+	//PEERS
+ 	if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])))
+ 		$conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n";
+
+ 	$active_peers=array();
+ 	if (is_array($reverse_peers))
+ 	 foreach ($reverse_peers as $rp){
+ 		if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){
+ 			$conf_peer = "#{$rp['description']}\n";
+ 			$conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS ";
+ 			if($rp['protocol'] == 'HTTPS')
+	            	$conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto ";
+			$conf_peer .= "name=rvp_{$rp['name']}\n\n";
+			
+			// add peer only if reverse proxy is enabled for http
+			if($rp['protocol'] == 'HTTP' && $settings['reverse_http'] =="on"){
+				$conf .= $conf_peer;
+				array_push($active_peers,$rp['name']);
+				}
+			// add peer only if if reverse proxy is enabled for https
+			if($rp['protocol'] == 'HTTPS' && $settings['reverse_https'] =="on"){
+				if (!in_array($rp['name'],$active_peers)){
+					$conf .= $conf_peer;
+ 					array_push($active_peers,$rp['name']);
+					}
+				}
+ 			}
+ 	}
+  	
+	//ACLS and MAPPINGS
+
+ 	//create an empty owa_dirs to populate based on user selected options
+	$owa_dirs=array();
+	if (($settings['reverse_owa'] == 'on') && $settings['reverse_https'] =="on"){
+		if(!empty($settings['reverse_owa_ip'])){
+			array_push($owa_dirs,'owa','exchange','public','exchweb','ecp','OAB');
+			if($settings['reverse_owa_activesync'])
+					array_push($owa_dirs,'Microsoft-Server-ActiveSync');
+			if($settings['reverse_owa_rpchttp'])	
+					array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll');
+			if($settings['reverse_owa_autodiscover'])
+					array_push($owa_dirs,'autodiscover');
+			if($settings['reverse_owa_webservice']){
+					array_push($owa_dirs,'EWS');
+					$conf .= "ignore_expect_100 on\n";
+					}
+			}
+		if (is_array($owa_dirs))
+		  foreach ($owa_dirs as $owa_dir)
+			$conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/$owa_dir.*$\n";
+		}	
+	//$conf .= "ssl_unclean_shutdown on";
+	if (is_array($reverse_maps))
+	 foreach ($reverse_maps as $rm){
+		if ($rm['enable'] == "on" && $rm['name']!="" && $rm['peers']!=""){
+		    if (is_array($rm['row']))
+				foreach ($rm['row'] as $uri){
+					$url_regex=($uri['uri'] == '' ? $settings['reverse_external_fqdn'] : $uri['uri'] );
+					//$conf .= "acl rvm_{$rm['name']} url_regex -i {$uri['uri']}{$url_regex}.*$\n";
+					$conf .= "acl rvm_{$rm['name']} url_regex -i {$url_regex}\n";
+					if($rm['name'] != $last_rm_name){
+						$cache_peer_never_direct_conf .= "never_direct allow rvm_{$rm['name']}\n";
+						$http_access_conf .= "http_access allow rvm_{$rm['name']}\n";
+						foreach (explode(',',$rm['peers']) as $map_peer)
+							if (in_array($map_peer,$active_peers)){
+								$cache_peer_allow_conf .= "cache_peer_access rvp_{$map_peer} allow rvm_{$rm['name']}\n";
+								$cache_peer_deny_conf .= "cache_peer_access rvp_{$map_peer} deny allsrc\n";
+							}
+						$last_rm_name=$rm['name'];
+						}
+				}
+	 	}
+	}
+
+	//ACCESS
+  	if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") {
+		$conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n";
+		$conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n";
+		$conf .= "never_direct allow OWA_URI_pfs\n";
+		$conf .= "http_access allow OWA_URI_pfs\n";        
+		}
+
+	$conf .= $cache_peer_allow_conf.$cache_peer_deny_conf.$cache_peer_never_direct_conf.$http_access_conf."\n";
+
+	if (!empty($settings['deny_info_tcp_reset']))
+		$conf .= "deny_info TCP_RESET allsrc\n";                                                                                          
+
+	return $conf;
+}
+?>
author	Martin Fuchs <mfuchs77@gmail.com>	2012-12-07 13:11:34 +0100
committer	Martin Fuchs <mfuchs77@gmail.com>	2012-12-07 13:11:34 +0100
commit	fdfd7b1a900cf6c1921e4aea0cf66b01116d35bd (patch)
tree	d09b6f09830845ad7f2c49eceb7996be10f2ea80 /config
parent	cce226127a4ddacc4d46a353770fbf7d47119a70 (diff)
download	pfsense-packages-fdfd7b1a900cf6c1921e4aea0cf66b01116d35bd.tar.gz pfsense-packages-fdfd7b1a900cf6c1921e4aea0cf66b01116d35bd.tar.bz2 pfsense-packages-fdfd7b1a900cf6c1921e4aea0cf66b01116d35bd.zip