diff options
-rw-r--r-- | config/squid-reverse/squid.inc | 50 | ||||
-rw-r--r-- | config/squid-reverse/squid_reverse.xml | 10 |
2 files changed, 43 insertions, 17 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index cbd18b68..32f7d387 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -117,16 +117,6 @@ function squid_is_valid_acl($acl) { return in_array($acl, $valid_acls); } -function squid_get_server_certs() { - global $config; - $cert_arr = array(); - $cert_arr[] = array('refid' => 'none', 'descr' => 'none'); - foreach ($config['cert'] as $cert) { - $cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']); - } - return $cert_arr; -} - function squid_install_command() { global $config; global $g; @@ -489,7 +479,16 @@ function squid_validate_traffic($post, $input_errors) { function squid_validate_reverse($post, $input_errors) { -// CONF + $port = trim($post['reverse_http_port']); + if (!empty($port) && !is_port($port)) + $input_errors[] = 'The field \'reverse HTTP port\' must contain a valid port number'; + + $port = trim($post['reverse_https_port']); + if (!empty($port) && !is_port($port)) + $input_errors[] = 'The field \'reverse HTTPS port\' must contain a valid port number'; + + if ($post['reverse_ssl_cert'] == 'none') + $input_errors[] = 'A valid certificate for the external interface must be selected'; } @@ -941,6 +940,16 @@ EOD; return $conf; } +function squid_get_server_certs() { + global $config; + $cert_arr = array(); + $cert_arr[] = array('refid' => 'none', 'descr' => 'none'); + foreach ($config['cert'] as $cert) { + $cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']); + } + return $cert_arr; +} + function squid_resync_reverse() { global $config, $valid_acls; if(!is_array($valid_acls)) @@ -948,8 +957,25 @@ function squid_resync_reverse() { $settings = $config['installedpackages']['squidreverse']['config'][0]; $conf = ''; -// CONF $conf .= "# Reverse Proxy settings\n"; + $ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan'); + $real_ifaces = array(); + foreach (explode(",", $ifaces) as $i => $iface) { + $real_ifaces[] = squid_get_real_interface_address($iface); + if($real_ifaces[$i][0]) { + //HTTP + if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && empty($settings['reverse_http_defsite'])) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_external_fqdn']} vhost\n"; + if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && empty($settings['reverse_http_defsite'])) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_external_fqdn']} vhost\n"; + if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_http_defsite']} vhost\n"; + if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_http_defsite']} vhost\n"; + //HTTPS + if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']}\n"; + if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']} vhost\n"; + if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n"; + if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n"; + } + } + if (!empty($settings['extension_methods'])) $conf .= "extension_methods {$settings['extension_methods']}\n"; if (!empty($settings['deny_info_tcp_reset'])) $conf .= "deny_info TCP_RESET all\n"; diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml index 525f620f..4c520ff7 100644 --- a/config/squid-reverse/squid_reverse.xml +++ b/config/squid-reverse/squid_reverse.xml @@ -119,7 +119,7 @@ <field> <fielddescr>reverse HTTP port</fielddescr> <fieldname>reverse_http_port</fieldname> - <description>This is the port the HTTP reverse-proxy will listen on.</description> + <description>This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80)</description> <type>input</type> <size>5</size> <default_value>80</default_value> @@ -127,7 +127,7 @@ <field> <fielddescr>reverse HTTP default site</fielddescr> <fieldname>reverse_http_defsite</fieldname> - <description>This is the HTTP reverse default site.</description> + <description>This is the HTTP reverse default site. (leave empty to use the external fqdn)</description> <type>input</type> <size>60</size> <default_value>localhost</default_value> @@ -145,7 +145,7 @@ <field> <fielddescr>reverse HTTPS port</fielddescr> <fieldname>reverse_https_port</fieldname> - <description>This is the port the HTTPS reverse-proxy will listen on.</description> + <description>This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443)</description> <type>input</type> <size>5</size> <default_value>443</default_value> @@ -153,7 +153,7 @@ <field> <fielddescr>reverse HTTPS default site</fielddescr> <fieldname>reverse_https_defsite</fieldname> - <description>This is the HTTPS reverse default site.</description> + <description>This is the HTTPS reverse default site. (leave empty to use the external fqdn)</description> <type>input</type> <size>60</size> <default_value>localhost</default_value> @@ -180,7 +180,7 @@ <field> <fielddescr>extension methods</fielddescr> <fieldname>extension_methods</fieldname> - <description>This field defines more extension methods for the proxy to use. (RPC_IN_DATA RPC_OUT_DATA for RPC over HTTP -> Outlook Anywhere)</description> + <description>This field defines additional extension methods for the proxy to use. (RPC_IN_DATA RPC_OUT_DATA for RPC over HTTP -> Outlook Anywhere)</description> <type>input</type> <size>80</size> <default_value>RPC_IN_DATA RPC_OUT_DATA</default_value> |