diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/nmap/nmap.inc | 22 | ||||
| -rw-r--r-- | config/nmap/nmap.xml | 5 | ||||
| -rwxr-xr-x | config/postfix/postfix.inc | 11 | ||||
| -rwxr-xr-x | config/postfix/postfix_queue.php | 6 | ||||
| -rw-r--r-- | config/postfix/postfix_view_config.php | 6 | ||||
| -rw-r--r-- | config/sshdcond/sshdcond.inc | 159 | ||||
| -rw-r--r-- | config/varnish3/varnish.inc | 151 | ||||
| -rwxr-xr-x | config/varnish3/varnish.widget.php | 89 | ||||
| -rw-r--r-- | config/varnish3/varnish_backends.xml | 2 | ||||
| -rw-r--r-- | config/varnish3/varnish_custom_vcl.xml | 2 | ||||
| -rw-r--r-- | config/varnish3/varnish_lb_directors.xml | 2 | ||||
| -rw-r--r-- | config/varnish3/varnish_settings.xml | 13 | ||||
| -rw-r--r-- | config/varnish3/varnish_sync.xml | 2 | ||||
| -rw-r--r-- | config/varnish3/varnish_view_config.php | 4 | ||||
| -rw-r--r-- | config/varnish3/varnishstat.php | 4 |
15 files changed, 260 insertions, 218 deletions
diff --git a/config/nmap/nmap.inc b/config/nmap/nmap.inc index 272f27ef..f66f6be9 100644 --- a/config/nmap/nmap.inc +++ b/config/nmap/nmap.inc @@ -28,6 +28,28 @@ POSSIBILITY OF SUCH DAMAGE. */ +function nmap_install() { + $destination_file = "/usr/local/share/nmap/nmap-mac-prefixes"; + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + switch ($pfs_version) { + case "1.2": + case "2.0": + return null; + case "2.1": + $source_file = "/usr/pbi/nmap-" . php_uname("m") . "/share/nmap/nmap-mac-prefixes"; + break; + default: + $source_file = "/usr/pbi/nmap-" . php_uname("m") . "/local/share/nmap/nmap-mac-prefixes"; + } + /* Only copy the file if it doesn't exist */ + if (file_exists($source_file) && !file_exists($destination_file)) { + if (!is_dir(dirname($destination_file))) { + @mkdir(dirname($destination_file), 0644, true); + } + @symlink($source_file, $destination_file); + } +} + function nmap_custom_php_validation_command($post, & $input_errors) { global $_POST, $savemsg, $config; if (empty($_POST['hostname'])) { diff --git a/config/nmap/nmap.xml b/config/nmap/nmap.xml index b07b3982..ad0f8e0a 100644 --- a/config/nmap/nmap.xml +++ b/config/nmap/nmap.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>nmap</name> - <version>6.40_2 pkg v1.2.1</version> + <version>6.40_2 pkg v1.3</version> <title>Diagnostics: NMap</title> <savetext>Scan</savetext> <preoutput>yes</preoutput> @@ -122,4 +122,7 @@ <custom_php_validation_command> nmap_custom_php_validation_command($_POST, $input_errors); </custom_php_validation_command> + <custom_php_install_command> + nmap_install(); + </custom_php_install_command> </packagegui> diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index 99af671b..eb5499aa 100755 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -37,10 +37,7 @@ require_once("globals.inc"); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); if (is_dir('/usr/pbi/postfix-' . php_uname("m"))) { - if ($pfs_version == 2.2) - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")."/local"); - else - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); + define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); } else { define('POSTFIX_LOCALBASE','/usr/local'); } @@ -731,6 +728,12 @@ MASTEREOF2; conf_mount_rw(); + //check postfix etc dir on 2.2 + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + $postfix_etc_lnk="/usr/local/etc/postfix"; + if ($pfs_version == 2.2 && !is_dir($postfix_etc_lnk)) + @symlink(POSTFIX_LOCALBASE.'/etc/postfix',$postfix_etc_lnk); + log_error("Writing out configuration"); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/main.cf", $postfix_main, LOCK_EX); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/master.cf", $postfix_master, LOCK_EX); diff --git a/config/postfix/postfix_queue.php b/config/postfix/postfix_queue.php index 6f8a7e19..1db2b8e2 100755 --- a/config/postfix/postfix_queue.php +++ b/config/postfix/postfix_queue.php @@ -34,12 +34,8 @@ $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); -$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); if (is_dir('/usr/pbi/postfix-' . php_uname("m"))) { - if ($pfs_version == 2.2) - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")."/local"); - else - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); + define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); } else { define('POSTFIX_LOCALBASE','/usr/local'); } diff --git a/config/postfix/postfix_view_config.php b/config/postfix/postfix_view_config.php index f50ae991..a844ce65 100644 --- a/config/postfix/postfix_view_config.php +++ b/config/postfix/postfix_view_config.php @@ -29,12 +29,8 @@ */ $shortcut_section = "postfix"; require("guiconfig.inc"); -$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); if (is_dir('/usr/pbi/postfix-' . php_uname("m"))) { - if ($pfs_version == 2.2) - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")."/local"); - else - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); + define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); } else { define('POSTFIX_LOCALBASE','/usr/local'); } diff --git a/config/sshdcond/sshdcond.inc b/config/sshdcond/sshdcond.inc index 2caa39cc..7ff911c1 100644 --- a/config/sshdcond/sshdcond.inc +++ b/config/sshdcond/sshdcond.inc @@ -1,69 +1,46 @@ <?php -/* ========================================================================== */ /* - sshdcond.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - Copyright (C) 2012 Han Van (namezero@afim.info) - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - require_once("config.inc"); - require_once("util.inc"); - -function restart_sshd(){ - #backup /etc/sshd before any change - $etc_sshd="/etc/sshd"; - $pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version")); - if (!file_exists('/root/'.$pfsense_version.'.sshd.backup')){ - copy ($etc_sshd,'/root/'.$pfsense_version.'.sshd.backup'); - } - - #patch /etc/sshd if need - $sshd_file=file($etc_sshd); - $sshd_new_file=""; - foreach ($sshd_file as $line){ - if (preg_match('/sshconf .= "Port/',$line)){ - $sshd_new_file.= $line; - $sshd_new_file.= "\t".'if(file_exists("/etc/ssh/sshd_extra")){$sshconf.=file_get_contents("/etc/ssh/sshd_extra");}'."\n"; - } - elseif(!preg_match('/sshd_extra/',$line)){ - $sshd_new_file.= $line; - } - } - file_put_contents($etc_sshd,$sshd_new_file,LOCK_EX); - mwexec_bg($etc_sshd); - } + sshdcond.inc + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012 Han Van (namezero@afim.info) + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("config.inc"); +require_once("util.inc"); + +function restart_sshd() { + mwexec_bg("/etc/sshd"); +} -function sshdcond_custom_php_install_command(){ +function sshdcond_custom_php_install_command() { global $g, $config; conf_mount_rw(); @@ -71,12 +48,12 @@ function sshdcond_custom_php_install_command(){ // We need to generate an outfile for our extra commands // The patched g_szSSHDFileGenerate php file then reads and appends that config $fd = fopen("/etc/ssh/sshd_extra", 'w'); - fclose($fd); + fclose($fd); conf_mount_ro(); } -function sshdcond_custom_php_deinstall_command(){ +function sshdcond_custom_php_deinstall_command() { global $g, $config; conf_mount_rw(); @@ -90,25 +67,25 @@ function sshdcond_custom_php_deinstall_command(){ conf_mount_ro(); } -function sshdcond_custom_php_write_config(){ +function sshdcond_custom_php_write_config() { global $g, $config; - + # detect boot process - if (is_array($_POST)){ + if (is_array($_POST)) { if (!preg_match("/\w+/",$_POST['__csrf_magic'])) return; } - + $sshd_extra=""; - if (is_array($config['installedpackages']['sshdcond']['config'])){ + if (is_array($config['installedpackages']['sshdcond']['config'])) { // Mount Read-only conf_mount_rw(); // Read config - foreach ($config['installedpackages']['sshdcond']['config'] as $sshdcond){ - if ($sshdcond['enable'] && is_array($sshdcond['row'])){ + foreach ($config['installedpackages']['sshdcond']['config'] as $sshdcond) { + if ($sshdcond['enable'] && is_array($sshdcond['row'])) { $sshd_extra.= "Match {$sshdcond['matchtype']} {$sshdcond['matchvalue']}\n"; - foreach ($sshdcond['row'] as $sshd){ + foreach ($sshdcond['row'] as $sshd) { //check if there is spaces on sshd value if(preg_match ("/\s+/",$sshd['sshdvalue'])) $sshd['sshdvalue']='"'.$sshd['sshdvalue'].'"'; @@ -118,7 +95,7 @@ function sshdcond_custom_php_write_config(){ $sshd_extra.="\t {$sshd['sshdoption']} {$sshd['sshdvalue']}\n"; //apply file permission if option is ChrootDirectory - if ($sshd['sshdoption']=="ChrootDirectory" && file_exists($sshd['sshdvalue'])){ + if ($sshd['sshdoption']=="ChrootDirectory" && file_exists($sshd['sshdvalue'])) { chown($sshd['sshdvalue'], 'root'); chgrp($sshd['sshdvalue'], 'operator'); } @@ -129,15 +106,15 @@ function sshdcond_custom_php_write_config(){ //Save /etc/ssh/sshd_extra file_put_contents("/etc/ssh/sshd_extra",$sshd_extra,LOCK_EX); - - + + // Restart sshd restart_sshd(); // Mount Read-only conf_mount_ro(); - + //sync config with other pfsense servers sshdcond_sync_on_changes(); } @@ -145,14 +122,14 @@ function sshdcond_custom_php_write_config(){ /* Uses XMLRPC to synchronize the changes to a remote node */ function sshdcond_sync_on_changes() { global $config, $g; - + if (is_array($config['installedpackages']['sshdcondsync'])) - if (!$config['installedpackages']['sshdcondsync']['config'][0]['synconchanges']) + if (!$config['installedpackages']['sshdcondsync']['config'][0]['synconchanges']) return; log_error("[sshdcond] xmlrpc sync is starting."); - foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ + foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs ) { + foreach($rs['row'] as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; if($password && $sync_to_ip) @@ -174,18 +151,18 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { $username='admin'; $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { + if($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") $port = "80"; - else + else $port = "443"; - } + } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ @@ -221,7 +198,7 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { } else { log_error("sshdcond XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell sshdcond to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/sshdcond.inc');\n"; @@ -231,7 +208,7 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("sshdcond XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -251,4 +228,4 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { log_error("sshdcond XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } - ?>
\ No newline at end of file + ?> diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 4883af15..bca02203 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -4,7 +4,7 @@ varnish.inc part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho Copyright (C) 2012 Marcio Carlos Antao All rights reserved. */ @@ -34,23 +34,26 @@ /* ========================================================================== */ $shortcut_section = "varnish"; -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) - define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")); -else - define('VARNISH_LOCALBASE','/usr/local'); - +$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); +if (is_dir('/usr/pbi/varnish-' . php_uname("m"))) { + if ($pfs_version == 2.2) + define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")."/local"); + else + define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")); +} else { + define('VARNISH_LOCALBASE','/usr/local'); +} function varnish_settings_post_validate($post, &$input_errors) { - if( !is_numeric($post['storagesize'])) - $input_errors[] = "A valid number is required for the field 'Storage size'"; - if($post['listeningport'] && !is_numeric($post['listeningport'])) - $input_errors[] = "A valid number is required for the field 'Listening port'"; - if($post['minworkers'] && !is_numeric($post['minworkers'])) - $input_errors[] = "A valid number is required for the field 'Minimum worker threads'"; - if($post['maxworkers'] && !is_numeric($post['maxworkers'])) - $input_errors[] = "A valid number is required for the field 'Maximum worker threads'"; - if($post['timeoutworkers'] && !is_numeric($post['timeoutworkers'])) + if( !is_numeric($post['storagesize'])) + $input_errors[] = "A valid number is required for the field 'Storage size'"; + if($post['listeningport'] && !is_numeric($post['listeningport'])) + $input_errors[] = "A valid number is required for the field 'Listening port'"; + if($post['minworkers'] && !is_numeric($post['minworkers'])) + $input_errors[] = "A valid number is required for the field 'Minimum worker threads'"; + if($post['maxworkers'] && !is_numeric($post['maxworkers'])) + $input_errors[] = "A valid number is required for the field 'Maximum worker threads'"; + if($post['timeoutworkers'] && !is_numeric($post['timeoutworkers'])) $input_errors[] = "A valid number is required for the field 'Worker thread timeout'"; if($post['managment']){ $mgm= explode(":",$post['managment']); @@ -61,7 +64,7 @@ function varnish_settings_post_validate($post, &$input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'Fetch grace'"; if($post['saint'] && ! preg_match("/^\d+(h|m|s)$/",$post['saint'])) $input_errors[] = "A valid number with a time reference is required for the field 'Saint mode'"; - + } function varnish_lb_directors_post_validate($post, &$input_errors) { @@ -81,21 +84,21 @@ function varnish_lb_directors_post_validate($post, &$input_errors) { function varnish_backends_post_validate($post, &$input_errors) { if (!$post['backendname'] || preg_match("/[^a-zA-Z0-9]/", $post['backendname'])) $input_errors[] = "The backend name must only contain the characters a-Z or 0-9"; - if(!is_ipaddr($post['ipaddress'])) + if(!is_ipaddr($post['ipaddress'])) $input_errors[] = "A valid IP address is required for the field 'IPAddress'"; - if($post['first_byte_timeout'] && !is_numeric($post['first_byte_timeout'])) + if($post['first_byte_timeout'] && !is_numeric($post['first_byte_timeout'])) $input_errors[] = "A valid number is required for the field 'first byte timeout'"; - if($post['connect_timeout'] && !is_numeric($post['connect_timeout'])) + if($post['connect_timeout'] && !is_numeric($post['connect_timeout'])) $input_errors[] = "A valid number is required for the field 'connect timeout'"; - if($post['probe_interval'] && !is_numeric($post['probe_interval'])) + if($post['probe_interval'] && !is_numeric($post['probe_interval'])) $input_errors[] = "A valid number is required for the field 'probe interval'"; - if($post['probe_interval'] && !is_numeric($post['probe_interval'])) + if($post['probe_interval'] && !is_numeric($post['probe_interval'])) $input_errors[] = "A valid number is required for the field 'probe interval'"; - if($post['probe_timeout'] && !is_numeric($post['probe_timeout'])) + if($post['probe_timeout'] && !is_numeric($post['probe_timeout'])) $input_errors[] = "A valid number is required for the field 'probe timeout'"; - if($post['probe_window'] && !is_numeric($post['probe_window'])) + if($post['probe_window'] && !is_numeric($post['probe_window'])) $input_errors[] = "A valid number is required for the field 'probe window'"; - if($post['probe_threshold'] && !is_numeric($post['probe_threshold'])) + if($post['probe_threshold'] && !is_numeric($post['probe_threshold'])) $input_errors[] = "A valid number is required for the field 'probe threshold'"; $x=0; while ($post['maptype'.$x] != ""){ @@ -103,7 +106,7 @@ function varnish_backends_post_validate($post, &$input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'grace' in map ".($x +1); } $x++; - + } } @@ -117,7 +120,7 @@ function varnish_deinstall() { } function text_area_decode($text){ - return preg_replace('/\r\n/', "\n",base64_decode($text)); + return preg_replace('/\r\n/', "\n",base64_decode($text)); } function varnish_start() { global $g, $config; @@ -160,7 +163,7 @@ function varnish_get_url_mappings_txt() { $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'") {'."\n"; else $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'"'." && req.url $fieldtype ".'"^'.$url['directorurl2'].'") {'."\n"; - + $urlbackend = "\t\t\tset req.backend = ".$url['directorname'].";"; // check rewrite options if ($url['rewritehost']) @@ -202,7 +205,7 @@ function varnish_get_url_mappings_txt() { $urlmappings .= <<<EOAU if (req.{$req} {$fieldtype} "{$url['urlmapping']}") { set req.backend = {$urlmapping['backendname']}BACKEND;{$directo_grace_time} - } + } EOAU; $isfirst = false; @@ -224,30 +227,30 @@ function create_varnish_rcd_file() { foreach($config['installedpackages']['varnishsettings']['config'] as $vs) { if($vs['storagetype'] == "malloc") $storage_type = "-s malloc,{$vs['storagesize']}MB"; - else + else $storage_type = "-s file,/var/varnish/storage.bin,{$vs['storagesize']}MB"; if($vs['listeningport']) $listeningport = "-a :{$vs['listeningport']}"; - else + else $listeningport = "-a :80"; if($vs['managment']) $advancedstartup = "-T {$vs['managment']} "; - else + else $advancedstartup = ""; if($vs['advancedstartup']) $advancedstartup .= text_area_decode($vs['advancedstartup'])."\n"; if($vs['minworkers']) $minworkers = "{$vs['minworkers']}"; - else + else $minworkers = "200"; if($vs['maxworkers']) $maxworkers = "{$vs['maxworkers']}"; - else + else $maxworkers = "4000"; if($vs['timeoutworkers']) $timeoutworkers = "{$vs['timeoutworkers']}"; - else - $timeoutworkers = "50"; + else + $timeoutworkers = "50"; } } $fd = fopen("/usr/local/etc/rc.d/varnish.sh", "w"); @@ -265,7 +268,7 @@ sysctl kern.threads.max_threads_per_proc=4096 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ /usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDOFF <?php - require_once("globals.inc"); + require_once("globals.inc"); require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("varnish.inc"); @@ -280,7 +283,7 @@ ENDOFF -f /var/etc/default.vcl \ {$storage_type} \ -w {$minworkers},{$maxworkers},{$timeoutworkers} \ - {$advancedstartup} + {$advancedstartup} EOF; @@ -296,15 +299,15 @@ function get_backend_config_txt() { foreach($config['installedpackages']['varnishbackends']['config'] as $backend) { if ($backend['connect_timeout']) $connect_timeout = $backend['connect_timeout'] . "s"; - else + else $connect_timeout = "25s"; if ($backend['port']) $connect_port = $backend['port']; - else + else $connect_port = "80"; if ($backend['first_byte_timeout']) $first_byte_timeout = $backend['first_byte_timeout'] . "s"; - else + else $first_byte_timeout = "300s"; if ($backend['probe_url']) if (preg_match("@^(http)://([a-zA-Z0-9.-]*)/(.*)$@",$backend['probe_url'],$matches)){ @@ -386,7 +389,7 @@ function get_lb_directors_config_txt() { $weight = "\t\t.weight = {$be['weight']};\n"; elseif($weight != " ") $weight = "\t\t.weight = 100;\n"; - + $director .= "\t{\n\t\t.backend = {$be['backendname']}BACKEND;\n{$weight}\t}"; $backends_in_use[$be['backendname']].= $backend['directorname']." "; } @@ -397,7 +400,7 @@ director {$backend['directorname']} {$backend['directortype']} { EOFA; - + } } } @@ -463,7 +466,18 @@ function sync_package_varnish() { $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-For = req.http.X-Forwarded-For + \",\" + client.ip;\n\n"; break; case 'create': - $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-Varnish = client.ip;\n\n"; + $vcl_acls="acl SslOffloadServers {\n\t\"localhost\";"; + $sslservers= split (" ",$vcl['ssloffload']); + foreach ($sslservers as $sslserver){ + if (preg_match("/(\S+)\/(d+)/",$sslserver,$sslm)) + $vcl_acls.="\n\t\"{$sslm[1]}\"/{$sslm[2]};"; + else + $vcl_acls.="\n\t\"{$sslserver}\";"; + } + $vcl_acls.="}\n"; + $vcl_recv_set_basic .= "\tif (req.http.X-Forwarded-For && client.ip ~ SslOffloadServers){\n\t\t"; + $vcl_recv_set_basic .= "set req.http.X-Forwarded-Varnish = req.http.X-Forwarded-For;\n\t}"; + $vcl_recv_set_basic .= "else{\n\t\tset req.http.X-Forwarded-Varnish = client.ip;\n\n\t}"; break; case 'unset': $vcl_recv_set_basic .= "\tunset req.http.X-Forwarded-For;\n\n"; @@ -478,7 +492,7 @@ function sync_package_varnish() { $vcl_fetch_session = "#Disable cache when backend is starting a session\n"; $vcl_fetch_session .= "\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; $vcl_fetch_session .= "\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; - + if ($vcl['sessioncache'] == "never") { $vcl_recv_session = "\t#Disable session cache\n"; $vcl_recv_session .= "\t".'if (req.http.Cookie && req.http.Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(pass);\n\t\t}\n"; @@ -498,7 +512,7 @@ function sync_package_varnish() { $vcl_fetch_static = "#Enable static cache\n"; $vcl_fetch_static .= 'if (req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; $vcl_fetch_static .= 'if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; - + switch ($vcl['staticache']) { case "all": // cache all static content, unseting cookie when present @@ -515,7 +529,7 @@ function sync_package_varnish() { $vcl_recv_action_basic .= $vcl_recv_static.$vcl_recv_session; $vcl_fetch_action = $vcl_fetch_session; } - + if ($vcl['rfc2616']) { $vcl_recv_action_basic .= "\t#Be rfc2616 compliant\n"; $vcl_recv_action_basic .= "\t".'if (req.request ~ "^(GET|HEAD|PUT|POST|TRACE|OPTIONS|DELETE)$") {'."\n\t\treturn(lookup);\n\t\t}\n\telse\t{\n\t\treturn(pipe);\n\t\t}\n"; @@ -566,18 +580,19 @@ sub vcl_error { if (obj.status == 503 && req.restarts < {$vcl_restarts}) { return(restart); } - + set obj.http.Content-Type = "text/html; charset=utf-8"; synthetic {"<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> {$errorvcl}"}; return(deliver); - + } - + {$backends} {$vcl_hash} +{$vcl_acls} sub vcl_recv { {$vcl_recv_early} {$vcl_recv_set_basic} @@ -588,7 +603,7 @@ sub vcl_recv { { return(pass); } - + {$vcl_recv_action_basic} return(lookup); } @@ -623,12 +638,12 @@ sub vcl_fetch { ## If the number of restarts reaches the value of the parameter max_restarts, ## the request will be error'ed. max_restarts defaults to 4. This prevents ## an eternal loop in the event that, e.g., the object does not exist at all. - if (beresp.status != 200 && beresp.status != 403 && beresp.status != 404 && + if (beresp.status != 200 && beresp.status != 403 && beresp.status != 404 && beresp.status != 303 && beresp.status != 302 && beresp.status != 301 && beresp.status != 401 ) { {$vcl_saint_mode}return(restart); } - + {$vcl_fetch_late} {$vcl_grace_time}return(deliver); } @@ -636,10 +651,10 @@ sub vcl_fetch { sub vcl_deliver { ##set resp.http.X-Served-By = server.hostname; if (obj.hits > 0) { - set resp.http.X-Cache = "HIT"; + set resp.http.X-Cache = "HIT"; set resp.http.X-Cache-Hits = obj.hits; } else { - set resp.http.X-Cache = "MISS"; + set resp.http.X-Cache = "MISS"; } return(deliver); } @@ -647,10 +662,10 @@ sub vcl_deliver { sub vcl_init { return (ok); } - + sub vcl_fini { return (ok); -} +} EOF; file_put_contents("/var/etc/default.vcl",$varnish_config_file,LOCK_EX); @@ -661,7 +676,7 @@ EOF; if (!file_exists($cc_file) && file_exists($gcc_file)){ symlink($gcc_file,$cc_file); } - + $fd = fopen("/var/etc/default.vcl", "w"); fwrite($fd, $varnish_config_file); fclose($fd); @@ -697,7 +712,7 @@ function varnish_sync_on_changes() { log_error("[varnish] xmlrpc sync is enabled but there is no system backup hosts to push varnish config."); return; } - break; + break; default: return; break; @@ -721,16 +736,16 @@ function varnish_sync_on_changes() { /* Do the actual XMLRPC sync */ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { global $config, $g; - + if(!$username) return; - + if(!$password) return; if(!$sync_to_ip) return; - + if(!$synctimeout) $synctimeout=25; @@ -742,9 +757,9 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) $port = $config['system']['webgui']['port']; /* if port is empty lets rely on the protocol selection */ if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + if($config['system']['webgui']['protocol'] == "http") $port = "80"; - else + else $port = "443"; } $synchronizetoip .= $sync_to_ip; @@ -755,7 +770,7 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) $xml['varnishbackends'] = $config['installedpackages']['varnishbackends']; $xml['varnishlbdirectors'] = $config['installedpackages']['varnishlbdirectors']; $xml['varnishsettings'] = $config['installedpackages']['varnishsettings']; - + /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), @@ -786,7 +801,7 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) } else { log_error("varnish XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell varnish to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/varnish.inc');\n"; @@ -796,7 +811,7 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("varnish XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -815,7 +830,7 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) } else { log_error("varnish XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } - + } ?> diff --git a/config/varnish3/varnish.widget.php b/config/varnish3/varnish.widget.php index 35723e95..c6fdfe78 100755 --- a/config/varnish3/varnish.widget.php +++ b/config/varnish3/varnish.widget.php @@ -1,7 +1,7 @@ -<?php +<?php /* Copyright 2011 Thomas Schaefer - Tomschaefer.org - Copyright 2011 Marcello Coutinho + Copyright 2011-2014 Marcello Coutinho Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without @@ -45,38 +45,59 @@ $img['Healthy']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up #var_dump($pfb_table); #exit; -?><div id='varnish'><?php +?><div id='varnish'><?php open_table(); +print "<pre>"; +print "<td class=\"vncellt\"width=30%><strong>Cache hits</strong></td>"; +print "<td class=\"vncellt\"width=30%><strong>Cache hits pass</strong></td>"; +print "<td class=\"vncellt\"width=30%><strong>Cache Missed</strong></td></tr>"; +$backends=exec("varnishstat -1",$debug); +foreach ($debug as $line){ + if (preg_match("/(\S+)\s+(\d+)/",$line,$matches)) + $vs[$matches[1]]=$matches[2]; + } +print "<td class=\"listlr\">".number_format($vs['cache_hit']) ."</td>"; +print "<td class=\"listlr\">".number_format($vs['cache_hitpass']) ."</td>"; +print "<td class=\"listlr\">".number_format($vs['cache_miss'])."</td></tr>"; +close_table(); + +open_table(); +print "<td class=\"vncellt\" width=30%><strong>Conn. Accepted</strong></td>"; +print "<td class=\"vncellt\" width=30%><strong>Req. received</strong></td>"; +print "<td class=\"vncellt\" width=30%><strong>Uptime</strong></td></tr>"; +print "<td class=\"listlr\">".number_format($vs['client_conn']) ."</td>"; +print "<td class=\"listlr\">".number_format($vs['client_req']) ."</td>"; +print "<td class=\"listlr\">".(int)($vs['uptime'] / 86400) . "+ ". gmdate("H:i:s",($vs['uptime'] % 86400))."</td></tr>"; +close_table(); + +open_table(); +print "<td class=\"vncellt\" width=70%><strong>Host</strong></td>"; +print "<td class=\"vncellt\" width=15%><strong>Header(Rx)</strong></td>"; +print "<td class=\"vncellt\" width=15%><strong>Header(Tx)</strong></td></tr>"; +unset($debug); +$backends=exec("varnishtop -I '^Host:' -1",$debug); +foreach ($debug as $line){ + if (preg_match("/(\S+)\s+(\w+)Header.Host: (\S+)/",$line,$lm)) + $varnish_hosts[$lm[3]][$lm[2]]=$lm[1]; +} +if (is_array($varnish_hosts)){ + foreach ($varnish_hosts as $v_key=>$v_value){ + print "<td class=\"listlr\">". $v_key ."</td>"; + print "<td class=\"listlr\" align=\"Right\">". number_format($v_value['Rx']) ."</td>"; + print "<td class=\"listlr\" align=\"Right\">".number_format($v_value['Tx'])."</td></tr>"; + } +} +else{ + print "<td class=\"listlr\">No traffic</td><td class=\"listlr\"></td><td class=\"listlr\"></td></tr>"; +} + +close_table(); + + if ($config['installedpackages']['varnishsettings']['config'][0]) - $mgm=$config['installedpackages']['varnishsettings']['config'][0]['managment']; + $mgm=$config['installedpackages']['varnishsettings']['config'][0]['managment']; if ($mgm != ""){ - print "<pre>"; - print "<td class=\"vncellt\"width=30%><strong>Cache hits</strong></td>"; - print "<td class=\"vncellt\"width=30%><strong>Cache hits pass</strong></td>"; - print "<td class=\"vncellt\"width=30%><strong>Cache Missed</strong></td></tr>"; - - $backends=exec("varnishadm -T " . escapeshellarg($mgm) . " stats",$debug); - foreach ($debug as $line){ - if (preg_match("/(\d+)\s+Cache\s+(hits.for|hits|misses)/",$line,$matches)) - $cache[preg_replace("/\s+/","",$matches[2])]=$matches[1]; - if (preg_match("/(\d+)\s+Client\s+(\w+)/",$line,$matches)) - $client[$matches[2]]=$matches[1]; - } - print "<td class=\"listlr\">".$cache['hits'] ."</td>"; - print "<td class=\"listlr\">".$cache['hitsfor'] ."</td>"; - print "<td class=\"listlr\">".$cache['misses']."</td></tr>"; - close_table(); - - open_table(); - print "<td class=\"vncellt\" width=30%><strong>Conn. Accepted</strong></td>"; - print "<td class=\"vncellt\" width=30%><strong>Req. received</strong></td>"; - print "<td class=\"vncellt\" width=30%><strong>Uptime</strong></td></tr>"; - print "<td class=\"listlr\">".$client['connections'] ."</td>"; - print "<td class=\"listlr\">".$client['requests'] ."</td>"; - print "<td class=\"listlr\">".$client['uptime']."</td></tr>"; - close_table(); - open_table(); print "<td class=\"vncellt\" width=30%><strong>Backend</strong></td>"; print "<td class=\"vncellt\" width=30%><strong>LB applied</strong></td>"; @@ -86,20 +107,20 @@ if ($mgm != ""){ foreach ($lb['row'] as $lb_backend){ ${$lb_backend['backendname']}++; } - } - $backends=exec("varnishadm -T " . escapeshellarg($mgm) . " debug.health",$debug); + } + $backends=exec("varnishadm -T " . escapeshellarg($mgm) . " debug.health",$debug); foreach ($debug as $line){ if (preg_match("/Backend (.*) is (\w+)/",$line,$matches)){ $backend=preg_replace("/BACKEND$/","",$matches[1]); print "<td class=\"listlr\">". $backend ."</td>"; print "<td class=\"listlr\">". ${$backend} ."</td>"; - print "<td class=\"listlr\">".$img[$matches[2]]."</td></tr>"; + print "<td class=\"listlr\">".$img[$matches[2]]."</td></tr>"; } } } else{ print "<td class=\"listlr\">Varnish Managment interface not set in config.</td></tr>"; -} +} echo" </tr>"; echo"</table></div>"; diff --git a/config/varnish3/varnish_backends.xml b/config/varnish3/varnish_backends.xml index 1bcb822c..dd93eba5 100644 --- a/config/varnish3/varnish_backends.xml +++ b/config/varnish3/varnish_backends.xml @@ -9,7 +9,7 @@ varnish_backends.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. /*/ /* ========================================================================== */ diff --git a/config/varnish3/varnish_custom_vcl.xml b/config/varnish3/varnish_custom_vcl.xml index c0bb0e80..7c940f40 100644 --- a/config/varnish3/varnish_custom_vcl.xml +++ b/config/varnish3/varnish_custom_vcl.xml @@ -9,7 +9,7 @@ varnish_settings.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2013-2014 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml index 1946860c..e3cd8c04 100644 --- a/config/varnish3/varnish_lb_directors.xml +++ b/config/varnish3/varnish_lb_directors.xml @@ -9,7 +9,7 @@ varnish_lb_directors.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml index a5ff5ef9..99e29663 100644 --- a/config/varnish3/varnish_settings.xml +++ b/config/varnish3/varnish_settings.xml @@ -9,7 +9,7 @@ varnish_settings.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -223,7 +223,7 @@ <field> <fielddescr>Foward client IP</fielddescr> <fieldname>xforward</fieldname> - <description>Select how to forward clients real IP.</description> + <description><![CDATA[Select how to forward clients real IP.]]></description> <type>select</type> <options> <option><name>set X-Forwarded-For</name><value>set</value></option> @@ -233,6 +233,15 @@ </options> </field> <field> + <fielddescr>SSL Offload server ACL</fielddescr> + <fieldname>ssloffload</fieldname> + <description><![CDATA[Use <b>x-forwarded-for</b> var instead of <b>client.ip</b> to set <b>X-Forwarded-Varnish</b> on Forward<br> + SSL offload servers must be configured to forward client info. if not set you can get a blank var forwarded to backend.<br> + use space to specify more then one host or network.]]></description> + <type>input</type> + <size>30</size> + </field> + <field> <fielddescr>Fetch Grace</fielddescr> <fieldname>grace</fieldname> <description><![CDATA[<a href="https://www.varnish-cache.org/trac/wiki/VCLExampleGrace">How many time varnish will keep cached objects.</a> HINT 60s, 30m, 1h]]></description> diff --git a/config/varnish3/varnish_sync.xml b/config/varnish3/varnish_sync.xml index d81851b1..eb908afe 100644 --- a/config/varnish3/varnish_sync.xml +++ b/config/varnish3/varnish_sync.xml @@ -9,7 +9,7 @@ varnish_sync.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ diff --git a/config/varnish3/varnish_view_config.php b/config/varnish3/varnish_view_config.php index 69a9fabb..b02e5c88 100644 --- a/config/varnish3/varnish_view_config.php +++ b/config/varnish3/varnish_view_config.php @@ -47,7 +47,7 @@ include("head.inc"); <?php if ($savemsg) print_info_box($savemsg); ?> <form action="varnishstat_view_config.php" method="post"> - + <div id="mainlevel"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> @@ -70,7 +70,7 @@ include("head.inc"); <tr> <td class="tabcont" > <textarea id="varnishlogs" rows="50" cols="100%"> -<?php +<?php $config_file = file_get_contents("/var/etc/default.vcl"); echo $config_file; ?> diff --git a/config/varnish3/varnishstat.php b/config/varnish3/varnishstat.php index 10d9ceb9..9e4e2f3d 100644 --- a/config/varnish3/varnishstat.php +++ b/config/varnish3/varnishstat.php @@ -60,9 +60,9 @@ include("head.inc"); } function activitycallback(transport) { $('varnishstatlogs').innerHTML = '<font face="Courier"><pre>' + transport.responseText + '</pre></font>'; - setTimeout('getlogactivity()', 2500); + setTimeout('getlogactivity()', 2500); } - setTimeout('getlogactivity()', 1000); + setTimeout('getlogactivity()', 1000); </script> <?php include("fbegin.inc"); ?> |