diff options
Diffstat (limited to 'packages/squid_ng.xml')
-rw-r--r-- | packages/squid_ng.xml | 224 |
1 files changed, 103 insertions, 121 deletions
diff --git a/packages/squid_ng.xml b/packages/squid_ng.xml index ccfed7f2..7d3cb5c8 100644 --- a/packages/squid_ng.xml +++ b/packages/squid_ng.xml @@ -2,115 +2,73 @@ <packagegui> <name>squid</name> - <title>Services: Squid Advanced Proxy</title> + <title>Services: Proxy Server</title> <category>Security</category> <version>2.5.10_4</version> <configpath>installedpackages->package->squidng->configuration->settings</configpath> - <!-- This defines the location where the config is stored within pfSense's - xml based global store --> <aftersaveredirect>/pkg_edit.php?xml=squid_ng.xml&id=0</aftersaveredirect> - - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid_cache.xml</item> + + <menu> + <name>Squid</name> + <tooltiptext>Modify settings for Proxy Server</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url> + </menu> + + <!-- TODO: Add xml to parse proxy logs into readable format + <menu> + <name>Proxy Log</name> + <section>Status</section> + <configfile>squid_log.xml</configfile> + </menu> --> + + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.com/packages/config/squid_cache.xml</item> </additional_files_needed> - <additional_files_needed> + + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> <item>http://www.pfsense.com/packages/config/squid_nac.xml</item> </additional_files_needed> - <additional_files_needed> + + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> <item>http://www.pfsense.com/packages/config/squid_ng.inc</item> </additional_files_needed> - <additional_files_needed> + + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> <item>http://www.pfsense.com/packages/config/squid_traffic.xml</item> </additional_files_needed> - <additional_files_needed> + + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> <item>http://www.pfsense.com/packages/config/squid_upstream.xml</item> </additional_files_needed> + + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.com/packages/config/squid_auth.xml</item> + </additional_files_needed> - <menu> - <name>Squid</name> - <tooltiptext>Modify settings for Squid Advanced Proxy</tooltiptext> - <section>Services</section> - <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url> - </menu> - - <!-- TODO: Add xml to parse proxy logs into readable format - <menu> - <name>Proxy Log</name> - <section>Status</section> - <configfile>squid_log.xml</configfile> - </menu> --> - - <files> - <file> - <type>package</type> - <location>http://www.pfsense.org/packages/All/squid-2.5.STABLE10.tbz</location> - </file> - <file> - <type>package</type> - <location>ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/www/squidGuard-1.2.0_1.tbz</location> - </file> - - <!-- retrieves the configuration file for upstream proxy settings --> - - <file> - <type>configfile</type> - <location>http://www.pfsense.com/packages/config/squid_ng.inc</location> - </file> - - <file> - <type>configfile</type> - <location>http://www.pfsense.com/packages/config/squid_upstream.xml</location> - </file> - - <!-- retrieves the configuration file for cache management --> - <file> - <type>configfile</type> - <location>http://www.pfsense.com/packages/config/squid_cache.xml</location> - </file> - - <!-- retrieves the configuration file for network access control --> - <file> - <type>configfile</type> - <location>http://www.pfsense.com/packages/config/squid_nac.xml</location> - </file> - - <!-- retrieves the configuration file for traffic management --> - <file> - <type>configfile</type> - <location>http://www.pfsense.com/packages/config/squid_traffic.xml</location> - </file> - - <!-- TODO: retrieves the configuration file for authentication settings - <file> - <type>configfile</type> - <location>http://www.pfsense.com/packages/config/squid_auth.xml</location> - </file> - --> - - <!-- TODO: retrieves the configuration file for user definitions - <file> - <type>configfile</type> - <location>http://www.pfsense.com/packages/config/squid_users.xml</location> - </file> - --> - - </files> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.com/packages/config/squid_extauth.xml</item> + </additional_files_needed> <tabs> <tab> <text>General Settings</text> - <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> <active/> </tab> @@ -134,17 +92,15 @@ <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> </tab> - <!-- <tab> - <text>Authentication Settings</text> + <text>Auth Settings</text> <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> </tab> <tab> - <text>Users</text> - <url>/pkg_edit.php?xml=squid_users.xml&id=0</url> + <text>Extended Auth Settings</text> + <url>/pkg_edit.php?xml=squid_extauth.xml&id=0</url> </tab> - --> </tabs> <fields> @@ -274,16 +230,13 @@ $fout = fopen("/usr/local/etc/squid/squid.conf","w"); fwrite($fout, "#\n"); - fwrite($fout, "# This file was automatically generated by the pfSense package manager\n"); - fwrite($fout, "# This default policy enables transparent proxy with no local disk logging\n"); + fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n"); + fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n"); fwrite($fout, "#\n"); fwrite($fout, "shutdown_lifetime 5 seconds\n"); fwrite($fout, "icp_port 0\n"); fwrite($fout, "\n"); - - fwrite($fout, "http_port 3128\n"); - fwrite($fout, "\n"); - + fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n"); fwrite($fout, "no_cache deny QUERY\n"); fwrite($fout, "\n"); @@ -292,13 +245,13 @@ fwrite($fout, "\n"); fwrite($fout, "cache_mem 8 MB\n"); - fwrite($fout, "cache_dir ufs /var/squid/cache 500 16 256\n"); + fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n"); fwrite($fout, "\n"); fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n"); fwrite($fout, "\n"); - fwrite($fout, "memory_replacement_policy heap LRU\n"); + fwrite($fout, "memory_replacement_policy heap GDSF\n"); fwrite($fout, "cache_replacement_policy heap GDSF\n"); fwrite($fout, "\n"); @@ -347,19 +300,12 @@ fwrite($fout, "#Set custom configured ACLs\n"); fwrite($fout, "http_access deny all\n"); fwrite($fout, "visible_hostname pfSense\n"); - fwrite($fout, "httpd_accel_host virtual\n"); - fwrite($fout, "httpd_accel_port 80\n"); - fwrite($fout, "httpd_accel_with_proxy on\n"); - fwrite($fout, "httpd_accel_uses_host_header on\n"); + fwrite($fout, "\n"); + fwrite($fout, "cache_effective_user squid\n"); fwrite($fout, "cache_effective_group squid\n"); fwrite($fout, "\n"); - fwrite($fout, "#Strip HTTP Header\n"); - fwrite($fout, "header_access X-Forwarded-For deny all\n"); - fwrite($fout, "header_access Via deny all\n"); - fwrite($fout, "\n"); - fwrite($fout, "maximum_object_size 4096 KB\n"); fwrite($fout, "minimum_object_size 0 KB\n"); fwrite($fout, "\n"); @@ -368,6 +314,11 @@ fwrite($fout, "reply_body_max_size 0 allow all\n"); fwrite($fout, "\n"); + fwrite($fout, "httpd_accel_host virtual\n"); + fwrite($fout, "httpd_accel_port 80\n"); + fwrite($fout, "httpd_accel_with_proxy on\n"); + fwrite($fout, "httpd_accel_uses_host_header on\n"); + fclose($fout); } <!-- end function write_static_squid_config() --> </custom_php_global_functions> @@ -380,38 +331,69 @@ </custom_add_php_command_late> <custom_php_install_command> - write_static_squid_config(); <!-- write initial config to work --> + write_static_squid_config(); <!-- write initial static config for transparent proxy --> - update_output_window("Creating initialization scripts..."); + update_output_window("Creating Proxy Server initialization scripts..."); $fout = fopen("/usr/local/etc/rc.d/squid.sh","w"); fwrite($fout, "#!/bin/sh\n"); - fwrite($fout, "$pfSense: /usr/local/sbin/rc.d/squid.sh; created " . date(DATE_RFC822) . " mcapp\n"); - fwrite($fout, "\n"); - fwrite($fout, "touch /tmp/ro_root_mount\n\n"); - fwrite($fout, "/usr/local/sbin/squid -D\n\n"); - fwrite($fout, "touch /tmp/filter_dirty\n\n"); + fwrite($fout, "#$pfSense: /usr/local/sbin/rc.d/squid.sh\n\n"); + fwrite($fout, "touch /tmp/ro_root_mount\n"); + fwrite($fout, "/usr/local/sbin/squid -D\n"); + fwrite($fout, "touch /tmp/filter_dirty\n"); fclose($fout); - chmod("/usr/local/etc/rc.d/squid.sh", 755); + mwexec("chmod 755 /usr/local/etc/rc.d/squid.sh"); + + <!-- create log directory hierarchies if they don't exist --> + update_output_window("Creating required directory hierarchies..."); + + if (!file_exists("/var/squid/logs")) { + mwexec("mkdir -p /var/squid/logs"); + mwexec("chown squid:squid /var/squid/logs"); + } if (!file_exists("/var/squid/cache")) { - update_output_window("Initializing Cache... This may take a moment..."); - mwexec("/usr/local/sbin/squid -z"); + mwexec("mkdir -p /var/squid/cache"); + mwexec("chown squid:squid /var/squid/cache"); + } + + if (!file_exists("/usr/local/etc/squid/advanced/acls")) { + mwexec("mkdir -p /usr/local/etc/squid/advanced/acls"); + mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls"); } - update_output_window("Starting Squid Advanced Proxy..."); - mwexec_bg("/usr/local/etc/rc.d/squid.sh"); + if (!file_exists("/usr/local/etc/squid/advanced/ncsa")) { + mwexec("mkdir -p /usr/local/etc/squid/advanced/ncsa"); + mwexec("chown squid:squid /usr/local/etc/squid/advanced/ncsa"); + } + + if (!file_exists("/usr/local/etc/squid/advanced/ntlm")) { + mwexec("mkdir -p /usr/local/etc/squid/advanced/ntlm"); + mwexec("chown squid:squid /usr/local/etc/squid/advanced/ntlm"); + } + + if (!file_exists("/usr/local/etc/squid/advanced/radius")) { + mwexec("mkdir -p /usr/local/etc/squid/advanced/radius"); + mwexec("chown squid:squid /usr/local/etc/squid/advanced/radius"); + } + + update_output_window("Initializing Cache... This may take a moment..."); + mwexec("/usr/local/sbin/squid -z"); + + update_output_window("Starting Proxy Server..."); + mwexec("/usr/local/etc/rc.d/squid.sh"); filter_configure(); </custom_php_install_command> <custom_php_deinstall_command> - rmdir_recursive("/usr/local/squid"); - unlink_if_exists("/var/mail/squid"); - unlink_if_exists("/usr/local/etc/rc.d/squid"); - unlink_if_exists("/usr/local/etc/squid/squid.conf"); + mwexec("rm -rf /usr/local/squid"); + mwexec("rm -rf /var/squid/cache"); + mwexec("rm -rf /usr/local/etc/squid"); + + unlink_if_exists("/usr/local/etc/rc.d/squid.sh"); unlink_if_exists("/usr/local/etc/squid"); unlink_if_exists("/usr/local/libexec/squid"); - rmdir_recursive("/usr/local/etc/squid"); + filter_configure(); </custom_php_deinstall_command> |