From 468c21369d8f8357916204fc584651f01bd14659 Mon Sep 17 00:00:00 2001
From: Martin Fuchs <martin.fuchs@trendchiller.com>
Date: Thu, 29 Sep 2011 14:53:45 +0200
Subject: proxy https definition and cert writeout working

---
 config/squid-reverse/squid.inc         | 23 +++++++++++++++++++----
 config/squid-reverse/squid_reverse.xml |  4 ++--
 2 files changed, 21 insertions(+), 6 deletions(-)

(limited to 'config/squid-reverse')

diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index 32f7d387..8cd05136 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -958,6 +958,21 @@ function squid_resync_reverse() {
 	$conf = '';
                                                                                          
 	$conf .= "# Reverse Proxy settings\n";
+
+	if(isset($settings["reverse_ssl_cert"]) && $settings["reverse_ssl_cert"] != "none") {
+    $svr_cert = lookup_cert($settings["reverse_ssl_cert"]);
+		  if ($svr_cert != false) {
+			 if(base64_decode($svr_cert['crt'])) {
+        file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt", 
+  			base64_decode($svr_cert['crt']));
+				$reverse_crt = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt";
+				}
+			if(base64_decode($svr_cert['prv'])) {
+			 file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key", 
+			 base64_decode($svr_cert['prv']));
+			 $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key";
+       }}}
+
 	$ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan');
 	$real_ifaces = array();
 	foreach (explode(",", $ifaces) as $i => $iface) {
@@ -969,10 +984,10 @@ function squid_resync_reverse() {
       if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_http_defsite']} vhost\n";
       if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_http_defsite']} vhost\n";
       //HTTPS
-      if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']}\n";
-      if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']} vhost\n";
-      if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n";
-      if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n";
+      if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_external_fqdn']}\n";
+      if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_external_fqdn']} vhost\n";
+      if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_https_defsite']} vhost\n";
+      if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_https_defsite']} vhost\n";
 		}
 	}
 	
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
index 4c520ff7..62379c35 100644
--- a/config/squid-reverse/squid_reverse.xml
+++ b/config/squid-reverse/squid_reverse.xml
@@ -110,7 +110,7 @@
 		<field>
 			<fielddescr>Enable HTTP reverse mode.</fielddescr>
 			<fieldname>reverse_http</fieldname>
-			<description>If this field is checked, the proxy-server will act in HTTP reverse mode.</description>
+			<description>If this field is checked, the proxy-server will act in HTTP reverse mode. (You have to add a rule with destination "WAN-address")</description>
 			<type>checkbox</type>
 			<enablefields>reverse_http_port,reverse_http_defsite</enablefields>			
 			<required/>
@@ -136,7 +136,7 @@
 		<field>
 			<fielddescr>Enable HTTPS reverse mode.</fielddescr>
 			<fieldname>reverse_https</fieldname>
-			<description>If this field is checked, the proxy-server will act in HTTPS reverse mode.</description>
+			<description>If this field is checked, the proxy-server will act in HTTPS reverse mode. (You have to add a rule with destination "WAN-address")</description>
 			<type>checkbox</type>
 			<enablefields>reverse_https_port,reverse_ssl_cert,reverse_https_defsite,ignore_ssl_valid</enablefields>			
 			<required/>
-- 
cgit v1.2.3