From ae1cfe7f86d39dd291a3af92f57f911bb64341b9 Mon Sep 17 00:00:00 2001
From: Martin Fuchs <martin.fuchs@trendchiller.com>
Date: Thu, 29 Sep 2011 13:42:34 +0200
Subject: proxy http port definition working

---
 config/squid-reverse/squid.inc         | 50 ++++++++++++++++++++++++++--------
 config/squid-reverse/squid_reverse.xml | 10 +++----
 2 files changed, 43 insertions(+), 17 deletions(-)

(limited to 'config/squid-reverse')

diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index cbd18b68..32f7d387 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -117,16 +117,6 @@ function squid_is_valid_acl($acl) {
 	return in_array($acl, $valid_acls);
 }
 
-function squid_get_server_certs() {
-	global $config;
-	$cert_arr = array();
-	$cert_arr[] = array('refid' => 'none', 'descr' => 'none');
-	foreach ($config['cert'] as $cert) {
-		$cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']);
-	}
-	return $cert_arr;
-}	
-
 function squid_install_command() {
 	global $config;
 	global $g;
@@ -489,7 +479,16 @@ function squid_validate_traffic($post, $input_errors) {
 
 function squid_validate_reverse($post, $input_errors) {
 
-// CONF
+		$port = trim($post['reverse_http_port']);
+		if (!empty($port) && !is_port($port))
+			$input_errors[] = 'The field \'reverse HTTP port\' must contain a valid port number';
+
+		$port = trim($post['reverse_https_port']);
+		if (!empty($port) && !is_port($port))
+			$input_errors[] = 'The field \'reverse HTTPS port\' must contain a valid port number';
+
+		if ($post['reverse_ssl_cert'] == 'none')
+ 			$input_errors[] = 'A valid certificate for the external interface must be selected';
 
 }
 
@@ -941,6 +940,16 @@ EOD;
 	return $conf;
 }
 
+function squid_get_server_certs() {
+	global $config;
+	$cert_arr = array();
+	$cert_arr[] = array('refid' => 'none', 'descr' => 'none');
+	foreach ($config['cert'] as $cert) {
+		$cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']);
+	}
+	return $cert_arr;
+}	
+
 function squid_resync_reverse() {
 	global $config, $valid_acls;
 	if(!is_array($valid_acls))
@@ -948,8 +957,25 @@ function squid_resync_reverse() {
 	$settings = $config['installedpackages']['squidreverse']['config'][0];
 	$conf = '';
                                                                                          
-// CONF
 	$conf .= "# Reverse Proxy settings\n";
+	$ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan');
+	$real_ifaces = array();
+	foreach (explode(",", $ifaces) as $i => $iface) {
+		$real_ifaces[] = squid_get_real_interface_address($iface);
+		if($real_ifaces[$i][0]) {
+      //HTTP
+      if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && empty($settings['reverse_http_defsite'])) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_external_fqdn']} vhost\n";
+      if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && empty($settings['reverse_http_defsite'])) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_external_fqdn']} vhost\n";
+      if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_http_defsite']} vhost\n";
+      if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_http_defsite']} vhost\n";
+      //HTTPS
+      if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']}\n";
+      if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']} vhost\n";
+      if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n";
+      if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n";
+		}
+	}
+	
   if (!empty($settings['extension_methods'])) $conf .= "extension_methods {$settings['extension_methods']}\n";
   if (!empty($settings['deny_info_tcp_reset'])) $conf .= "deny_info TCP_RESET all\n";                                                                                           
                                                                                                                                                                                   
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
index 525f620f..4c520ff7 100644
--- a/config/squid-reverse/squid_reverse.xml
+++ b/config/squid-reverse/squid_reverse.xml
@@ -119,7 +119,7 @@
 		<field>
 			<fielddescr>reverse HTTP port</fielddescr>
 			<fieldname>reverse_http_port</fieldname>
-			<description>This is the port the HTTP reverse-proxy will listen on.</description>
+			<description>This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80)</description>
 			<type>input</type>
 			<size>5</size>
 			<default_value>80</default_value>
@@ -127,7 +127,7 @@
 		<field>
 			<fielddescr>reverse HTTP default site</fielddescr>
 			<fieldname>reverse_http_defsite</fieldname>
-			<description>This is the HTTP reverse default site.</description>
+			<description>This is the HTTP reverse default site. (leave empty to use the external fqdn)</description>
 			<type>input</type>
 			<size>60</size>
 			<default_value>localhost</default_value>
@@ -145,7 +145,7 @@
 		<field>
 			<fielddescr>reverse HTTPS port</fielddescr>
 			<fieldname>reverse_https_port</fieldname>
-			<description>This is the port the HTTPS reverse-proxy will listen on.</description>
+			<description>This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443)</description>
 			<type>input</type>
 			<size>5</size>
 			<default_value>443</default_value>
@@ -153,7 +153,7 @@
 		<field>
 			<fielddescr>reverse HTTPS default site</fielddescr>
 			<fieldname>reverse_https_defsite</fieldname>
-			<description>This is the HTTPS reverse default site.</description>
+			<description>This is the HTTPS reverse default site. (leave empty to use the external fqdn)</description>
 			<type>input</type>
 			<size>60</size>
 			<default_value>localhost</default_value>
@@ -180,7 +180,7 @@
 		<field>
 			<fielddescr>extension methods</fielddescr>
 			<fieldname>extension_methods</fieldname>
-			<description>This field defines more extension methods for the proxy to use. (RPC_IN_DATA RPC_OUT_DATA for RPC over HTTP -> Outlook Anywhere)</description>
+			<description>This field defines additional extension methods for the proxy to use. (RPC_IN_DATA RPC_OUT_DATA for RPC over HTTP -> Outlook Anywhere)</description>
 			<type>input</type>
 			<size>80</size>
 			<default_value>RPC_IN_DATA RPC_OUT_DATA</default_value>
-- 
cgit v1.2.3