From 468c21369d8f8357916204fc584651f01bd14659 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Thu, 29 Sep 2011 14:53:45 +0200 Subject: proxy https definition and cert writeout working --- config/squid-reverse/squid.inc | 23 +++++++++++++++++++---- config/squid-reverse/squid_reverse.xml | 4 ++-- 2 files changed, 21 insertions(+), 6 deletions(-) (limited to 'config') diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 32f7d387..8cd05136 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -958,6 +958,21 @@ function squid_resync_reverse() { $conf = ''; $conf .= "# Reverse Proxy settings\n"; + + if(isset($settings["reverse_ssl_cert"]) && $settings["reverse_ssl_cert"] != "none") { + $svr_cert = lookup_cert($settings["reverse_ssl_cert"]); + if ($svr_cert != false) { + if(base64_decode($svr_cert['crt'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt", + base64_decode($svr_cert['crt'])); + $reverse_crt = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt"; + } + if(base64_decode($svr_cert['prv'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key", + base64_decode($svr_cert['prv'])); + $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key"; + }}} + $ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan'); $real_ifaces = array(); foreach (explode(",", $ifaces) as $i => $iface) { @@ -969,10 +984,10 @@ function squid_resync_reverse() { if (!empty($settings['reverse_http']) && empty($settings['reverse_http_port']) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:80 accel defaultsite={$settings['reverse_http_defsite']} vhost\n"; if (!empty($settings['reverse_http']) && (!empty($settings['reverse_http_port'])) && (!empty($settings['reverse_http_defsite']))) $conf .= "# http_port {$real_ifaces[$i][0]}:{$settings['reverse_http_port']} accel defaultsite={$settings['reverse_http_defsite']} vhost\n"; //HTTPS - if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']}\n"; - if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_external_fqdn']} vhost\n"; - if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n"; - if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert=/usr/local/etc/squid/XXX.crt key=/usr/local/etc/squid/XXX.key defaultsite={$settings['reverse_https_defsite']} vhost\n"; + if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_external_fqdn']}\n"; + if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && empty($settings['reverse_https_defsite'])) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_external_fqdn']} vhost\n"; + if (!empty($settings['reverse_https']) && empty($settings['reverse_https_port']) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:443 cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_https_defsite']} vhost\n"; + if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "# https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_https_defsite']} vhost\n"; } } diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml index 4c520ff7..62379c35 100644 --- a/config/squid-reverse/squid_reverse.xml +++ b/config/squid-reverse/squid_reverse.xml @@ -110,7 +110,7 @@ Enable HTTP reverse mode. reverse_http - If this field is checked, the proxy-server will act in HTTP reverse mode. + If this field is checked, the proxy-server will act in HTTP reverse mode. (You have to add a rule with destination "WAN-address") checkbox reverse_http_port,reverse_http_defsite @@ -136,7 +136,7 @@ Enable HTTPS reverse mode. reverse_https - If this field is checked, the proxy-server will act in HTTPS reverse mode. + If this field is checked, the proxy-server will act in HTTPS reverse mode. (You have to add a rule with destination "WAN-address") checkbox reverse_https_port,reverse_ssl_cert,reverse_https_defsite,ignore_ssl_valid -- cgit v1.2.3