setup.sh 1.27 KB
Newer Older
1 2
#!/bin/sh

3
SQUID_DIRS="/var/log/squid /var/run/squid /var/squid /var/squid/cache /var/squid/ssl /var/squid/logs"
4 5

for SQUID_DIR in ${SQUID_DIRS}; do
Ad Schellevis's avatar
Ad Schellevis committed
6 7 8
    mkdir -p ${SQUID_DIR}
    chown -R squid:squid ${SQUID_DIR}
    chmod -R 750 ${SQUID_DIR}
9
done
10
/usr/sbin/pw groupmod proxy -m squid
11
/usr/local/sbin/squid -z -N > /dev/null 2>&1
12

Ad Schellevis's avatar
Ad Schellevis committed
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
# remove ssl certificate store in case the user changed the CA
if [ -f /usr/local/etc/squid/ca.pem.id ]; then
    current_cert=`cat /usr/local/etc/squid/ca.pem.id`
    if [ -d /var/squid/ssl_crtd ]; then
        if [ -f /var/squid/ssl_crtd.id ]; then
          running_cert=`cat /var/squid/ssl_crtd.id`
        else
          running_cert=""
        fi
        if [ "$current_cert" != "$running_cert" ]; then
            rm -rf /var/squid/ssl_crtd
        fi
    fi
fi

28 29
# create ssl certificate store, in case sslbump is enabled we need this
if [ ! -d /var/squid/ssl_crtd ]; then
Ad Schellevis's avatar
Ad Schellevis committed
30 31 32 33 34 35
    /usr/local/libexec/squid/ssl_crtd -c -s /var/squid/ssl_crtd > /dev/null 2>&1
    chown -R squid:squid /var/squid/ssl_crtd
    chmod -R 750 /var/squid/ssl_crtd
    if [ -f /usr/local/etc/squid/ca.pem.id ]; then
        cat /usr/local/etc/squid/ca.pem.id > /var/squid/ssl_crtd.id
    fi
36
fi
37 38

# generate SSL bump certificate
Ad Schellevis's avatar
Ad Schellevis committed
39
/usr/local/opnsense/scripts/proxy/generate_cert.php > /dev/null 2>&1