Commit 30930e15 authored by Franco Fichtner's avatar Franco Fichtner

system: merge webgui pluginification from master

Includes a fix by Alexander Graf for IPv6 SSL cipher configuration.
parent c216d613
...@@ -44,13 +44,4 @@ if /usr/local/etc/rc.d/configd status > /dev/null; then ...@@ -44,13 +44,4 @@ if /usr/local/etc/rc.d/configd status > /dev/null; then
/usr/local/etc/rc.d/configd restart /usr/local/etc/rc.d/configd restart
fi fi
echo "Flush Phalcon volt templates"
rm -f /usr/local/opnsense/mvc/app/cache/*.php
echo "Reloading GUI configuration"
/usr/local/etc/rc.php_ini_setup
if pgrep -q php-cgi; then
pkill -HUP php-cgi
fi
/usr/local/etc/rc.configure_firmware /usr/local/etc/rc.configure_firmware
...@@ -53,6 +53,7 @@ ...@@ -53,6 +53,7 @@
/usr/local/etc/inc/plugins.inc.d/squid/auth-user.php /usr/local/etc/inc/plugins.inc.d/squid/auth-user.php
/usr/local/etc/inc/plugins.inc.d/suricata.inc /usr/local/etc/inc/plugins.inc.d/suricata.inc
/usr/local/etc/inc/plugins.inc.d/unbound.inc /usr/local/etc/inc/plugins.inc.d/unbound.inc
/usr/local/etc/inc/plugins.inc.d/webgui.inc
/usr/local/etc/inc/rrd.inc /usr/local/etc/inc/rrd.inc
/usr/local/etc/inc/services.inc /usr/local/etc/inc/services.inc
/usr/local/etc/inc/system.inc /usr/local/etc/inc/system.inc
...@@ -121,7 +122,6 @@ ...@@ -121,7 +122,6 @@
/usr/local/etc/rc.newwanip /usr/local/etc/rc.newwanip
/usr/local/etc/rc.newwanipv6 /usr/local/etc/rc.newwanipv6
/usr/local/etc/rc.openvpn /usr/local/etc/rc.openvpn
/usr/local/etc/rc.php_ini_setup
/usr/local/etc/rc.reboot /usr/local/etc/rc.reboot
/usr/local/etc/rc.recover /usr/local/etc/rc.recover
/usr/local/etc/rc.reload_all /usr/local/etc/rc.reload_all
...@@ -724,6 +724,10 @@ ...@@ -724,6 +724,10 @@
/usr/local/opnsense/service/templates/OPNsense/Sample/sub2/example_sub2.txt /usr/local/opnsense/service/templates/OPNsense/Sample/sub2/example_sub2.txt
/usr/local/opnsense/service/templates/OPNsense/Syslog/+TARGETS /usr/local/opnsense/service/templates/OPNsense/Syslog/+TARGETS
/usr/local/opnsense/service/templates/OPNsense/Syslog/newsyslog.conf /usr/local/opnsense/service/templates/OPNsense/Syslog/newsyslog.conf
/usr/local/opnsense/service/templates/OPNsense/WebGui/+TARGETS
/usr/local/opnsense/service/templates/OPNsense/WebGui/php.etc.ini
/usr/local/opnsense/service/templates/OPNsense/WebGui/php.ini
/usr/local/opnsense/service/templates/OPNsense/WebGui/php.lib.ini
/usr/local/opnsense/service/tests/__init__.py /usr/local/opnsense/service/tests/__init__.py
/usr/local/opnsense/service/tests/config/config.xml /usr/local/opnsense/service/tests/config/config.xml
/usr/local/opnsense/service/tests/core.py /usr/local/opnsense/service/tests/core.py
......
This diff is collapsed.
This diff is collapsed.
...@@ -231,9 +231,6 @@ echo "done." ...@@ -231,9 +231,6 @@ echo "done."
# Recreate capabilities DB # Recreate capabilities DB
/usr/bin/cap_mkdb /etc/login.conf /usr/bin/cap_mkdb /etc/login.conf
# Set up the correct php.ini content
/usr/local/etc/rc.php_ini_setup
# Execute the early syshook / plugin commands # Execute the early syshook / plugin commands
/usr/local/etc/rc.syshook early /usr/local/etc/rc.syshook early
......
...@@ -103,7 +103,6 @@ system_resolvconf_generate(true); ...@@ -103,7 +103,6 @@ system_resolvconf_generate(true);
filter_configure_sync(true); filter_configure_sync(true);
filter_pflog_start(true); filter_pflog_start(true);
setup_gateways_monitor(true); setup_gateways_monitor(true);
system_webgui_configure(true);
plugins_configure('earlybootup', true); plugins_configure('earlybootup', true);
system_cron_configure(true, true); system_cron_configure(true, true);
system_routing_configure('', true); system_routing_configure('', true);
......
#!/bin/sh
# Copyright (C) 2014-2017 Franco Fichtner <franco@opnsense.org>
# Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
PHP_INI=$(mktemp -q /tmp/php_ini.XXXXXX)
chmod 644 ${PHP_INI}
# Fetch the timezone from the XML and set it here
TIMEZONE=Etc/UTC
if [ -f /conf/config.xml ]; then
TIMEZONE=`cat /conf/config.xml | egrep -E '<timezone>(.*?)</timezone>' | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'`
fi
# Get a loaded module list in the stock php
# Populate a dummy php.ini to avoid
# the file being clobbered and the firewall
# not being able to boot back up.
cat >> ${PHP_INI} << EOF
; File generated via rc.php_ini_setup
output_buffering = "0"
expose_php = Off
implicit_flush = true
magic_quotes_gpc = Off
max_execution_time = 900
max_input_time = 1800
max_input_vars = 5000
memory_limit = 384M
register_argc_argv = On
register_long_arrays = Off
variables_order = "GPCS"
file_uploads = On
upload_tmp_dir = /tmp
upload_max_filesize = 200M
post_max_size = 200M
html_errors = Off
zlib.output_compression = Off
zlib.output_compression_level = 1
include_path = ".:/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/share/pear:/usr/local/opnsense/contrib"
ignore_repeated_errors = on
error_reporting = E_ALL ^ (E_NOTICE | E_DEPRECATED | E_STRICT)
display_errors=on
log_errors=on
error_log=/tmp/PHP_errors.log
date.timezone="${TIMEZONE}"
[xdebug]
xdebug.profiler_enable_trigger = 1
xdebug.profiler_output_name = cachegrind.out.%t.%p
EOF
cp ${PHP_INI} /usr/local/etc/php.ini
cp ${PHP_INI} /usr/local/lib/php.ini
rm ${PHP_INI}
...@@ -42,10 +42,6 @@ if (count($argv) > 1 && is_numeric($argv[1])) { ...@@ -42,10 +42,6 @@ if (count($argv) > 1 && is_numeric($argv[1])) {
sleep($argv[1]); sleep($argv[1]);
} }
log_error("rc.reload_all: Reloading web GUI.");
system_webgui_configure(true);
log_error("rc.reload_all: Reloading all configuration settings."); log_error("rc.reload_all: Reloading all configuration settings.");
system_firmware_configure(true); system_firmware_configure(true);
......
...@@ -6,11 +6,12 @@ require_once('interfaces.inc'); ...@@ -6,11 +6,12 @@ require_once('interfaces.inc');
require_once('rrd.inc'); require_once('rrd.inc');
require_once('util.inc'); require_once('util.inc');
require_once('system.inc'); require_once('system.inc');
require_once('plugins.inc.d/webgui.inc');
if (count($argv) > 1 && is_numeric($argv[1])) { if (count($argv) > 1 && is_numeric($argv[1])) {
// starting delayed. // starting delayed.
sleep($argv[1]); sleep($argv[1]);
} }
system_webgui_configure(true); webgui_configure_do(true);
rrd_configure(true); rrd_configure(true);
php.etc.ini:/usr/local/etc/php.ini
php.lib.ini:/usr/local/lib/php.ini
; File generated via configd
output_buffering = "0"
expose_php = Off
implicit_flush = true
magic_quotes_gpc = Off
max_execution_time = 900
max_input_time = 1800
max_input_vars = 5000
memory_limit = 384M
register_argc_argv = On
register_long_arrays = Off
variables_order = "GPCS"
file_uploads = On
upload_tmp_dir = /tmp
upload_max_filesize = 200M
post_max_size = 200M
html_errors = Off
zlib.output_compression = {% if system.webgui.compression|default('') != "" %}On{%else%}Off{%endif%}
zlib.output_compression_level = {{system.webgui.compression|default('1')}}
include_path = ".:/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/share/pear:/usr/local/opnsense/contrib"
ignore_repeated_errors = on
error_reporting = E_ALL ^ (E_NOTICE | E_DEPRECATED | E_STRICT)
display_errors=on
log_errors=on
error_log=/tmp/PHP_errors.log
date.timezone="{{system.timezone|default('Etc/UTC')}}"
[xdebug]
xdebug.profiler_enable_trigger = 1
xdebug.profiler_output_name = cachegrind.out.%t.%p
...@@ -39,6 +39,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -39,6 +39,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['webguiproto'] = $config['system']['webgui']['protocol']; $pconfig['webguiproto'] = $config['system']['webgui']['protocol'];
$pconfig['webguiport'] = $config['system']['webgui']['port']; $pconfig['webguiport'] = $config['system']['webgui']['port'];
$pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref']; $pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
$pconfig['compression'] = isset($config['system']['webgui']['compression']) ? $config['system']['webgui']['compression'] : null;
if (!empty($config['system']['webgui']['ssl-ciphers'])) { if (!empty($config['system']['webgui']['ssl-ciphers'])) {
$pconfig['ssl-ciphers'] = explode(':', $config['system']['webgui']['ssl-ciphers']); $pconfig['ssl-ciphers'] = explode(':', $config['system']['webgui']['ssl-ciphers']);
} else { } else {
...@@ -98,6 +99,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -98,6 +99,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($config['system']['webgui']['protocol'] != $pconfig['webguiproto'] || if ($config['system']['webgui']['protocol'] != $pconfig['webguiproto'] ||
$config['system']['webgui']['port'] != $pconfig['webguiport'] || $config['system']['webgui']['port'] != $pconfig['webguiport'] ||
$config['system']['webgui']['ssl-certref'] != $pconfig['ssl-certref'] || $config['system']['webgui']['ssl-certref'] != $pconfig['ssl-certref'] ||
$config['system']['webgui']['compression'] != $pconfig['compression'] ||
$config['system']['webgui']['ssl-ciphers'] != $newciphers || $config['system']['webgui']['ssl-ciphers'] != $newciphers ||
($pconfig['disablehttpredirect'] == "yes") != !empty($config['system']['webgui']['disablehttpredirect']) ($pconfig['disablehttpredirect'] == "yes") != !empty($config['system']['webgui']['disablehttpredirect'])
) { ) {
...@@ -110,6 +112,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -110,6 +112,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$config['system']['webgui']['port'] = $pconfig['webguiport']; $config['system']['webgui']['port'] = $pconfig['webguiport'];
$config['system']['webgui']['ssl-certref'] = $pconfig['ssl-certref']; $config['system']['webgui']['ssl-certref'] = $pconfig['ssl-certref'];
$config['system']['webgui']['ssl-ciphers'] = $newciphers; $config['system']['webgui']['ssl-ciphers'] = $newciphers;
$config['system']['webgui']['compression'] = $pconfig['compression'];
if ($pconfig['disablehttpredirect'] == "yes") { if ($pconfig['disablehttpredirect'] == "yes") {
$config['system']['webgui']['disablehttpredirect'] = true; $config['system']['webgui']['disablehttpredirect'] = true;
...@@ -485,6 +488,29 @@ include("head.inc"); ...@@ -485,6 +488,29 @@ include("head.inc");
</div> </div>
</td> </td>
</tr> </tr>
<tr>
<td><a id="help_for_compression" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("WebGui Compression")?></td>
<td width="78%">
<select name="compression" class="formselect selectpicker">
<option value="" <?=empty($pconfig['compression'])? 'selected="selected"' : '';?>>
<?=gettext("Off");?>
</option>
<option value="1" <?=$pconfig['compression'] == "1" ? 'selected="selected"' : '';?>>
<?=gettext("Low");?>
</option>
<option value="5" <?=$pconfig['compression'] == "5" ? 'selected="selected"' : '';?>>
<?=gettext("Medium");?>
</option>
<option value="9" <?=$pconfig['compression'] == "9" ? 'selected="selected"' : '';?>>
<?=gettext("High");?>
</option>
</select>
<div class="hidden" for="help_for_compression">
<?=gettext("Enable compression of webgui pages and dynamic content.");?><br/>
<?=gettext("Transfer less data to the client for an additional cost in processing power.");?>
</div>
</td>
</tr>
<tr> <tr>
<td><a id="help_for_nohttpreferercheck" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("HTTP_REFERER enforcement"); ?></td> <td><a id="help_for_nohttpreferercheck" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("HTTP_REFERER enforcement"); ?></td>
<td> <td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment