Commit 60e9a521 authored by Jos Schellevis's avatar Jos Schellevis

Proxy service work in progress, now supports dropdown subtabs

parent 379ce6ec
......@@ -9,6 +9,25 @@
<default>0</default>
<Required>Y</Required>
</enabled>
<logging>
<enable>
<accessLog type="BooleanField">
<default>1</default>
<Required>Y</Required>
</accessLog>
<storeLog type="BooleanField">
<default>1</default>
<Required>Y</Required>
</storeLog>
</enable>
</logging>
<alternateDNSservers type="CSVListField">
<Required>N</Required>
</alternateDNSservers>
<dnsV4First type="BooleanField">
<default>0</default>
<Required>Y</Required>
</dnsV4First>
</general>
<forward>
<interfaces type="CSVListField">
......@@ -25,13 +44,10 @@
<default>1</default>
<Required>Y</Required>
</addACLforInterfaceSubnets>
<transparentProxyMode type="BooleanField">
<transparentMode type="BooleanField">
<default>0</default>
<Required>Y</Required>
</transparentProxyMode>
<alternateDNSservers type="CSVListField">
<Required>N</Required>
</alternateDNSservers>
</transparentMode>
</forward>
</items>
</model>
......@@ -71,16 +71,16 @@ POSSIBILITY OF SUCH DAMAGE.
});
});
$("#save_proxy-forward").click(function(){
$("#save_proxy-forward-general").click(function(){
// save data for Proxy TAB
saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward",callback_ok=function(){
saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward-general",callback_ok=function(){
// on correct save, perform reconfigure. set progress animation when reloading
$("#frm_proxy-forward_progress").addClass("fa fa-spinner fa-pulse");
$("#frm_proxy-forward-general_progress").addClass("fa fa-spinner fa-pulse");
//
ajaxCall(url="/api/proxy/service/reconfigure", sendData={}, callback=function(data,status){
// when done, disable progress animation.
$("#frm_proxy-forward_progress").removeClass("fa fa-spinner fa-pulse");
$("#frm_proxy-forward-general_progress").removeClass("fa fa-spinner fa-pulse");
if (status != "success" || data['status'] != 'ok' ) {
// fix error handling
......@@ -177,6 +177,37 @@ maxheight: define max height of select box, default=170px to hold 5 items
'label':'Enable proxy',
'type':'checkbox',
'help':'Enable or disable the proxy service.'
],
['id': 'proxy.general.logging.enable.accessLog',
'label':'Enable access logging',
'type':'checkbox',
'help':'Enable access logging for squid.',
'advanced':'true'
],
['id': 'proxy.general.logging.enable.storeLog',
'label':'Enable store logging',
'type':'checkbox',
'help':'Enable access logging for squid.',
'advanced':'true'
],
['id': 'proxy.general.alternateDNSservers',
'label':'Use alternate DNS-servers',
'type':'select_multiple',
'style':'tokenize',
'help':'Type IPs of alternative DNS servers you like to use.',
'hint':'Type IP adresses, followed by Enter.',
'allownew':'true',
'advanced':'true'
],
['id': 'proxy.general.dnsV4First',
'label':'Enable DNS v4 first',
'type':'checkbox',
'help':'This option reverses the order of preference to make Squid contact dual-stack websites over IPv4 first.
Squid will still perform both IPv6 and IPv4 DNS lookups before connecting.
<div class="alert alert-warning"><b class="text-danger">Warning:</b> This option will restrict the situations under which IPv6
connectivity is used (and tested). Hiding network problems
which would otherwise be detected and warned about.</div>',
'advanced':'true'
]}
],
['proxy-forward','Forward Proxy','subtabs': {
......@@ -193,7 +224,7 @@ maxheight: define max height of select box, default=170px to hold 5 items
'type':'text',
'help':'The port the proxy service will listen to.'
],
['id': 'proxy.forward.transparentProxyMode',
['id': 'proxy.forward.transparentMode',
'label':'Enable Transparent HTTP proxy',
'type':'checkbox',
'help':'Enable transparent proxe mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
......@@ -203,15 +234,6 @@ maxheight: define max height of select box, default=170px to hold 5 items
'type':'checkbox',
'help':'When enabled the subnets of the selected interfaces will be added to the allow access list.',
'advanced':'true'
],
['id': 'proxy.forward.alternateDNSservers',
'label':'Use alternate DNS-servers',
'type':'select_multiple',
'style':'tokenize',
'help':'Type IPs of alternative DNS servers you like to use.',
'hint':'Type IP adresses, followed by Enter.',
'allownew':'true',
'advanced':'true'
]}
]}
]
......
......@@ -40,9 +40,10 @@ POSSIBILITY OF SUCH DAMAGE.
{% endfor %}
<li role="presentation" class="dropdown {% if activetab|default("") == active_subtab %}active{% endif %}">
<a data-toggle="dropdown" href="#" class="dropdown-toggle" role="button">
<b>{{tab[1]}} <span class="caret"></span></b>
<a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
<b><span class="caret"></span></b>
</a>
<a data-toggle="tab" href="#subtab_{{tab['subtabs'][0][0]}}" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{tab[1]}}</b></a>
<ul class="dropdown-menu" role="menu">
{% for subtab in tab['subtabs']|default({})%}
<li class="{% if activetab|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
......
#
# Recommended minimum configuration:
#
# Automatic generated configuration for Squid.
# Do not edit this file manually.
# setup listen configuration
{% if helpers.exists('OPNsense.proxy.general.port') %}
{% for interface in OPNsense.proxy.general.interfaces.split(",") %}
{% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
{% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.general.port }}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }} {%if OPNsense.proxy.forward.transparentMode == '1' %}tproxy{% endif %}
{% endif %}
{% endfor %}
{# virtual ip's #}
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
http_port {{intf_item.subnet}}:{{ OPNsense.proxy.general.port }}
http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
{% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %}
{% if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %}
{% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
acl localnet src {{intf_item.ipaddr}}/{{intf_item.subnet}} # Possible internal network
{% endif %}
{% endfor %}
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
......@@ -89,3 +103,28 @@ refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# Squid Options
{% if helpers.exists('OPNsense.proxy.general.dnsV4First') %}
{% if OPNsense.proxy.general.dnsV4First == '1' %}
# dns_v4_first reverses the order of preference to make Squid contact dual-stack websites over IPv4 first
dns_v4_first on
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.logging.enable.accessLog') %}
{% if OPNsense.proxy.general.logging.enable.accessLog == '0' %}
# Disable access logging
access_log none
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.logging.enable.storeLog') %}
{% if OPNsense.proxy.general.logging.enable.storeLog == '0' %}
# Disable cache store log
cache_store_log none
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.alternateDNSservers' ) %}
{% for dns in OPNsense.proxy.general.alternateDNSservers.split(",") %}
dns_nameservers {{dns}}
{% endfor %}
{% endif %}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment