Commit 60e9a521 authored by Jos Schellevis's avatar Jos Schellevis

Proxy service work in progress, now supports dropdown subtabs

parent 379ce6ec
...@@ -9,6 +9,25 @@ ...@@ -9,6 +9,25 @@
<default>0</default> <default>0</default>
<Required>Y</Required> <Required>Y</Required>
</enabled> </enabled>
<logging>
<enable>
<accessLog type="BooleanField">
<default>1</default>
<Required>Y</Required>
</accessLog>
<storeLog type="BooleanField">
<default>1</default>
<Required>Y</Required>
</storeLog>
</enable>
</logging>
<alternateDNSservers type="CSVListField">
<Required>N</Required>
</alternateDNSservers>
<dnsV4First type="BooleanField">
<default>0</default>
<Required>Y</Required>
</dnsV4First>
</general> </general>
<forward> <forward>
<interfaces type="CSVListField"> <interfaces type="CSVListField">
...@@ -25,13 +44,10 @@ ...@@ -25,13 +44,10 @@
<default>1</default> <default>1</default>
<Required>Y</Required> <Required>Y</Required>
</addACLforInterfaceSubnets> </addACLforInterfaceSubnets>
<transparentProxyMode type="BooleanField"> <transparentMode type="BooleanField">
<default>0</default> <default>0</default>
<Required>Y</Required> <Required>Y</Required>
</transparentProxyMode> </transparentMode>
<alternateDNSservers type="CSVListField">
<Required>N</Required>
</alternateDNSservers>
</forward> </forward>
</items> </items>
</model> </model>
...@@ -71,16 +71,16 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -71,16 +71,16 @@ POSSIBILITY OF SUCH DAMAGE.
}); });
}); });
$("#save_proxy-forward").click(function(){ $("#save_proxy-forward-general").click(function(){
// save data for Proxy TAB // save data for Proxy TAB
saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward",callback_ok=function(){ saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward-general",callback_ok=function(){
// on correct save, perform reconfigure. set progress animation when reloading // on correct save, perform reconfigure. set progress animation when reloading
$("#frm_proxy-forward_progress").addClass("fa fa-spinner fa-pulse"); $("#frm_proxy-forward-general_progress").addClass("fa fa-spinner fa-pulse");
// //
ajaxCall(url="/api/proxy/service/reconfigure", sendData={}, callback=function(data,status){ ajaxCall(url="/api/proxy/service/reconfigure", sendData={}, callback=function(data,status){
// when done, disable progress animation. // when done, disable progress animation.
$("#frm_proxy-forward_progress").removeClass("fa fa-spinner fa-pulse"); $("#frm_proxy-forward-general_progress").removeClass("fa fa-spinner fa-pulse");
if (status != "success" || data['status'] != 'ok' ) { if (status != "success" || data['status'] != 'ok' ) {
// fix error handling // fix error handling
...@@ -177,6 +177,37 @@ maxheight: define max height of select box, default=170px to hold 5 items ...@@ -177,6 +177,37 @@ maxheight: define max height of select box, default=170px to hold 5 items
'label':'Enable proxy', 'label':'Enable proxy',
'type':'checkbox', 'type':'checkbox',
'help':'Enable or disable the proxy service.' 'help':'Enable or disable the proxy service.'
],
['id': 'proxy.general.logging.enable.accessLog',
'label':'Enable access logging',
'type':'checkbox',
'help':'Enable access logging for squid.',
'advanced':'true'
],
['id': 'proxy.general.logging.enable.storeLog',
'label':'Enable store logging',
'type':'checkbox',
'help':'Enable access logging for squid.',
'advanced':'true'
],
['id': 'proxy.general.alternateDNSservers',
'label':'Use alternate DNS-servers',
'type':'select_multiple',
'style':'tokenize',
'help':'Type IPs of alternative DNS servers you like to use.',
'hint':'Type IP adresses, followed by Enter.',
'allownew':'true',
'advanced':'true'
],
['id': 'proxy.general.dnsV4First',
'label':'Enable DNS v4 first',
'type':'checkbox',
'help':'This option reverses the order of preference to make Squid contact dual-stack websites over IPv4 first.
Squid will still perform both IPv6 and IPv4 DNS lookups before connecting.
<div class="alert alert-warning"><b class="text-danger">Warning:</b> This option will restrict the situations under which IPv6
connectivity is used (and tested). Hiding network problems
which would otherwise be detected and warned about.</div>',
'advanced':'true'
]} ]}
], ],
['proxy-forward','Forward Proxy','subtabs': { ['proxy-forward','Forward Proxy','subtabs': {
...@@ -193,7 +224,7 @@ maxheight: define max height of select box, default=170px to hold 5 items ...@@ -193,7 +224,7 @@ maxheight: define max height of select box, default=170px to hold 5 items
'type':'text', 'type':'text',
'help':'The port the proxy service will listen to.' 'help':'The port the proxy service will listen to.'
], ],
['id': 'proxy.forward.transparentProxyMode', ['id': 'proxy.forward.transparentMode',
'label':'Enable Transparent HTTP proxy', 'label':'Enable Transparent HTTP proxy',
'type':'checkbox', 'type':'checkbox',
'help':'Enable transparent proxe mode to forward all requests for destination port 80 to the proxy server without any additional configuration.' 'help':'Enable transparent proxe mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
...@@ -203,15 +234,6 @@ maxheight: define max height of select box, default=170px to hold 5 items ...@@ -203,15 +234,6 @@ maxheight: define max height of select box, default=170px to hold 5 items
'type':'checkbox', 'type':'checkbox',
'help':'When enabled the subnets of the selected interfaces will be added to the allow access list.', 'help':'When enabled the subnets of the selected interfaces will be added to the allow access list.',
'advanced':'true' 'advanced':'true'
],
['id': 'proxy.forward.alternateDNSservers',
'label':'Use alternate DNS-servers',
'type':'select_multiple',
'style':'tokenize',
'help':'Type IPs of alternative DNS servers you like to use.',
'hint':'Type IP adresses, followed by Enter.',
'allownew':'true',
'advanced':'true'
]} ]}
]} ]}
] ]
......
...@@ -40,9 +40,10 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -40,9 +40,10 @@ POSSIBILITY OF SUCH DAMAGE.
{% endfor %} {% endfor %}
<li role="presentation" class="dropdown {% if activetab|default("") == active_subtab %}active{% endif %}"> <li role="presentation" class="dropdown {% if activetab|default("") == active_subtab %}active{% endif %}">
<a data-toggle="dropdown" href="#" class="dropdown-toggle" role="button"> <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
<b>{{tab[1]}} <span class="caret"></span></b> <b><span class="caret"></span></b>
</a> </a>
<a data-toggle="tab" href="#subtab_{{tab['subtabs'][0][0]}}" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{tab[1]}}</b></a>
<ul class="dropdown-menu" role="menu"> <ul class="dropdown-menu" role="menu">
{% for subtab in tab['subtabs']|default({})%} {% for subtab in tab['subtabs']|default({})%}
<li class="{% if activetab|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li> <li class="{% if activetab|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
......
# #
# Recommended minimum configuration: # Automatic generated configuration for Squid.
# # Do not edit this file manually.
# setup listen configuration # setup listen configuration
{% if helpers.exists('OPNsense.proxy.general.port') %} {% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
{% for interface in OPNsense.proxy.general.interfaces.split(",") %} {% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %} {% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %} {% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.general.port }} http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }} {%if OPNsense.proxy.forward.transparentMode == '1' %}tproxy{% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{# virtual ip's #} {# virtual ip's #}
{% if helpers.exists('virtualip') %} {% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %} {% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %} {% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
http_port {{intf_item.subnet}}:{{ OPNsense.proxy.general.port }} http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
# Example rule allowing access from your local networks. # Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing # Adapt to list your (internal) IP networks from where browsing
# should be allowed # should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network {% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %}
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network {% if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %}
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network {% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
acl localnet src fc00::/7 # RFC 4193 local private network range {% for intf_key,intf_item in interfaces.iteritems() %}
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines {% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
acl localnet src {{intf_item.ipaddr}}/{{intf_item.subnet}} # Possible internal network
{% endif %}
{% endfor %}
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443 acl SSL_ports port 443
acl Safe_ports port 80 # http acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp acl Safe_ports port 21 # ftp
...@@ -89,3 +103,28 @@ refresh_pattern ^ftp: 1440 20% 10080 ...@@ -89,3 +103,28 @@ refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320 refresh_pattern . 0 20% 4320
# Squid Options
{% if helpers.exists('OPNsense.proxy.general.dnsV4First') %}
{% if OPNsense.proxy.general.dnsV4First == '1' %}
# dns_v4_first reverses the order of preference to make Squid contact dual-stack websites over IPv4 first
dns_v4_first on
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.logging.enable.accessLog') %}
{% if OPNsense.proxy.general.logging.enable.accessLog == '0' %}
# Disable access logging
access_log none
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.logging.enable.storeLog') %}
{% if OPNsense.proxy.general.logging.enable.storeLog == '0' %}
# Disable cache store log
cache_store_log none
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.alternateDNSservers' ) %}
{% for dns in OPNsense.proxy.general.alternateDNSservers.split(",") %}
dns_nameservers {{dns}}
{% endfor %}
{% endif %}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment