Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
60e9a521
Commit
60e9a521
authored
Apr 09, 2015
by
Jos Schellevis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Proxy service work in progress, now supports dropdown subtabs
parent
379ce6ec
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
126 additions
and
48 deletions
+126
-48
Proxy.xml
src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+25
-9
index.volt
src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
+36
-14
base_tabs.volt
src/opnsense/mvc/app/views/layout_partials/base_tabs.volt
+13
-12
squid.conf
src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+52
-13
No files found.
src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
View file @
60e9a521
...
@@ -9,6 +9,25 @@
...
@@ -9,6 +9,25 @@
<default>
0
</default>
<default>
0
</default>
<Required>
Y
</Required>
<Required>
Y
</Required>
</enabled>
</enabled>
<logging>
<enable>
<accessLog
type=
"BooleanField"
>
<default>
1
</default>
<Required>
Y
</Required>
</accessLog>
<storeLog
type=
"BooleanField"
>
<default>
1
</default>
<Required>
Y
</Required>
</storeLog>
</enable>
</logging>
<alternateDNSservers
type=
"CSVListField"
>
<Required>
N
</Required>
</alternateDNSservers>
<dnsV4First
type=
"BooleanField"
>
<default>
0
</default>
<Required>
Y
</Required>
</dnsV4First>
</general>
</general>
<forward>
<forward>
<interfaces
type=
"CSVListField"
>
<interfaces
type=
"CSVListField"
>
...
@@ -25,13 +44,10 @@
...
@@ -25,13 +44,10 @@
<default>
1
</default>
<default>
1
</default>
<Required>
Y
</Required>
<Required>
Y
</Required>
</addACLforInterfaceSubnets>
</addACLforInterfaceSubnets>
<transparent
Proxy
Mode
type=
"BooleanField"
>
<transparentMode
type=
"BooleanField"
>
<default>
0
</default>
<default>
0
</default>
<Required>
Y
</Required>
<Required>
Y
</Required>
</transparentProxyMode>
</transparentMode>
<alternateDNSservers
type=
"CSVListField"
>
<Required>
N
</Required>
</alternateDNSservers>
</forward>
</forward>
</items>
</items>
</model>
</model>
src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
View file @
60e9a521
...
@@ -71,16 +71,16 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -71,16 +71,16 @@ POSSIBILITY OF SUCH DAMAGE.
});
});
});
});
$("#save_proxy-forward").click(function(){
$("#save_proxy-forward
-general
").click(function(){
// save data for Proxy TAB
// save data for Proxy TAB
saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward",callback_ok=function(){
saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward
-general
",callback_ok=function(){
// on correct save, perform reconfigure. set progress animation when reloading
// on correct save, perform reconfigure. set progress animation when reloading
$("#frm_proxy-forward_progress").addClass("fa fa-spinner fa-pulse");
$("#frm_proxy-forward
-general
_progress").addClass("fa fa-spinner fa-pulse");
//
//
ajaxCall(url="/api/proxy/service/reconfigure", sendData={}, callback=function(data,status){
ajaxCall(url="/api/proxy/service/reconfigure", sendData={}, callback=function(data,status){
// when done, disable progress animation.
// when done, disable progress animation.
$("#frm_proxy-forward_progress").removeClass("fa fa-spinner fa-pulse");
$("#frm_proxy-forward
-general
_progress").removeClass("fa fa-spinner fa-pulse");
if (status != "success" || data['status'] != 'ok' ) {
if (status != "success" || data['status'] != 'ok' ) {
// fix error handling
// fix error handling
...
@@ -177,6 +177,37 @@ maxheight: define max height of select box, default=170px to hold 5 items
...
@@ -177,6 +177,37 @@ maxheight: define max height of select box, default=170px to hold 5 items
'label':'Enable proxy',
'label':'Enable proxy',
'type':'checkbox',
'type':'checkbox',
'help':'Enable or disable the proxy service.'
'help':'Enable or disable the proxy service.'
],
['id': 'proxy.general.logging.enable.accessLog',
'label':'Enable access logging',
'type':'checkbox',
'help':'Enable access logging for squid.',
'advanced':'true'
],
['id': 'proxy.general.logging.enable.storeLog',
'label':'Enable store logging',
'type':'checkbox',
'help':'Enable access logging for squid.',
'advanced':'true'
],
['id': 'proxy.general.alternateDNSservers',
'label':'Use alternate DNS-servers',
'type':'select_multiple',
'style':'tokenize',
'help':'Type IPs of alternative DNS servers you like to use.',
'hint':'Type IP adresses, followed by Enter.',
'allownew':'true',
'advanced':'true'
],
['id': 'proxy.general.dnsV4First',
'label':'Enable DNS v4 first',
'type':'checkbox',
'help':'This option reverses the order of preference to make Squid contact dual-stack websites over IPv4 first.
Squid will still perform both IPv6 and IPv4 DNS lookups before connecting.
<div class="alert alert-warning"><b class="text-danger">Warning:</b> This option will restrict the situations under which IPv6
connectivity is used (and tested). Hiding network problems
which would otherwise be detected and warned about.</div>',
'advanced':'true'
]}
]}
],
],
['proxy-forward','Forward Proxy','subtabs': {
['proxy-forward','Forward Proxy','subtabs': {
...
@@ -193,7 +224,7 @@ maxheight: define max height of select box, default=170px to hold 5 items
...
@@ -193,7 +224,7 @@ maxheight: define max height of select box, default=170px to hold 5 items
'type':'text',
'type':'text',
'help':'The port the proxy service will listen to.'
'help':'The port the proxy service will listen to.'
],
],
['id': 'proxy.forward.transparent
Proxy
Mode',
['id': 'proxy.forward.transparentMode',
'label':'Enable Transparent HTTP proxy',
'label':'Enable Transparent HTTP proxy',
'type':'checkbox',
'type':'checkbox',
'help':'Enable transparent proxe mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
'help':'Enable transparent proxe mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
...
@@ -203,15 +234,6 @@ maxheight: define max height of select box, default=170px to hold 5 items
...
@@ -203,15 +234,6 @@ maxheight: define max height of select box, default=170px to hold 5 items
'type':'checkbox',
'type':'checkbox',
'help':'When enabled the subnets of the selected interfaces will be added to the allow access list.',
'help':'When enabled the subnets of the selected interfaces will be added to the allow access list.',
'advanced':'true'
'advanced':'true'
],
['id': 'proxy.forward.alternateDNSservers',
'label':'Use alternate DNS-servers',
'type':'select_multiple',
'style':'tokenize',
'help':'Type IPs of alternative DNS servers you like to use.',
'hint':'Type IP adresses, followed by Enter.',
'allownew':'true',
'advanced':'true'
]}
]}
]}
]}
]
]
...
...
src/opnsense/mvc/app/views/layout_partials/base_tabs.volt
View file @
60e9a521
...
@@ -40,9 +40,10 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -40,9 +40,10 @@ POSSIBILITY OF SUCH DAMAGE.
{% endfor %}
{% endfor %}
<li role="presentation" class="dropdown {% if activetab|default("") == active_subtab %}active{% endif %}">
<li role="presentation" class="dropdown {% if activetab|default("") == active_subtab %}active{% endif %}">
<a data-toggle="dropdown" href="#" class="dropdown-toggle
" role="button
">
<a data-toggle="dropdown" href="#" class="dropdown-toggle
pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;
">
<b>
{{tab[1]}}
<span class="caret"></span></b>
<b><span class="caret"></span></b>
</a>
</a>
<a data-toggle="tab" href="#subtab_{{tab['subtabs'][0][0]}}" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{tab[1]}}</b></a>
<ul class="dropdown-menu" role="menu">
<ul class="dropdown-menu" role="menu">
{% for subtab in tab['subtabs']|default({})%}
{% for subtab in tab['subtabs']|default({})%}
<li class="{% if activetab|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
<li class="{% if activetab|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
...
...
src/opnsense/service/templates/OPNsense/Proxy/squid.conf
View file @
60e9a521
#
#
#
Recommended minimum configuration:
#
Automatic generated configuration for Squid.
#
#
Do not edit this file manually.
# setup listen configuration
# setup listen configuration
{%
if
helpers
.
exists
(
'OPNsense.proxy.
general.port
'
) %}
{%
if
helpers
.
exists
(
'OPNsense.proxy.
forward.interfaces
'
) %}
{%
for
interface
in
OPNsense
.
proxy
.
general
.
interfaces
.
split
(
","
) %}
{%
for
interface
in
OPNsense
.
proxy
.
forward
.
interfaces
.
split
(
","
) %}
{%
for
intf_key
,
intf_item
in
interfaces
.
iteritems
() %}
{%
for
intf_key
,
intf_item
in
interfaces
.
iteritems
() %}
{%
if
intf_key
==
interface
and
intf_item
.
ipaddr
!=
'dhcp'
%}
{%
if
intf_key
==
interface
and
intf_item
.
ipaddr
!=
'dhcp'
%}
http_port
{{
intf_item
.
ipaddr
}}:{{
OPNsense
.
proxy
.
general
.
port
}}
http_port
{{
intf_item
.
ipaddr
}}:{{
OPNsense
.
proxy
.
forward
.
port
}} {%
if
OPNsense
.
proxy
.
forward
.
transparentMode
==
'1'
%}
tproxy
{%
endif
%}
{%
endif
%}
{%
endif
%}
{%
endfor
%}
{%
endfor
%}
{
# virtual ip's #}
{
# virtual ip's #}
{%
if
helpers
.
exists
(
'virtualip'
) %}
{%
if
helpers
.
exists
(
'virtualip'
) %}
{%
for
intf_key
,
intf_item
in
virtualip
.
iteritems
() %}
{%
for
intf_key
,
intf_item
in
virtualip
.
iteritems
() %}
{%
if
intf_item
.
interface
==
interface
and
intf_item
.
mode
==
'ipalias'
%}
{%
if
intf_item
.
interface
==
interface
and
intf_item
.
mode
==
'ipalias'
%}
http_port
{{
intf_item
.
subnet
}}:{{
OPNsense
.
proxy
.
general
.
port
}}
http_port
{{
intf_item
.
subnet
}}:{{
OPNsense
.
proxy
.
forward
.
port
}}
{%
endif
%}
{%
endif
%}
{%
endfor
%}
{%
endfor
%}
{%
endif
%}
{%
endif
%}
{%
endfor
%}
{%
endfor
%}
{%
endif
%}
{%
endif
%}
# Example rule allowing access from your local networks.
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# should be allowed
acl
localnet
src
10
.
0
.
0
.
0
/
8
# RFC1918 possible internal network
{%
if
helpers
.
exists
(
'OPNsense.proxy.forward.addACLforInterfaceSubnets'
) %}
acl
localnet
src
172
.
16
.
0
.
0
/
12
# RFC1918 possible internal network
{%
if
OPNsense
.
proxy
.
forward
.
addACLforInterfaceSubnets
==
'1'
%}
acl
localnet
src
192
.
168
.
0
.
0
/
16
# RFC1918 possible internal network
{%
for
interface
in
OPNsense
.
proxy
.
forward
.
interfaces
.
split
(
","
) %}
acl
localnet
src
fc00
::/
7
# RFC 4193 local private network range
{%
for
intf_key
,
intf_item
in
interfaces
.
iteritems
() %}
acl
localnet
src
fe80
::/
10
# RFC 4291 link-local (directly plugged) machines
{%
if
intf_key
==
interface
and
intf_item
.
ipaddr
!=
'dhcp'
%}
acl
localnet
src
{{
intf_item
.
ipaddr
}}/{{
intf_item
.
subnet
}}
# Possible internal network
{%
endif
%}
{%
endfor
%}
{%
if
helpers
.
exists
(
'virtualip'
) %}
{%
for
intf_key
,
intf_item
in
virtualip
.
iteritems
() %}
{%
if
intf_item
.
interface
==
interface
and
intf_item
.
mode
==
'ipalias'
%}
acl
localnet
src
{{
intf_item
.
subnet
}}/{{
intf_item
.
subnet
}}
# Possible internal network
{%
endif
%}
{%
endfor
%}
{%
endif
%}
{%
endfor
%}
{%
endif
%}
{%
endif
%}
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl
SSL_ports
port
443
acl
SSL_ports
port
443
acl
Safe_ports
port
80
# http
acl
Safe_ports
port
80
# http
acl
Safe_ports
port
21
# ftp
acl
Safe_ports
port
21
# ftp
...
@@ -89,3 +103,28 @@ refresh_pattern ^ftp: 1440 20% 10080
...
@@ -89,3 +103,28 @@ refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern
^
gopher
:
1440
0
%
1440
refresh_pattern
^
gopher
:
1440
0
%
1440
refresh_pattern
-
i
(/
cgi
-
bin
/|\?)
0
0
%
0
refresh_pattern
-
i
(/
cgi
-
bin
/|\?)
0
0
%
0
refresh_pattern
.
0
20
%
4320
refresh_pattern
.
0
20
%
4320
# Squid Options
{%
if
helpers
.
exists
(
'OPNsense.proxy.general.dnsV4First'
) %}
{%
if
OPNsense
.
proxy
.
general
.
dnsV4First
==
'1'
%}
# dns_v4_first reverses the order of preference to make Squid contact dual-stack websites over IPv4 first
dns_v4_first
on
{%
endif
%}
{%
endif
%}
{%
if
helpers
.
exists
(
'OPNsense.proxy.general.logging.enable.accessLog'
) %}
{%
if
OPNsense
.
proxy
.
general
.
logging
.
enable
.
accessLog
==
'0'
%}
# Disable access logging
access_log
none
{%
endif
%}
{%
endif
%}
{%
if
helpers
.
exists
(
'OPNsense.proxy.general.logging.enable.storeLog'
) %}
{%
if
OPNsense
.
proxy
.
general
.
logging
.
enable
.
storeLog
==
'0'
%}
# Disable cache store log
cache_store_log
none
{%
endif
%}
{%
endif
%}
{%
if
helpers
.
exists
(
'OPNsense.proxy.general.alternateDNSservers'
) %}
{%
for
dns
in
OPNsense
.
proxy
.
general
.
alternateDNSservers
.
split
(
","
) %}
dns_nameservers
{{
dns
}}
{%
endfor
%}
{%
endif
%}
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment