From 107632b08203754a2c12685aed89be63dec8aba6 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sat, 23 Sep 2017 16:26:28 +0200 Subject: [PATCH] web proxy: move plugin reloads to backend directly This avoids double-bouncing. ConfigParser allows header continuation, something we've discussed briefly during the SSO plugin review. In this style, the scripting becomes more obvious. --- .../OPNsense/Proxy/Api/ServiceController.php | 8 ------ .../service/conf/actions.d/actions_proxy.conf | 25 +++++++++++++++---- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php index d41568ff5..44e4e2417 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php @@ -46,8 +46,6 @@ class ServiceController extends ApiControllerBase { if ($this->request->isPost()) { $backend = new Backend(); - /* XXX why don't we run this from the backend directly? */ - $backend->configdRun('plugins webproxy start'); $response = $backend->configdRun("proxy start", true); return array("response" => $response); } else { @@ -64,8 +62,6 @@ class ServiceController extends ApiControllerBase if ($this->request->isPost()) { $backend = new Backend(); $response = $backend->configdRun("proxy stop"); - /* XXX why don't we run this from the backend directly? */ - $backend->configdRun('plugins webproxy stop'); return array("response" => $response); } else { return array("response" => array()); @@ -80,8 +76,6 @@ class ServiceController extends ApiControllerBase { if ($this->request->isPost()) { $backend = new Backend(); - /* XXX why don't we run this from the backend directly? */ - $backend->configdRun('plugins webproxy restart'); $response = $backend->configdRun("proxy restart"); return array("response" => $response); } else { @@ -156,8 +150,6 @@ class ServiceController extends ApiControllerBase // (res)start daemon if ($mdlProxy->general->enabled->__toString() == 1) { if ($runStatus['status'] == "running" && !$force_restart) { - /* XXX why don't we run this from the backend directly? */ - $backend->configdRun('plugins webproxy reconfigure'); $backend->configdRun("proxy reconfigure"); } else { $this->startAction(); diff --git a/src/opnsense/service/conf/actions.d/actions_proxy.conf b/src/opnsense/service/conf/actions.d/actions_proxy.conf index 6525f5e2d..c0b0fd8e8 100644 --- a/src/opnsense/service/conf/actions.d/actions_proxy.conf +++ b/src/opnsense/service/conf/actions.d/actions_proxy.conf @@ -1,23 +1,34 @@ [start] -command:/usr/local/opnsense/scripts/proxy/setup.sh;/usr/local/etc/rc.d/squid start +command: + /usr/local/opnsense/scripts/proxy/setup.sh; + /usr/local/etc/rc.plugins_configure webproxy start; + /usr/local/etc/rc.d/squid start parameters: type:script message:starting proxy [stop] -command:/usr/local/etc/rc.d/squid stop;/usr/bin/killall squid;exit 0 +command: + /usr/local/etc/rc.d/squid stop; + /usr/bin/killall squid; + /usr/local/etc/rc.plugins_configure webproxy stop; + exit 0 parameters: type:script message:stopping proxy [restart] -command:/usr/local/etc/rc.d/squid restart +command: + /usr/local/etc/rc.plugins_configure webproxy restart; + /usr/local/etc/rc.d/squid restart parameters: type:script message:restarting proxy [reconfigure] -command:/usr/local/etc/rc.d/squid reload +command: + /usr/local/etc/rc.plugins_configure webproxy reconfigure; + /usr/local/etc/rc.d/squid reload parameters: type:script message:reconfigure proxy @@ -29,7 +40,11 @@ type:script_output message:request proxy status [fetchacls] -command:/usr/local/opnsense/scripts/proxy/fetchACLs.py&&/usr/local/etc/rc.d/squid reload +command: + /usr/local/opnsense/scripts/proxy/fetchACLs.py && ( + /usr/local/etc/rc.plugins_configure webproxy reconfigure; + /usr/local/etc/rc.d/squid reload + ) parameters: type:script message:download and reload proxy ACLs from remote locations