lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 03:16:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated listeners generation

Browse Source 
Slightly extended sslbump_httpsconfig macro to make usable in regular listener strings; renamed macro to listener_config.
This commit is contained in:
Mikhail Morev 2017-01-12 12:15:01 +06:00 committed by GitHub
parent c9e1423f58
commit 53e4be2759
1 changed files with 31 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/opnsense/service/templates/OPNsense/Proxy/squid.conf
View File

@ -3,46 +3,44 @@
# Do not edit this file manually.
#
{# wrap http_port ssl bump configuration for reuse #}
{% macro sslbump_httpsconfig(network, tags='') -%}
{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %}
https_port {{network}}:{{OPNsense.proxy.forward.sslbumpport|default('3129')}} {{tags}} ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
{% endif %}
{# wrap listener configuration for reuse #}
{% macro listener_config(network, port='3129', tags='', protocol='') -%}
{% if protocol == 'ssl' %}
{% set listener_type = 'https_port' %}
{% else %}
{% set listener_type = 'http_port' %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %}
{% set sslparams = 'ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on' %}
{% endif %}
{{listener_type}} {{network}}:{{port}} {{tags}} {{sslparams}}
{%- endmacro %}
{% if helpers.exists('OPNsense.proxy.forward.transparentMode') and OPNsense.proxy.forward.transparentMode == '1' %}
# transparent mode, listen on localhost
http_port 127.0.0.1:{{ OPNsense.proxy.forward.port }} intercept
{{ sslbump_httpsconfig('127.0.0.1', 'intercept') }}
http_port [::1]:{{ OPNsense.proxy.forward.port }} intercept
{{ sslbump_httpsconfig('[::1]', 'intercept') }}
# Setup transparent mode listeners on loopback interfaces
{{ listener_config('127.0.0.1', OPNsense.proxy.forward.port, 'intercept') }}
{{ listener_config('127.0.0.1', OPNsense.proxy.forward.sslbumpport, 'intercept', 'ssl') }}
{{ listener_config('[::1]', OPNsense.proxy.forward.port, 'intercept') }}
{{ listener_config('[::1]', OPNsense.proxy.forward.sslbumpport, 'intercept', 'ssl') }}
{% endif %}
# Setup listen configuration
# Setup regular listeners configuration
{% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
{% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }} ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
{% else %}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }}
{% endif %}
{% endif %}
{% endfor %}
{% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
{{ listener_config(intf_item.ipaddr, OPNsense.proxy.forward.port) }}
{% endif %}
{% endfor %}
{# virtual ip's #}
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %}
http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }} ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
{% else %}
http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
{{ listener_config(intf_item.subnet, OPNsense.proxy.forward.port) }}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %}