Proxy service work in progress, now supports dropdown subtabs

2026-03-20 03:16:12 +00:00 · 2015-04-09 14:46:23 +02:00 · 2015-04-09 14:46:23 +02:00 · 60e9a521bf
commit 60e9a521bf
parent 379ce6ecd5
4 changed files with 126 additions and 48 deletions
--- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@ -5,10 +5,29 @@
    </description>
    <items>
        <general>
-        <enabled type="BooleanField">
-            <default>0</default>
-            <Required>Y</Required>
-        </enabled>
+            <enabled type="BooleanField">
+                <default>0</default>
+                <Required>Y</Required>
+            </enabled>
+            <logging>
+                <enable>
+                    <accessLog type="BooleanField">
+                        <default>1</default>
+                        <Required>Y</Required>
+                    </accessLog>
+                    <storeLog type="BooleanField">
+                        <default>1</default>
+                        <Required>Y</Required>
+                    </storeLog>
+                </enable>
+            </logging>
+            <alternateDNSservers type="CSVListField">
+                <Required>N</Required>
+            </alternateDNSservers>
+            <dnsV4First type="BooleanField">
+                <default>0</default>
+                <Required>Y</Required>
+            </dnsV4First>
        </general>
        <forward>
            <interfaces type="CSVListField">
@ -25,13 +44,10 @@
                <default>1</default>
                <Required>Y</Required>
            </addACLforInterfaceSubnets>
-            <transparentProxyMode type="BooleanField">
+            <transparentMode type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
-            </transparentProxyMode>
-            <alternateDNSservers type="CSVListField">
-                <Required>N</Required>
-            </alternateDNSservers>
+            </transparentMode>
        </forward>
    </items>
 </model>
--- a/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
@ -71,16 +71,16 @@ POSSIBILITY OF SUCH DAMAGE.

            });
        });
-        $("#save_proxy-forward").click(function(){
+        $("#save_proxy-forward-general").click(function(){
            // save data for Proxy TAB
-            saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward",callback_ok=function(){
+            saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward-general",callback_ok=function(){
                // on correct save, perform reconfigure. set progress animation when reloading
-                $("#frm_proxy-forward_progress").addClass("fa fa-spinner fa-pulse");
+                $("#frm_proxy-forward-general_progress").addClass("fa fa-spinner fa-pulse");

                //
                ajaxCall(url="/api/proxy/service/reconfigure", sendData={}, callback=function(data,status){
                    // when done, disable progress animation.
-                    $("#frm_proxy-forward_progress").removeClass("fa fa-spinner fa-pulse");
+                    $("#frm_proxy-forward-general_progress").removeClass("fa fa-spinner fa-pulse");

                    if (status != "success" || data['status'] != 'ok' ) {
                        // fix error handling
@ -177,6 +177,37 @@ maxheight: define max height of select box, default=170px to hold 5 items
            'label':'Enable proxy',
            'type':'checkbox',
            'help':'Enable or disable the proxy service.'
+            ],
+            ['id': 'proxy.general.logging.enable.accessLog',
+            'label':'Enable access logging',
+            'type':'checkbox',
+            'help':'Enable access logging for squid.',
+            'advanced':'true'
+            ],
+            ['id': 'proxy.general.logging.enable.storeLog',
+            'label':'Enable store logging',
+            'type':'checkbox',
+            'help':'Enable access logging for squid.',
+            'advanced':'true'
+            ],
+            ['id': 'proxy.general.alternateDNSservers',
+            'label':'Use alternate DNS-servers',
+            'type':'select_multiple',
+            'style':'tokenize',
+            'help':'Type IPs of alternative DNS servers you like to use.',
+            'hint':'Type IP adresses, followed by Enter.',
+            'allownew':'true',
+            'advanced':'true'
+            ],
+            ['id': 'proxy.general.dnsV4First',
+            'label':'Enable DNS v4 first',
+            'type':'checkbox',
+            'help':'This option reverses the order of preference to make Squid contact dual-stack websites over IPv4 first.
+            Squid will still perform both IPv6 and IPv4 DNS lookups before connecting.
+            <div class="alert alert-warning"><b class="text-danger">Warning:</b> This option will restrict the situations under which IPv6
+                connectivity is used (and tested). Hiding network problems
+                which would otherwise be detected and warned about.</div>',
+            'advanced':'true'
            ]}
        ],
        ['proxy-forward','Forward Proxy','subtabs': {
@ -193,7 +224,7 @@ maxheight: define max height of select box, default=170px to hold 5 items
                'type':'text',
                'help':'The port the proxy service will listen to.'
                ],
-                ['id': 'proxy.forward.transparentProxyMode',
+                ['id': 'proxy.forward.transparentMode',
                'label':'Enable Transparent HTTP proxy',
                'type':'checkbox',
                'help':'Enable transparent proxe mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
@ -203,15 +234,6 @@ maxheight: define max height of select box, default=170px to hold 5 items
                'type':'checkbox',
                'help':'When enabled the subnets of the selected interfaces will be added to the allow access list.',
                'advanced':'true'
-                ],
-                ['id': 'proxy.forward.alternateDNSservers',
-                'label':'Use alternate DNS-servers',
-                'type':'select_multiple',
-                'style':'tokenize',
-                'help':'Type IPs of alternative DNS servers you like to use.',
-                'hint':'Type IP adresses, followed by Enter.',
-                'allownew':'true',
-                'advanced':'true'
                ]}
            ]}
        ]
--- a/src/opnsense/mvc/app/views/layout_partials/base_tabs.volt
+++ b/src/opnsense/mvc/app/views/layout_partials/base_tabs.volt
@ -40,22 +40,23 @@ POSSIBILITY OF SUCH DAMAGE.
            {% endfor %}

        <li role="presentation" class="dropdown {% if activetab|default("") == active_subtab %}active{% endif %}">
-            <a data-toggle="dropdown" href="#" class="dropdown-toggle" role="button">
-                <b>{{tab[1]}} <span class="caret"></span></b>
+            <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
+                <b><span class="caret"></span></b>
            </a>
-             <ul class="dropdown-menu" role="menu">
-                 {% for subtab in tab['subtabs']|default({})%}
-                 <li class="{% if activetab|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
-                 {% endfor %}
-             </ul>
+            <a data-toggle="tab" href="#subtab_{{tab['subtabs'][0][0]}}" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{tab[1]}}</b></a>
+            <ul class="dropdown-menu" role="menu">
+                {% for subtab in tab['subtabs']|default({})%}
+                <li class="{% if activetab|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
+                {% endfor %}
+            </ul>
        </li>
    {% else %}
        {# Standard Tab #}
-            <li {% if activetab|default("") == tab[0] %} class="active" {% endif %}>
-                    <a data-toggle="tab" href="#tab_{{tab[0]}}">
-                        <b>{{tab[1]}}</b>
-                    </a>
-            </li>
+        <li {% if activetab|default("") == tab[0] %} class="active" {% endif %}>
+                <a data-toggle="tab" href="#tab_{{tab[0]}}">
+                    <b>{{tab[1]}}</b>
+                </a>
+        </li>
    {% endif %}
 {% endfor %}
 </ul>
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@ -1,37 +1,51 @@
 #
-# Recommended minimum configuration:
-#
+# Automatic generated configuration for Squid.
+# Do not edit this file manually.

 # setup listen configuration
-{% if helpers.exists('OPNsense.proxy.general.port') %}
-{%   for interface in OPNsense.proxy.general.interfaces.split(",") %}
+{% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
+{%   for interface in OPNsense.proxy.forward.interfaces.split(",") %}
 {%      for intf_key,intf_item in interfaces.iteritems() %}
 {%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
-http_port {{intf_item.ipaddr}}:{{  OPNsense.proxy.general.port }}
+http_port {{intf_item.ipaddr}}:{{  OPNsense.proxy.forward.port }} {%if OPNsense.proxy.forward.transparentMode == '1' %}tproxy{% endif %}
+
 {%          endif %}
 {%      endfor %}
 {# virtual ip's #}
 {%      if helpers.exists('virtualip') %}
 {%          for intf_key,intf_item in virtualip.iteritems() %}
 {%              if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
-http_port {{intf_item.subnet}}:{{  OPNsense.proxy.general.port }}
+http_port {{intf_item.subnet}}:{{  OPNsense.proxy.forward.port }}
 {%              endif %}
 {%          endfor %}
 {%      endif %}
 {%   endfor %}
 {% endif %}

-
-
 # Example rule allowing access from your local networks.
 # Adapt to list your (internal) IP networks from where browsing
 # should be allowed
-acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
-acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
-acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
-acl localnet src fc00::/7       # RFC 4193 local private network range
-acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+{% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %}
+{%  if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %}
+{%   for interface in OPNsense.proxy.forward.interfaces.split(",") %}
+{%      for intf_key,intf_item in interfaces.iteritems() %}
+{%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
+acl localnet src {{intf_item.ipaddr}}/{{intf_item.subnet}} # Possible internal network
+{%          endif %}
+{%      endfor %}
+{%      if helpers.exists('virtualip') %}
+{%          for intf_key,intf_item in virtualip.iteritems() %}
+{%              if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
+acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
+{%              endif %}
+{%          endfor %}
+{%      endif %}
+{%   endfor %}
+{%  endif %}
+{% endif %}

+#acl localnet src fc00::/7       # RFC 4193 local private network range
+#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
 acl SSL_ports port 443
 acl Safe_ports port 80		# http
 acl Safe_ports port 21		# ftp
@ -89,3 +103,28 @@ refresh_pattern ^ftp:		1440	20%	10080
 refresh_pattern ^gopher:	1440	0%	1440
 refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
 refresh_pattern .		0	20%	4320
+
+# Squid Options
+{% if helpers.exists('OPNsense.proxy.general.dnsV4First') %}
+{%      if OPNsense.proxy.general.dnsV4First == '1' %}
+# dns_v4_first reverses the order of preference to make Squid contact dual-stack websites over IPv4 first
+dns_v4_first on
+{%      endif %}
+{% endif %}
+{% if helpers.exists('OPNsense.proxy.general.logging.enable.accessLog') %}
+{%      if OPNsense.proxy.general.logging.enable.accessLog == '0' %}
+# Disable access logging
+access_log none
+{%      endif %}
+{% endif %}
+{% if helpers.exists('OPNsense.proxy.general.logging.enable.storeLog') %}
+{%      if OPNsense.proxy.general.logging.enable.storeLog == '0' %}
+# Disable cache store log
+cache_store_log none
+{%      endif %}
+{% endif %}
+{% if helpers.exists('OPNsense.proxy.general.alternateDNSservers' ) %}
+{%   for dns in OPNsense.proxy.general.alternateDNSservers.split(",") %}
+dns_nameservers {{dns}}
+{%   endfor %}
+{% endif %}