webgui: lighttpd include directory for configuration (#4837)

src/etc/inc/plugins.inc.d/webgui.inc

@@ -261,9 +261,12 @@ EOD;
 ## modules to load
 server.modules              =   (
   "mod_access", "mod_expire", "mod_deflate", "mod_redirect", "mod_setenv",
-  "mod_cgi", "mod_fastcgi","mod_alias", "mod_rewrite", "mod_openssl" {$lighty_modules}
+  "mod_cgi", "mod_fastcgi", "mod_alias", "mod_rewrite", "mod_openssl" {$lighty_modules}
 )
 
+## additional optional modules to load or additional module configurations
+$lighty_config .= "include \"/usr/local/etc/lighttpd_webgui/conf.d/*.conf\"\n";
+
 server.max-keep-alive-requests = 15
 server.max-keep-alive-idle = 30
 

src/etc/lighttpd_webgui/conf.d/README

@@ -0,0 +1,28 @@
+This directory allows the user to enable and configure additional lighttpd modules for the OPNsense webgui, or
+specify additional configurations for modules that are enabled already in /usr/local/etc/inc/plugins.d/webgui.inc
+
+Relevant lighttpd modules available: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs#Modules
+
+The user can create and configure their own configuration files in this directory, or copy, rename and adapt example
+configurations already included in this directory
+
+To use the functionality of this directory:
+
+- create a suitably named file with the extension .conf in this directory, either by copying and renaming an example already included,
+  or creating your own
+
+- if necessary, enable the applicable lighttpd module in that file by including:
+
+    server.modules += ( "mod_[NAME]" )
+  
+  (for example: server.modules += ( "mod_extforward" )
+
+- specify the relevant configurations for the module, according to the lighttpd documentation
+
+In some cases, the order in which modules are enabled by lighttpd is important. Modules which gate requests
+(eg mod_access, mod_auth) or modify requests (eg mod_alias, mod_setenv) should be listed before modules which
+complete requests (eg mod_redirect, mod_rewrite), and which, in turn, should be listed before dynamic handlers
+(eg mod_cgi, mod_fastcgi, mod_proxy, mod_scgi, ...)
+
+To address this, you will need to ensure that the relevant configuration files appear in this directory in the
+right order. Begin the files with appropriate numbering (such as 01- and 02-) to achieve that

src/etc/lighttpd_webgui/conf.d/extforward.conf.example

@@ -0,0 +1,35 @@
+#######################################################################
+##
+## This is an example configuration file for enabling and configuring
+## the mod_extforward module
+##
+## This module will extract the client's "real" IP from the relevant
+## header which is added by Squid or other proxies. It is useful for
+## logging the "real" IP of clients connecting to the OPNsense webgui
+## behind reverse proxy servers
+##
+## Options: https://redmine.lighttpd.net/projects/1/wiki/Docs_ModExtForward
+##
+
+##
+## Enable the mod_extforward module
+##
+server.modules += ( "mod_extforward" )
+
+##
+## Specify the headers to check. Default if not specified are
+## Forwarded-For and X-Forwarded-For headers
+##
+extforward.headers = ( "X-Forwarded-For", "Forwarded-For", "X-Real-IP" )
+
+##
+## Specify the trusted IPs of the reverse proxy server, comma separated
+## For example, to trust the IPs 10.0.0.1 and fd00:1234:abcd:efgh::1
+##
+extforward.forwarder = (                                                                
+  "10.0.0.1" => "trust",                                                         
+  "fd00:1234:abcd:efgh::1" => "trust"                                 
+)
+
+##
+#######################################################################