#!/bin/bash # =================================================== # # llx-srv-proxy # # # # Escrito por Luis García # # para LliureX. Junio 2005 # # Revisado Mar. 2010 # # # # Genera fichero de configuración para squid # # =================================================== # # set -e # variables PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin LIB_FILE="/usr/share/lliurex/llxcfg-proxy/llxcfg-proxy.sh" [ -e "$LIB_FILE" ] || exit 1 . ${LIB_FILE} VAR_LIST="PROXY_HTTP_PORT PROXY_HOST PROXY_DENY_URL PROXY_PATH PROXY_DISABLED SRV_IP SRV_NETWORK SRV_BITMASK SRV_DOMAIN PROXY_CACHE_MODE PROXY_CACHE_SIZE PROXY_CACHE_MEM PROXY_MAX_OBJECT_SIZE" BEGIN_LLIUREX="### BEGIN LLIUREX_CHANGES ###" BEGIN_LOCAL="### BEGIN LOCAL_CHANGES ###" END_LLIUREX="### END LLIUREX_CHANGES ###" END_LOCAL="### END LOCAL_CHANGES ###" RULES_MARK="# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS" COMMENT_LLIUREX="### LLIUREX_COMMENT ###" # lee variables eval `/usr/sbin/llxcfg-showvars ${VAR_LIST}` # funciones # sed functions remove_conf() { INPUT_FILE="$1" sed -e "/^${BEGIN_LLIUREX}/,/^${END_LLIUREX}/D;/^${BEGIN_LOCAL}/,/^${END_LOCAL}/D;s%^${COMMENT_LLIUREX}%%" "${INPUT_FILE}" } cambia_linea() { echo "s%^${1}.*%${2}%" } comenta_linea() { echo "s%^${1}.*%${COMMENT_LLIUREX}&%" } borra_lineas() { TEXTO="" [ -n "$2" ] && TEXTO=",/^${2}/" echo "/^${1}/${TEXTO}d" } descomenta_lineas() { echo "s%^\(${COMMENT_LLIUREX}\)\(.*\)%\2%" } anyade_lineas() { BUSCAR="${1}" TEXTO="${2}" shift 2 for linea in "$@"; do TEXTO="${TEXTO}\n${linea}" done echo "/^${BUSCAR}/a${TEXTO}" } inserta_lineas() { BUSCAR="${1}" TEXTO="${2}" shift 2 for linea in "$@"; do TEXTO="${TEXTO}\n${linea}" done echo "/^${BUSCAR}/i${TEXTO}\n" } sed_rules_on() { # borra_lineas "${BEGIN_LLIUREX}" "${END_LLIUREX}" # borra_lineas "${BEGIN_LOCAL}" "${END_LOCAL}" comenta_linea " *http_port " comenta_linea " *acl our_networks src " comenta_linea " *visible_hostname " comenta_linea " *http_access allow " comenta_linea " *acl SSL_ports " comenta_linea " *http_access deny !Safe_ports" anyade_lineas "${RULES_MARK}" "${BEGIN_LLIUREX}" " http_access allow allow_dst" " http_access deny deny_dst" " http_access allow allow_domain" " http_access deny !Safe_ports" " http_access allow our_networks" " http_access allow localhost" "${END_LLIUREX}" } gen_squid_conf() { logger -t "llxcfg-proxy: $(basename $0)" "gen_squid_conf() called" INPUT_FILE="$1" cat << EOF ${BEGIN_LLIUREX} # ${SQUID_CONF} # Automatically generated by proxy cpkg # ###################################################### ## Some sections of this file are ## ## AUTOMATICALLY GENERATED or MODIFIED by LliureX, ## ## so ... Please DON'T CHANGE THIS FILE !!! ## ###################################################### ## For user customization, create a squid config ## ## file and save it as ${LOCAL_CONF} ###################################################### ## # http_port ${SRV_IP}:${PROXY_HTTP_PORT} http_port 127.0.0.1:${PROXY_HTTP_PORT} visible_hostname ${PROXY_HOST} append_domain .${SRV_DOMAIN} acl SSL_ports port "${PORTS_ACL_FILE}" acl our_networks src "${SRC_ACL_FILE}" acl allow_dst dst "${DST_ACL_FILE}" acl deny_dst dst "${DENY_ACL_FILE}" acl allow_domain dstdomain "${DST_DOMAIN_ACL_FILE}" acl HOSTS dst "${NO_CACHE_FILE}" no_cache deny HOSTS deny_info ${PROXY_DENY_URL} allow_dst deny_info ${PROXY_DENY_URL} deny_dst # set cache dir size in MB in 16 folders with 256 subfolders, aufs--> multithread with POSIX threads mode cache_dir ${PROXY_CACHE_MODE} /var/spool/squid3 ${PROXY_CACHE_SIZE} 16 256 # set the RAM memory used by squid (recommends 1/3 of total ram memory) cache_mem ${PROXY_CACHE_MEM} MB # objects bigger than this size aren't stored in cache maximum_object_size ${PROXY_MAX_OBJECT_SIZE} KB pid_filename /var/run/squid3/squid3.pid # # ${END_LLIUREX} EOF sed_rules_on |sed -f- ${INPUT_FILE} if [ -e ${LOCAL_CONF} ]; then echo $BEGIN_LOCAL cat ${LOCAL_CONF} echo $END_LOCAL fi } ######## # main # ######## #comprobaciones [ -z "$PROXY_HTTP_PORT" ] && exit 1 [ -z "$PROXY_HOST" ] && exit 1 [ -z "${PROXY_DENY_URL}" ] && PROXY_DENY_URL="http://srv" TMP_FILE="`tempfile -p SQUI`" if ! llxcfg-cpkg plainview ${SQUID_CONF} > ${TMP_FILE} ; then rm -f ${TMP_FILE} exit 1 fi logger -t "llxcfg-proxy: $(basename $0)" "Dumping /squid/no-cache-networks/ directory: llxcfg-config --sort dump /squid/no-cache-networks/" llxcfg-config --sort dump /proxy/no-cache-networks/ | skel-install -t ${NO_CACHE_FILE} # ponemos configuraciones logger -t "llxcfg-proxy: $(basename $0)" "Estableciendo configuraciones desde ${LOCAL_SRC} " (llxcfg-config read "${LOCAL_SRC}" || echo "${SRV_NETWORK}/${SRV_BITMASK}") |skel-install ${SRC_ACL_FILE} logger -t "llxcfg-proxy: $(basename $0)" "Estableciendo configuraciones desde ${LOCAL_DST} " (llxcfg-config read "${LOCAL_DST}" || echo "${SRV_NETWORK}/${SRV_BITMASK}") |skel-install ${DST_ACL_FILE} logger -t "llxcfg-proxy: $(basename $0)" "Estableciendo configuraciones desde ${LOCAL_DENY} " llxcfg-config read "${LOCAL_DENY}" |skel-install ${DENY_ACL_FILE} logger -t "llxcfg-proxy: $(basename $0)" "Estableciendo configuraciones desde ${LOCAL_PORTS} " llxcfg-config read "${LOCAL_PORTS}" |skel-install ${PORTS_ACL_FILE} logger -t "llxcfg-proxy: $(basename $0)" "Estableciendo configuraciones desde ${LOCAL_DST_DOMAIN} " (llxcfg-config read "${LOCAL_DST_DOMAIN}" || echo ".${SRV_DOMAIN}") |skel-install ${DST_DOMAIN_ACL_FILE} gen_squid_conf ${TMP_FILE} |skel-install ${SQUID_CONF} rm -f ${TMP_FILE} exit 0