function apache_config() { $sock = new sockets(); $unix = new unix(); $EnablePHPFPM = 0; $APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT(); $APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP(); if (preg_match("#APACHE_RUN_GROUP#", $APACHE_SRC_GROUP)) { $APACHE_SRC_GROUP = "www-data"; } $LogFilePath = "/var/log/artica-wifidog/access.log"; $directories[] = "/var/run/apache2"; $directories[] = "/var/run/artica-apache"; $directories[] = "/var/log/artica-wifidog"; $directories[] = "/home/artica/hotspot/sessions"; $directories[] = "/home/artica/hotspot/caches"; while (list($index, $maindir) = each($directories)) { @mkdir($maindir, 0755, true); @chown($maindir, $APACHE_SRC_ACCOUNT); @chgrp($maindir, $APACHE_SRC_GROUP); } $ErrorLog = dirname($LogFilePath) . "/error.log"; if (!is_file($LogFilePath)) { @touch($LogFilePath); } @chown($LogFilePath, $APACHE_SRC_ACCOUNT); @chgrp($LogFilePath, $APACHE_SRC_GROUP); if (!is_file($ErrorLog)) { @touch($ErrorLog); } @chown($ErrorLog, $APACHE_SRC_ACCOUNT); @chgrp($ErrorLog, $APACHE_SRC_GROUP); $APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH(); $HotSpotMaxClients = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotMaxClients")); $HotSpotStartServers = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotStartServers")); $HotSpotForceDDOSDisable = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotForceDDOSDisable")); if ($HotSpotMaxClients == 0) { $HotSpotMaxClients = 20; } if ($HotSpotStartServers == 0) { $HotSpotStartServers = 5; } $EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot"); $SquidHotSpotPort = $sock->GET_INFO("SquidHotSpotPort"); $ArticaHotSpotPort = $sock->GET_INFO("ArticaHotSpotPort"); $ArticaSSLHotSpotPort = $sock->GET_INFO("ArticaSSLHotSpotPort"); $ArticaSplashHotSpotPort = $sock->GET_INFO("ArticaSplashHotSpotPort"); $ArticaSplashHotSpotPortSSL = $sock->GET_INFO("ArticaSplashHotSpotPortSSL"); if (!is_numeric($ArticaHotSpotPort)) { $ArticaHotSpotPort = 0; } if (!is_numeric($ArticaSplashHotSpotPort)) { $ArticaSplashHotSpotPort = 16080; } if (!is_numeric($ArticaSplashHotSpotPortSSL)) { $ArticaSplashHotSpotPortSSL = 16443; } $ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface"); $HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName")); $HotSpotErrorRedirect = $sock->GET_INFO("HotSpotErrorRedirect"); if ($HotSpotErrorRedirect == null) { $HotSpotErrorRedirect = "http://www.msftncsi.com"; } $Params = unserialize($sock->GET_INFO("HotSpotEvasive")); $ApacheEvasiveInstalled = intval($sock->GET_INFO("ApacheEvasiveInstalled")); if (!is_numeric($Params["DOSEnable"])) { $Params["DOSEnable"] = 1; } if (!is_numeric($Params["DOSHashTableSize"])) { $Params["DOSHashTableSize"] = 1024; } if (!is_numeric($Params["DOSPageCount"])) { $Params["DOSPageCount"] = 3; } if (!is_numeric($Params["DOSSiteCount"])) { $Params["DOSSiteCount"] = 20; } if (!is_numeric($Params["DOSPageInterval"])) { $Params["DOSPageInterval"] = 1; } if (!is_numeric($Params["DOSSiteInterval"])) { $Params["DOSSiteInterval"] = 10; } if (!is_numeric($Params["DOSBlockingPeriod"])) { $Params["DOSBlockingPeriod"] = 5; } $unix = new unix(); $NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES(); $ipaddr = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"]; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HotSpot run as {$ArticaHotSpotInterface} ( {$ipaddr} )\n"; } if ($ipaddr == "0.0.0.0") { $ipaddr = "*"; } if ($ipaddr == null) { $ipaddr = "*"; } $GLOBALS["HOSTPOT_WEB_INTERFACE"] = $ipaddr; $phpfpm = $unix->APACHE_LOCATE_PHP_FPM(); $php = $unix->LOCATE_PHP5_BIN(); $EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM"); if (!is_numeric($EnableArticaApachePHPFPM)) { $EnableArticaApachePHPFPM = 0; } if (!is_file($phpfpm)) { $EnableArticaApachePHPFPM = 0; } $unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/artica-apache"); $apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES(); if ($EnableArticaApachePHPFPM == 1) { if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n"; } $EnableArticaApachePHPFPM = 0; } } if ($APACHE_SRC_ACCOUNT == null) { $APACHE_SRC_ACCOUNT = "www-data"; $APACHE_SRC_GROUP = "www-data"; $unix->CreateUnixUser($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "Apache username"); } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as....: {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port.: {$ArticaSplashHotSpotPort} SSL Port: {$ArticaSplashHotSpotPortSSL}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM...: {$EnablePHPFPM}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} MaxClients: {$HotSpotMaxClients}\n"; } $f[] = "Group {$APACHE_SRC_GROUP}"; $f[] = "User {$APACHE_SRC_ACCOUNT}"; $f[] = "LockFile /var/run/apache2/hotspot-artica-accept.lock"; $f[] = "PidFile /var/run/artica-apache/hotspot-apache.pid"; $f[] = "AcceptMutex flock"; $f[] = "SSLRandomSeed startup file:/dev/urandom 256"; $f[] = "SSLRandomSeed connect builtin"; $f[] = "SSLSessionCache shmcb:/var/run/apache2/ssl_scache-hotspot(512000)"; $f[] = "SSLSessionCacheTimeout 300"; $f[] = "SSLSessionCacheTimeout 300"; $f[] = "DocumentRoot /usr/share/artica-postfix"; $f[] = "DirectoryIndex hotspot.html"; $f[] = "ErrorDocument 400 /hotspot.html"; $f[] = "ErrorDocument 401 /hotspot.html"; $f[] = "ErrorDocument 403 /hotspot.html"; $f[] = "ErrorDocument 404 /hotspot.html"; $f[] = "ErrorDocument 500 /hotspot.html"; $NameVirtualHost = $ipaddr; if ($HospotHTTPServerName != null) { $NameVirtualHost = $HospotHTTPServerName; } $f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}"; $f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}"; $f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPort}"; $f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}"; $ddos_config = null; if ($HotSpotForceDDOSDisable == 1) { $Params["DOSEnable"] = 0; } if ($Params["DOSEnable"] == 1) { //$ddos[]="<IfModule mod_evasive20.c>"; $ddos[] = "\tDOSHashTableSize {$Params["DOSHashTableSize"]}"; $ddos[] = "\tDOSPageCount {$Params["DOSPageCount"]}"; $ddos[] = "\tDOSSiteCount {$Params["DOSSiteCount"]}"; $ddos[] = "\tDOSPageInterval {$Params["DOSPageInterval"]}"; $ddos[] = "\tDOSSiteInterval {$Params["DOSSiteInterval"]}"; $ddos[] = "\tDOSBlockingPeriod {$Params["DOSBlockingPeriod"]}"; $ddos[] = "\tDOSLogDir \"/var/log/artica-wifidog\""; $ddos[] = "\tDOSSystemCommand \"/bin/echo `date '+%F %T'` HOTSPOT %s >> /var/log/artica-wifidog/dos_evasive_attacks.log\""; $ddos_config = @implode("\n", $ddos); //$ddos[]="</IfModule>"; } $f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}>"; $f[] = "\tServerName {$NameVirtualHost}"; $f[] = "\tDocumentRoot /usr/share/artica-postfix"; $f[] = "{$ddos_config}"; $f[] = "\tErrorDocument 400 /hotspot.html"; $f[] = "\tErrorDocument 401 /hotspot.html"; $f[] = "\tErrorDocument 403 /hotspot.html"; $f[] = "\tErrorDocument 404 /hotspot.html"; $f[] = "\tErrorDocument 500 /hotspot.html"; $f[] = "\tFallbackResource /hotspot.html"; $f[] = "</VirtualHost>"; $f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}>"; $f[] = "\tServerName {$NameVirtualHost}"; $f[] = "\tDocumentRoot /usr/share/artica-postfix"; $f[] = "\tSSLEngine on"; $squid = new squidbee(); $ArticaSplashHotSpotCertificate = $sock->GET_INFO("ArticaSplashHotSpotCertificate"); $data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false); if ($ArticaSplashHotSpotCertificate != null) { $apache = new apache_certificate($ArticaSplashHotSpotCertificate); $f[] = $apache->build(); } else { if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) { $cert = $re[1]; $key = $re[2]; $f[] = "\tSSLCertificateFile \"{$cert}\""; $f[] = "\tSSLCertificateKeyFile \"{$key}\""; } } $f[] = "\tSSLVerifyClient none"; $f[] = "\tServerSignature Off"; $f[] = "{$ddos_config}"; $f[] = "\tErrorDocument 400 /hotspot.html"; $f[] = "\tErrorDocument 401 /hotspot.html"; $f[] = "\tErrorDocument 403 /hotspot.html"; $f[] = "\tErrorDocument 404 /hotspot.html"; $f[] = "\tErrorDocument 500 /hotspot.html"; $f[] = "\tFallbackResource /hotspot.html"; $f[] = "</VirtualHost>"; $f[] = "AccessFileName .htaccess"; $f[] = "<Files ~ \"^\\.ht\">"; $f[] = "\tOrder allow,deny"; $f[] = "\tDeny from all"; $f[] = "\tSatisfy all"; $f[] = "</Files>"; $f[] = "DefaultType text/plain"; $f[] = "HostnameLookups Off"; $f[] = "User\t\t\t\t {$APACHE_SRC_ACCOUNT}"; $f[] = "Group\t\t\t\t {$APACHE_SRC_GROUP}"; $f[] = "Timeout 300"; $f[] = "KeepAlive Off"; $f[] = "KeepAliveTimeout 3"; if ($HotSpotStartServers >= $HotSpotMaxClients) { $HotSpotMaxClients = $HotSpotMaxClients + $HotSpotStartServers; } if ($HotSpotMaxClients > 1024) { $HotSpotMaxClients = 1024; } $ServerLimit = $HotSpotMaxClients + 100; if ($ServerLimit > 2000) { $ServerLimit = 2000; } $f[] = "StartServers {$HotSpotStartServers}"; $f[] = "MaxClients {$HotSpotMaxClients}"; $f[] = "ServerLimit\t\t {$ServerLimit}"; $MinSpareServers = $HotSpotStartServers + 5; $MaxSpareServers = $MinSpareServers + 1; $f[] = "MinSpareServers {$MinSpareServers}"; $f[] = "MaxSpareServers {$MaxSpareServers}"; $f[] = "MaxRequestsPerChild 800"; $f[] = "MaxKeepAliveRequests 100"; $f[] = "ServerName " . $unix->hostname_g(); $f[] = "<IfModule mod_ssl.c>"; $f[] = "\tSSLRandomSeed connect builtin"; $f[] = "\tSSLRandomSeed connect file:/dev/urandom 512"; $f[] = "\tAddType application/x-x509-ca-cert .crt"; $f[] = "\tAddType application/x-pkcs7-crl .crl"; $f[] = "\tSSLPassPhraseDialog builtin"; $f[] = "\tSSLSessionCache shmcb:/var/run/apache2/ssl_scache-articahtp(512000)"; $f[] = "\tSSLSessionCacheTimeout 300"; $f[] = "\tSSLSessionCacheTimeout 300"; $f[] = "\tSSLMutex sem"; $f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH"; $f[] = "\tSSLProtocol all -SSLv2"; $f[] = "</IfModule>"; $f[] = ""; $f[] = "AddType application/x-httpd-php .php"; $f[] = "php_value error_log \"/var/log/artica-wifidog/access.log\""; $f[] = "php_value session.save_path \"/home/artica/hotspot/sessions\""; $f[] = "<IfModule mod_fcgid.c>"; $f[] = "\tPHP_Fix_Pathinfo_Enable 1"; $f[] = "</IfModule>"; $f[] = "<IfModule mod_php5.c>"; $f[] = " <FilesMatch \"\\.ph(p3?|tml)\$\">"; $f[] = "\tSetHandler application/x-httpd-php"; $f[] = " </FilesMatch>"; $f[] = " <FilesMatch \"\\.phps\$\">"; $f[] = "\tSetHandler application/x-httpd-php-source"; $f[] = " </FilesMatch>"; $f[] = " <IfModule mod_userdir.c>"; $f[] = " <Directory /home/*/public_html>"; $f[] = " php_admin_value engine Off"; $f[] = " </Directory>"; $f[] = " </IfModule>"; $f[] = "</IfModule>"; $f[] = "<IfModule mod_mime.c>"; $f[] = "\tTypesConfig /etc/mime.types"; $f[] = "\tAddType application/x-compress .Z"; $f[] = "\tAddType application/x-gzip .gz .tgz"; $f[] = "\tAddType application/x-bzip2 .bz2"; $f[] = "\tAddType application/x-httpd-php .php .phtml"; $f[] = "\tAddType application/x-httpd-php-source .phps"; $f[] = "\tAddLanguage ca .ca"; $f[] = "\tAddLanguage cs .cz .cs"; $f[] = "\tAddLanguage da .dk"; $f[] = "\tAddLanguage de .de"; $f[] = "\tAddLanguage el .el"; $f[] = "\tAddLanguage en .en"; $f[] = "\tAddLanguage eo .eo"; $f[] = "\tRemoveType es"; $f[] = "\tAddLanguage es .es"; $f[] = "\tAddLanguage et .et"; $f[] = "\tAddLanguage fr .fr"; $f[] = "\tAddLanguage he .he"; $f[] = "\tAddLanguage hr .hr"; $f[] = "\tAddLanguage it .it"; $f[] = "\tAddLanguage ja .ja"; $f[] = "\tAddLanguage ko .ko"; $f[] = "\tAddLanguage ltz .ltz"; $f[] = "\tAddLanguage nl .nl"; $f[] = "\tAddLanguage nn .nn"; $f[] = "\tAddLanguage no .no"; $f[] = "\tAddLanguage pl .po"; $f[] = "\tAddLanguage pt .pt"; $f[] = "\tAddLanguage pt-BR .pt-br"; $f[] = "\tAddLanguage ru .ru"; $f[] = "\tAddLanguage sv .sv"; $f[] = "\tRemoveType tr"; $f[] = "\tAddLanguage tr .tr"; $f[] = "\tAddLanguage zh-CN .zh-cn"; $f[] = "\tAddLanguage zh-TW .zh-tw"; $f[] = "\tAddCharset us-ascii .ascii .us-ascii"; $f[] = "\tAddCharset ISO-8859-1 .iso8859-1 .latin1"; $f[] = "\tAddCharset ISO-8859-2 .iso8859-2 .latin2 .cen"; $f[] = "\tAddCharset ISO-8859-3 .iso8859-3 .latin3"; $f[] = "\tAddCharset ISO-8859-4 .iso8859-4 .latin4"; $f[] = "\tAddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru"; $f[] = "\tAddCharset ISO-8859-6 .iso8859-6 .arb .arabic"; $f[] = "\tAddCharset ISO-8859-7 .iso8859-7 .grk .greek"; $f[] = "\tAddCharset ISO-8859-8 .iso8859-8 .heb .hebrew"; $f[] = "\tAddCharset ISO-8859-9 .iso8859-9 .latin5 .trk"; $f[] = "\tAddCharset ISO-8859-10 .iso8859-10 .latin6"; $f[] = "\tAddCharset ISO-8859-13 .iso8859-13"; $f[] = "\tAddCharset ISO-8859-14 .iso8859-14 .latin8"; $f[] = "\tAddCharset ISO-8859-15 .iso8859-15 .latin9"; $f[] = "\tAddCharset ISO-8859-16 .iso8859-16 .latin10"; $f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis"; $f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis"; $f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis"; $f[] = "\tAddCharset Big5 .Big5 .big5 .b5"; $f[] = "\tAddCharset cn-Big5 .cn-big5"; $f[] = "\t# For russian, more than one charset is used (depends on client, mostly):"; $f[] = "\tAddCharset WINDOWS-1251 .cp-1251 .win-1251"; $f[] = "\tAddCharset CP866 .cp866"; $f[] = "\tAddCharset KOI8 .koi8"; $f[] = "\tAddCharset KOI8-E .koi8-e"; $f[] = "\tAddCharset KOI8-r .koi8-r .koi8-ru"; $f[] = "\tAddCharset KOI8-U .koi8-u"; $f[] = "\tAddCharset KOI8-ru .koi8-uk .ua"; $f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2"; $f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4"; $f[] = "\tAddCharset UTF-7 .utf7"; $f[] = "\tAddCharset UTF-8 .utf8"; $f[] = "\tAddCharset UTF-16 .utf16"; $f[] = "\tAddCharset UTF-16BE .utf16be"; $f[] = "\tAddCharset UTF-16LE .utf16le"; $f[] = "\tAddCharset UTF-32 .utf32"; $f[] = "\tAddCharset UTF-32BE .utf32be"; $f[] = "\tAddCharset UTF-32LE .utf32le"; $f[] = "\tAddCharset euc-cn .euc-cn"; $f[] = "\tAddCharset euc-gb .euc-gb"; $f[] = "\tAddCharset euc-jp .euc-jp"; $f[] = "\tAddCharset euc-kr .euc-kr"; $f[] = "\tAddCharset EUC-TW .euc-tw"; $f[] = "\tAddCharset gb2312 .gb2312 .gb"; $f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2"; $f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4"; $f[] = "\tAddCharset shift_jis .shift_jis .sjis"; $f[] = "\tAddType text/html .shtml"; $f[] = "\tAddOutputFilter INCLUDES .shtml"; $f[] = "</IfModule>"; $f[] = "Alias /index.php /hotspot.html"; $f[] = "Alias /index.html /hotspot.html"; $f[] = "Alias /Microsoft-Server-ActiveSync /hotspot-none.html"; $f[] = "<Directory \"/usr/share/artica-postfix\">"; $f[] = "\tDirectorySlash On"; $f[] = "\tDirectoryIndex hostpot.php"; $f[] = "\t\t<Files \"hostpot.php\">"; $f[] = "\t\t\tOrder allow,deny"; $f[] = "\t\t\tallow from all"; $f[] = "\t\t</Files>"; $f[] = "\t\t<Files \"hostpot.html\">"; $f[] = "\t\t\tOrder allow,deny"; $f[] = "\t\t\tallow from all"; $f[] = "\t\t</Files>"; $f[] = "\t\t<FilesMatch \"!(hostpot)\\.(html|php)\$\">"; $f[] = "\t\t\tOrder allow,deny"; $f[] = "\t\t\tdeny from all"; $f[] = "\t\t</FilesMatch>"; $f[] = "\tErrorDocument 400 /hotspot.html"; $f[] = "\tErrorDocument 401 /hotspot.html"; $f[] = "\tErrorDocument 403 /hotspot.html"; $f[] = "\tErrorDocument 404 /hotspot.html"; $f[] = "\tErrorDocument 500 /hotspot.html"; $f[] = "\tFallbackResource /hotspot.html"; $f[] = "\tOptions -Indexes"; $f[] = "\tSSLOptions +StdEnvVars"; $f[] = "\tAllowOverride All"; $f[] = "\tOrder allow,deny"; $f[] = "\tAllow from all"; $f[] = "</Directory>"; if ($EnableArticaApachePHPFPM == 1) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n"; } shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm"); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n"; } shell_exec("/etc/init.d/php5-fpm restart"); $f[] = "\tAlias /php5.fastcgi /var/run/artica-apache/php5.fastcgi"; $f[] = "\tAddHandler php-script .php"; $f[] = "\tFastCGIExternalServer /var/run/artica-apache/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610"; $f[] = "\tAction php-script /php5.fastcgi virtual"; $f[] = "\t<Directory /var/run/artica-apache>"; $f[] = "\t\t<Files php5.fastcgi>"; $f[] = "\t\tOrder deny,allow"; $f[] = "\t\tAllow from all"; $f[] = "\t\t</Files>"; $f[] = "\t</Directory>"; } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n"; } } $f[] = "Loglevel debug"; $f[] = "ErrorLog {$ErrorLog}"; $f[] = "LogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common"; $f[] = "CustomLog {$LogFilePath} common"; if ($EnableArticaApachePHPFPM == 0) { $array["php5_module"] = "libphp5.so"; } $array["actions_module"] = "mod_actions.so"; $array["expires_module"] = "mod_expires.so"; $array["rewrite_module"] = "mod_rewrite.so"; $array["dir_module"] = "mod_dir.so"; $array["mime_module"] = "mod_mime.so"; $array["alias_module"] = "mod_alias.so"; $array["auth_basic_module"] = "mod_auth_basic.so"; $array["authz_host_module"] = "mod_authz_host.so"; $array["autoindex_module"] = "mod_autoindex.so"; $array["negotiation_module"] = "mod_negotiation.so"; $array["ssl_module"] = "mod_ssl.so"; $array["headers_module"] = "mod_headers.so"; $array["ldap_module"] = "mod_ldap.so"; if ($Params["DOSEnable"] == 1) { $array["evasive20_module"] = "mod_evasive20.so"; } if ($EnableArticaApachePHPFPM == 1) { $array["fastcgi_module"] = "mod_fastcgi.so"; } if (is_dir("/etc/apache2")) { if (!is_file("/etc/apache2/mime.types")) { if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") { @copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types"); } } } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n"; } while (list($module, $lib) = each($array)) { if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n"; } $f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}"; } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n"; } } } build_error_page(); @file_put_contents("/etc/artica-postfix/hotspot-httpd.conf", @implode("\n", $f) . "\n"); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/hotspot-httpd.conf done\n"; } }
function build_default_asArtica() { $nginx = new nginx(); $unix = new unix(); $squidR = new squidbee(); $f[] = "server {"; $f[] = "\tlisten 80;"; $f[] = "\tserver_name " . $unix->hostname_g() . ";"; $f[] = "\tindex logon.php;"; $f[] = "\tlocation /nginx_status {"; $f[] = "\tstub_status on;"; $f[] = "\terror_log /var/log/nginx/default.error.log warn;"; $f[] = "\taccess_log /var/log/nginx/default.access.log;"; $f[] = "\tallow all;"; $f[] = "\t}"; $f[] = "\tlocation / {"; $f[] = "\t\troot\t/usr/share/artica-postfix;"; $f[] = "\t}"; $f[] = $nginx->php_fpm("logon.php", "/usr/share/artica-postfix", 1); $f[] = "}"; $f[] = "server {"; $f[] = "\tlisten 443;"; $f[] = "\tindex logon.php;"; $f[] = "\tkeepalive_timeout 70;"; $f[] = "\terror_log /var/log/nginx/default.error.log warn;"; $f[] = "\taccess_log /var/log/nginx/default.access.log;"; $f[] = "\tssl on;"; $f[] = "\t" . $squidR->SaveCertificate($unix->hostname_g(), false, true); $f[] = "\tssl_session_timeout 5m;"; $f[] = "\tssl_protocols SSLv3 TLSv1;"; $f[] = "\tssl_ciphers HIGH:!aNULL:!MD5;"; $f[] = "\tssl_prefer_server_ciphers on;"; $f[] = "\tserver_name " . $unix->hostname_g() . ";"; $f[] = "\tlocation / {"; $f[] = "\t\troot\t/usr/share/artica-postfix;"; $f[] = "\t}"; $f[] = $nginx->php_fpm("logon.php", "/usr/share/artica-postfix", 1); $f[] = "}"; @file_put_contents("/etc/nginx/conf.d/default.conf", @implode("\n", $f)); if ($GLOBALS["RELOAD"]) { reload(true); } }
$GLOBALS["debug"] = true; ini_set('display_errors', 1); ini_set('error_reporting', E_ALL); ini_set('error_prepend_string', null); ini_set('error_append_string', null); } if (preg_match("#--output#", implode(" ", $argv))) { $GLOBALS["OUTPUT"] = true; } if (preg_match("#schedule-id=([0-9]+)#", implode(" ", $argv), $re)) { $GLOBALS["SCHEDULE_ID"] = $re[1]; } if (preg_match("#--force#", implode(" ", $argv), $re)) { $GLOBALS["FORCE"] = true; } if (preg_match("#--reconfigure#", implode(" ", $argv), $re)) { $GLOBALS["RECONFIGURE"] = true; } $GLOBALS["AS_ROOT"] = true; include_once dirname(__FILE__) . '/ressources/class.ldap.inc'; include_once dirname(__FILE__) . '/ressources/class.nginx.inc'; include_once dirname(__FILE__) . '/ressources/class.freeweb.inc'; include_once dirname(__FILE__) . '/framework/class.unix.inc'; include_once dirname(__FILE__) . '/ressources/class.squid.reverse.inc'; include_once dirname(__FILE__) . '/framework/frame.class.inc'; include_once dirname(__FILE__) . '/framework/class.settings.inc'; include_once dirname(__FILE__) . '/ressources/class.resolv.conf.inc'; $certificate = $argv[1]; $squid = new squidbee(); $squid->SaveCertificate($certificate, false, true);
function apache_config() { $sock = new sockets(); $unix = new unix(); $EnablePHPFPM = 0; @mkdir("/var/run/squid", 0755, true); @mkdir("/var/run/squid", 0755, true); $APACHE_SRC_ACCOUNT = "squid"; $APACHE_SRC_GROUP = "squid"; $APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH(); if (!isset($GLOBALS["HyperCacheStoragePath"])) { $sock = new sockets(); $GLOBALS["HyperCacheStoragePath"] = $sock->GET_INFO("HyperCacheStoragePath"); if ($GLOBALS["HyperCacheStoragePath"] == null) { $GLOBALS["HyperCacheStoragePath"] = "/home/artica/proxy-cache"; } } $SquidEnforceRules = intval($sock->GET_INFO("SquidEnforceRules")); $HyperCacheHTTPListenPort = $sock->GET_INFO("HyperCacheHTTPListenPort"); $HyperCacheHTTPListenPortSSL = $sock->GET_INFO("HyperCacheHTTPListenPortSSL"); $HyperCacheHTTPListenPortSSLEnabled = intval($sock->GET_INFO("HyperCacheHTTPListenPortSSLEnabled")); if (!is_numeric($HyperCacheHTTPListenPort)) { $HyperCacheHTTPListenPort = 8700; } if (!is_numeric($HyperCacheHTTPListenPortSSL)) { $HyperCacheHTTPListenPortSSL = 8900; } $HyperCacheListenAddr = $sock->GET_INFO("HyperCacheListenAddr"); $unix = new unix(); $NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES(); unset($NETWORK_ALL_INTERFACES["lo"]); if ($HyperCacheListenAddr == null) { $HyperCacheListenAddr = $unix->NETWORK_DEFAULT_LISTEN_ADDR(); $sock->SET_INFO("HyperCacheListenAddr", $HyperCacheListenAddr); } if ($unix->NETWORK_IS_LISTEN_ADDR_EXISTS($HyperCacheListenAddr)) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$HyperCacheListenAddr} doesn't exists...\n"; } $HyperCacheListenAddr = $unix->NETWORK_DEFAULT_LISTEN_ADDR(); $sock->SET_INFO("HyperCacheListenAddr", $HyperCacheListenAddr); } $ipaddr = $HyperCacheListenAddr; $phpfpm = $unix->APACHE_LOCATE_PHP_FPM(); $php = $unix->LOCATE_PHP5_BIN(); $EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM"); if (!is_numeric($EnableArticaApachePHPFPM)) { $EnableArticaApachePHPFPM = 0; } if (!is_file($phpfpm)) { $EnableArticaApachePHPFPM = 0; } $unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/squid"); $apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES(); if ($EnableArticaApachePHPFPM == 1) { if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n"; } $EnableArticaApachePHPFPM = 0; } } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listen address: {$ipaddr}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port: {$HyperCacheHTTPListenPort} SSL Port: {$HyperCacheHTTPListenPortSSL}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM: {$EnablePHPFPM}\n"; } $q = new mysql_squid_builder(); $nice = EXEC_NICE(); $sql = "SELECT * FROM artica_caches_mirror WHERE enabled=1 AND `ToDelete`=0"; $results = $q->QUERY_SQL($sql); $HyperCache = new HyperCache(); while ($ligne = mysql_fetch_assoc($results)) { $t = time(); $sitename = $ligne["sitename"]; $sitename_path = $HyperCache->HyperCacheUriToHostname($sitename); $workingdir = $GLOBALS["HyperCacheStoragePath"] . "/mirror/{$sitename_path}"; if (!is_dir($workingdir)) { @mkdir($workingdir, 0755, true); } @chown("{$GLOBALS["HyperCacheStoragePath"]}/mirror", "squid"); @chgrp("{$GLOBALS["HyperCacheStoragePath"]}/mirror", "squid"); @chown("{$GLOBALS["HyperCacheStoragePath"]}/mirror/{$sitename_path}", "squid"); @chgrp("{$GLOBALS["HyperCacheStoragePath"]}/mirror/{$sitename_path}", "squid"); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} build folder for mirrored {$sitename_path}\n"; } $mirrors[] = ""; $mirrors_aliases[] = "alias /{$sitename_path} {$workingdir}"; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: alias /{$sitename_path} {$workingdir}\n"; } $mirrors[] = ""; $mirrors[] = "\t<Directory \"{$workingdir}\">"; $mirrors[] = "\t\tDirectorySlash On"; $mirrors[] = "\t\tDirectoryIndex index.html index-2.html"; $mirrors[] = "\t\tOptions All"; $mirrors[] = "\t\tOrder deny,allow"; $mirrors[] = "\t\tAllow from all"; $mirrors[] = "\t</Directory>"; $mirrors[] = ""; } $mirrors_conf = @implode("\n", $mirrors); $mirrors_aliases_conf = @implode("\n", $mirrors_aliases); $f[] = "LockFile /var/run/squid/HyperCacheWebAccept.lock"; $f[] = "PidFile /var/run/squid/HyperCacheWeb.pid"; $f[] = "AcceptMutex flock"; $f[] = "DocumentRoot /usr/share/artica-postfix"; $f[] = "DirectoryIndex squidcache.php"; $f[] = "NameVirtualHost {$ipaddr}:{$HyperCacheHTTPListenPort}"; $f[] = $mirrors_aliases_conf; if ($HyperCacheHTTPListenPortSSLEnabled == 1) { $f[] = "SSLRandomSeed startup file:/dev/urandom 256"; $f[] = "SSLRandomSeed connect builtin"; $f[] = "SSLSessionCache shmcb:/var/run/squid/HyperCacheWebSSL(512000)"; $f[] = "SSLSessionCacheTimeout 300"; $f[] = "SSLSessionCacheTimeout 300"; $f[] = "NameVirtualHost {$ipaddr}:{$HyperCacheHTTPListenPortSSL}"; $f[] = "Listen {$ipaddr}:{$HyperCacheHTTPListenPortSSL}"; } $f[] = "Listen {$ipaddr}:{$HyperCacheHTTPListenPort}"; $f[] = "<VirtualHost {$ipaddr}:{$HyperCacheHTTPListenPort}>"; $f[] = "\tServerName {$ipaddr}"; $f[] = "\tLoglevel debug"; $f[] = "\tLoglevel debug"; $f[] = "\tErrorLog /var/log/squid/HyperCache-error.log"; $f[] = "\tLogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common"; $f[] = "\tCustomLog /var/log/squid/HyperCache-access.log common"; $f[] = "\tErrorDocument 400 /squidcache.php"; $f[] = "\tErrorDocument 401 /squidcache.php"; $f[] = "\tErrorDocument 403 /squidcache.php"; $f[] = "\tErrorDocument 404 /squidcache.php"; $f[] = "\tErrorDocument 500 /squidcache.php"; //$f[]="\tFallbackResource /squidcache.php"; $f[] = $mirrors_aliases_conf; $f[] = $mirrors_conf; $f[] = "</VirtualHost>"; if ($HyperCacheHTTPListenPortSSLEnabled == 1) { $squid = new squidbee(); $data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false); if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) { $cert = $re[1]; $key = $re[2]; } $f[] = "<VirtualHost {$ipaddr}:{$HyperCacheHTTPListenPortSSL}>"; $f[] = "\tFallbackResource /squidcache.php"; $f[] = "\tServerName {$ipaddr}"; $f[] = "\tDocumentRoot /usr/share/artica-postfix"; $f[] = "\tSSLEngine on"; $f[] = "\tSSLCertificateFile \"{$cert}\""; $f[] = "\tSSLCertificateKeyFile \"{$key}\""; $f[] = "\tSSLVerifyClient none"; $f[] = "\tServerSignature Off"; $f[] = $mirrors_conf; $f[] = "</VirtualHost>"; } $f[] = "<IfModule mpm_prefork_module>"; $f[] = "</IfModule>"; $f[] = "<IfModule mpm_worker_module>"; $f[] = "\tMinSpareThreads 25"; $f[] = "\tMaxSpareThreads 75 "; $f[] = "\tThreadLimit 64"; $f[] = "\tThreadsPerChild 25"; $f[] = "</IfModule>"; $f[] = "<IfModule mpm_event_module>"; $f[] = "\tMinSpareThreads 25"; $f[] = "\tMaxSpareThreads 75 "; $f[] = "\tThreadLimit 64"; $f[] = "\tThreadsPerChild 25"; $f[] = "</IfModule>"; $f[] = "AccessFileName .htaccess"; $f[] = "<Files ~ \"^\\.ht\">"; $f[] = "\tOrder allow,deny"; $f[] = "\tDeny from all"; $f[] = "\tSatisfy all"; $f[] = "</Files>"; $f[] = "DefaultType text/plain"; $f[] = "HostnameLookups Off"; $f[] = "User\t\t\t\t {$APACHE_SRC_ACCOUNT}"; $f[] = "Group\t\t\t\t {$APACHE_SRC_GROUP}"; $f[] = "Timeout 300"; $f[] = "KeepAlive Off"; $f[] = "KeepAliveTimeout 15"; $f[] = "StartServers 1"; $f[] = "MaxClients 50"; $f[] = "MinSpareServers 2"; $f[] = "MaxSpareServers 5"; $f[] = "MaxRequestsPerChild 5000"; $f[] = "MaxKeepAliveRequests 100"; $f[] = "ServerName " . $unix->hostname_g(); if ($HyperCacheHTTPListenPortSSLEnabled == 1) { $f[] = "<IfModule mod_ssl.c>"; $f[] = "\tSSLRandomSeed connect builtin"; $f[] = "\tSSLRandomSeed connect file:/dev/urandom 512"; $f[] = "\tAddType application/x-x509-ca-cert .crt"; $f[] = "\tAddType application/x-pkcs7-crl .crl"; $f[] = "\tSSLPassPhraseDialog builtin"; $f[] = "\tSSLSessionCache shmcb:/var/run/squid/ssl_scache-articahtp(512000)"; $f[] = "\tSSLSessionCacheTimeout 300"; $f[] = "\tSSLSessionCacheTimeout 300"; $f[] = "\tSSLMutex sem"; $f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH"; $f[] = "\tSSLProtocol all -SSLv2"; $f[] = "</IfModule>"; $f[] = ""; } // $f[]="\tFallbackResource /squidcache.php"; $f[] = "AddType application/x-httpd-php .php"; $f[] = "php_value error_log \"/var/log/lighttpd/apache-hotspot-php.log\""; $f[] = "<IfModule mod_fcgid.c>"; $f[] = "\tPHP_Fix_Pathinfo_Enable 1"; $f[] = "</IfModule>"; $f[] = "<IfModule mod_php5.c>"; $f[] = " <FilesMatch \"\\.ph(p3?|tml)\$\">"; $f[] = "\tSetHandler application/x-httpd-php"; $f[] = " </FilesMatch>"; $f[] = " <FilesMatch \"\\.phps\$\">"; $f[] = "\tSetHandler application/x-httpd-php-source"; $f[] = " </FilesMatch>"; $f[] = " <IfModule mod_userdir.c>"; $f[] = " <Directory /home/*/public_html>"; $f[] = " php_admin_value engine Off"; $f[] = " </Directory>"; $f[] = " </IfModule>"; $f[] = "</IfModule>"; $f[] = "<IfModule mod_mime.c>"; $f[] = "\tTypesConfig /etc/mime.types"; $f[] = "\tAddType application/x-compress .Z"; $f[] = "\tAddType application/x-gzip .gz .tgz"; $f[] = "\tAddType application/x-bzip2 .bz2"; $f[] = "\tAddType application/x-httpd-php .php .phtml"; $f[] = "\tAddType application/x-httpd-php-source .phps"; $f[] = "\tAddLanguage ca .ca"; $f[] = "\tAddLanguage cs .cz .cs"; $f[] = "\tAddLanguage da .dk"; $f[] = "\tAddLanguage de .de"; $f[] = "\tAddLanguage el .el"; $f[] = "\tAddLanguage en .en"; $f[] = "\tAddLanguage eo .eo"; $f[] = "\tRemoveType es"; $f[] = "\tAddLanguage es .es"; $f[] = "\tAddLanguage et .et"; $f[] = "\tAddLanguage fr .fr"; $f[] = "\tAddLanguage he .he"; $f[] = "\tAddLanguage hr .hr"; $f[] = "\tAddLanguage it .it"; $f[] = "\tAddLanguage ja .ja"; $f[] = "\tAddLanguage ko .ko"; $f[] = "\tAddLanguage ltz .ltz"; $f[] = "\tAddLanguage nl .nl"; $f[] = "\tAddLanguage nn .nn"; $f[] = "\tAddLanguage no .no"; $f[] = "\tAddLanguage pl .po"; $f[] = "\tAddLanguage pt .pt"; $f[] = "\tAddLanguage pt-BR .pt-br"; $f[] = "\tAddLanguage ru .ru"; $f[] = "\tAddLanguage sv .sv"; $f[] = "\tRemoveType tr"; $f[] = "\tAddLanguage tr .tr"; $f[] = "\tAddLanguage zh-CN .zh-cn"; $f[] = "\tAddLanguage zh-TW .zh-tw"; $f[] = "\tAddCharset us-ascii .ascii .us-ascii"; $f[] = "\tAddCharset ISO-8859-1 .iso8859-1 .latin1"; $f[] = "\tAddCharset ISO-8859-2 .iso8859-2 .latin2 .cen"; $f[] = "\tAddCharset ISO-8859-3 .iso8859-3 .latin3"; $f[] = "\tAddCharset ISO-8859-4 .iso8859-4 .latin4"; $f[] = "\tAddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru"; $f[] = "\tAddCharset ISO-8859-6 .iso8859-6 .arb .arabic"; $f[] = "\tAddCharset ISO-8859-7 .iso8859-7 .grk .greek"; $f[] = "\tAddCharset ISO-8859-8 .iso8859-8 .heb .hebrew"; $f[] = "\tAddCharset ISO-8859-9 .iso8859-9 .latin5 .trk"; $f[] = "\tAddCharset ISO-8859-10 .iso8859-10 .latin6"; $f[] = "\tAddCharset ISO-8859-13 .iso8859-13"; $f[] = "\tAddCharset ISO-8859-14 .iso8859-14 .latin8"; $f[] = "\tAddCharset ISO-8859-15 .iso8859-15 .latin9"; $f[] = "\tAddCharset ISO-8859-16 .iso8859-16 .latin10"; $f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis"; $f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis"; $f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis"; $f[] = "\tAddCharset Big5 .Big5 .big5 .b5"; $f[] = "\tAddCharset cn-Big5 .cn-big5"; $f[] = "\t# For russian, more than one charset is used (depends on client, mostly):"; $f[] = "\tAddCharset WINDOWS-1251 .cp-1251 .win-1251"; $f[] = "\tAddCharset CP866 .cp866"; $f[] = "\tAddCharset KOI8 .koi8"; $f[] = "\tAddCharset KOI8-E .koi8-e"; $f[] = "\tAddCharset KOI8-r .koi8-r .koi8-ru"; $f[] = "\tAddCharset KOI8-U .koi8-u"; $f[] = "\tAddCharset KOI8-ru .koi8-uk .ua"; $f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2"; $f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4"; $f[] = "\tAddCharset UTF-7 .utf7"; $f[] = "\tAddCharset UTF-8 .utf8"; $f[] = "\tAddCharset UTF-16 .utf16"; $f[] = "\tAddCharset UTF-16BE .utf16be"; $f[] = "\tAddCharset UTF-16LE .utf16le"; $f[] = "\tAddCharset UTF-32 .utf32"; $f[] = "\tAddCharset UTF-32BE .utf32be"; $f[] = "\tAddCharset UTF-32LE .utf32le"; $f[] = "\tAddCharset euc-cn .euc-cn"; $f[] = "\tAddCharset euc-gb .euc-gb"; $f[] = "\tAddCharset euc-jp .euc-jp"; $f[] = "\tAddCharset euc-kr .euc-kr"; $f[] = "\tAddCharset EUC-TW .euc-tw"; $f[] = "\tAddCharset gb2312 .gb2312 .gb"; $f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2"; $f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4"; $f[] = "\tAddCharset shift_jis .shift_jis .sjis"; $f[] = "\tAddType text/html .shtml"; $f[] = "\tAddOutputFilter INCLUDES .shtml"; $f[] = "</IfModule>"; $f[] = $mirrors_conf; $f[] = "<Directory \"/usr/share/artica-postfix\">"; $f[] = "FallbackResource /squidcache.php"; $f[] = "\tDirectorySlash On"; $f[] = "\tDirectoryIndex squidcache.php"; $f[] = "\t\t<Files \"squidcache.php\">"; $f[] = "\t\t\tOrder allow,deny"; $f[] = "\t\t\tallow from all"; $f[] = "\t\t</Files>"; /* $f[]="\tErrorDocument 400 /hotspot.php"; $f[]="\tErrorDocument 401 /hotspot.php"; $f[]="\tErrorDocument 403 /hotspot.php"; $f[]="\tErrorDocument 404 /hotspot.php"; $f[]="\tErrorDocument 500 /hotspot.php"; */ $f[] = "\tOptions -Indexes"; $f[] = ParseArticaDirectory(); @chmod("/usr/share/artica-postfix/squidcache.php", 0755); @chown("/usr/share/artica-postfix/squidcache.php", "squid"); if ($HyperCacheHTTPListenPortSSLEnabled == 1) { $f[] = "\tSSLOptions +StdEnvVars"; } $f[] = "\tAllowOverride All"; $f[] = "\tOrder allow,deny"; $f[] = "\tAllow from all"; $f[] = "</Directory>"; if ($EnableArticaApachePHPFPM == 1) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n"; } shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm"); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n"; } shell_exec("/etc/init.d/php5-fpm restart"); $f[] = "\tAlias /php5.fastcgi /var/run/squid/php5.fastcgi"; $f[] = "\tAddHandler php-script .php"; $f[] = "\tFastCGIExternalServer /var/run/squid/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610"; $f[] = "\tAction php-script /php5.fastcgi virtual"; $f[] = "\t<Directory /var/run/squid>"; $f[] = "\t\t<Files php5.fastcgi>"; $f[] = "\t\tOrder deny,allow"; $f[] = "\t\tAllow from all"; $f[] = "\t\t</Files>"; $f[] = "\t</Directory>"; } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n"; } } if ($EnableArticaApachePHPFPM == 0) { $array["php5_module"] = "libphp5.so"; } $array["dumpio_module"] = "mod_dumpio.so"; $array["actions_module"] = "mod_actions.so"; $array["expires_module"] = "mod_expires.so"; $array["rewrite_module"] = "mod_rewrite.so"; $array["dir_module"] = "mod_dir.so"; $array["mime_module"] = "mod_mime.so"; $array["alias_module"] = "mod_alias.so"; $array["auth_basic_module"] = "mod_auth_basic.so"; $array["authz_host_module"] = "mod_authz_host.so"; $array["autoindex_module"] = "mod_autoindex.so"; $array["negotiation_module"] = "mod_negotiation.so"; if ($HyperCacheHTTPListenPortSSLEnabled == 1) { $array["ssl_module"] = "mod_ssl.so"; } $array["headers_module"] = "mod_headers.so"; //$array["ldap_module"]="mod_ldap.so"; if ($EnableArticaApachePHPFPM == 1) { $array["fastcgi_module"] = "mod_fastcgi.so"; } if (is_dir("/etc/apache2")) { if (!is_file("/etc/apache2/mime.types")) { if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") { @copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types"); } } } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n"; } while (list($module, $lib) = each($array)) { if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n"; } $f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}"; } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n"; } } } @file_put_contents("/etc/artica-postfix/HyperCacheHTTPD.conf", @implode("\n", $f)); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/HyperCacheHTTPD.conf done\n"; } }
function build() { $unix = new unix(); $sock = new sockets(); $php5 = $unix->LOCATE_PHP5_BIN(); $sysctl = $unix->find_program("sysctl"); $EnableChilli = $sock->GET_INFO("EnableChilli"); if (!is_numeric($EnableChilli)) { $EnableChilli = 0; } $KernelSendRedirects = $sock->GET_INFO("KernelSendRedirects"); if (!is_numeric($KernelSendRedirects)) { $KernelSendRedirects = 1; } $save = false; $ChilliConf = unserialize(base64_decode($sock->GET_INFO("ChilliConf"))); $ChilliConf = GetInterfaceArray($ChilliConf); $php = $unix->LOCATE_PHP5_BIN(); if (!isset($ChilliConf["HS_UAMFREEWEB"])) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} FreeWeb Login page is not set...\n"; } } if (!is_file("/var/www/c2/index.php")) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Installing CakePHP\n"; } shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1"); } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} CakePHP done\n"; } } if (!is_file("/var/www/c2/yfi_cake/setup/coova_json/login.php")) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/var/www/c2/yfi_cake/setup/coova_json/login.php no such file Installing YFI CakePHP\n"; } shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1"); } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} YFI CakePHP done\n"; } } if (!is_dir("/usr/share/coova_json")) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/usr/share/coova_json` no such directory Installing Coova JSon\n"; } shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1"); } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Coova JSon done\n"; } } $unix->SystemCreateUser("chilli", "chilli"); $f[] = "include /etc/chilli/main.conf"; $f[] = "include /etc/chilli/hs.conf"; $f[] = "include /etc/chilli/local.conf"; $f[] = "ipup=/etc/chilli/up.sh"; $f[] = "ipdown=/etc/chilli/down.sh"; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Chilli: `/etc/chilli.conf` done\n"; } file_put_contents("/etc/chilli.conf", @implode("\n", $f)); if (!is_numeric($ChilliConf["EnableSSLRedirection"])) { $ChilliConf["EnableSSLRedirection"] = 0; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building main configuration: {$ChilliConf["HS_LANIF"]} -> {$ChilliConf["HS_WANIF"]}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Listen.....: {$ChilliConf["HS_UAMLISTEN"]}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} DHCP.......: {$ChilliConf["HS_DYNIP"]}/{$ChilliConf["HS_DYNIP_MASK"]} ({$ChilliConf["HS_NETWORK"]})\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Proxy Port.: {$ChilliConf["SQUID_HTTP_PORT"]}\n"; } $ldap = new clladp(); if (!is_numeric($ChilliConf["ENABLE_DHCP_RELAY"])) { $ChilliConf["ENABLE_DHCP_RELAY"] = 0; } $t[] = "# -*- mode: shell-script; -*-"; $t[] = "#"; $t[] = "# Coova-Chilli Default Configurations. "; $t[] = "# To customize, copy this file to /etc/chilli/config"; $t[] = "# and edit to your liking. This is included in shell scripts"; $t[] = "# that configure chilli and related programs before file 'config'. "; $t[] = ""; $t[] = ""; $t[] = "###"; $t[] = "# Local Network Configurations"; $t[] = "# "; $t[] = ""; if ($ChilliConf["HS_WANIF"] != null) { $t[] = "HS_WANIF={$ChilliConf["HS_WANIF"]} # WAN Interface toward the Internet"; } $t[] = "HS_LANIF={$ChilliConf["HS_LANIF"]}\t\t # Subscriber Interface for client devices"; $t[] = "HS_NETWORK={$ChilliConf["HS_NETWORK"]}\t # HotSpot Network (must include HS_UAMLISTEN)"; $t[] = "HS_NETMASK={$ChilliConf["HS_NETMASK"]} # HotSpot Network Netmask"; $t[] = "HS_UAMLISTEN={$ChilliConf["HS_UAMLISTEN"]} # HotSpot IP Address (on subscriber network)"; $t[] = "HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)"; $t[] = "HS_UAMUIPORT=4990 # HotSpot UAM 'UI' Port (on subscriber network, for embedded portal)"; $t[] = "HS_NATANYIP=off"; //$t[]="HS_STATIP=off"; //$t[]="HS_STATIP_MASK="; $t[] = ""; if ($ChilliConf["HS_DYNIP"] != null) { $t[] = "HS_DYNIP={$ChilliConf["HS_DYNIP"]}"; } if ($ChilliConf["HS_DYNIP_MASK"] != null) { $t[] = "HS_DYNIP_MASK={$ChilliConf["HS_DYNIP_MASK"]}"; } if ($ChilliConf["HS_DNS_DOMAIN"] != null) { $t[] = "HS_DNS_DOMAIN={$ChilliConf["HS_DNS_DOMAIN"]}"; } //$t[]="HS_STATIP={$ChilliConf["HS_STATIP"]}"; //$t[]="HS_STATIP_MASK={$ChilliConf["HS_STATIP_MASK"]}"; $t[] = "# DNS Servers"; $t[] = "HS_DNS1={$ChilliConf["HS_UAMLISTEN"]}"; $t[] = "HS_DNS2={$ChilliConf["HS_UAMLISTEN"]}"; DefaultSplash($ChilliConf); if (!isset($ChilliConf["SQUID_HTTP_PORT"])) { $ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400); $save = true; } if (!is_numeric($ChilliConf["SQUID_HTTP_PORT"])) { $ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400); $save = true; } if (!isset($ChilliConf["SQUID_HTTPS_PORT"])) { $ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400); $save = true; } if (!is_numeric($ChilliConf["SQUID_HTTPS_PORT"])) { $ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400); $save = true; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building DNSMasq settings\n"; } dnsmasq_config(); if ($ChilliConf["EnableSSLRedirection"] == 1) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is Active\n"; } $t[] = "HS_UAMUISSL=on"; $t[] = "HS_REDIRSSL=on"; include_once dirname(__FILE__) . "/ressources/class.squid.inc"; $squid = new squidbee(); $t[] = $squid->SaveCertificate($ChilliConf["certificate_center"], false, false, true); } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is inactive\n"; } } $ChilliConf["uamallowed"][$ChilliConf["HS_UAMFREEWEB"]] = true; $ChilliConf["uamallowed"]["127.0.0.1"] = true; $ChilliConf["uamallowed"][$ChilliConf["HS_WANIF_IP"]] = true; $ip = new IP(); if ($ip->isIPAddress($ChilliConf["HS_DNS1"])) { $ChilliConf["uamallowed"][$ChilliConf["HS_DNS1"]] = true; } if ($ip->isIPAddress($ChilliConf["HS_DNS2"])) { $ChilliConf["uamallowed"][$ChilliConf["HS_DNS2"]] = true; } if ($ChilliConf["AD_SERVER"] != null) { $ChilliConf["uamallowed"][$ChilliConf["AD_SERVER"]] = true; } while (list($num, $ligne) = each($ChilliConf["uamallowed"])) { if (trim($num) == null) { continue; } if (is_numeric($num)) { continue; } $HS_UAMALLOW[] = $num; } if ($save) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Saving new configuration file...\n"; } $NewArray = base64_encode(serialize($ChilliConf)); $sock->SaveConfigFile($NewArray, "ChilliConf"); } $RADIUS_IP = "127.0.0.1"; if ($ChilliConf["RADIUS_IP"] != null) { $RADIUS_IP = $ChilliConf["RADIUS_IP"]; } if (!is_numeric($ChilliConf["HS_LAN_ACCESS"])) { $ChilliConf["HS_LAN_ACCESS"] = 1; } $t[] = "HS_NASID=nas01"; $t[] = "HS_RADIUS={$RADIUS_IP}"; //$t[]="HS_RADIUS2=$RADIUS_IP"; $t[] = "HS_UAMALLOW=" . @implode(",", $HS_UAMALLOW); //$t[]="HS_ACCTUPDATE"; $t[] = "HS_RADSECRET={$ldap->ldap_password}"; $t[] = "HS_UAMSECRET={$ldap->ldap_password}"; $t[] = "HS_UAMALIASNAME=chilli"; $t[] = "HS_NASIP={$RADIUS_IP}"; if ($ChilliConf["HS_LAN_ACCESS"] == 1) { $t[] = "HS_LAN_ACCESS=on"; } else { $t[] = "HS_LAN_ACCESS=off"; } if ($ChilliConf["ENABLE_DHCP_RELAY"] == 1) { if ($ChilliConf["HS_DHCPRELAYAGENT"] != null) { if ($ChilliConf["HS_DHCPGATEWAY"] != null) { $t[] = "HS_DHCPRELAYAGENT={$ChilliConf["HS_DHCPRELAYAGENT"]}"; $t[] = "HS_DHCPGATEWAY={$ChilliConf["HS_DHCPGATEWAY"]}"; } } } if (is_numeric($ChilliConf["HS_UAMFREEWEB"])) { $ChilliConf["HS_UAMFREEWEB"] = null; } $t[] = ""; //$t[]="HS_LAYER3=on"; $t[] = ""; $t[] = "# Put entire domains in the walled-garden with DNS inspection"; $t[] = "# HS_UAMDOMAINS=\".paypal.com,.paypalobjects.com\""; $t[] = "HS_UAMSERVER={$ChilliConf["HS_UAMFREEWEB"]}"; $t[] = "# HS_UAMSERVICE="; $t[] = "HS_UAMFORMAT=\"http://\$HS_UAMSERVER/hs_land.php\""; $t[] = "HS_UAMHOMEPAGE=\"http://{$ChilliConf["HS_UAMFREEWEB"]}/splash.php\""; $t[] = "HS_CONUP=\"" . __FILE__ . "\""; $t[] = "HS_CONDOWN=\"" . dirname(__FILE__) . "/exec.chilli.condown.php\""; $t[] = ""; $t[] = ""; $t[] = "###"; $t[] = "# Features not activated per-default (default to off)"; $t[] = "# HS_RADCONF=off\t # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)"; $t[] = "HS_ANYIP=on\t\t # Allow any IP address on subscriber LAN"; $t[] = "HS_MACAUTH=on\t\t # To turn on MAC Authentication"; $t[] = "# HS_MACAUTHDENY=on\t # Put client in 'drop' state on MAC Auth Access-Reject"; $t[] = "# HS_MACAUTHMODE=local\t # To allow MAC Authentication based on macallowed, not RADIUS"; $t[] = "# HS_MACALLOW=\"...\" # List of MAC addresses to authenticate (comma seperated)"; $t[] = "# HS_USELOCALUSERS=on # To use the /etc/chilli/localusers file"; $t[] = "# HS_OPENIDAUTH=on\t # To inform the RADIUS server to allow OpenID Auth"; $t[] = "# HS_WPAGUESTS=on\t # To inform the RADIUS server to allow WPA Guests"; $t[] = "# HS_DNSPARANOIA=on\t # To drop DNS packets containing something other"; $t[] = "# HS_OPENIDAUTH=on\t # To inform the RADIUS server to allow OpenID Auth"; $t[] = "# HS_USE_MAP=on\t\t # Short hand for allowing the required google"; $t[] = "###"; $t[] = "# Other feature settings and their defaults"; $t[] = "# HS_DEFSESSIONTIMEOUT=0 # Default session-timeout if not defined by RADIUS (0 for unlimited)"; $t[] = "# HS_DEFIDLETIMEOUT=0\t # Default idle-timeout if not defined by RADIUS (0 for unlimited)"; $t[] = "# HS_DEFBANDWIDTHMAXDOWN=0 # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)"; $t[] = "# HS_DEFBANDWIDTHMAXUP=0\t # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)"; $t[] = ""; $t[] = "# HS_RADCONF=on\t\t # gather the ChilliSpot-Config attributes in"; $t[] = "#\t\t\t # Administrative-User login"; $t[] = "# HS_RADCONF_SERVER=rad01.coova.org\t\t # RADIUS Server"; $t[] = "# HS_RADCONF_SECRET=coova-anonymous\t\t # RADIUS Shared Secret "; $t[] = "# HS_RADCONF_AUTHPORT=1812\t\t\t # Auth port"; $t[] = "# HS_RADCONF_USER=chillispot\t\t\t # Username"; $t[] = "# HS_RADCONF_PWD=chillispot\t\t\t # Password"; $ALLOWPORTS["80"] = true; $ALLOWPORTS["443"] = true; $ALLOWPORTS["22"] = true; $ALLOWPORTS["2812"] = true; $ALLOWPORTS["53"] = true; $ALLOWPORTS["3990"] = true; $ALLOWPORTS["22"] = true; $ALLOWPORTS["9000"] = true; $ALLOWPORTS["389"] = true; $ALLOWPORTS["53"] = true; $ALLOWPORTS["1553"] = true; $ALLOWPORTS["137"] = true; $ALLOWPORTS["138"] = true; $ALLOWPORTS["139"] = true; $ALLOWPORTS["445"] = true; $ALLOWPORTS["80"] = true; $ALLOWPORTS["443"] = true; $ALLOWPORTS["1812"] = true; $ALLOWPORTS["3306"] = true; $ALLOWPORTS["47980"] = true; while (list($index, $line) = each($ALLOWPORTS)) { $PPORT[] = $index; } $t[] = "HS_TCP_PORTS=\"" . @implode(" ", $PPORT) . "\""; $t[] = ""; $t[] = "###"; $t[] = "# Standard configurations"; $t[] = "#"; $t[] = "HS_MODE=hotspot"; $t[] = "HS_TYPE=chillispot"; $t[] = "# HS_RADAUTH=1812"; $t[] = "# HS_RADACCT=1813"; $t[] = "# HS_ADMUSR=chillispot"; $t[] = "# HS_ADMPWD=chillispot"; $t[] = ""; $t[] = ""; if ($ChilliConf["HS_PROVIDER"] == null) { $ChilliConf["HS_PROVIDER"] = "Artica"; } if ($ChilliConf["HS_PROVIDER_LINK"] == null) { $ChilliConf["HS_PROVIDER_LINK"] = "http://www.articatech.net"; } if ($ChilliConf["HS_LOC_NAME"] == null) { $ChilliConf["HS_LOC_NAME"] = "Artica HotSpot"; } if ($ChilliConf["HS_LOC_NETWORK"] == null) { $ChilliConf["HS_LOC_NETWORK"] = "HotSpot Network"; } $t[] = "HS_PROVIDER={$ChilliConf["HS_PROVIDER"]}"; $t[] = "HS_PROVIDER_LINK={$ChilliConf["HS_PROVIDER_LINK"]}/"; //$t[]="HS_LOC_NAME=\"{$ChilliConf["HS_LOC_NAME"]}\" # WISPr Location Name and used in portal"; //$t[]="HS_LOC_NETWORK=\"{$ChilliConf["HS_LOC_NETWORK"]}\" # Network name"; $t[] = "# HS_LOC_AC=408\t\t\t # Phone area code"; $t[] = "# HS_LOC_CC=1\t\t\t # Phone country code"; $t[] = "# HS_LOC_ISOCC=US\t\t # ISO Country code"; $t[] = ""; $t[] = "# Embedded miniportal"; $t[] = "# HS_REG_MODE=\"tos\" # or self, other"; $t[] = "# HS_RAD_PROTO=\"pap\" # or mschapv2, chap"; $t[] = "# HS_USE_MAP=on\n"; echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: `/etc/chilli/config` done\n"; echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: flush /etc/init.d..\n"; chilli_init_d(); file_put_contents("/etc/chilli/config", @implode("\n", $t)); coova_web(); shell_exec("{$php5} " . dirname(__FILE__) . "/exec.freeradius.php --build"); if ($GLOBALS["RELOAD"]) { $kill = $unix->find_program("kill"); shell_exec("/etc/init.d/chilli reconfigure"); $pid = PID_NUM(); if ($unix->process_exists($pid)) { shell_exec("{$kill} -HUP {$pid} 2>&1"); } else { start(); } } }
function build() { $sock = new sockets(); $unix = new unix(); $ini = new Bs_IniHandler(); $IPADDRSSL = array(); $IPADDRSSL2 = array(); $ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters'); $visible_hostname = $ini->_params["NETWORK"]["visible_hostname"]; if ($visible_hostname == null) { $visible_hostname = $unix->hostname_g(); } $SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr"); $AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid"); if (!is_numeric($AllowAllNetworksInSquid)) { $AllowAllNetworksInSquid = 1; } $ini->loadString($ArticaSquidParameters); NETWORK_ALL_INTERFACES(); $LISTEN_PORT = intval($ini->_params["NETWORK"]["LISTEN_PORT"]); $ICP_PORT = intval(trim($ini->_params["NETWORK"]["ICP_PORT"])); $certificate_center = $ini->_params["NETWORK"]["certificate_center"]; $SSL_BUMP = intval($ini->_params["NETWORK"]["SSL_BUMP"]); $LogsWarninStop = intval($sock->GET_INFO("LogsWarninStop")); $ssl = false; if ($ICP_PORT == 0) { $ICP_PORT = 3130; } if ($LISTEN_PORT == 0) { $LISTEN_PORT = 3128; } $squid = new squidbee(); $q = new mysql_squid_builder(); $IPADDRS = array(); if ($SquidBinIpaddr != null) { if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$SquidBinIpaddr])) { $SquidBinIpaddr = null; } else { $IPADDRS[$SquidBinIpaddr] = $LISTEN_PORT; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$SquidBinIpaddr}\n"; } } } if ($SSL_BUMP == 1) { $ssl = true; $ssl_port = $squid->get_ssl_port(); } if ($SquidBinIpaddr == null) { reset($GLOBALS["NETWORK_ALL_INTERFACES"]); while (list($ipaddr, $val) = each($GLOBALS["NETWORK_ALL_INTERFACES"])) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$ipaddr}:{$LISTEN_PORT}\n"; } $IPADDRS[$ipaddr] = $LISTEN_PORT; $IPADDRSSL[$ipaddr] = $ssl_port; } } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} visible hostname........: {$visible_hostname}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} AllowAllNetworksInSquid.: {$AllowAllNetworksInSquid}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} ICP Port................: {$ICP_PORT}\n"; } if ($ssl) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} SSL Intercept...........: Yes - {$ssl_port}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate_center}\n"; } $MAINSSL = $squid->SaveCertificate($certificate_center, false, false, false, true); $f[] = $MAINSSL[0]; $certificate = $MAINSSL[1]["certificate"]; $key = $MAINSSL[1]["key"]; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Key.....................: {$key}\n"; } } $sql = "SELECT * FROM proxy_ports WHERE enabled=1 and transparent=1"; $results = $q->QUERY_SQL($sql); $f[] = "# --------- proxy_ports enabled=1 and transparent=1 -> " . mysql_num_rows($results) . " ports"; while ($ligne = mysql_fetch_assoc($results)) { $ipaddr = $ligne["ipaddr"]; $xport = $ligne["port"]; $transparent_text = null; if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$ipaddr])) { $f[] = "# --------- table proxy_ports {$ipaddr}:{$xport} -> Hardware Error [" . __LINE__ . "]\n"; $f[] = "# --------- http {$ipaddr} -> Hardware Error [" . __LINE__ . "]\n"; continue; } if ($ssl) { $IPADDRSSL[$ipaddr] = $ssl_port; } $IPADDRS[$ipaddr] = $xport; } $transparent = " transparent"; while (list($ipaddr, $xport) = each($IPADDRSSL)) { $IPADDRSSL2["{$ipaddr}:{$xport}"] = true; } while (list($ipaddr, $xport) = each($IPADDRS)) { $IPADDRS2["{$ipaddr}:{$xport}"] = true; } while (list($ipaddr, $none) = each($IPADDRS2)) { $f[] = "http_port {$ipaddr}{$transparent}"; } if ($ssl) { $f[] = "# --------- https -> " . count($IPADDRSSL2) . " addresses"; while (list($ipaddr, $none) = each($IPADDRSSL2)) { $f[] = "https_port {$ipaddr} transparent cert={$certificate} key={$key}"; } } if ($AllowAllNetworksInSquid == 1) { $f[] = "acl localnet src all"; } if ($AllowAllNetworksInSquid == 0) { $k = array(); $NetworkScannerMasks = $sock->GET_INFO('NetworkScannerMasks'); $tbl = explode("\n", $NetworkScannerMasks); if (is_array($tbl)) { while (list($num, $cidr) = each($tbl)) { if (trim($cidr) == null) { continue; } $k[$cidr] = $cidr; } } if (count($this->network_array) > 0) { while (list($num, $val) = each($this->network_array)) { if ($val == null) { continue; } $k[$val] = $val; } } if (count($k == 0)) { $f[] = "acl localnet src all"; } if (count($k > 0)) { while (list($m, $l) = each($k)) { $s[] = $l; } $f[] = "acl localnet src " . implode(" ", $s); } } if ($ssl) { } $f[] = "acl all src all"; $f[] = "acl manager proto cache_object"; $f[] = "acl localhost src 127.0.0.1/32"; $f[] = "acl to_localhost dst 127.0.0.0/8 0.0.0.0/32"; $f[] = "acl SSL_ports port \"/etc/squid3/acls/SSLPorts\""; $f[] = "acl Safe_ports port 80\t\t# http"; $f[] = "acl Safe_ports port 21\t\t# ftp"; $f[] = "acl Safe_ports port 443\t\t# https"; $f[] = "acl Safe_ports port 70\t\t# gopher"; $f[] = "acl Safe_ports port 210\t\t# wais"; $f[] = "acl Safe_ports port 1025-65535\t# unregistered ports"; $f[] = "acl Safe_ports port 280\t\t# http-mgmt"; $f[] = "acl Safe_ports port 488\t\t# gss-http"; $f[] = "acl Safe_ports port 591\t\t# filemaker"; $f[] = "acl Safe_ports port 777\t\t# multiling http"; $f[] = "acl CONNECT method CONNECT"; $f[] = ""; $f[] = ""; if ($sock->EnableUfdbGuard() == 1) { $f[] = ufdbguard27(); $EnableUfdbGuardArtica = $sock->EnableUfdbGuardArtica(); if (!is_file("/etc/squid3/acls/office365-nets.acl")) { @touch("/etc/squid3/acls/office365-nets.acl"); } if (!is_file("/etc/squid3/acls/office365-domains.acl")) { @touch("/etc/squid3/acls/office365-domains.acl"); } if (!is_file("/etc/squid3/acls/skype-nets.acl")) { @touch("/etc/squid3/acls/skype-nets.acl"); } if (!is_file("/etc/squid3/acls/dropbox-nets.acl")) { @touch("/etc/squid3/acls/dropbox-nets.acl"); } $f[] = "acl squidclient proto cache_object"; $f[] = "acl MgRDest dst 127.0.0.1"; $f[] = "acl MgRPort dst 127.0.0.1"; $f[] = "acl MyTestPort src 127.0.0.1"; $f[] = "acl MyLocalIpsDest dst 127.0.0.1"; $f[] = "acl ToArticaWWW dstdomain .artica.fr .articatech.net .articatech.com"; if ($EnableUfdbGuardArtica == 0) { $f[] = "acl UrlRewriteDenyList dstdomain \"/etc/squid3/url_rewrite_program.deny.db\""; } $f[] = "acl ArticaMetaWhiteDoms dstdomain \"/etc/squid3/artica-meta/whitelist-domains.db\""; $f[] = "acl ArticaMetaWhiteIPs dst \"/etc/squid3/artica-meta/whitelist-nets.db\""; $f[] = "acl BrowsersNoWebF browser -i \"/etc/squid3/acls/Browsers-nofilter.acl\""; $f[] = "acl whitelisted_mac_computers arp \"/etc/squid3/whitelisted-computers-by-mac.acl\""; $f[] = "acl office365_ips dst \"/etc/squid3/acls/office365-nets.acl\""; $f[] = "acl office365_www dstdomain \"/etc/squid3/acls/office365-domains.acl\""; $f[] = "acl skype_www dstdomain .live.com .skypeassets.com"; $f[] = "acl skype_ips dst \"/etc/squid3/acls/skype-nets.acl\""; $f[] = "acl dropbox_ips dst \"/etc/squid3/acls/dropbox-nets.acl\""; $f[] = "acl dropbox_www dstdomain .dropbox.com"; $f[] = @file_get_contents("/etc/squid3/url_rewrite_access.conf"); } $f[] = "http_access allow manager localhost"; $f[] = "http_access deny manager"; $f[] = "http_access deny !Safe_ports"; $f[] = "http_access deny CONNECT !SSL_ports"; $f[] = "http_access allow localnet"; $f[] = "http_access deny all"; $f[] = "icp_access allow localnet"; $f[] = "icp_access deny all"; $f[] = "cache_peer 127.0.0.1\tparent\t{$LISTEN_PORT}\t3130\tdefault"; $f[] = "never_direct allow all"; $f[] = "cache_mem 64 MB"; $f[] = "maximum_object_size_in_memory 256 KB"; $f[] = "memory_replacement_policy lru"; $LOGFORMAT[] = "%>a"; $LOGFORMAT[] = "%[ui"; $LOGFORMAT[] = "%[un"; $LOGFORMAT[] = "[%tl]"; $LOGFORMAT[] = "\"%rm %ru HTTP/%rv\""; $LOGFORMAT[] = "%Hs"; $LOGFORMAT[] = "%<st"; $LOGFORMAT[] = "%Ss:"; $LOGFORMAT[] = "%Sh"; $LOGFORMAT[] = "UserAgent:\"%{User-Agent}>h\""; $LOGFORMAT[] = "Forwarded:\"%{X-Forwarded-For}>h\""; $f[] = "logformat common MAC:00:00:00:00:00:00 " . @implode(" ", $LOGFORMAT); $f[] = "access_log none"; $f[] = "cache_store_log none"; if ($LogsWarninStop == 0) { $f[] = "logfile_rotate 10"; } if ($LogsWarninStop == 1) { $f[] = "logfile_rotate 0"; } $f[] = "# emulate_httpd_log off"; $f[] = "log_ip_on_direct on"; $f[] = "mime_table /etc/squid27/mime.conf"; $f[] = "# log_mime_hdrs off"; $f[] = "pid_filename /var/run/squid/squid-nat.pid"; $f[] = "debug_options ALL,1"; $f[] = "log_fqdn on"; $f[] = "client_netmask 255.255.255.255"; $f[] = "strip_query_terms off"; $f[] = "buffered_logs on"; $f[] = "netdb_filename /var/log/squid/netdb_nat.state"; if ($LogsWarninStop == 0) { $f[] = "cache_log /var/log/squid/cache-nat.log"; } if ($LogsWarninStop == 1) { $f[] = "cache_log /dev/null"; } $f[] = "#url_rewrite_program"; $f[] = "# url_rewrite_children 5"; $f[] = "# url_rewrite_concurrency 0"; $f[] = "# url_rewrite_host_header on"; $f[] = "refresh_pattern .\t\t0\t20%\t4320"; $f[] = "cache_effective_user squid"; $f[] = "cache_effective_group squid"; $f[] = "httpd_suppress_version_string on"; $f[] = "visible_hostname {$visible_hostname}"; $f[] = "cache_dir null /tmp"; $f[] = "# icon_directory /usr/share/squid27/icons"; $f[] = "# error_directory /usr/share/squid27/errors/English"; $f[] = "forwarded_for on"; $f[] = "client_db on"; $f[] = ""; CheckFilesAndSecurity(); @file_put_contents("/etc/squid27/squid.conf", @implode("\n", $f)); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid27/squid.conf done\n"; } }
function build() { $sock = new sockets(); $unix = new unix(); $ini = new Bs_IniHandler(); $IPADDRSSL = array(); $IPADDRSSL2 = array(); $ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters'); $visible_hostname = $ini->_params["NETWORK"]["visible_hostname"]; if ($visible_hostname == null) { $visible_hostname = $unix->hostname_g(); } if (strpos($visible_hostname, ".") > 0) { $visible_hostnameTR = explode(".", $visible_hostname); $visible_hostnameTR[0] = $visible_hostnameTR[0] . "-nat"; $visible_hostname = @implode(".", $visible_hostnameTR); } else { $visible_hostname = "nat-{$visible_hostname}"; } $SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr"); $AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid"); if (!is_numeric($AllowAllNetworksInSquid)) { $AllowAllNetworksInSquid = 1; } $ini->loadString($ArticaSquidParameters); NETWORK_ALL_INTERFACES(); $LISTEN_PORT = intval($ini->_params["NETWORK"]["LISTEN_PORT"]); $ICP_PORT = intval(trim($ini->_params["NETWORK"]["ICP_PORT"])); $certificate_center = $ini->_params["NETWORK"]["certificate_center"]; $SSL_BUMP = intval($ini->_params["NETWORK"]["SSL_BUMP"]); $LogsWarninStop = intval($sock->GET_INFO("LogsWarninStop")); $ssl = false; if ($ICP_PORT == 0) { $ICP_PORT = 3130; } if ($LISTEN_PORT == 0) { $LISTEN_PORT = 3128; } $squid = new squidbee(); $q = new mysql_squid_builder(); $IPADDRS = array(); $ParentSquid27Port = intval($sock->GET_INFO("ParentSquid27Port")); if ($ParentSquid27Port == 0) { $ParentSquid27Port = 13298; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} visible hostname........: {$visible_hostname}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} AllowAllNetworksInSquid.: {$AllowAllNetworksInSquid}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} ICP Port................: {$ICP_PORT}\n"; } $sql = "SELECT * FROM proxy_ports WHERE enabled=1 and is_nat=1"; $results = $q->QUERY_SQL($sql); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} " . mysql_num_rows($results) . " ports\n"; } $f[] = "# --------- proxy_ports enabled=1 and is_nat=1 -> " . mysql_num_rows($results) . " ports"; $MAINSSL = array(); while ($ligne = mysql_fetch_assoc($results)) { $ipaddr = $ligne["ipaddr"]; $xport = $ligne["port"]; $ssl = intval($ligne["UseSSL"]); $eth = $ligne["nic"]; $transparent_text = null; $ipaddr = "0.0.0.0"; $transparent = " transparent"; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$eth} {$ipaddr}:{$xport}\n"; } if ($eth != null) { $ipaddr = $GLOBALS["NETWORK_ALL_NICS"][$eth]["IPADDR"]; if ($ipaddr == null) { $conf[] = "# --------- table proxy_ports {$eth} {$ipaddr}:{$xport} -> Hardware Error [" . __LINE__ . "]\n"; $conf[] = "# --------- http {$ipaddr} -> Hardware Error -> 0.0.0.0 [" . __LINE__ . "]\n"; $ipaddr = "0.0.0.0"; } } $f[] = "# --------- Port {$xport} listen on {$eth} ({$ipaddr}) UseSSL={$ssl}"; if ($ssl == 1) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$ipaddr}:{$xport}: SSL Intercept...........: Yes - {$ssl_port}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$ipaddr}:{$xport}: Certificate.............: {$ligne["sslcertificate"]}\n"; } $MAINSSL = $squid->SaveCertificate($ligne["sslcertificate"], false, false, false, true); $f[] = $MAINSSL[0]; $key = $MAINSSL[1]["key"]; $certificate = $MAINSSL[1]["certificate"]; $f[] = "https_port {$ipaddr}:{$xport} transparent cert={$certificate} key={$key}"; continue; } $f[] = "http_port {$ipaddr}:{$xport}{$transparent}"; } if ($AllowAllNetworksInSquid == 1) { $f[] = "acl localnet src all"; } if ($AllowAllNetworksInSquid == 0) { $k = array(); $NetworkScannerMasks = $sock->GET_INFO('NetworkScannerMasks'); $tbl = explode("\n", $NetworkScannerMasks); if (is_array($tbl)) { while (list($num, $cidr) = each($tbl)) { if (trim($cidr) == null) { continue; } $k[$cidr] = $cidr; } } if (count($this->network_array) > 0) { while (list($num, $val) = each($this->network_array)) { if ($val == null) { continue; } $k[$val] = $val; } } if (count($k == 0)) { $f[] = "acl localnet src all"; } if (count($k > 0)) { while (list($m, $l) = each($k)) { $s[] = $l; } $f[] = "acl localnet src " . implode(" ", $s); } } $f[] = "acl all src all"; $f[] = "acl manager proto cache_object"; $f[] = "acl localhost src 127.0.0.1/32"; $f[] = "acl to_localhost dst 127.0.0.0/8 0.0.0.0/32"; $f[] = "acl SSL_ports port \"/etc/squid3/acls/SSLPorts\""; $f[] = "acl Safe_ports port 80\t\t# http"; $f[] = "acl Safe_ports port 21\t\t# ftp"; $f[] = "acl Safe_ports port 443\t\t# https"; $f[] = "acl Safe_ports port 70\t\t# gopher"; $f[] = "acl Safe_ports port 210\t\t# wais"; $f[] = "acl Safe_ports port 1025-65535\t# unregistered ports"; $f[] = "acl Safe_ports port 280\t\t# http-mgmt"; $f[] = "acl Safe_ports port 488\t\t# gss-http"; $f[] = "acl Safe_ports port 591\t\t# filemaker"; $f[] = "acl Safe_ports port 777\t\t# multiling http"; $f[] = "acl CONNECT method CONNECT"; $f[] = ""; $f[] = ""; $f[] = "http_access allow manager localhost"; $f[] = "http_access deny manager"; $f[] = "http_access deny !Safe_ports"; $f[] = "http_access deny CONNECT !SSL_ports"; $f[] = "http_access allow localnet"; $f[] = "http_access deny all"; $f[] = "icp_access allow localnet"; $f[] = "icp_access deny all"; $f[] = "cache_peer 127.0.0.1\tparent\t{$ParentSquid27Port}\t3130\tdefault"; $f[] = "never_direct allow all"; $f[] = "cache_mem 64 MB"; $f[] = "maximum_object_size_in_memory 64 KB"; $f[] = "memory_replacement_policy lru"; $LOGFORMAT[] = "%>a"; $LOGFORMAT[] = "%[ui"; $LOGFORMAT[] = "%[un"; $LOGFORMAT[] = "[%tl]"; $LOGFORMAT[] = "\"%rm %ru HTTP/%rv\""; $LOGFORMAT[] = "%Hs"; $LOGFORMAT[] = "%<st"; $LOGFORMAT[] = "%Ss:"; $LOGFORMAT[] = "%Sh"; $LOGFORMAT[] = "UserAgent:\"%{User-Agent}>h\""; $LOGFORMAT[] = "Forwarded:\"%{X-Forwarded-For}>h\""; $f[] = "logformat common MAC:00:00:00:00:00:00 " . @implode(" ", $LOGFORMAT); $f[] = "access_log none"; $f[] = "cache_store_log none"; if ($LogsWarninStop == 0) { $f[] = "logfile_rotate 10"; } if ($LogsWarninStop == 1) { $f[] = "logfile_rotate 0"; } $f[] = "# emulate_httpd_log off"; $f[] = "log_ip_on_direct on"; $f[] = "mime_table /etc/squid27/mime.conf"; $f[] = "# log_mime_hdrs off"; $f[] = "pid_filename /var/run/squid/squid-nat.pid"; $f[] = "debug_options ALL,1"; $f[] = "log_fqdn on"; $f[] = "client_netmask 255.255.255.255"; $f[] = "strip_query_terms off"; $f[] = "buffered_logs on"; $f[] = "netdb_filename /var/log/squid/netdb_nat.state"; if ($LogsWarninStop == 0) { $f[] = "cache_log /var/log/squid/cache-nat.log"; } if ($LogsWarninStop == 1) { $f[] = "cache_log /dev/null"; } $f[] = "#url_rewrite_program"; $f[] = "# url_rewrite_children 5"; $f[] = "# url_rewrite_concurrency 0"; $f[] = "# url_rewrite_host_header on"; $f[] = "refresh_pattern .\t\t0\t20%\t4320"; $f[] = "cache_effective_user squid"; $f[] = "cache_effective_group squid"; $f[] = "httpd_suppress_version_string on"; $f[] = "visible_hostname {$visible_hostname}"; $f[] = "cache_dir null /tmp"; $f[] = "# icon_directory /usr/share/squid27/icons"; $f[] = "# error_directory /usr/share/squid27/errors/English"; $f[] = "forwarded_for on"; $f[] = "client_db on"; $f[] = ""; CheckFilesAndSecurity(); @file_put_contents("/etc/squid27/squid.conf", @implode("\n", $f)); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid27/squid.conf done\n"; } }