function apache_config()
{
$sock = new sockets();
$unix = new unix();
$EnablePHPFPM = 0;
$APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT();
$APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP();
if (preg_match("#APACHE_RUN_GROUP#", $APACHE_SRC_GROUP)) {
$APACHE_SRC_GROUP = "www-data";
}
$LogFilePath = "/var/log/artica-wifidog/access.log";
$directories[] = "/var/run/apache2";
$directories[] = "/var/run/artica-apache";
$directories[] = "/var/log/artica-wifidog";
$directories[] = "/home/artica/hotspot/sessions";
$directories[] = "/home/artica/hotspot/caches";
while (list($index, $maindir) = each($directories)) {
@mkdir($maindir, 0755, true);
@chown($maindir, $APACHE_SRC_ACCOUNT);
@chgrp($maindir, $APACHE_SRC_GROUP);
}
$ErrorLog = dirname($LogFilePath) . "/error.log";
if (!is_file($LogFilePath)) {
@touch($LogFilePath);
}
@chown($LogFilePath, $APACHE_SRC_ACCOUNT);
@chgrp($LogFilePath, $APACHE_SRC_GROUP);
if (!is_file($ErrorLog)) {
@touch($ErrorLog);
}
@chown($ErrorLog, $APACHE_SRC_ACCOUNT);
@chgrp($ErrorLog, $APACHE_SRC_GROUP);
$APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH();
$HotSpotMaxClients = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotMaxClients"));
$HotSpotStartServers = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotStartServers"));
$HotSpotForceDDOSDisable = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotForceDDOSDisable"));
if ($HotSpotMaxClients == 0) {
$HotSpotMaxClients = 20;
}
if ($HotSpotStartServers == 0) {
$HotSpotStartServers = 5;
}
$EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot");
$SquidHotSpotPort = $sock->GET_INFO("SquidHotSpotPort");
$ArticaHotSpotPort = $sock->GET_INFO("ArticaHotSpotPort");
$ArticaSSLHotSpotPort = $sock->GET_INFO("ArticaSSLHotSpotPort");
$ArticaSplashHotSpotPort = $sock->GET_INFO("ArticaSplashHotSpotPort");
$ArticaSplashHotSpotPortSSL = $sock->GET_INFO("ArticaSplashHotSpotPortSSL");
if (!is_numeric($ArticaHotSpotPort)) {
$ArticaHotSpotPort = 0;
}
if (!is_numeric($ArticaSplashHotSpotPort)) {
$ArticaSplashHotSpotPort = 16080;
}
if (!is_numeric($ArticaSplashHotSpotPortSSL)) {
$ArticaSplashHotSpotPortSSL = 16443;
}
$ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface");
$HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName"));
$HotSpotErrorRedirect = $sock->GET_INFO("HotSpotErrorRedirect");
if ($HotSpotErrorRedirect == null) {
$HotSpotErrorRedirect = "http://www.msftncsi.com";
}
$Params = unserialize($sock->GET_INFO("HotSpotEvasive"));
$ApacheEvasiveInstalled = intval($sock->GET_INFO("ApacheEvasiveInstalled"));
if (!is_numeric($Params["DOSEnable"])) {
$Params["DOSEnable"] = 1;
}
if (!is_numeric($Params["DOSHashTableSize"])) {
$Params["DOSHashTableSize"] = 1024;
}
if (!is_numeric($Params["DOSPageCount"])) {
$Params["DOSPageCount"] = 3;
}
if (!is_numeric($Params["DOSSiteCount"])) {
$Params["DOSSiteCount"] = 20;
}
if (!is_numeric($Params["DOSPageInterval"])) {
$Params["DOSPageInterval"] = 1;
}
if (!is_numeric($Params["DOSSiteInterval"])) {
$Params["DOSSiteInterval"] = 10;
}
if (!is_numeric($Params["DOSBlockingPeriod"])) {
$Params["DOSBlockingPeriod"] = 5;
}
$unix = new unix();
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
$ipaddr = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"];
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HotSpot run as {$ArticaHotSpotInterface} ( {$ipaddr} )\n";
}
if ($ipaddr == "0.0.0.0") {
$ipaddr = "*";
}
if ($ipaddr == null) {
$ipaddr = "*";
}
$GLOBALS["HOSTPOT_WEB_INTERFACE"] = $ipaddr;
$phpfpm = $unix->APACHE_LOCATE_PHP_FPM();
$php = $unix->LOCATE_PHP5_BIN();
$EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
if (!is_numeric($EnableArticaApachePHPFPM)) {
$EnableArticaApachePHPFPM = 0;
}
if (!is_file($phpfpm)) {
$EnableArticaApachePHPFPM = 0;
}
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/artica-apache");
$apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES();
if ($EnableArticaApachePHPFPM == 1) {
if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n";
}
$EnableArticaApachePHPFPM = 0;
}
}
if ($APACHE_SRC_ACCOUNT == null) {
$APACHE_SRC_ACCOUNT = "www-data";
$APACHE_SRC_GROUP = "www-data";
$unix->CreateUnixUser($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "Apache username");
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as....: {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port.: {$ArticaSplashHotSpotPort} SSL Port: {$ArticaSplashHotSpotPortSSL}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM...: {$EnablePHPFPM}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} MaxClients: {$HotSpotMaxClients}\n";
}
$f[] = "Group {$APACHE_SRC_GROUP}";
$f[] = "User {$APACHE_SRC_ACCOUNT}";
$f[] = "LockFile /var/run/apache2/hotspot-artica-accept.lock";
$f[] = "PidFile /var/run/artica-apache/hotspot-apache.pid";
$f[] = "AcceptMutex flock";
$f[] = "SSLRandomSeed startup file:/dev/urandom 256";
$f[] = "SSLRandomSeed connect builtin";
$f[] = "SSLSessionCache shmcb:/var/run/apache2/ssl_scache-hotspot(512000)";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "DocumentRoot /usr/share/artica-postfix";
$f[] = "DirectoryIndex hotspot.html";
$f[] = "ErrorDocument 400 /hotspot.html";
$f[] = "ErrorDocument 401 /hotspot.html";
$f[] = "ErrorDocument 403 /hotspot.html";
$f[] = "ErrorDocument 404 /hotspot.html";
$f[] = "ErrorDocument 500 /hotspot.html";
$NameVirtualHost = $ipaddr;
if ($HospotHTTPServerName != null) {
$NameVirtualHost = $HospotHTTPServerName;
}
$f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}";
$f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}";
$f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPort}";
$f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}";
$ddos_config = null;
if ($HotSpotForceDDOSDisable == 1) {
$Params["DOSEnable"] = 0;
}
if ($Params["DOSEnable"] == 1) {
//$ddos[]="<IfModule mod_evasive20.c>";
$ddos[] = "\tDOSHashTableSize {$Params["DOSHashTableSize"]}";
$ddos[] = "\tDOSPageCount {$Params["DOSPageCount"]}";
$ddos[] = "\tDOSSiteCount {$Params["DOSSiteCount"]}";
$ddos[] = "\tDOSPageInterval {$Params["DOSPageInterval"]}";
$ddos[] = "\tDOSSiteInterval {$Params["DOSSiteInterval"]}";
$ddos[] = "\tDOSBlockingPeriod {$Params["DOSBlockingPeriod"]}";
$ddos[] = "\tDOSLogDir \"/var/log/artica-wifidog\"";
$ddos[] = "\tDOSSystemCommand \"/bin/echo `date '+%F %T'` HOTSPOT %s >> /var/log/artica-wifidog/dos_evasive_attacks.log\"";
$ddos_config = @implode("\n", $ddos);
//$ddos[]="</IfModule>";
}
$f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}>";
$f[] = "\tServerName {$NameVirtualHost}";
$f[] = "\tDocumentRoot /usr/share/artica-postfix";
$f[] = "{$ddos_config}";
$f[] = "\tErrorDocument 400 /hotspot.html";
$f[] = "\tErrorDocument 401 /hotspot.html";
$f[] = "\tErrorDocument 403 /hotspot.html";
$f[] = "\tErrorDocument 404 /hotspot.html";
$f[] = "\tErrorDocument 500 /hotspot.html";
$f[] = "\tFallbackResource /hotspot.html";
$f[] = "</VirtualHost>";
$f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}>";
$f[] = "\tServerName {$NameVirtualHost}";
$f[] = "\tDocumentRoot /usr/share/artica-postfix";
$f[] = "\tSSLEngine on";
$squid = new squidbee();
$ArticaSplashHotSpotCertificate = $sock->GET_INFO("ArticaSplashHotSpotCertificate");
$data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false);
if ($ArticaSplashHotSpotCertificate != null) {
$apache = new apache_certificate($ArticaSplashHotSpotCertificate);
$f[] = $apache->build();
} else {
if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) {
$cert = $re[1];
$key = $re[2];
$f[] = "\tSSLCertificateFile \"{$cert}\"";
$f[] = "\tSSLCertificateKeyFile \"{$key}\"";
}
}
$f[] = "\tSSLVerifyClient none";
$f[] = "\tServerSignature Off";
$f[] = "{$ddos_config}";
$f[] = "\tErrorDocument 400 /hotspot.html";
$f[] = "\tErrorDocument 401 /hotspot.html";
$f[] = "\tErrorDocument 403 /hotspot.html";
$f[] = "\tErrorDocument 404 /hotspot.html";
$f[] = "\tErrorDocument 500 /hotspot.html";
$f[] = "\tFallbackResource /hotspot.html";
$f[] = "</VirtualHost>";
$f[] = "AccessFileName .htaccess";
$f[] = "<Files ~ \"^\\.ht\">";
$f[] = "\tOrder allow,deny";
$f[] = "\tDeny from all";
$f[] = "\tSatisfy all";
$f[] = "</Files>";
$f[] = "DefaultType text/plain";
$f[] = "HostnameLookups Off";
$f[] = "User\t\t\t\t {$APACHE_SRC_ACCOUNT}";
$f[] = "Group\t\t\t\t {$APACHE_SRC_GROUP}";
$f[] = "Timeout 300";
$f[] = "KeepAlive Off";
$f[] = "KeepAliveTimeout 3";
if ($HotSpotStartServers >= $HotSpotMaxClients) {
$HotSpotMaxClients = $HotSpotMaxClients + $HotSpotStartServers;
}
if ($HotSpotMaxClients > 1024) {
$HotSpotMaxClients = 1024;
}
$ServerLimit = $HotSpotMaxClients + 100;
if ($ServerLimit > 2000) {
$ServerLimit = 2000;
}
$f[] = "StartServers {$HotSpotStartServers}";
$f[] = "MaxClients {$HotSpotMaxClients}";
$f[] = "ServerLimit\t\t {$ServerLimit}";
$MinSpareServers = $HotSpotStartServers + 5;
$MaxSpareServers = $MinSpareServers + 1;
$f[] = "MinSpareServers {$MinSpareServers}";
$f[] = "MaxSpareServers {$MaxSpareServers}";
$f[] = "MaxRequestsPerChild 800";
$f[] = "MaxKeepAliveRequests 100";
$f[] = "ServerName " . $unix->hostname_g();
$f[] = "<IfModule mod_ssl.c>";
$f[] = "\tSSLRandomSeed connect builtin";
$f[] = "\tSSLRandomSeed connect file:/dev/urandom 512";
$f[] = "\tAddType application/x-x509-ca-cert .crt";
$f[] = "\tAddType application/x-pkcs7-crl .crl";
$f[] = "\tSSLPassPhraseDialog builtin";
$f[] = "\tSSLSessionCache shmcb:/var/run/apache2/ssl_scache-articahtp(512000)";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLMutex sem";
$f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH";
$f[] = "\tSSLProtocol all -SSLv2";
$f[] = "</IfModule>";
$f[] = "";
$f[] = "AddType application/x-httpd-php .php";
$f[] = "php_value error_log \"/var/log/artica-wifidog/access.log\"";
$f[] = "php_value session.save_path \"/home/artica/hotspot/sessions\"";
$f[] = "<IfModule mod_fcgid.c>";
$f[] = "\tPHP_Fix_Pathinfo_Enable 1";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_php5.c>";
$f[] = " <FilesMatch \"\\.ph(p3?|tml)\$\">";
$f[] = "\tSetHandler application/x-httpd-php";
$f[] = " </FilesMatch>";
$f[] = " <FilesMatch \"\\.phps\$\">";
$f[] = "\tSetHandler application/x-httpd-php-source";
$f[] = " </FilesMatch>";
$f[] = " <IfModule mod_userdir.c>";
$f[] = " <Directory /home/*/public_html>";
$f[] = " php_admin_value engine Off";
$f[] = " </Directory>";
$f[] = " </IfModule>";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_mime.c>";
$f[] = "\tTypesConfig /etc/mime.types";
$f[] = "\tAddType application/x-compress .Z";
$f[] = "\tAddType application/x-gzip .gz .tgz";
$f[] = "\tAddType application/x-bzip2 .bz2";
$f[] = "\tAddType application/x-httpd-php .php .phtml";
$f[] = "\tAddType application/x-httpd-php-source .phps";
$f[] = "\tAddLanguage ca .ca";
$f[] = "\tAddLanguage cs .cz .cs";
$f[] = "\tAddLanguage da .dk";
$f[] = "\tAddLanguage de .de";
$f[] = "\tAddLanguage el .el";
$f[] = "\tAddLanguage en .en";
$f[] = "\tAddLanguage eo .eo";
$f[] = "\tRemoveType es";
$f[] = "\tAddLanguage es .es";
$f[] = "\tAddLanguage et .et";
$f[] = "\tAddLanguage fr .fr";
$f[] = "\tAddLanguage he .he";
$f[] = "\tAddLanguage hr .hr";
$f[] = "\tAddLanguage it .it";
$f[] = "\tAddLanguage ja .ja";
$f[] = "\tAddLanguage ko .ko";
$f[] = "\tAddLanguage ltz .ltz";
$f[] = "\tAddLanguage nl .nl";
$f[] = "\tAddLanguage nn .nn";
$f[] = "\tAddLanguage no .no";
$f[] = "\tAddLanguage pl .po";
$f[] = "\tAddLanguage pt .pt";
$f[] = "\tAddLanguage pt-BR .pt-br";
$f[] = "\tAddLanguage ru .ru";
$f[] = "\tAddLanguage sv .sv";
$f[] = "\tRemoveType tr";
$f[] = "\tAddLanguage tr .tr";
$f[] = "\tAddLanguage zh-CN .zh-cn";
$f[] = "\tAddLanguage zh-TW .zh-tw";
$f[] = "\tAddCharset us-ascii .ascii .us-ascii";
$f[] = "\tAddCharset ISO-8859-1 .iso8859-1 .latin1";
$f[] = "\tAddCharset ISO-8859-2 .iso8859-2 .latin2 .cen";
$f[] = "\tAddCharset ISO-8859-3 .iso8859-3 .latin3";
$f[] = "\tAddCharset ISO-8859-4 .iso8859-4 .latin4";
$f[] = "\tAddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru";
$f[] = "\tAddCharset ISO-8859-6 .iso8859-6 .arb .arabic";
$f[] = "\tAddCharset ISO-8859-7 .iso8859-7 .grk .greek";
$f[] = "\tAddCharset ISO-8859-8 .iso8859-8 .heb .hebrew";
$f[] = "\tAddCharset ISO-8859-9 .iso8859-9 .latin5 .trk";
$f[] = "\tAddCharset ISO-8859-10 .iso8859-10 .latin6";
$f[] = "\tAddCharset ISO-8859-13 .iso8859-13";
$f[] = "\tAddCharset ISO-8859-14 .iso8859-14 .latin8";
$f[] = "\tAddCharset ISO-8859-15 .iso8859-15 .latin9";
$f[] = "\tAddCharset ISO-8859-16 .iso8859-16 .latin10";
$f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis";
$f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis";
$f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis";
$f[] = "\tAddCharset Big5 .Big5 .big5 .b5";
$f[] = "\tAddCharset cn-Big5 .cn-big5";
$f[] = "\t# For russian, more than one charset is used (depends on client, mostly):";
$f[] = "\tAddCharset WINDOWS-1251 .cp-1251 .win-1251";
$f[] = "\tAddCharset CP866 .cp866";
$f[] = "\tAddCharset KOI8 .koi8";
$f[] = "\tAddCharset KOI8-E .koi8-e";
$f[] = "\tAddCharset KOI8-r .koi8-r .koi8-ru";
$f[] = "\tAddCharset KOI8-U .koi8-u";
$f[] = "\tAddCharset KOI8-ru .koi8-uk .ua";
$f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2";
$f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4";
$f[] = "\tAddCharset UTF-7 .utf7";
$f[] = "\tAddCharset UTF-8 .utf8";
$f[] = "\tAddCharset UTF-16 .utf16";
$f[] = "\tAddCharset UTF-16BE .utf16be";
$f[] = "\tAddCharset UTF-16LE .utf16le";
$f[] = "\tAddCharset UTF-32 .utf32";
$f[] = "\tAddCharset UTF-32BE .utf32be";
$f[] = "\tAddCharset UTF-32LE .utf32le";
$f[] = "\tAddCharset euc-cn .euc-cn";
$f[] = "\tAddCharset euc-gb .euc-gb";
$f[] = "\tAddCharset euc-jp .euc-jp";
$f[] = "\tAddCharset euc-kr .euc-kr";
$f[] = "\tAddCharset EUC-TW .euc-tw";
$f[] = "\tAddCharset gb2312 .gb2312 .gb";
$f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2";
$f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4";
$f[] = "\tAddCharset shift_jis .shift_jis .sjis";
$f[] = "\tAddType text/html .shtml";
$f[] = "\tAddOutputFilter INCLUDES .shtml";
$f[] = "</IfModule>";
$f[] = "Alias /index.php /hotspot.html";
$f[] = "Alias /index.html /hotspot.html";
$f[] = "Alias /Microsoft-Server-ActiveSync /hotspot-none.html";
$f[] = "<Directory \"/usr/share/artica-postfix\">";
$f[] = "\tDirectorySlash On";
$f[] = "\tDirectoryIndex hostpot.php";
$f[] = "\t\t<Files \"hostpot.php\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tallow from all";
$f[] = "\t\t</Files>";
$f[] = "\t\t<Files \"hostpot.html\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tallow from all";
$f[] = "\t\t</Files>";
$f[] = "\t\t<FilesMatch \"!(hostpot)\\.(html|php)\$\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tdeny from all";
$f[] = "\t\t</FilesMatch>";
$f[] = "\tErrorDocument 400 /hotspot.html";
$f[] = "\tErrorDocument 401 /hotspot.html";
$f[] = "\tErrorDocument 403 /hotspot.html";
$f[] = "\tErrorDocument 404 /hotspot.html";
$f[] = "\tErrorDocument 500 /hotspot.html";
$f[] = "\tFallbackResource /hotspot.html";
$f[] = "\tOptions -Indexes";
$f[] = "\tSSLOptions +StdEnvVars";
$f[] = "\tAllowOverride All";
$f[] = "\tOrder allow,deny";
$f[] = "\tAllow from all";
$f[] = "</Directory>";
if ($EnableArticaApachePHPFPM == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n";
}
shell_exec("/etc/init.d/php5-fpm restart");
$f[] = "\tAlias /php5.fastcgi /var/run/artica-apache/php5.fastcgi";
$f[] = "\tAddHandler php-script .php";
$f[] = "\tFastCGIExternalServer /var/run/artica-apache/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610";
$f[] = "\tAction php-script /php5.fastcgi virtual";
$f[] = "\t<Directory /var/run/artica-apache>";
$f[] = "\t\t<Files php5.fastcgi>";
$f[] = "\t\tOrder deny,allow";
$f[] = "\t\tAllow from all";
$f[] = "\t\t</Files>";
$f[] = "\t</Directory>";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n";
}
}
$f[] = "Loglevel debug";
$f[] = "ErrorLog {$ErrorLog}";
$f[] = "LogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common";
$f[] = "CustomLog {$LogFilePath} common";
if ($EnableArticaApachePHPFPM == 0) {
$array["php5_module"] = "libphp5.so";
}
$array["actions_module"] = "mod_actions.so";
$array["expires_module"] = "mod_expires.so";
$array["rewrite_module"] = "mod_rewrite.so";
$array["dir_module"] = "mod_dir.so";
$array["mime_module"] = "mod_mime.so";
$array["alias_module"] = "mod_alias.so";
$array["auth_basic_module"] = "mod_auth_basic.so";
$array["authz_host_module"] = "mod_authz_host.so";
$array["autoindex_module"] = "mod_autoindex.so";
$array["negotiation_module"] = "mod_negotiation.so";
$array["ssl_module"] = "mod_ssl.so";
$array["headers_module"] = "mod_headers.so";
$array["ldap_module"] = "mod_ldap.so";
if ($Params["DOSEnable"] == 1) {
$array["evasive20_module"] = "mod_evasive20.so";
}
if ($EnableArticaApachePHPFPM == 1) {
$array["fastcgi_module"] = "mod_fastcgi.so";
}
if (is_dir("/etc/apache2")) {
if (!is_file("/etc/apache2/mime.types")) {
if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") {
@copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types");
}
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n";
}
while (list($module, $lib) = each($array)) {
if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n";
}
$f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n";
}
}
}
build_error_page();
@file_put_contents("/etc/artica-postfix/hotspot-httpd.conf", @implode("\n", $f) . "\n");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/hotspot-httpd.conf done\n";
}
}
function build_default_asArtica()
{
$nginx = new nginx();
$unix = new unix();
$squidR = new squidbee();
$f[] = "server {";
$f[] = "\tlisten 80;";
$f[] = "\tserver_name " . $unix->hostname_g() . ";";
$f[] = "\tindex logon.php;";
$f[] = "\tlocation /nginx_status {";
$f[] = "\tstub_status on;";
$f[] = "\terror_log /var/log/nginx/default.error.log warn;";
$f[] = "\taccess_log /var/log/nginx/default.access.log;";
$f[] = "\tallow all;";
$f[] = "\t}";
$f[] = "\tlocation / {";
$f[] = "\t\troot\t/usr/share/artica-postfix;";
$f[] = "\t}";
$f[] = $nginx->php_fpm("logon.php", "/usr/share/artica-postfix", 1);
$f[] = "}";
$f[] = "server {";
$f[] = "\tlisten 443;";
$f[] = "\tindex logon.php;";
$f[] = "\tkeepalive_timeout 70;";
$f[] = "\terror_log /var/log/nginx/default.error.log warn;";
$f[] = "\taccess_log /var/log/nginx/default.access.log;";
$f[] = "\tssl on;";
$f[] = "\t" . $squidR->SaveCertificate($unix->hostname_g(), false, true);
$f[] = "\tssl_session_timeout 5m;";
$f[] = "\tssl_protocols SSLv3 TLSv1;";
$f[] = "\tssl_ciphers HIGH:!aNULL:!MD5;";
$f[] = "\tssl_prefer_server_ciphers on;";
$f[] = "\tserver_name " . $unix->hostname_g() . ";";
$f[] = "\tlocation / {";
$f[] = "\t\troot\t/usr/share/artica-postfix;";
$f[] = "\t}";
$f[] = $nginx->php_fpm("logon.php", "/usr/share/artica-postfix", 1);
$f[] = "}";
@file_put_contents("/etc/nginx/conf.d/default.conf", @implode("\n", $f));
if ($GLOBALS["RELOAD"]) {
reload(true);
}
}
$GLOBALS["debug"] = true;
ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL);
ini_set('error_prepend_string', null);
ini_set('error_append_string', null);
}
if (preg_match("#--output#", implode(" ", $argv))) {
$GLOBALS["OUTPUT"] = true;
}
if (preg_match("#schedule-id=([0-9]+)#", implode(" ", $argv), $re)) {
$GLOBALS["SCHEDULE_ID"] = $re[1];
}
if (preg_match("#--force#", implode(" ", $argv), $re)) {
$GLOBALS["FORCE"] = true;
}
if (preg_match("#--reconfigure#", implode(" ", $argv), $re)) {
$GLOBALS["RECONFIGURE"] = true;
}
$GLOBALS["AS_ROOT"] = true;
include_once dirname(__FILE__) . '/ressources/class.ldap.inc';
include_once dirname(__FILE__) . '/ressources/class.nginx.inc';
include_once dirname(__FILE__) . '/ressources/class.freeweb.inc';
include_once dirname(__FILE__) . '/framework/class.unix.inc';
include_once dirname(__FILE__) . '/ressources/class.squid.reverse.inc';
include_once dirname(__FILE__) . '/framework/frame.class.inc';
include_once dirname(__FILE__) . '/framework/class.settings.inc';
include_once dirname(__FILE__) . '/ressources/class.resolv.conf.inc';
$certificate = $argv[1];
$squid = new squidbee();
$squid->SaveCertificate($certificate, false, true);
function apache_config()
{
$sock = new sockets();
$unix = new unix();
$EnablePHPFPM = 0;
@mkdir("/var/run/squid", 0755, true);
@mkdir("/var/run/squid", 0755, true);
$APACHE_SRC_ACCOUNT = "squid";
$APACHE_SRC_GROUP = "squid";
$APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH();
if (!isset($GLOBALS["HyperCacheStoragePath"])) {
$sock = new sockets();
$GLOBALS["HyperCacheStoragePath"] = $sock->GET_INFO("HyperCacheStoragePath");
if ($GLOBALS["HyperCacheStoragePath"] == null) {
$GLOBALS["HyperCacheStoragePath"] = "/home/artica/proxy-cache";
}
}
$SquidEnforceRules = intval($sock->GET_INFO("SquidEnforceRules"));
$HyperCacheHTTPListenPort = $sock->GET_INFO("HyperCacheHTTPListenPort");
$HyperCacheHTTPListenPortSSL = $sock->GET_INFO("HyperCacheHTTPListenPortSSL");
$HyperCacheHTTPListenPortSSLEnabled = intval($sock->GET_INFO("HyperCacheHTTPListenPortSSLEnabled"));
if (!is_numeric($HyperCacheHTTPListenPort)) {
$HyperCacheHTTPListenPort = 8700;
}
if (!is_numeric($HyperCacheHTTPListenPortSSL)) {
$HyperCacheHTTPListenPortSSL = 8900;
}
$HyperCacheListenAddr = $sock->GET_INFO("HyperCacheListenAddr");
$unix = new unix();
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
unset($NETWORK_ALL_INTERFACES["lo"]);
if ($HyperCacheListenAddr == null) {
$HyperCacheListenAddr = $unix->NETWORK_DEFAULT_LISTEN_ADDR();
$sock->SET_INFO("HyperCacheListenAddr", $HyperCacheListenAddr);
}
if ($unix->NETWORK_IS_LISTEN_ADDR_EXISTS($HyperCacheListenAddr)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$HyperCacheListenAddr} doesn't exists...\n";
}
$HyperCacheListenAddr = $unix->NETWORK_DEFAULT_LISTEN_ADDR();
$sock->SET_INFO("HyperCacheListenAddr", $HyperCacheListenAddr);
}
$ipaddr = $HyperCacheListenAddr;
$phpfpm = $unix->APACHE_LOCATE_PHP_FPM();
$php = $unix->LOCATE_PHP5_BIN();
$EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
if (!is_numeric($EnableArticaApachePHPFPM)) {
$EnableArticaApachePHPFPM = 0;
}
if (!is_file($phpfpm)) {
$EnableArticaApachePHPFPM = 0;
}
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/squid");
$apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES();
if ($EnableArticaApachePHPFPM == 1) {
if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n";
}
$EnableArticaApachePHPFPM = 0;
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listen address: {$ipaddr}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port: {$HyperCacheHTTPListenPort} SSL Port: {$HyperCacheHTTPListenPortSSL}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM: {$EnablePHPFPM}\n";
}
$q = new mysql_squid_builder();
$nice = EXEC_NICE();
$sql = "SELECT * FROM artica_caches_mirror WHERE enabled=1 AND `ToDelete`=0";
$results = $q->QUERY_SQL($sql);
$HyperCache = new HyperCache();
while ($ligne = mysql_fetch_assoc($results)) {
$t = time();
$sitename = $ligne["sitename"];
$sitename_path = $HyperCache->HyperCacheUriToHostname($sitename);
$workingdir = $GLOBALS["HyperCacheStoragePath"] . "/mirror/{$sitename_path}";
if (!is_dir($workingdir)) {
@mkdir($workingdir, 0755, true);
}
@chown("{$GLOBALS["HyperCacheStoragePath"]}/mirror", "squid");
@chgrp("{$GLOBALS["HyperCacheStoragePath"]}/mirror", "squid");
@chown("{$GLOBALS["HyperCacheStoragePath"]}/mirror/{$sitename_path}", "squid");
@chgrp("{$GLOBALS["HyperCacheStoragePath"]}/mirror/{$sitename_path}", "squid");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} build folder for mirrored {$sitename_path}\n";
}
$mirrors[] = "";
$mirrors_aliases[] = "alias /{$sitename_path} {$workingdir}";
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: alias /{$sitename_path} {$workingdir}\n";
}
$mirrors[] = "";
$mirrors[] = "\t<Directory \"{$workingdir}\">";
$mirrors[] = "\t\tDirectorySlash On";
$mirrors[] = "\t\tDirectoryIndex index.html index-2.html";
$mirrors[] = "\t\tOptions All";
$mirrors[] = "\t\tOrder deny,allow";
$mirrors[] = "\t\tAllow from all";
$mirrors[] = "\t</Directory>";
$mirrors[] = "";
}
$mirrors_conf = @implode("\n", $mirrors);
$mirrors_aliases_conf = @implode("\n", $mirrors_aliases);
$f[] = "LockFile /var/run/squid/HyperCacheWebAccept.lock";
$f[] = "PidFile /var/run/squid/HyperCacheWeb.pid";
$f[] = "AcceptMutex flock";
$f[] = "DocumentRoot /usr/share/artica-postfix";
$f[] = "DirectoryIndex squidcache.php";
$f[] = "NameVirtualHost {$ipaddr}:{$HyperCacheHTTPListenPort}";
$f[] = $mirrors_aliases_conf;
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$f[] = "SSLRandomSeed startup file:/dev/urandom 256";
$f[] = "SSLRandomSeed connect builtin";
$f[] = "SSLSessionCache shmcb:/var/run/squid/HyperCacheWebSSL(512000)";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "NameVirtualHost {$ipaddr}:{$HyperCacheHTTPListenPortSSL}";
$f[] = "Listen {$ipaddr}:{$HyperCacheHTTPListenPortSSL}";
}
$f[] = "Listen {$ipaddr}:{$HyperCacheHTTPListenPort}";
$f[] = "<VirtualHost {$ipaddr}:{$HyperCacheHTTPListenPort}>";
$f[] = "\tServerName {$ipaddr}";
$f[] = "\tLoglevel debug";
$f[] = "\tLoglevel debug";
$f[] = "\tErrorLog /var/log/squid/HyperCache-error.log";
$f[] = "\tLogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common";
$f[] = "\tCustomLog /var/log/squid/HyperCache-access.log common";
$f[] = "\tErrorDocument 400 /squidcache.php";
$f[] = "\tErrorDocument 401 /squidcache.php";
$f[] = "\tErrorDocument 403 /squidcache.php";
$f[] = "\tErrorDocument 404 /squidcache.php";
$f[] = "\tErrorDocument 500 /squidcache.php";
//$f[]="\tFallbackResource /squidcache.php";
$f[] = $mirrors_aliases_conf;
$f[] = $mirrors_conf;
$f[] = "</VirtualHost>";
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$squid = new squidbee();
$data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false);
if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) {
$cert = $re[1];
$key = $re[2];
}
$f[] = "<VirtualHost {$ipaddr}:{$HyperCacheHTTPListenPortSSL}>";
$f[] = "\tFallbackResource /squidcache.php";
$f[] = "\tServerName {$ipaddr}";
$f[] = "\tDocumentRoot /usr/share/artica-postfix";
$f[] = "\tSSLEngine on";
$f[] = "\tSSLCertificateFile \"{$cert}\"";
$f[] = "\tSSLCertificateKeyFile \"{$key}\"";
$f[] = "\tSSLVerifyClient none";
$f[] = "\tServerSignature Off";
$f[] = $mirrors_conf;
$f[] = "</VirtualHost>";
}
$f[] = "<IfModule mpm_prefork_module>";
$f[] = "</IfModule>";
$f[] = "<IfModule mpm_worker_module>";
$f[] = "\tMinSpareThreads 25";
$f[] = "\tMaxSpareThreads 75 ";
$f[] = "\tThreadLimit 64";
$f[] = "\tThreadsPerChild 25";
$f[] = "</IfModule>";
$f[] = "<IfModule mpm_event_module>";
$f[] = "\tMinSpareThreads 25";
$f[] = "\tMaxSpareThreads 75 ";
$f[] = "\tThreadLimit 64";
$f[] = "\tThreadsPerChild 25";
$f[] = "</IfModule>";
$f[] = "AccessFileName .htaccess";
$f[] = "<Files ~ \"^\\.ht\">";
$f[] = "\tOrder allow,deny";
$f[] = "\tDeny from all";
$f[] = "\tSatisfy all";
$f[] = "</Files>";
$f[] = "DefaultType text/plain";
$f[] = "HostnameLookups Off";
$f[] = "User\t\t\t\t {$APACHE_SRC_ACCOUNT}";
$f[] = "Group\t\t\t\t {$APACHE_SRC_GROUP}";
$f[] = "Timeout 300";
$f[] = "KeepAlive Off";
$f[] = "KeepAliveTimeout 15";
$f[] = "StartServers 1";
$f[] = "MaxClients 50";
$f[] = "MinSpareServers 2";
$f[] = "MaxSpareServers 5";
$f[] = "MaxRequestsPerChild 5000";
$f[] = "MaxKeepAliveRequests 100";
$f[] = "ServerName " . $unix->hostname_g();
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$f[] = "<IfModule mod_ssl.c>";
$f[] = "\tSSLRandomSeed connect builtin";
$f[] = "\tSSLRandomSeed connect file:/dev/urandom 512";
$f[] = "\tAddType application/x-x509-ca-cert .crt";
$f[] = "\tAddType application/x-pkcs7-crl .crl";
$f[] = "\tSSLPassPhraseDialog builtin";
$f[] = "\tSSLSessionCache shmcb:/var/run/squid/ssl_scache-articahtp(512000)";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLMutex sem";
$f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH";
$f[] = "\tSSLProtocol all -SSLv2";
$f[] = "</IfModule>";
$f[] = "";
}
// $f[]="\tFallbackResource /squidcache.php";
$f[] = "AddType application/x-httpd-php .php";
$f[] = "php_value error_log \"/var/log/lighttpd/apache-hotspot-php.log\"";
$f[] = "<IfModule mod_fcgid.c>";
$f[] = "\tPHP_Fix_Pathinfo_Enable 1";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_php5.c>";
$f[] = " <FilesMatch \"\\.ph(p3?|tml)\$\">";
$f[] = "\tSetHandler application/x-httpd-php";
$f[] = " </FilesMatch>";
$f[] = " <FilesMatch \"\\.phps\$\">";
$f[] = "\tSetHandler application/x-httpd-php-source";
$f[] = " </FilesMatch>";
$f[] = " <IfModule mod_userdir.c>";
$f[] = " <Directory /home/*/public_html>";
$f[] = " php_admin_value engine Off";
$f[] = " </Directory>";
$f[] = " </IfModule>";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_mime.c>";
$f[] = "\tTypesConfig /etc/mime.types";
$f[] = "\tAddType application/x-compress .Z";
$f[] = "\tAddType application/x-gzip .gz .tgz";
$f[] = "\tAddType application/x-bzip2 .bz2";
$f[] = "\tAddType application/x-httpd-php .php .phtml";
$f[] = "\tAddType application/x-httpd-php-source .phps";
$f[] = "\tAddLanguage ca .ca";
$f[] = "\tAddLanguage cs .cz .cs";
$f[] = "\tAddLanguage da .dk";
$f[] = "\tAddLanguage de .de";
$f[] = "\tAddLanguage el .el";
$f[] = "\tAddLanguage en .en";
$f[] = "\tAddLanguage eo .eo";
$f[] = "\tRemoveType es";
$f[] = "\tAddLanguage es .es";
$f[] = "\tAddLanguage et .et";
$f[] = "\tAddLanguage fr .fr";
$f[] = "\tAddLanguage he .he";
$f[] = "\tAddLanguage hr .hr";
$f[] = "\tAddLanguage it .it";
$f[] = "\tAddLanguage ja .ja";
$f[] = "\tAddLanguage ko .ko";
$f[] = "\tAddLanguage ltz .ltz";
$f[] = "\tAddLanguage nl .nl";
$f[] = "\tAddLanguage nn .nn";
$f[] = "\tAddLanguage no .no";
$f[] = "\tAddLanguage pl .po";
$f[] = "\tAddLanguage pt .pt";
$f[] = "\tAddLanguage pt-BR .pt-br";
$f[] = "\tAddLanguage ru .ru";
$f[] = "\tAddLanguage sv .sv";
$f[] = "\tRemoveType tr";
$f[] = "\tAddLanguage tr .tr";
$f[] = "\tAddLanguage zh-CN .zh-cn";
$f[] = "\tAddLanguage zh-TW .zh-tw";
$f[] = "\tAddCharset us-ascii .ascii .us-ascii";
$f[] = "\tAddCharset ISO-8859-1 .iso8859-1 .latin1";
$f[] = "\tAddCharset ISO-8859-2 .iso8859-2 .latin2 .cen";
$f[] = "\tAddCharset ISO-8859-3 .iso8859-3 .latin3";
$f[] = "\tAddCharset ISO-8859-4 .iso8859-4 .latin4";
$f[] = "\tAddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru";
$f[] = "\tAddCharset ISO-8859-6 .iso8859-6 .arb .arabic";
$f[] = "\tAddCharset ISO-8859-7 .iso8859-7 .grk .greek";
$f[] = "\tAddCharset ISO-8859-8 .iso8859-8 .heb .hebrew";
$f[] = "\tAddCharset ISO-8859-9 .iso8859-9 .latin5 .trk";
$f[] = "\tAddCharset ISO-8859-10 .iso8859-10 .latin6";
$f[] = "\tAddCharset ISO-8859-13 .iso8859-13";
$f[] = "\tAddCharset ISO-8859-14 .iso8859-14 .latin8";
$f[] = "\tAddCharset ISO-8859-15 .iso8859-15 .latin9";
$f[] = "\tAddCharset ISO-8859-16 .iso8859-16 .latin10";
$f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis";
$f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis";
$f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis";
$f[] = "\tAddCharset Big5 .Big5 .big5 .b5";
$f[] = "\tAddCharset cn-Big5 .cn-big5";
$f[] = "\t# For russian, more than one charset is used (depends on client, mostly):";
$f[] = "\tAddCharset WINDOWS-1251 .cp-1251 .win-1251";
$f[] = "\tAddCharset CP866 .cp866";
$f[] = "\tAddCharset KOI8 .koi8";
$f[] = "\tAddCharset KOI8-E .koi8-e";
$f[] = "\tAddCharset KOI8-r .koi8-r .koi8-ru";
$f[] = "\tAddCharset KOI8-U .koi8-u";
$f[] = "\tAddCharset KOI8-ru .koi8-uk .ua";
$f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2";
$f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4";
$f[] = "\tAddCharset UTF-7 .utf7";
$f[] = "\tAddCharset UTF-8 .utf8";
$f[] = "\tAddCharset UTF-16 .utf16";
$f[] = "\tAddCharset UTF-16BE .utf16be";
$f[] = "\tAddCharset UTF-16LE .utf16le";
$f[] = "\tAddCharset UTF-32 .utf32";
$f[] = "\tAddCharset UTF-32BE .utf32be";
$f[] = "\tAddCharset UTF-32LE .utf32le";
$f[] = "\tAddCharset euc-cn .euc-cn";
$f[] = "\tAddCharset euc-gb .euc-gb";
$f[] = "\tAddCharset euc-jp .euc-jp";
$f[] = "\tAddCharset euc-kr .euc-kr";
$f[] = "\tAddCharset EUC-TW .euc-tw";
$f[] = "\tAddCharset gb2312 .gb2312 .gb";
$f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2";
$f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4";
$f[] = "\tAddCharset shift_jis .shift_jis .sjis";
$f[] = "\tAddType text/html .shtml";
$f[] = "\tAddOutputFilter INCLUDES .shtml";
$f[] = "</IfModule>";
$f[] = $mirrors_conf;
$f[] = "<Directory \"/usr/share/artica-postfix\">";
$f[] = "FallbackResource /squidcache.php";
$f[] = "\tDirectorySlash On";
$f[] = "\tDirectoryIndex squidcache.php";
$f[] = "\t\t<Files \"squidcache.php\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tallow from all";
$f[] = "\t\t</Files>";
/* $f[]="\tErrorDocument 400 /hotspot.php";
$f[]="\tErrorDocument 401 /hotspot.php";
$f[]="\tErrorDocument 403 /hotspot.php";
$f[]="\tErrorDocument 404 /hotspot.php";
$f[]="\tErrorDocument 500 /hotspot.php";
*/
$f[] = "\tOptions -Indexes";
$f[] = ParseArticaDirectory();
@chmod("/usr/share/artica-postfix/squidcache.php", 0755);
@chown("/usr/share/artica-postfix/squidcache.php", "squid");
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$f[] = "\tSSLOptions +StdEnvVars";
}
$f[] = "\tAllowOverride All";
$f[] = "\tOrder allow,deny";
$f[] = "\tAllow from all";
$f[] = "</Directory>";
if ($EnableArticaApachePHPFPM == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n";
}
shell_exec("/etc/init.d/php5-fpm restart");
$f[] = "\tAlias /php5.fastcgi /var/run/squid/php5.fastcgi";
$f[] = "\tAddHandler php-script .php";
$f[] = "\tFastCGIExternalServer /var/run/squid/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610";
$f[] = "\tAction php-script /php5.fastcgi virtual";
$f[] = "\t<Directory /var/run/squid>";
$f[] = "\t\t<Files php5.fastcgi>";
$f[] = "\t\tOrder deny,allow";
$f[] = "\t\tAllow from all";
$f[] = "\t\t</Files>";
$f[] = "\t</Directory>";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n";
}
}
if ($EnableArticaApachePHPFPM == 0) {
$array["php5_module"] = "libphp5.so";
}
$array["dumpio_module"] = "mod_dumpio.so";
$array["actions_module"] = "mod_actions.so";
$array["expires_module"] = "mod_expires.so";
$array["rewrite_module"] = "mod_rewrite.so";
$array["dir_module"] = "mod_dir.so";
$array["mime_module"] = "mod_mime.so";
$array["alias_module"] = "mod_alias.so";
$array["auth_basic_module"] = "mod_auth_basic.so";
$array["authz_host_module"] = "mod_authz_host.so";
$array["autoindex_module"] = "mod_autoindex.so";
$array["negotiation_module"] = "mod_negotiation.so";
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$array["ssl_module"] = "mod_ssl.so";
}
$array["headers_module"] = "mod_headers.so";
//$array["ldap_module"]="mod_ldap.so";
if ($EnableArticaApachePHPFPM == 1) {
$array["fastcgi_module"] = "mod_fastcgi.so";
}
if (is_dir("/etc/apache2")) {
if (!is_file("/etc/apache2/mime.types")) {
if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") {
@copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types");
}
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n";
}
while (list($module, $lib) = each($array)) {
if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n";
}
$f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n";
}
}
}
@file_put_contents("/etc/artica-postfix/HyperCacheHTTPD.conf", @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/HyperCacheHTTPD.conf done\n";
}
}
function build()
{
$unix = new unix();
$sock = new sockets();
$php5 = $unix->LOCATE_PHP5_BIN();
$sysctl = $unix->find_program("sysctl");
$EnableChilli = $sock->GET_INFO("EnableChilli");
if (!is_numeric($EnableChilli)) {
$EnableChilli = 0;
}
$KernelSendRedirects = $sock->GET_INFO("KernelSendRedirects");
if (!is_numeric($KernelSendRedirects)) {
$KernelSendRedirects = 1;
}
$save = false;
$ChilliConf = unserialize(base64_decode($sock->GET_INFO("ChilliConf")));
$ChilliConf = GetInterfaceArray($ChilliConf);
$php = $unix->LOCATE_PHP5_BIN();
if (!isset($ChilliConf["HS_UAMFREEWEB"])) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} FreeWeb Login page is not set...\n";
}
}
if (!is_file("/var/www/c2/index.php")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Installing CakePHP\n";
}
shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} CakePHP done\n";
}
}
if (!is_file("/var/www/c2/yfi_cake/setup/coova_json/login.php")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/var/www/c2/yfi_cake/setup/coova_json/login.php no such file Installing YFI CakePHP\n";
}
shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} YFI CakePHP done\n";
}
}
if (!is_dir("/usr/share/coova_json")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/usr/share/coova_json` no such directory Installing Coova JSon\n";
}
shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Coova JSon done\n";
}
}
$unix->SystemCreateUser("chilli", "chilli");
$f[] = "include /etc/chilli/main.conf";
$f[] = "include /etc/chilli/hs.conf";
$f[] = "include /etc/chilli/local.conf";
$f[] = "ipup=/etc/chilli/up.sh";
$f[] = "ipdown=/etc/chilli/down.sh";
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Chilli: `/etc/chilli.conf` done\n";
}
file_put_contents("/etc/chilli.conf", @implode("\n", $f));
if (!is_numeric($ChilliConf["EnableSSLRedirection"])) {
$ChilliConf["EnableSSLRedirection"] = 0;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building main configuration: {$ChilliConf["HS_LANIF"]} -> {$ChilliConf["HS_WANIF"]}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Listen.....: {$ChilliConf["HS_UAMLISTEN"]}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} DHCP.......: {$ChilliConf["HS_DYNIP"]}/{$ChilliConf["HS_DYNIP_MASK"]} ({$ChilliConf["HS_NETWORK"]})\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Proxy Port.: {$ChilliConf["SQUID_HTTP_PORT"]}\n";
}
$ldap = new clladp();
if (!is_numeric($ChilliConf["ENABLE_DHCP_RELAY"])) {
$ChilliConf["ENABLE_DHCP_RELAY"] = 0;
}
$t[] = "# -*- mode: shell-script; -*-";
$t[] = "#";
$t[] = "# Coova-Chilli Default Configurations. ";
$t[] = "# To customize, copy this file to /etc/chilli/config";
$t[] = "# and edit to your liking. This is included in shell scripts";
$t[] = "# that configure chilli and related programs before file 'config'. ";
$t[] = "";
$t[] = "";
$t[] = "###";
$t[] = "# Local Network Configurations";
$t[] = "# ";
$t[] = "";
if ($ChilliConf["HS_WANIF"] != null) {
$t[] = "HS_WANIF={$ChilliConf["HS_WANIF"]} # WAN Interface toward the Internet";
}
$t[] = "HS_LANIF={$ChilliConf["HS_LANIF"]}\t\t # Subscriber Interface for client devices";
$t[] = "HS_NETWORK={$ChilliConf["HS_NETWORK"]}\t # HotSpot Network (must include HS_UAMLISTEN)";
$t[] = "HS_NETMASK={$ChilliConf["HS_NETMASK"]} # HotSpot Network Netmask";
$t[] = "HS_UAMLISTEN={$ChilliConf["HS_UAMLISTEN"]} # HotSpot IP Address (on subscriber network)";
$t[] = "HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)";
$t[] = "HS_UAMUIPORT=4990 # HotSpot UAM 'UI' Port (on subscriber network, for embedded portal)";
$t[] = "HS_NATANYIP=off";
//$t[]="HS_STATIP=off";
//$t[]="HS_STATIP_MASK=";
$t[] = "";
if ($ChilliConf["HS_DYNIP"] != null) {
$t[] = "HS_DYNIP={$ChilliConf["HS_DYNIP"]}";
}
if ($ChilliConf["HS_DYNIP_MASK"] != null) {
$t[] = "HS_DYNIP_MASK={$ChilliConf["HS_DYNIP_MASK"]}";
}
if ($ChilliConf["HS_DNS_DOMAIN"] != null) {
$t[] = "HS_DNS_DOMAIN={$ChilliConf["HS_DNS_DOMAIN"]}";
}
//$t[]="HS_STATIP={$ChilliConf["HS_STATIP"]}";
//$t[]="HS_STATIP_MASK={$ChilliConf["HS_STATIP_MASK"]}";
$t[] = "# DNS Servers";
$t[] = "HS_DNS1={$ChilliConf["HS_UAMLISTEN"]}";
$t[] = "HS_DNS2={$ChilliConf["HS_UAMLISTEN"]}";
DefaultSplash($ChilliConf);
if (!isset($ChilliConf["SQUID_HTTP_PORT"])) {
$ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400);
$save = true;
}
if (!is_numeric($ChilliConf["SQUID_HTTP_PORT"])) {
$ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400);
$save = true;
}
if (!isset($ChilliConf["SQUID_HTTPS_PORT"])) {
$ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400);
$save = true;
}
if (!is_numeric($ChilliConf["SQUID_HTTPS_PORT"])) {
$ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400);
$save = true;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building DNSMasq settings\n";
}
dnsmasq_config();
if ($ChilliConf["EnableSSLRedirection"] == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is Active\n";
}
$t[] = "HS_UAMUISSL=on";
$t[] = "HS_REDIRSSL=on";
include_once dirname(__FILE__) . "/ressources/class.squid.inc";
$squid = new squidbee();
$t[] = $squid->SaveCertificate($ChilliConf["certificate_center"], false, false, true);
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is inactive\n";
}
}
$ChilliConf["uamallowed"][$ChilliConf["HS_UAMFREEWEB"]] = true;
$ChilliConf["uamallowed"]["127.0.0.1"] = true;
$ChilliConf["uamallowed"][$ChilliConf["HS_WANIF_IP"]] = true;
$ip = new IP();
if ($ip->isIPAddress($ChilliConf["HS_DNS1"])) {
$ChilliConf["uamallowed"][$ChilliConf["HS_DNS1"]] = true;
}
if ($ip->isIPAddress($ChilliConf["HS_DNS2"])) {
$ChilliConf["uamallowed"][$ChilliConf["HS_DNS2"]] = true;
}
if ($ChilliConf["AD_SERVER"] != null) {
$ChilliConf["uamallowed"][$ChilliConf["AD_SERVER"]] = true;
}
while (list($num, $ligne) = each($ChilliConf["uamallowed"])) {
if (trim($num) == null) {
continue;
}
if (is_numeric($num)) {
continue;
}
$HS_UAMALLOW[] = $num;
}
if ($save) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Saving new configuration file...\n";
}
$NewArray = base64_encode(serialize($ChilliConf));
$sock->SaveConfigFile($NewArray, "ChilliConf");
}
$RADIUS_IP = "127.0.0.1";
if ($ChilliConf["RADIUS_IP"] != null) {
$RADIUS_IP = $ChilliConf["RADIUS_IP"];
}
if (!is_numeric($ChilliConf["HS_LAN_ACCESS"])) {
$ChilliConf["HS_LAN_ACCESS"] = 1;
}
$t[] = "HS_NASID=nas01";
$t[] = "HS_RADIUS={$RADIUS_IP}";
//$t[]="HS_RADIUS2=$RADIUS_IP";
$t[] = "HS_UAMALLOW=" . @implode(",", $HS_UAMALLOW);
//$t[]="HS_ACCTUPDATE";
$t[] = "HS_RADSECRET={$ldap->ldap_password}";
$t[] = "HS_UAMSECRET={$ldap->ldap_password}";
$t[] = "HS_UAMALIASNAME=chilli";
$t[] = "HS_NASIP={$RADIUS_IP}";
if ($ChilliConf["HS_LAN_ACCESS"] == 1) {
$t[] = "HS_LAN_ACCESS=on";
} else {
$t[] = "HS_LAN_ACCESS=off";
}
if ($ChilliConf["ENABLE_DHCP_RELAY"] == 1) {
if ($ChilliConf["HS_DHCPRELAYAGENT"] != null) {
if ($ChilliConf["HS_DHCPGATEWAY"] != null) {
$t[] = "HS_DHCPRELAYAGENT={$ChilliConf["HS_DHCPRELAYAGENT"]}";
$t[] = "HS_DHCPGATEWAY={$ChilliConf["HS_DHCPGATEWAY"]}";
}
}
}
if (is_numeric($ChilliConf["HS_UAMFREEWEB"])) {
$ChilliConf["HS_UAMFREEWEB"] = null;
}
$t[] = "";
//$t[]="HS_LAYER3=on";
$t[] = "";
$t[] = "# Put entire domains in the walled-garden with DNS inspection";
$t[] = "# HS_UAMDOMAINS=\".paypal.com,.paypalobjects.com\"";
$t[] = "HS_UAMSERVER={$ChilliConf["HS_UAMFREEWEB"]}";
$t[] = "# HS_UAMSERVICE=";
$t[] = "HS_UAMFORMAT=\"http://\$HS_UAMSERVER/hs_land.php\"";
$t[] = "HS_UAMHOMEPAGE=\"http://{$ChilliConf["HS_UAMFREEWEB"]}/splash.php\"";
$t[] = "HS_CONUP=\"" . __FILE__ . "\"";
$t[] = "HS_CONDOWN=\"" . dirname(__FILE__) . "/exec.chilli.condown.php\"";
$t[] = "";
$t[] = "";
$t[] = "###";
$t[] = "# Features not activated per-default (default to off)";
$t[] = "# HS_RADCONF=off\t # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)";
$t[] = "HS_ANYIP=on\t\t # Allow any IP address on subscriber LAN";
$t[] = "HS_MACAUTH=on\t\t # To turn on MAC Authentication";
$t[] = "# HS_MACAUTHDENY=on\t # Put client in 'drop' state on MAC Auth Access-Reject";
$t[] = "# HS_MACAUTHMODE=local\t # To allow MAC Authentication based on macallowed, not RADIUS";
$t[] = "# HS_MACALLOW=\"...\" # List of MAC addresses to authenticate (comma seperated)";
$t[] = "# HS_USELOCALUSERS=on # To use the /etc/chilli/localusers file";
$t[] = "# HS_OPENIDAUTH=on\t # To inform the RADIUS server to allow OpenID Auth";
$t[] = "# HS_WPAGUESTS=on\t # To inform the RADIUS server to allow WPA Guests";
$t[] = "# HS_DNSPARANOIA=on\t # To drop DNS packets containing something other";
$t[] = "# HS_OPENIDAUTH=on\t # To inform the RADIUS server to allow OpenID Auth";
$t[] = "# HS_USE_MAP=on\t\t # Short hand for allowing the required google";
$t[] = "###";
$t[] = "# Other feature settings and their defaults";
$t[] = "# HS_DEFSESSIONTIMEOUT=0 # Default session-timeout if not defined by RADIUS (0 for unlimited)";
$t[] = "# HS_DEFIDLETIMEOUT=0\t # Default idle-timeout if not defined by RADIUS (0 for unlimited)";
$t[] = "# HS_DEFBANDWIDTHMAXDOWN=0 # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)";
$t[] = "# HS_DEFBANDWIDTHMAXUP=0\t # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)";
$t[] = "";
$t[] = "# HS_RADCONF=on\t\t # gather the ChilliSpot-Config attributes in";
$t[] = "#\t\t\t # Administrative-User login";
$t[] = "# HS_RADCONF_SERVER=rad01.coova.org\t\t # RADIUS Server";
$t[] = "# HS_RADCONF_SECRET=coova-anonymous\t\t # RADIUS Shared Secret ";
$t[] = "# HS_RADCONF_AUTHPORT=1812\t\t\t # Auth port";
$t[] = "# HS_RADCONF_USER=chillispot\t\t\t # Username";
$t[] = "# HS_RADCONF_PWD=chillispot\t\t\t # Password";
$ALLOWPORTS["80"] = true;
$ALLOWPORTS["443"] = true;
$ALLOWPORTS["22"] = true;
$ALLOWPORTS["2812"] = true;
$ALLOWPORTS["53"] = true;
$ALLOWPORTS["3990"] = true;
$ALLOWPORTS["22"] = true;
$ALLOWPORTS["9000"] = true;
$ALLOWPORTS["389"] = true;
$ALLOWPORTS["53"] = true;
$ALLOWPORTS["1553"] = true;
$ALLOWPORTS["137"] = true;
$ALLOWPORTS["138"] = true;
$ALLOWPORTS["139"] = true;
$ALLOWPORTS["445"] = true;
$ALLOWPORTS["80"] = true;
$ALLOWPORTS["443"] = true;
$ALLOWPORTS["1812"] = true;
$ALLOWPORTS["3306"] = true;
$ALLOWPORTS["47980"] = true;
while (list($index, $line) = each($ALLOWPORTS)) {
$PPORT[] = $index;
}
$t[] = "HS_TCP_PORTS=\"" . @implode(" ", $PPORT) . "\"";
$t[] = "";
$t[] = "###";
$t[] = "# Standard configurations";
$t[] = "#";
$t[] = "HS_MODE=hotspot";
$t[] = "HS_TYPE=chillispot";
$t[] = "# HS_RADAUTH=1812";
$t[] = "# HS_RADACCT=1813";
$t[] = "# HS_ADMUSR=chillispot";
$t[] = "# HS_ADMPWD=chillispot";
$t[] = "";
$t[] = "";
if ($ChilliConf["HS_PROVIDER"] == null) {
$ChilliConf["HS_PROVIDER"] = "Artica";
}
if ($ChilliConf["HS_PROVIDER_LINK"] == null) {
$ChilliConf["HS_PROVIDER_LINK"] = "http://www.articatech.net";
}
if ($ChilliConf["HS_LOC_NAME"] == null) {
$ChilliConf["HS_LOC_NAME"] = "Artica HotSpot";
}
if ($ChilliConf["HS_LOC_NETWORK"] == null) {
$ChilliConf["HS_LOC_NETWORK"] = "HotSpot Network";
}
$t[] = "HS_PROVIDER={$ChilliConf["HS_PROVIDER"]}";
$t[] = "HS_PROVIDER_LINK={$ChilliConf["HS_PROVIDER_LINK"]}/";
//$t[]="HS_LOC_NAME=\"{$ChilliConf["HS_LOC_NAME"]}\" # WISPr Location Name and used in portal";
//$t[]="HS_LOC_NETWORK=\"{$ChilliConf["HS_LOC_NETWORK"]}\" # Network name";
$t[] = "# HS_LOC_AC=408\t\t\t # Phone area code";
$t[] = "# HS_LOC_CC=1\t\t\t # Phone country code";
$t[] = "# HS_LOC_ISOCC=US\t\t # ISO Country code";
$t[] = "";
$t[] = "# Embedded miniportal";
$t[] = "# HS_REG_MODE=\"tos\" # or self, other";
$t[] = "# HS_RAD_PROTO=\"pap\" # or mschapv2, chap";
$t[] = "# HS_USE_MAP=on\n";
echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: `/etc/chilli/config` done\n";
echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: flush /etc/init.d..\n";
chilli_init_d();
file_put_contents("/etc/chilli/config", @implode("\n", $t));
coova_web();
shell_exec("{$php5} " . dirname(__FILE__) . "/exec.freeradius.php --build");
if ($GLOBALS["RELOAD"]) {
$kill = $unix->find_program("kill");
shell_exec("/etc/init.d/chilli reconfigure");
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
shell_exec("{$kill} -HUP {$pid} 2>&1");
} else {
start();
}
}
}
function build()
{
$sock = new sockets();
$unix = new unix();
$ini = new Bs_IniHandler();
$IPADDRSSL = array();
$IPADDRSSL2 = array();
$ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters');
$visible_hostname = $ini->_params["NETWORK"]["visible_hostname"];
if ($visible_hostname == null) {
$visible_hostname = $unix->hostname_g();
}
$SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr");
$AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid");
if (!is_numeric($AllowAllNetworksInSquid)) {
$AllowAllNetworksInSquid = 1;
}
$ini->loadString($ArticaSquidParameters);
NETWORK_ALL_INTERFACES();
$LISTEN_PORT = intval($ini->_params["NETWORK"]["LISTEN_PORT"]);
$ICP_PORT = intval(trim($ini->_params["NETWORK"]["ICP_PORT"]));
$certificate_center = $ini->_params["NETWORK"]["certificate_center"];
$SSL_BUMP = intval($ini->_params["NETWORK"]["SSL_BUMP"]);
$LogsWarninStop = intval($sock->GET_INFO("LogsWarninStop"));
$ssl = false;
if ($ICP_PORT == 0) {
$ICP_PORT = 3130;
}
if ($LISTEN_PORT == 0) {
$LISTEN_PORT = 3128;
}
$squid = new squidbee();
$q = new mysql_squid_builder();
$IPADDRS = array();
if ($SquidBinIpaddr != null) {
if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$SquidBinIpaddr])) {
$SquidBinIpaddr = null;
} else {
$IPADDRS[$SquidBinIpaddr] = $LISTEN_PORT;
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$SquidBinIpaddr}\n";
}
}
}
if ($SSL_BUMP == 1) {
$ssl = true;
$ssl_port = $squid->get_ssl_port();
}
if ($SquidBinIpaddr == null) {
reset($GLOBALS["NETWORK_ALL_INTERFACES"]);
while (list($ipaddr, $val) = each($GLOBALS["NETWORK_ALL_INTERFACES"])) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$ipaddr}:{$LISTEN_PORT}\n";
}
$IPADDRS[$ipaddr] = $LISTEN_PORT;
$IPADDRSSL[$ipaddr] = $ssl_port;
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} visible hostname........: {$visible_hostname}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} AllowAllNetworksInSquid.: {$AllowAllNetworksInSquid}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} ICP Port................: {$ICP_PORT}\n";
}
if ($ssl) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} SSL Intercept...........: Yes - {$ssl_port}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate_center}\n";
}
$MAINSSL = $squid->SaveCertificate($certificate_center, false, false, false, true);
$f[] = $MAINSSL[0];
$certificate = $MAINSSL[1]["certificate"];
$key = $MAINSSL[1]["key"];
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Key.....................: {$key}\n";
}
}
$sql = "SELECT * FROM proxy_ports WHERE enabled=1 and transparent=1";
$results = $q->QUERY_SQL($sql);
$f[] = "# --------- proxy_ports enabled=1 and transparent=1 -> " . mysql_num_rows($results) . " ports";
while ($ligne = mysql_fetch_assoc($results)) {
$ipaddr = $ligne["ipaddr"];
$xport = $ligne["port"];
$transparent_text = null;
if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$ipaddr])) {
$f[] = "# --------- table proxy_ports {$ipaddr}:{$xport} -> Hardware Error [" . __LINE__ . "]\n";
$f[] = "# --------- http {$ipaddr} -> Hardware Error [" . __LINE__ . "]\n";
continue;
}
if ($ssl) {
$IPADDRSSL[$ipaddr] = $ssl_port;
}
$IPADDRS[$ipaddr] = $xport;
}
$transparent = " transparent";
while (list($ipaddr, $xport) = each($IPADDRSSL)) {
$IPADDRSSL2["{$ipaddr}:{$xport}"] = true;
}
while (list($ipaddr, $xport) = each($IPADDRS)) {
$IPADDRS2["{$ipaddr}:{$xport}"] = true;
}
while (list($ipaddr, $none) = each($IPADDRS2)) {
$f[] = "http_port {$ipaddr}{$transparent}";
}
if ($ssl) {
$f[] = "# --------- https -> " . count($IPADDRSSL2) . " addresses";
while (list($ipaddr, $none) = each($IPADDRSSL2)) {
$f[] = "https_port {$ipaddr} transparent cert={$certificate} key={$key}";
}
}
if ($AllowAllNetworksInSquid == 1) {
$f[] = "acl localnet src all";
}
if ($AllowAllNetworksInSquid == 0) {
$k = array();
$NetworkScannerMasks = $sock->GET_INFO('NetworkScannerMasks');
$tbl = explode("\n", $NetworkScannerMasks);
if (is_array($tbl)) {
while (list($num, $cidr) = each($tbl)) {
if (trim($cidr) == null) {
continue;
}
$k[$cidr] = $cidr;
}
}
if (count($this->network_array) > 0) {
while (list($num, $val) = each($this->network_array)) {
if ($val == null) {
continue;
}
$k[$val] = $val;
}
}
if (count($k == 0)) {
$f[] = "acl localnet src all";
}
if (count($k > 0)) {
while (list($m, $l) = each($k)) {
$s[] = $l;
}
$f[] = "acl localnet src " . implode(" ", $s);
}
}
if ($ssl) {
}
$f[] = "acl all src all";
$f[] = "acl manager proto cache_object";
$f[] = "acl localhost src 127.0.0.1/32";
$f[] = "acl to_localhost dst 127.0.0.0/8 0.0.0.0/32";
$f[] = "acl SSL_ports port \"/etc/squid3/acls/SSLPorts\"";
$f[] = "acl Safe_ports port 80\t\t# http";
$f[] = "acl Safe_ports port 21\t\t# ftp";
$f[] = "acl Safe_ports port 443\t\t# https";
$f[] = "acl Safe_ports port 70\t\t# gopher";
$f[] = "acl Safe_ports port 210\t\t# wais";
$f[] = "acl Safe_ports port 1025-65535\t# unregistered ports";
$f[] = "acl Safe_ports port 280\t\t# http-mgmt";
$f[] = "acl Safe_ports port 488\t\t# gss-http";
$f[] = "acl Safe_ports port 591\t\t# filemaker";
$f[] = "acl Safe_ports port 777\t\t# multiling http";
$f[] = "acl CONNECT method CONNECT";
$f[] = "";
$f[] = "";
if ($sock->EnableUfdbGuard() == 1) {
$f[] = ufdbguard27();
$EnableUfdbGuardArtica = $sock->EnableUfdbGuardArtica();
if (!is_file("/etc/squid3/acls/office365-nets.acl")) {
@touch("/etc/squid3/acls/office365-nets.acl");
}
if (!is_file("/etc/squid3/acls/office365-domains.acl")) {
@touch("/etc/squid3/acls/office365-domains.acl");
}
if (!is_file("/etc/squid3/acls/skype-nets.acl")) {
@touch("/etc/squid3/acls/skype-nets.acl");
}
if (!is_file("/etc/squid3/acls/dropbox-nets.acl")) {
@touch("/etc/squid3/acls/dropbox-nets.acl");
}
$f[] = "acl squidclient proto cache_object";
$f[] = "acl MgRDest dst 127.0.0.1";
$f[] = "acl MgRPort dst 127.0.0.1";
$f[] = "acl MyTestPort src 127.0.0.1";
$f[] = "acl MyLocalIpsDest dst 127.0.0.1";
$f[] = "acl ToArticaWWW dstdomain .artica.fr .articatech.net .articatech.com";
if ($EnableUfdbGuardArtica == 0) {
$f[] = "acl UrlRewriteDenyList dstdomain \"/etc/squid3/url_rewrite_program.deny.db\"";
}
$f[] = "acl ArticaMetaWhiteDoms dstdomain \"/etc/squid3/artica-meta/whitelist-domains.db\"";
$f[] = "acl ArticaMetaWhiteIPs dst \"/etc/squid3/artica-meta/whitelist-nets.db\"";
$f[] = "acl BrowsersNoWebF browser -i \"/etc/squid3/acls/Browsers-nofilter.acl\"";
$f[] = "acl whitelisted_mac_computers arp \"/etc/squid3/whitelisted-computers-by-mac.acl\"";
$f[] = "acl office365_ips dst \"/etc/squid3/acls/office365-nets.acl\"";
$f[] = "acl office365_www dstdomain \"/etc/squid3/acls/office365-domains.acl\"";
$f[] = "acl skype_www dstdomain .live.com .skypeassets.com";
$f[] = "acl skype_ips dst \"/etc/squid3/acls/skype-nets.acl\"";
$f[] = "acl dropbox_ips dst \"/etc/squid3/acls/dropbox-nets.acl\"";
$f[] = "acl dropbox_www dstdomain .dropbox.com";
$f[] = @file_get_contents("/etc/squid3/url_rewrite_access.conf");
}
$f[] = "http_access allow manager localhost";
$f[] = "http_access deny manager";
$f[] = "http_access deny !Safe_ports";
$f[] = "http_access deny CONNECT !SSL_ports";
$f[] = "http_access allow localnet";
$f[] = "http_access deny all";
$f[] = "icp_access allow localnet";
$f[] = "icp_access deny all";
$f[] = "cache_peer 127.0.0.1\tparent\t{$LISTEN_PORT}\t3130\tdefault";
$f[] = "never_direct allow all";
$f[] = "cache_mem 64 MB";
$f[] = "maximum_object_size_in_memory 256 KB";
$f[] = "memory_replacement_policy lru";
$LOGFORMAT[] = "%>a";
$LOGFORMAT[] = "%[ui";
$LOGFORMAT[] = "%[un";
$LOGFORMAT[] = "[%tl]";
$LOGFORMAT[] = "\"%rm %ru HTTP/%rv\"";
$LOGFORMAT[] = "%Hs";
$LOGFORMAT[] = "%<st";
$LOGFORMAT[] = "%Ss:";
$LOGFORMAT[] = "%Sh";
$LOGFORMAT[] = "UserAgent:\"%{User-Agent}>h\"";
$LOGFORMAT[] = "Forwarded:\"%{X-Forwarded-For}>h\"";
$f[] = "logformat common MAC:00:00:00:00:00:00 " . @implode(" ", $LOGFORMAT);
$f[] = "access_log none";
$f[] = "cache_store_log none";
if ($LogsWarninStop == 0) {
$f[] = "logfile_rotate 10";
}
if ($LogsWarninStop == 1) {
$f[] = "logfile_rotate 0";
}
$f[] = "# emulate_httpd_log off";
$f[] = "log_ip_on_direct on";
$f[] = "mime_table /etc/squid27/mime.conf";
$f[] = "# log_mime_hdrs off";
$f[] = "pid_filename /var/run/squid/squid-nat.pid";
$f[] = "debug_options ALL,1";
$f[] = "log_fqdn on";
$f[] = "client_netmask 255.255.255.255";
$f[] = "strip_query_terms off";
$f[] = "buffered_logs on";
$f[] = "netdb_filename /var/log/squid/netdb_nat.state";
if ($LogsWarninStop == 0) {
$f[] = "cache_log /var/log/squid/cache-nat.log";
}
if ($LogsWarninStop == 1) {
$f[] = "cache_log /dev/null";
}
$f[] = "#url_rewrite_program";
$f[] = "# url_rewrite_children 5";
$f[] = "# url_rewrite_concurrency 0";
$f[] = "# url_rewrite_host_header on";
$f[] = "refresh_pattern .\t\t0\t20%\t4320";
$f[] = "cache_effective_user squid";
$f[] = "cache_effective_group squid";
$f[] = "httpd_suppress_version_string on";
$f[] = "visible_hostname {$visible_hostname}";
$f[] = "cache_dir null /tmp";
$f[] = "# icon_directory /usr/share/squid27/icons";
$f[] = "# error_directory /usr/share/squid27/errors/English";
$f[] = "forwarded_for on";
$f[] = "client_db on";
$f[] = "";
CheckFilesAndSecurity();
@file_put_contents("/etc/squid27/squid.conf", @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid27/squid.conf done\n";
}
}
function build()
{
$sock = new sockets();
$unix = new unix();
$ini = new Bs_IniHandler();
$IPADDRSSL = array();
$IPADDRSSL2 = array();
$ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters');
$visible_hostname = $ini->_params["NETWORK"]["visible_hostname"];
if ($visible_hostname == null) {
$visible_hostname = $unix->hostname_g();
}
if (strpos($visible_hostname, ".") > 0) {
$visible_hostnameTR = explode(".", $visible_hostname);
$visible_hostnameTR[0] = $visible_hostnameTR[0] . "-nat";
$visible_hostname = @implode(".", $visible_hostnameTR);
} else {
$visible_hostname = "nat-{$visible_hostname}";
}
$SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr");
$AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid");
if (!is_numeric($AllowAllNetworksInSquid)) {
$AllowAllNetworksInSquid = 1;
}
$ini->loadString($ArticaSquidParameters);
NETWORK_ALL_INTERFACES();
$LISTEN_PORT = intval($ini->_params["NETWORK"]["LISTEN_PORT"]);
$ICP_PORT = intval(trim($ini->_params["NETWORK"]["ICP_PORT"]));
$certificate_center = $ini->_params["NETWORK"]["certificate_center"];
$SSL_BUMP = intval($ini->_params["NETWORK"]["SSL_BUMP"]);
$LogsWarninStop = intval($sock->GET_INFO("LogsWarninStop"));
$ssl = false;
if ($ICP_PORT == 0) {
$ICP_PORT = 3130;
}
if ($LISTEN_PORT == 0) {
$LISTEN_PORT = 3128;
}
$squid = new squidbee();
$q = new mysql_squid_builder();
$IPADDRS = array();
$ParentSquid27Port = intval($sock->GET_INFO("ParentSquid27Port"));
if ($ParentSquid27Port == 0) {
$ParentSquid27Port = 13298;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} visible hostname........: {$visible_hostname}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} AllowAllNetworksInSquid.: {$AllowAllNetworksInSquid}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} ICP Port................: {$ICP_PORT}\n";
}
$sql = "SELECT * FROM proxy_ports WHERE enabled=1 and is_nat=1";
$results = $q->QUERY_SQL($sql);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} " . mysql_num_rows($results) . " ports\n";
}
$f[] = "# --------- proxy_ports enabled=1 and is_nat=1 -> " . mysql_num_rows($results) . " ports";
$MAINSSL = array();
while ($ligne = mysql_fetch_assoc($results)) {
$ipaddr = $ligne["ipaddr"];
$xport = $ligne["port"];
$ssl = intval($ligne["UseSSL"]);
$eth = $ligne["nic"];
$transparent_text = null;
$ipaddr = "0.0.0.0";
$transparent = " transparent";
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$eth} {$ipaddr}:{$xport}\n";
}
if ($eth != null) {
$ipaddr = $GLOBALS["NETWORK_ALL_NICS"][$eth]["IPADDR"];
if ($ipaddr == null) {
$conf[] = "# --------- table proxy_ports {$eth} {$ipaddr}:{$xport} -> Hardware Error [" . __LINE__ . "]\n";
$conf[] = "# --------- http {$ipaddr} -> Hardware Error -> 0.0.0.0 [" . __LINE__ . "]\n";
$ipaddr = "0.0.0.0";
}
}
$f[] = "# --------- Port {$xport} listen on {$eth} ({$ipaddr}) UseSSL={$ssl}";
if ($ssl == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$ipaddr}:{$xport}: SSL Intercept...........: Yes - {$ssl_port}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$ipaddr}:{$xport}: Certificate.............: {$ligne["sslcertificate"]}\n";
}
$MAINSSL = $squid->SaveCertificate($ligne["sslcertificate"], false, false, false, true);
$f[] = $MAINSSL[0];
$key = $MAINSSL[1]["key"];
$certificate = $MAINSSL[1]["certificate"];
$f[] = "https_port {$ipaddr}:{$xport} transparent cert={$certificate} key={$key}";
continue;
}
$f[] = "http_port {$ipaddr}:{$xport}{$transparent}";
}
if ($AllowAllNetworksInSquid == 1) {
$f[] = "acl localnet src all";
}
if ($AllowAllNetworksInSquid == 0) {
$k = array();
$NetworkScannerMasks = $sock->GET_INFO('NetworkScannerMasks');
$tbl = explode("\n", $NetworkScannerMasks);
if (is_array($tbl)) {
while (list($num, $cidr) = each($tbl)) {
if (trim($cidr) == null) {
continue;
}
$k[$cidr] = $cidr;
}
}
if (count($this->network_array) > 0) {
while (list($num, $val) = each($this->network_array)) {
if ($val == null) {
continue;
}
$k[$val] = $val;
}
}
if (count($k == 0)) {
$f[] = "acl localnet src all";
}
if (count($k > 0)) {
while (list($m, $l) = each($k)) {
$s[] = $l;
}
$f[] = "acl localnet src " . implode(" ", $s);
}
}
$f[] = "acl all src all";
$f[] = "acl manager proto cache_object";
$f[] = "acl localhost src 127.0.0.1/32";
$f[] = "acl to_localhost dst 127.0.0.0/8 0.0.0.0/32";
$f[] = "acl SSL_ports port \"/etc/squid3/acls/SSLPorts\"";
$f[] = "acl Safe_ports port 80\t\t# http";
$f[] = "acl Safe_ports port 21\t\t# ftp";
$f[] = "acl Safe_ports port 443\t\t# https";
$f[] = "acl Safe_ports port 70\t\t# gopher";
$f[] = "acl Safe_ports port 210\t\t# wais";
$f[] = "acl Safe_ports port 1025-65535\t# unregistered ports";
$f[] = "acl Safe_ports port 280\t\t# http-mgmt";
$f[] = "acl Safe_ports port 488\t\t# gss-http";
$f[] = "acl Safe_ports port 591\t\t# filemaker";
$f[] = "acl Safe_ports port 777\t\t# multiling http";
$f[] = "acl CONNECT method CONNECT";
$f[] = "";
$f[] = "";
$f[] = "http_access allow manager localhost";
$f[] = "http_access deny manager";
$f[] = "http_access deny !Safe_ports";
$f[] = "http_access deny CONNECT !SSL_ports";
$f[] = "http_access allow localnet";
$f[] = "http_access deny all";
$f[] = "icp_access allow localnet";
$f[] = "icp_access deny all";
$f[] = "cache_peer 127.0.0.1\tparent\t{$ParentSquid27Port}\t3130\tdefault";
$f[] = "never_direct allow all";
$f[] = "cache_mem 64 MB";
$f[] = "maximum_object_size_in_memory 64 KB";
$f[] = "memory_replacement_policy lru";
$LOGFORMAT[] = "%>a";
$LOGFORMAT[] = "%[ui";
$LOGFORMAT[] = "%[un";
$LOGFORMAT[] = "[%tl]";
$LOGFORMAT[] = "\"%rm %ru HTTP/%rv\"";
$LOGFORMAT[] = "%Hs";
$LOGFORMAT[] = "%<st";
$LOGFORMAT[] = "%Ss:";
$LOGFORMAT[] = "%Sh";
$LOGFORMAT[] = "UserAgent:\"%{User-Agent}>h\"";
$LOGFORMAT[] = "Forwarded:\"%{X-Forwarded-For}>h\"";
$f[] = "logformat common MAC:00:00:00:00:00:00 " . @implode(" ", $LOGFORMAT);
$f[] = "access_log none";
$f[] = "cache_store_log none";
if ($LogsWarninStop == 0) {
$f[] = "logfile_rotate 10";
}
if ($LogsWarninStop == 1) {
$f[] = "logfile_rotate 0";
}
$f[] = "# emulate_httpd_log off";
$f[] = "log_ip_on_direct on";
$f[] = "mime_table /etc/squid27/mime.conf";
$f[] = "# log_mime_hdrs off";
$f[] = "pid_filename /var/run/squid/squid-nat.pid";
$f[] = "debug_options ALL,1";
$f[] = "log_fqdn on";
$f[] = "client_netmask 255.255.255.255";
$f[] = "strip_query_terms off";
$f[] = "buffered_logs on";
$f[] = "netdb_filename /var/log/squid/netdb_nat.state";
if ($LogsWarninStop == 0) {
$f[] = "cache_log /var/log/squid/cache-nat.log";
}
if ($LogsWarninStop == 1) {
$f[] = "cache_log /dev/null";
}
$f[] = "#url_rewrite_program";
$f[] = "# url_rewrite_children 5";
$f[] = "# url_rewrite_concurrency 0";
$f[] = "# url_rewrite_host_header on";
$f[] = "refresh_pattern .\t\t0\t20%\t4320";
$f[] = "cache_effective_user squid";
$f[] = "cache_effective_group squid";
$f[] = "httpd_suppress_version_string on";
$f[] = "visible_hostname {$visible_hostname}";
$f[] = "cache_dir null /tmp";
$f[] = "# icon_directory /usr/share/squid27/icons";
$f[] = "# error_directory /usr/share/squid27/errors/English";
$f[] = "forwarded_for on";
$f[] = "client_db on";
$f[] = "";
CheckFilesAndSecurity();
@file_put_contents("/etc/squid27/squid.conf", @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid27/squid.conf done\n";
}
}
