예제 #1
0
function apache_config()
{
    $sock = new sockets();
    $unix = new unix();
    $EnablePHPFPM = 0;
    $APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT();
    $APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP();
    if (preg_match("#APACHE_RUN_GROUP#", $APACHE_SRC_GROUP)) {
        $APACHE_SRC_GROUP = "www-data";
    }
    $LogFilePath = "/var/log/artica-wifidog/access.log";
    $directories[] = "/var/run/apache2";
    $directories[] = "/var/run/artica-apache";
    $directories[] = "/var/log/artica-wifidog";
    $directories[] = "/home/artica/hotspot/sessions";
    $directories[] = "/home/artica/hotspot/caches";
    while (list($index, $maindir) = each($directories)) {
        @mkdir($maindir, 0755, true);
        @chown($maindir, $APACHE_SRC_ACCOUNT);
        @chgrp($maindir, $APACHE_SRC_GROUP);
    }
    $ErrorLog = dirname($LogFilePath) . "/error.log";
    if (!is_file($LogFilePath)) {
        @touch($LogFilePath);
    }
    @chown($LogFilePath, $APACHE_SRC_ACCOUNT);
    @chgrp($LogFilePath, $APACHE_SRC_GROUP);
    if (!is_file($ErrorLog)) {
        @touch($ErrorLog);
    }
    @chown($ErrorLog, $APACHE_SRC_ACCOUNT);
    @chgrp($ErrorLog, $APACHE_SRC_GROUP);
    $APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH();
    $HotSpotMaxClients = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotMaxClients"));
    $HotSpotStartServers = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotStartServers"));
    $HotSpotForceDDOSDisable = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotForceDDOSDisable"));
    if ($HotSpotMaxClients == 0) {
        $HotSpotMaxClients = 20;
    }
    if ($HotSpotStartServers == 0) {
        $HotSpotStartServers = 5;
    }
    $EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot");
    $SquidHotSpotPort = $sock->GET_INFO("SquidHotSpotPort");
    $ArticaHotSpotPort = $sock->GET_INFO("ArticaHotSpotPort");
    $ArticaSSLHotSpotPort = $sock->GET_INFO("ArticaSSLHotSpotPort");
    $ArticaSplashHotSpotPort = $sock->GET_INFO("ArticaSplashHotSpotPort");
    $ArticaSplashHotSpotPortSSL = $sock->GET_INFO("ArticaSplashHotSpotPortSSL");
    if (!is_numeric($ArticaHotSpotPort)) {
        $ArticaHotSpotPort = 0;
    }
    if (!is_numeric($ArticaSplashHotSpotPort)) {
        $ArticaSplashHotSpotPort = 16080;
    }
    if (!is_numeric($ArticaSplashHotSpotPortSSL)) {
        $ArticaSplashHotSpotPortSSL = 16443;
    }
    $ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface");
    $HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName"));
    $HotSpotErrorRedirect = $sock->GET_INFO("HotSpotErrorRedirect");
    if ($HotSpotErrorRedirect == null) {
        $HotSpotErrorRedirect = "http://www.msftncsi.com";
    }
    $Params = unserialize($sock->GET_INFO("HotSpotEvasive"));
    $ApacheEvasiveInstalled = intval($sock->GET_INFO("ApacheEvasiveInstalled"));
    if (!is_numeric($Params["DOSEnable"])) {
        $Params["DOSEnable"] = 1;
    }
    if (!is_numeric($Params["DOSHashTableSize"])) {
        $Params["DOSHashTableSize"] = 1024;
    }
    if (!is_numeric($Params["DOSPageCount"])) {
        $Params["DOSPageCount"] = 3;
    }
    if (!is_numeric($Params["DOSSiteCount"])) {
        $Params["DOSSiteCount"] = 20;
    }
    if (!is_numeric($Params["DOSPageInterval"])) {
        $Params["DOSPageInterval"] = 1;
    }
    if (!is_numeric($Params["DOSSiteInterval"])) {
        $Params["DOSSiteInterval"] = 10;
    }
    if (!is_numeric($Params["DOSBlockingPeriod"])) {
        $Params["DOSBlockingPeriod"] = 5;
    }
    $unix = new unix();
    $NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
    $ipaddr = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"];
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HotSpot run as {$ArticaHotSpotInterface} ( {$ipaddr} )\n";
    }
    if ($ipaddr == "0.0.0.0") {
        $ipaddr = "*";
    }
    if ($ipaddr == null) {
        $ipaddr = "*";
    }
    $GLOBALS["HOSTPOT_WEB_INTERFACE"] = $ipaddr;
    $phpfpm = $unix->APACHE_LOCATE_PHP_FPM();
    $php = $unix->LOCATE_PHP5_BIN();
    $EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
    if (!is_numeric($EnableArticaApachePHPFPM)) {
        $EnableArticaApachePHPFPM = 0;
    }
    if (!is_file($phpfpm)) {
        $EnableArticaApachePHPFPM = 0;
    }
    $unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/artica-apache");
    $apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES();
    if ($EnableArticaApachePHPFPM == 1) {
        if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n";
            }
            $EnableArticaApachePHPFPM = 0;
        }
    }
    if ($APACHE_SRC_ACCOUNT == null) {
        $APACHE_SRC_ACCOUNT = "www-data";
        $APACHE_SRC_GROUP = "www-data";
        $unix->CreateUnixUser($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "Apache username");
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as....: {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port.: {$ArticaSplashHotSpotPort} SSL Port: {$ArticaSplashHotSpotPortSSL}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM...: {$EnablePHPFPM}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} MaxClients: {$HotSpotMaxClients}\n";
    }
    $f[] = "Group {$APACHE_SRC_GROUP}";
    $f[] = "User {$APACHE_SRC_ACCOUNT}";
    $f[] = "LockFile /var/run/apache2/hotspot-artica-accept.lock";
    $f[] = "PidFile /var/run/artica-apache/hotspot-apache.pid";
    $f[] = "AcceptMutex flock";
    $f[] = "SSLRandomSeed startup file:/dev/urandom  256";
    $f[] = "SSLRandomSeed connect builtin";
    $f[] = "SSLSessionCache        shmcb:/var/run/apache2/ssl_scache-hotspot(512000)";
    $f[] = "SSLSessionCacheTimeout  300";
    $f[] = "SSLSessionCacheTimeout  300";
    $f[] = "DocumentRoot /usr/share/artica-postfix";
    $f[] = "DirectoryIndex hotspot.html";
    $f[] = "ErrorDocument 400 /hotspot.html";
    $f[] = "ErrorDocument 401 /hotspot.html";
    $f[] = "ErrorDocument 403 /hotspot.html";
    $f[] = "ErrorDocument 404 /hotspot.html";
    $f[] = "ErrorDocument 500 /hotspot.html";
    $NameVirtualHost = $ipaddr;
    if ($HospotHTTPServerName != null) {
        $NameVirtualHost = $HospotHTTPServerName;
    }
    $f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}";
    $f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}";
    $f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPort}";
    $f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}";
    $ddos_config = null;
    if ($HotSpotForceDDOSDisable == 1) {
        $Params["DOSEnable"] = 0;
    }
    if ($Params["DOSEnable"] == 1) {
        //$ddos[]="<IfModule mod_evasive20.c>";
        $ddos[] = "\tDOSHashTableSize {$Params["DOSHashTableSize"]}";
        $ddos[] = "\tDOSPageCount {$Params["DOSPageCount"]}";
        $ddos[] = "\tDOSSiteCount {$Params["DOSSiteCount"]}";
        $ddos[] = "\tDOSPageInterval {$Params["DOSPageInterval"]}";
        $ddos[] = "\tDOSSiteInterval {$Params["DOSSiteInterval"]}";
        $ddos[] = "\tDOSBlockingPeriod {$Params["DOSBlockingPeriod"]}";
        $ddos[] = "\tDOSLogDir  \"/var/log/artica-wifidog\"";
        $ddos[] = "\tDOSSystemCommand \"/bin/echo `date '+%F %T'` HOTSPOT  %s >> /var/log/artica-wifidog/dos_evasive_attacks.log\"";
        $ddos_config = @implode("\n", $ddos);
        //$ddos[]="</IfModule>";
    }
    $f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}>";
    $f[] = "\tServerName {$NameVirtualHost}";
    $f[] = "\tDocumentRoot /usr/share/artica-postfix";
    $f[] = "{$ddos_config}";
    $f[] = "\tErrorDocument 400 /hotspot.html";
    $f[] = "\tErrorDocument 401 /hotspot.html";
    $f[] = "\tErrorDocument 403 /hotspot.html";
    $f[] = "\tErrorDocument 404 /hotspot.html";
    $f[] = "\tErrorDocument 500 /hotspot.html";
    $f[] = "\tFallbackResource /hotspot.html";
    $f[] = "</VirtualHost>";
    $f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}>";
    $f[] = "\tServerName {$NameVirtualHost}";
    $f[] = "\tDocumentRoot /usr/share/artica-postfix";
    $f[] = "\tSSLEngine on";
    $squid = new squidbee();
    $ArticaSplashHotSpotCertificate = $sock->GET_INFO("ArticaSplashHotSpotCertificate");
    $data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false);
    if ($ArticaSplashHotSpotCertificate != null) {
        $apache = new apache_certificate($ArticaSplashHotSpotCertificate);
        $f[] = $apache->build();
    } else {
        if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) {
            $cert = $re[1];
            $key = $re[2];
            $f[] = "\tSSLCertificateFile \"{$cert}\"";
            $f[] = "\tSSLCertificateKeyFile \"{$key}\"";
        }
    }
    $f[] = "\tSSLVerifyClient none";
    $f[] = "\tServerSignature Off";
    $f[] = "{$ddos_config}";
    $f[] = "\tErrorDocument 400 /hotspot.html";
    $f[] = "\tErrorDocument 401 /hotspot.html";
    $f[] = "\tErrorDocument 403 /hotspot.html";
    $f[] = "\tErrorDocument 404 /hotspot.html";
    $f[] = "\tErrorDocument 500 /hotspot.html";
    $f[] = "\tFallbackResource /hotspot.html";
    $f[] = "</VirtualHost>";
    $f[] = "AccessFileName .htaccess";
    $f[] = "<Files ~ \"^\\.ht\">";
    $f[] = "\tOrder allow,deny";
    $f[] = "\tDeny from all";
    $f[] = "\tSatisfy all";
    $f[] = "</Files>";
    $f[] = "DefaultType text/plain";
    $f[] = "HostnameLookups Off";
    $f[] = "User\t\t\t\t   {$APACHE_SRC_ACCOUNT}";
    $f[] = "Group\t\t\t\t   {$APACHE_SRC_GROUP}";
    $f[] = "Timeout              300";
    $f[] = "KeepAlive            Off";
    $f[] = "KeepAliveTimeout     3";
    if ($HotSpotStartServers >= $HotSpotMaxClients) {
        $HotSpotMaxClients = $HotSpotMaxClients + $HotSpotStartServers;
    }
    if ($HotSpotMaxClients > 1024) {
        $HotSpotMaxClients = 1024;
    }
    $ServerLimit = $HotSpotMaxClients + 100;
    if ($ServerLimit > 2000) {
        $ServerLimit = 2000;
    }
    $f[] = "StartServers         {$HotSpotStartServers}";
    $f[] = "MaxClients           {$HotSpotMaxClients}";
    $f[] = "ServerLimit\t\t   {$ServerLimit}";
    $MinSpareServers = $HotSpotStartServers + 5;
    $MaxSpareServers = $MinSpareServers + 1;
    $f[] = "MinSpareServers      {$MinSpareServers}";
    $f[] = "MaxSpareServers      {$MaxSpareServers}";
    $f[] = "MaxRequestsPerChild  800";
    $f[] = "MaxKeepAliveRequests 100";
    $f[] = "ServerName " . $unix->hostname_g();
    $f[] = "<IfModule mod_ssl.c>";
    $f[] = "\tSSLRandomSeed connect builtin";
    $f[] = "\tSSLRandomSeed connect file:/dev/urandom 512";
    $f[] = "\tAddType application/x-x509-ca-cert .crt";
    $f[] = "\tAddType application/x-pkcs7-crl    .crl";
    $f[] = "\tSSLPassPhraseDialog  builtin";
    $f[] = "\tSSLSessionCache        shmcb:/var/run/apache2/ssl_scache-articahtp(512000)";
    $f[] = "\tSSLSessionCacheTimeout  300";
    $f[] = "\tSSLSessionCacheTimeout  300";
    $f[] = "\tSSLMutex  sem";
    $f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH";
    $f[] = "\tSSLProtocol all -SSLv2";
    $f[] = "</IfModule>";
    $f[] = "";
    $f[] = "AddType application/x-httpd-php .php";
    $f[] = "php_value error_log \"/var/log/artica-wifidog/access.log\"";
    $f[] = "php_value session.save_path \"/home/artica/hotspot/sessions\"";
    $f[] = "<IfModule mod_fcgid.c>";
    $f[] = "\tPHP_Fix_Pathinfo_Enable 1";
    $f[] = "</IfModule>";
    $f[] = "<IfModule mod_php5.c>";
    $f[] = "    <FilesMatch \"\\.ph(p3?|tml)\$\">";
    $f[] = "\tSetHandler application/x-httpd-php";
    $f[] = "    </FilesMatch>";
    $f[] = "    <FilesMatch \"\\.phps\$\">";
    $f[] = "\tSetHandler application/x-httpd-php-source";
    $f[] = "    </FilesMatch>";
    $f[] = "    <IfModule mod_userdir.c>";
    $f[] = "        <Directory /home/*/public_html>";
    $f[] = "            php_admin_value engine Off";
    $f[] = "        </Directory>";
    $f[] = "    </IfModule>";
    $f[] = "</IfModule>";
    $f[] = "<IfModule mod_mime.c>";
    $f[] = "\tTypesConfig /etc/mime.types";
    $f[] = "\tAddType application/x-compress .Z";
    $f[] = "\tAddType application/x-gzip .gz .tgz";
    $f[] = "\tAddType application/x-bzip2 .bz2";
    $f[] = "\tAddType application/x-httpd-php .php .phtml";
    $f[] = "\tAddType application/x-httpd-php-source .phps";
    $f[] = "\tAddLanguage ca .ca";
    $f[] = "\tAddLanguage cs .cz .cs";
    $f[] = "\tAddLanguage da .dk";
    $f[] = "\tAddLanguage de .de";
    $f[] = "\tAddLanguage el .el";
    $f[] = "\tAddLanguage en .en";
    $f[] = "\tAddLanguage eo .eo";
    $f[] = "\tRemoveType  es";
    $f[] = "\tAddLanguage es .es";
    $f[] = "\tAddLanguage et .et";
    $f[] = "\tAddLanguage fr .fr";
    $f[] = "\tAddLanguage he .he";
    $f[] = "\tAddLanguage hr .hr";
    $f[] = "\tAddLanguage it .it";
    $f[] = "\tAddLanguage ja .ja";
    $f[] = "\tAddLanguage ko .ko";
    $f[] = "\tAddLanguage ltz .ltz";
    $f[] = "\tAddLanguage nl .nl";
    $f[] = "\tAddLanguage nn .nn";
    $f[] = "\tAddLanguage no .no";
    $f[] = "\tAddLanguage pl .po";
    $f[] = "\tAddLanguage pt .pt";
    $f[] = "\tAddLanguage pt-BR .pt-br";
    $f[] = "\tAddLanguage ru .ru";
    $f[] = "\tAddLanguage sv .sv";
    $f[] = "\tRemoveType  tr";
    $f[] = "\tAddLanguage tr .tr";
    $f[] = "\tAddLanguage zh-CN .zh-cn";
    $f[] = "\tAddLanguage zh-TW .zh-tw";
    $f[] = "\tAddCharset us-ascii    .ascii .us-ascii";
    $f[] = "\tAddCharset ISO-8859-1  .iso8859-1  .latin1";
    $f[] = "\tAddCharset ISO-8859-2  .iso8859-2  .latin2 .cen";
    $f[] = "\tAddCharset ISO-8859-3  .iso8859-3  .latin3";
    $f[] = "\tAddCharset ISO-8859-4  .iso8859-4  .latin4";
    $f[] = "\tAddCharset ISO-8859-5  .iso8859-5  .cyr .iso-ru";
    $f[] = "\tAddCharset ISO-8859-6  .iso8859-6  .arb .arabic";
    $f[] = "\tAddCharset ISO-8859-7  .iso8859-7  .grk .greek";
    $f[] = "\tAddCharset ISO-8859-8  .iso8859-8  .heb .hebrew";
    $f[] = "\tAddCharset ISO-8859-9  .iso8859-9  .latin5 .trk";
    $f[] = "\tAddCharset ISO-8859-10  .iso8859-10  .latin6";
    $f[] = "\tAddCharset ISO-8859-13  .iso8859-13";
    $f[] = "\tAddCharset ISO-8859-14  .iso8859-14  .latin8";
    $f[] = "\tAddCharset ISO-8859-15  .iso8859-15  .latin9";
    $f[] = "\tAddCharset ISO-8859-16  .iso8859-16  .latin10";
    $f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis";
    $f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis";
    $f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis";
    $f[] = "\tAddCharset Big5        .Big5       .big5 .b5";
    $f[] = "\tAddCharset cn-Big5     .cn-big5";
    $f[] = "\t# For russian, more than one charset is used (depends on client, mostly):";
    $f[] = "\tAddCharset WINDOWS-1251 .cp-1251   .win-1251";
    $f[] = "\tAddCharset CP866       .cp866";
    $f[] = "\tAddCharset KOI8      .koi8";
    $f[] = "\tAddCharset KOI8-E      .koi8-e";
    $f[] = "\tAddCharset KOI8-r      .koi8-r .koi8-ru";
    $f[] = "\tAddCharset KOI8-U      .koi8-u";
    $f[] = "\tAddCharset KOI8-ru     .koi8-uk .ua";
    $f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2";
    $f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4";
    $f[] = "\tAddCharset UTF-7       .utf7";
    $f[] = "\tAddCharset UTF-8       .utf8";
    $f[] = "\tAddCharset UTF-16      .utf16";
    $f[] = "\tAddCharset UTF-16BE    .utf16be";
    $f[] = "\tAddCharset UTF-16LE    .utf16le";
    $f[] = "\tAddCharset UTF-32      .utf32";
    $f[] = "\tAddCharset UTF-32BE    .utf32be";
    $f[] = "\tAddCharset UTF-32LE    .utf32le";
    $f[] = "\tAddCharset euc-cn      .euc-cn";
    $f[] = "\tAddCharset euc-gb      .euc-gb";
    $f[] = "\tAddCharset euc-jp      .euc-jp";
    $f[] = "\tAddCharset euc-kr      .euc-kr";
    $f[] = "\tAddCharset EUC-TW      .euc-tw";
    $f[] = "\tAddCharset gb2312      .gb2312 .gb";
    $f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2";
    $f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4";
    $f[] = "\tAddCharset shift_jis   .shift_jis .sjis";
    $f[] = "\tAddType text/html .shtml";
    $f[] = "\tAddOutputFilter INCLUDES .shtml";
    $f[] = "</IfModule>";
    $f[] = "Alias /index.php /hotspot.html";
    $f[] = "Alias /index.html /hotspot.html";
    $f[] = "Alias /Microsoft-Server-ActiveSync /hotspot-none.html";
    $f[] = "<Directory \"/usr/share/artica-postfix\">";
    $f[] = "\tDirectorySlash On";
    $f[] = "\tDirectoryIndex hostpot.php";
    $f[] = "\t\t<Files \"hostpot.php\">";
    $f[] = "\t\t\tOrder allow,deny";
    $f[] = "\t\t\tallow from all";
    $f[] = "\t\t</Files>";
    $f[] = "\t\t<Files \"hostpot.html\">";
    $f[] = "\t\t\tOrder allow,deny";
    $f[] = "\t\t\tallow from all";
    $f[] = "\t\t</Files>";
    $f[] = "\t\t<FilesMatch \"!(hostpot)\\.(html|php)\$\">";
    $f[] = "\t\t\tOrder allow,deny";
    $f[] = "\t\t\tdeny from all";
    $f[] = "\t\t</FilesMatch>";
    $f[] = "\tErrorDocument 400 /hotspot.html";
    $f[] = "\tErrorDocument 401 /hotspot.html";
    $f[] = "\tErrorDocument 403 /hotspot.html";
    $f[] = "\tErrorDocument 404 /hotspot.html";
    $f[] = "\tErrorDocument 500 /hotspot.html";
    $f[] = "\tFallbackResource /hotspot.html";
    $f[] = "\tOptions -Indexes";
    $f[] = "\tSSLOptions +StdEnvVars";
    $f[] = "\tAllowOverride All";
    $f[] = "\tOrder allow,deny";
    $f[] = "\tAllow from all";
    $f[] = "</Directory>";
    if ($EnableArticaApachePHPFPM == 1) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n";
        }
        shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm");
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n";
        }
        shell_exec("/etc/init.d/php5-fpm restart");
        $f[] = "\tAlias /php5.fastcgi /var/run/artica-apache/php5.fastcgi";
        $f[] = "\tAddHandler php-script .php";
        $f[] = "\tFastCGIExternalServer /var/run/artica-apache/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610";
        $f[] = "\tAction php-script /php5.fastcgi virtual";
        $f[] = "\t<Directory /var/run/artica-apache>";
        $f[] = "\t\t<Files php5.fastcgi>";
        $f[] = "\t\tOrder deny,allow";
        $f[] = "\t\tAllow from all";
        $f[] = "\t\t</Files>";
        $f[] = "\t</Directory>";
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n";
        }
    }
    $f[] = "Loglevel debug";
    $f[] = "ErrorLog {$ErrorLog}";
    $f[] = "LogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common";
    $f[] = "CustomLog {$LogFilePath} common";
    if ($EnableArticaApachePHPFPM == 0) {
        $array["php5_module"] = "libphp5.so";
    }
    $array["actions_module"] = "mod_actions.so";
    $array["expires_module"] = "mod_expires.so";
    $array["rewrite_module"] = "mod_rewrite.so";
    $array["dir_module"] = "mod_dir.so";
    $array["mime_module"] = "mod_mime.so";
    $array["alias_module"] = "mod_alias.so";
    $array["auth_basic_module"] = "mod_auth_basic.so";
    $array["authz_host_module"] = "mod_authz_host.so";
    $array["autoindex_module"] = "mod_autoindex.so";
    $array["negotiation_module"] = "mod_negotiation.so";
    $array["ssl_module"] = "mod_ssl.so";
    $array["headers_module"] = "mod_headers.so";
    $array["ldap_module"] = "mod_ldap.so";
    if ($Params["DOSEnable"] == 1) {
        $array["evasive20_module"] = "mod_evasive20.so";
    }
    if ($EnableArticaApachePHPFPM == 1) {
        $array["fastcgi_module"] = "mod_fastcgi.so";
    }
    if (is_dir("/etc/apache2")) {
        if (!is_file("/etc/apache2/mime.types")) {
            if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") {
                @copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types");
            }
        }
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n";
    }
    while (list($module, $lib) = each($array)) {
        if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n";
            }
            $f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}";
        } else {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n";
            }
        }
    }
    build_error_page();
    @file_put_contents("/etc/artica-postfix/hotspot-httpd.conf", @implode("\n", $f) . "\n");
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/hotspot-httpd.conf done\n";
    }
}
예제 #2
0
function build_default_asArtica()
{
    $nginx = new nginx();
    $unix = new unix();
    $squidR = new squidbee();
    $f[] = "server {";
    $f[] = "\tlisten       80;";
    $f[] = "\tserver_name  " . $unix->hostname_g() . ";";
    $f[] = "\tindex     logon.php;";
    $f[] = "\tlocation /nginx_status {";
    $f[] = "\tstub_status on;";
    $f[] = "\terror_log  /var/log/nginx/default.error.log warn;";
    $f[] = "\taccess_log   /var/log/nginx/default.access.log;";
    $f[] = "\tallow all;";
    $f[] = "\t}";
    $f[] = "\tlocation / {";
    $f[] = "\t\troot\t/usr/share/artica-postfix;";
    $f[] = "\t}";
    $f[] = $nginx->php_fpm("logon.php", "/usr/share/artica-postfix", 1);
    $f[] = "}";
    $f[] = "server {";
    $f[] = "\tlisten       443;";
    $f[] = "\tindex     logon.php;";
    $f[] = "\tkeepalive_timeout   70;";
    $f[] = "\terror_log  /var/log/nginx/default.error.log warn;";
    $f[] = "\taccess_log   /var/log/nginx/default.access.log;";
    $f[] = "\tssl on;";
    $f[] = "\t" . $squidR->SaveCertificate($unix->hostname_g(), false, true);
    $f[] = "\tssl_session_timeout  5m;";
    $f[] = "\tssl_protocols  SSLv3 TLSv1;";
    $f[] = "\tssl_ciphers HIGH:!aNULL:!MD5;";
    $f[] = "\tssl_prefer_server_ciphers   on;";
    $f[] = "\tserver_name  " . $unix->hostname_g() . ";";
    $f[] = "\tlocation / {";
    $f[] = "\t\troot\t/usr/share/artica-postfix;";
    $f[] = "\t}";
    $f[] = $nginx->php_fpm("logon.php", "/usr/share/artica-postfix", 1);
    $f[] = "}";
    @file_put_contents("/etc/nginx/conf.d/default.conf", @implode("\n", $f));
    if ($GLOBALS["RELOAD"]) {
        reload(true);
    }
}
예제 #3
0
    $GLOBALS["debug"] = true;
    ini_set('display_errors', 1);
    ini_set('error_reporting', E_ALL);
    ini_set('error_prepend_string', null);
    ini_set('error_append_string', null);
}
if (preg_match("#--output#", implode(" ", $argv))) {
    $GLOBALS["OUTPUT"] = true;
}
if (preg_match("#schedule-id=([0-9]+)#", implode(" ", $argv), $re)) {
    $GLOBALS["SCHEDULE_ID"] = $re[1];
}
if (preg_match("#--force#", implode(" ", $argv), $re)) {
    $GLOBALS["FORCE"] = true;
}
if (preg_match("#--reconfigure#", implode(" ", $argv), $re)) {
    $GLOBALS["RECONFIGURE"] = true;
}
$GLOBALS["AS_ROOT"] = true;
include_once dirname(__FILE__) . '/ressources/class.ldap.inc';
include_once dirname(__FILE__) . '/ressources/class.nginx.inc';
include_once dirname(__FILE__) . '/ressources/class.freeweb.inc';
include_once dirname(__FILE__) . '/framework/class.unix.inc';
include_once dirname(__FILE__) . '/ressources/class.squid.reverse.inc';
include_once dirname(__FILE__) . '/framework/frame.class.inc';
include_once dirname(__FILE__) . '/framework/class.settings.inc';
include_once dirname(__FILE__) . '/ressources/class.resolv.conf.inc';
$certificate = $argv[1];
$squid = new squidbee();
$squid->SaveCertificate($certificate, false, true);
예제 #4
0
function apache_config()
{
    $sock = new sockets();
    $unix = new unix();
    $EnablePHPFPM = 0;
    @mkdir("/var/run/squid", 0755, true);
    @mkdir("/var/run/squid", 0755, true);
    $APACHE_SRC_ACCOUNT = "squid";
    $APACHE_SRC_GROUP = "squid";
    $APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH();
    if (!isset($GLOBALS["HyperCacheStoragePath"])) {
        $sock = new sockets();
        $GLOBALS["HyperCacheStoragePath"] = $sock->GET_INFO("HyperCacheStoragePath");
        if ($GLOBALS["HyperCacheStoragePath"] == null) {
            $GLOBALS["HyperCacheStoragePath"] = "/home/artica/proxy-cache";
        }
    }
    $SquidEnforceRules = intval($sock->GET_INFO("SquidEnforceRules"));
    $HyperCacheHTTPListenPort = $sock->GET_INFO("HyperCacheHTTPListenPort");
    $HyperCacheHTTPListenPortSSL = $sock->GET_INFO("HyperCacheHTTPListenPortSSL");
    $HyperCacheHTTPListenPortSSLEnabled = intval($sock->GET_INFO("HyperCacheHTTPListenPortSSLEnabled"));
    if (!is_numeric($HyperCacheHTTPListenPort)) {
        $HyperCacheHTTPListenPort = 8700;
    }
    if (!is_numeric($HyperCacheHTTPListenPortSSL)) {
        $HyperCacheHTTPListenPortSSL = 8900;
    }
    $HyperCacheListenAddr = $sock->GET_INFO("HyperCacheListenAddr");
    $unix = new unix();
    $NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
    unset($NETWORK_ALL_INTERFACES["lo"]);
    if ($HyperCacheListenAddr == null) {
        $HyperCacheListenAddr = $unix->NETWORK_DEFAULT_LISTEN_ADDR();
        $sock->SET_INFO("HyperCacheListenAddr", $HyperCacheListenAddr);
    }
    if ($unix->NETWORK_IS_LISTEN_ADDR_EXISTS($HyperCacheListenAddr)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$HyperCacheListenAddr} doesn't exists...\n";
        }
        $HyperCacheListenAddr = $unix->NETWORK_DEFAULT_LISTEN_ADDR();
        $sock->SET_INFO("HyperCacheListenAddr", $HyperCacheListenAddr);
    }
    $ipaddr = $HyperCacheListenAddr;
    $phpfpm = $unix->APACHE_LOCATE_PHP_FPM();
    $php = $unix->LOCATE_PHP5_BIN();
    $EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
    if (!is_numeric($EnableArticaApachePHPFPM)) {
        $EnableArticaApachePHPFPM = 0;
    }
    if (!is_file($phpfpm)) {
        $EnableArticaApachePHPFPM = 0;
    }
    $unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/squid");
    $apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES();
    if ($EnableArticaApachePHPFPM == 1) {
        if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n";
            }
            $EnableArticaApachePHPFPM = 0;
        }
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listen address: {$ipaddr}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port: {$HyperCacheHTTPListenPort} SSL Port: {$HyperCacheHTTPListenPortSSL}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM: {$EnablePHPFPM}\n";
    }
    $q = new mysql_squid_builder();
    $nice = EXEC_NICE();
    $sql = "SELECT * FROM artica_caches_mirror WHERE enabled=1 AND `ToDelete`=0";
    $results = $q->QUERY_SQL($sql);
    $HyperCache = new HyperCache();
    while ($ligne = mysql_fetch_assoc($results)) {
        $t = time();
        $sitename = $ligne["sitename"];
        $sitename_path = $HyperCache->HyperCacheUriToHostname($sitename);
        $workingdir = $GLOBALS["HyperCacheStoragePath"] . "/mirror/{$sitename_path}";
        if (!is_dir($workingdir)) {
            @mkdir($workingdir, 0755, true);
        }
        @chown("{$GLOBALS["HyperCacheStoragePath"]}/mirror", "squid");
        @chgrp("{$GLOBALS["HyperCacheStoragePath"]}/mirror", "squid");
        @chown("{$GLOBALS["HyperCacheStoragePath"]}/mirror/{$sitename_path}", "squid");
        @chgrp("{$GLOBALS["HyperCacheStoragePath"]}/mirror/{$sitename_path}", "squid");
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} build folder for mirrored {$sitename_path}\n";
        }
        $mirrors[] = "";
        $mirrors_aliases[] = "alias /{$sitename_path} {$workingdir}";
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: alias /{$sitename_path} {$workingdir}\n";
        }
        $mirrors[] = "";
        $mirrors[] = "\t<Directory \"{$workingdir}\">";
        $mirrors[] = "\t\tDirectorySlash On";
        $mirrors[] = "\t\tDirectoryIndex index.html index-2.html";
        $mirrors[] = "\t\tOptions All";
        $mirrors[] = "\t\tOrder deny,allow";
        $mirrors[] = "\t\tAllow from all";
        $mirrors[] = "\t</Directory>";
        $mirrors[] = "";
    }
    $mirrors_conf = @implode("\n", $mirrors);
    $mirrors_aliases_conf = @implode("\n", $mirrors_aliases);
    $f[] = "LockFile /var/run/squid/HyperCacheWebAccept.lock";
    $f[] = "PidFile /var/run/squid/HyperCacheWeb.pid";
    $f[] = "AcceptMutex flock";
    $f[] = "DocumentRoot /usr/share/artica-postfix";
    $f[] = "DirectoryIndex squidcache.php";
    $f[] = "NameVirtualHost {$ipaddr}:{$HyperCacheHTTPListenPort}";
    $f[] = $mirrors_aliases_conf;
    if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
        $f[] = "SSLRandomSeed startup file:/dev/urandom  256";
        $f[] = "SSLRandomSeed connect builtin";
        $f[] = "SSLSessionCache        shmcb:/var/run/squid/HyperCacheWebSSL(512000)";
        $f[] = "SSLSessionCacheTimeout  300";
        $f[] = "SSLSessionCacheTimeout  300";
        $f[] = "NameVirtualHost {$ipaddr}:{$HyperCacheHTTPListenPortSSL}";
        $f[] = "Listen {$ipaddr}:{$HyperCacheHTTPListenPortSSL}";
    }
    $f[] = "Listen {$ipaddr}:{$HyperCacheHTTPListenPort}";
    $f[] = "<VirtualHost {$ipaddr}:{$HyperCacheHTTPListenPort}>";
    $f[] = "\tServerName {$ipaddr}";
    $f[] = "\tLoglevel debug";
    $f[] = "\tLoglevel debug";
    $f[] = "\tErrorLog /var/log/squid/HyperCache-error.log";
    $f[] = "\tLogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common";
    $f[] = "\tCustomLog /var/log/squid/HyperCache-access.log common";
    $f[] = "\tErrorDocument 400 /squidcache.php";
    $f[] = "\tErrorDocument 401 /squidcache.php";
    $f[] = "\tErrorDocument 403 /squidcache.php";
    $f[] = "\tErrorDocument 404 /squidcache.php";
    $f[] = "\tErrorDocument 500 /squidcache.php";
    //$f[]="\tFallbackResource /squidcache.php";
    $f[] = $mirrors_aliases_conf;
    $f[] = $mirrors_conf;
    $f[] = "</VirtualHost>";
    if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
        $squid = new squidbee();
        $data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false);
        if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) {
            $cert = $re[1];
            $key = $re[2];
        }
        $f[] = "<VirtualHost {$ipaddr}:{$HyperCacheHTTPListenPortSSL}>";
        $f[] = "\tFallbackResource /squidcache.php";
        $f[] = "\tServerName {$ipaddr}";
        $f[] = "\tDocumentRoot /usr/share/artica-postfix";
        $f[] = "\tSSLEngine on";
        $f[] = "\tSSLCertificateFile \"{$cert}\"";
        $f[] = "\tSSLCertificateKeyFile \"{$key}\"";
        $f[] = "\tSSLVerifyClient none";
        $f[] = "\tServerSignature Off";
        $f[] = $mirrors_conf;
        $f[] = "</VirtualHost>";
    }
    $f[] = "<IfModule mpm_prefork_module>";
    $f[] = "</IfModule>";
    $f[] = "<IfModule mpm_worker_module>";
    $f[] = "\tMinSpareThreads      25";
    $f[] = "\tMaxSpareThreads      75 ";
    $f[] = "\tThreadLimit          64";
    $f[] = "\tThreadsPerChild      25";
    $f[] = "</IfModule>";
    $f[] = "<IfModule mpm_event_module>";
    $f[] = "\tMinSpareThreads      25";
    $f[] = "\tMaxSpareThreads      75 ";
    $f[] = "\tThreadLimit          64";
    $f[] = "\tThreadsPerChild      25";
    $f[] = "</IfModule>";
    $f[] = "AccessFileName .htaccess";
    $f[] = "<Files ~ \"^\\.ht\">";
    $f[] = "\tOrder allow,deny";
    $f[] = "\tDeny from all";
    $f[] = "\tSatisfy all";
    $f[] = "</Files>";
    $f[] = "DefaultType text/plain";
    $f[] = "HostnameLookups Off";
    $f[] = "User\t\t\t\t   {$APACHE_SRC_ACCOUNT}";
    $f[] = "Group\t\t\t\t   {$APACHE_SRC_GROUP}";
    $f[] = "Timeout              300";
    $f[] = "KeepAlive            Off";
    $f[] = "KeepAliveTimeout     15";
    $f[] = "StartServers         1";
    $f[] = "MaxClients           50";
    $f[] = "MinSpareServers      2";
    $f[] = "MaxSpareServers      5";
    $f[] = "MaxRequestsPerChild  5000";
    $f[] = "MaxKeepAliveRequests 100";
    $f[] = "ServerName " . $unix->hostname_g();
    if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
        $f[] = "<IfModule mod_ssl.c>";
        $f[] = "\tSSLRandomSeed connect builtin";
        $f[] = "\tSSLRandomSeed connect file:/dev/urandom 512";
        $f[] = "\tAddType application/x-x509-ca-cert .crt";
        $f[] = "\tAddType application/x-pkcs7-crl    .crl";
        $f[] = "\tSSLPassPhraseDialog  builtin";
        $f[] = "\tSSLSessionCache        shmcb:/var/run/squid/ssl_scache-articahtp(512000)";
        $f[] = "\tSSLSessionCacheTimeout  300";
        $f[] = "\tSSLSessionCacheTimeout  300";
        $f[] = "\tSSLMutex  sem";
        $f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH";
        $f[] = "\tSSLProtocol all -SSLv2";
        $f[] = "</IfModule>";
        $f[] = "";
    }
    // $f[]="\tFallbackResource /squidcache.php";
    $f[] = "AddType application/x-httpd-php .php";
    $f[] = "php_value error_log \"/var/log/lighttpd/apache-hotspot-php.log\"";
    $f[] = "<IfModule mod_fcgid.c>";
    $f[] = "\tPHP_Fix_Pathinfo_Enable 1";
    $f[] = "</IfModule>";
    $f[] = "<IfModule mod_php5.c>";
    $f[] = "    <FilesMatch \"\\.ph(p3?|tml)\$\">";
    $f[] = "\tSetHandler application/x-httpd-php";
    $f[] = "    </FilesMatch>";
    $f[] = "    <FilesMatch \"\\.phps\$\">";
    $f[] = "\tSetHandler application/x-httpd-php-source";
    $f[] = "    </FilesMatch>";
    $f[] = "    <IfModule mod_userdir.c>";
    $f[] = "        <Directory /home/*/public_html>";
    $f[] = "            php_admin_value engine Off";
    $f[] = "        </Directory>";
    $f[] = "    </IfModule>";
    $f[] = "</IfModule>";
    $f[] = "<IfModule mod_mime.c>";
    $f[] = "\tTypesConfig /etc/mime.types";
    $f[] = "\tAddType application/x-compress .Z";
    $f[] = "\tAddType application/x-gzip .gz .tgz";
    $f[] = "\tAddType application/x-bzip2 .bz2";
    $f[] = "\tAddType application/x-httpd-php .php .phtml";
    $f[] = "\tAddType application/x-httpd-php-source .phps";
    $f[] = "\tAddLanguage ca .ca";
    $f[] = "\tAddLanguage cs .cz .cs";
    $f[] = "\tAddLanguage da .dk";
    $f[] = "\tAddLanguage de .de";
    $f[] = "\tAddLanguage el .el";
    $f[] = "\tAddLanguage en .en";
    $f[] = "\tAddLanguage eo .eo";
    $f[] = "\tRemoveType  es";
    $f[] = "\tAddLanguage es .es";
    $f[] = "\tAddLanguage et .et";
    $f[] = "\tAddLanguage fr .fr";
    $f[] = "\tAddLanguage he .he";
    $f[] = "\tAddLanguage hr .hr";
    $f[] = "\tAddLanguage it .it";
    $f[] = "\tAddLanguage ja .ja";
    $f[] = "\tAddLanguage ko .ko";
    $f[] = "\tAddLanguage ltz .ltz";
    $f[] = "\tAddLanguage nl .nl";
    $f[] = "\tAddLanguage nn .nn";
    $f[] = "\tAddLanguage no .no";
    $f[] = "\tAddLanguage pl .po";
    $f[] = "\tAddLanguage pt .pt";
    $f[] = "\tAddLanguage pt-BR .pt-br";
    $f[] = "\tAddLanguage ru .ru";
    $f[] = "\tAddLanguage sv .sv";
    $f[] = "\tRemoveType  tr";
    $f[] = "\tAddLanguage tr .tr";
    $f[] = "\tAddLanguage zh-CN .zh-cn";
    $f[] = "\tAddLanguage zh-TW .zh-tw";
    $f[] = "\tAddCharset us-ascii    .ascii .us-ascii";
    $f[] = "\tAddCharset ISO-8859-1  .iso8859-1  .latin1";
    $f[] = "\tAddCharset ISO-8859-2  .iso8859-2  .latin2 .cen";
    $f[] = "\tAddCharset ISO-8859-3  .iso8859-3  .latin3";
    $f[] = "\tAddCharset ISO-8859-4  .iso8859-4  .latin4";
    $f[] = "\tAddCharset ISO-8859-5  .iso8859-5  .cyr .iso-ru";
    $f[] = "\tAddCharset ISO-8859-6  .iso8859-6  .arb .arabic";
    $f[] = "\tAddCharset ISO-8859-7  .iso8859-7  .grk .greek";
    $f[] = "\tAddCharset ISO-8859-8  .iso8859-8  .heb .hebrew";
    $f[] = "\tAddCharset ISO-8859-9  .iso8859-9  .latin5 .trk";
    $f[] = "\tAddCharset ISO-8859-10  .iso8859-10  .latin6";
    $f[] = "\tAddCharset ISO-8859-13  .iso8859-13";
    $f[] = "\tAddCharset ISO-8859-14  .iso8859-14  .latin8";
    $f[] = "\tAddCharset ISO-8859-15  .iso8859-15  .latin9";
    $f[] = "\tAddCharset ISO-8859-16  .iso8859-16  .latin10";
    $f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis";
    $f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis";
    $f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis";
    $f[] = "\tAddCharset Big5        .Big5       .big5 .b5";
    $f[] = "\tAddCharset cn-Big5     .cn-big5";
    $f[] = "\t# For russian, more than one charset is used (depends on client, mostly):";
    $f[] = "\tAddCharset WINDOWS-1251 .cp-1251   .win-1251";
    $f[] = "\tAddCharset CP866       .cp866";
    $f[] = "\tAddCharset KOI8      .koi8";
    $f[] = "\tAddCharset KOI8-E      .koi8-e";
    $f[] = "\tAddCharset KOI8-r      .koi8-r .koi8-ru";
    $f[] = "\tAddCharset KOI8-U      .koi8-u";
    $f[] = "\tAddCharset KOI8-ru     .koi8-uk .ua";
    $f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2";
    $f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4";
    $f[] = "\tAddCharset UTF-7       .utf7";
    $f[] = "\tAddCharset UTF-8       .utf8";
    $f[] = "\tAddCharset UTF-16      .utf16";
    $f[] = "\tAddCharset UTF-16BE    .utf16be";
    $f[] = "\tAddCharset UTF-16LE    .utf16le";
    $f[] = "\tAddCharset UTF-32      .utf32";
    $f[] = "\tAddCharset UTF-32BE    .utf32be";
    $f[] = "\tAddCharset UTF-32LE    .utf32le";
    $f[] = "\tAddCharset euc-cn      .euc-cn";
    $f[] = "\tAddCharset euc-gb      .euc-gb";
    $f[] = "\tAddCharset euc-jp      .euc-jp";
    $f[] = "\tAddCharset euc-kr      .euc-kr";
    $f[] = "\tAddCharset EUC-TW      .euc-tw";
    $f[] = "\tAddCharset gb2312      .gb2312 .gb";
    $f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2";
    $f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4";
    $f[] = "\tAddCharset shift_jis   .shift_jis .sjis";
    $f[] = "\tAddType text/html .shtml";
    $f[] = "\tAddOutputFilter INCLUDES .shtml";
    $f[] = "</IfModule>";
    $f[] = $mirrors_conf;
    $f[] = "<Directory \"/usr/share/artica-postfix\">";
    $f[] = "FallbackResource /squidcache.php";
    $f[] = "\tDirectorySlash On";
    $f[] = "\tDirectoryIndex squidcache.php";
    $f[] = "\t\t<Files \"squidcache.php\">";
    $f[] = "\t\t\tOrder allow,deny";
    $f[] = "\t\t\tallow from all";
    $f[] = "\t\t</Files>";
    /*	$f[]="\tErrorDocument 400 /hotspot.php";
    	$f[]="\tErrorDocument 401 /hotspot.php";
    	$f[]="\tErrorDocument 403 /hotspot.php";
    	$f[]="\tErrorDocument 404 /hotspot.php";
    	$f[]="\tErrorDocument 500 /hotspot.php";
    */
    $f[] = "\tOptions -Indexes";
    $f[] = ParseArticaDirectory();
    @chmod("/usr/share/artica-postfix/squidcache.php", 0755);
    @chown("/usr/share/artica-postfix/squidcache.php", "squid");
    if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
        $f[] = "\tSSLOptions +StdEnvVars";
    }
    $f[] = "\tAllowOverride All";
    $f[] = "\tOrder allow,deny";
    $f[] = "\tAllow from all";
    $f[] = "</Directory>";
    if ($EnableArticaApachePHPFPM == 1) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n";
        }
        shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm");
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n";
        }
        shell_exec("/etc/init.d/php5-fpm restart");
        $f[] = "\tAlias /php5.fastcgi /var/run/squid/php5.fastcgi";
        $f[] = "\tAddHandler php-script .php";
        $f[] = "\tFastCGIExternalServer /var/run/squid/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610";
        $f[] = "\tAction php-script /php5.fastcgi virtual";
        $f[] = "\t<Directory /var/run/squid>";
        $f[] = "\t\t<Files php5.fastcgi>";
        $f[] = "\t\tOrder deny,allow";
        $f[] = "\t\tAllow from all";
        $f[] = "\t\t</Files>";
        $f[] = "\t</Directory>";
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n";
        }
    }
    if ($EnableArticaApachePHPFPM == 0) {
        $array["php5_module"] = "libphp5.so";
    }
    $array["dumpio_module"] = "mod_dumpio.so";
    $array["actions_module"] = "mod_actions.so";
    $array["expires_module"] = "mod_expires.so";
    $array["rewrite_module"] = "mod_rewrite.so";
    $array["dir_module"] = "mod_dir.so";
    $array["mime_module"] = "mod_mime.so";
    $array["alias_module"] = "mod_alias.so";
    $array["auth_basic_module"] = "mod_auth_basic.so";
    $array["authz_host_module"] = "mod_authz_host.so";
    $array["autoindex_module"] = "mod_autoindex.so";
    $array["negotiation_module"] = "mod_negotiation.so";
    if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
        $array["ssl_module"] = "mod_ssl.so";
    }
    $array["headers_module"] = "mod_headers.so";
    //$array["ldap_module"]="mod_ldap.so";
    if ($EnableArticaApachePHPFPM == 1) {
        $array["fastcgi_module"] = "mod_fastcgi.so";
    }
    if (is_dir("/etc/apache2")) {
        if (!is_file("/etc/apache2/mime.types")) {
            if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") {
                @copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types");
            }
        }
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n";
    }
    while (list($module, $lib) = each($array)) {
        if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n";
            }
            $f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}";
        } else {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n";
            }
        }
    }
    @file_put_contents("/etc/artica-postfix/HyperCacheHTTPD.conf", @implode("\n", $f));
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/HyperCacheHTTPD.conf done\n";
    }
}
예제 #5
0
function build()
{
    $unix = new unix();
    $sock = new sockets();
    $php5 = $unix->LOCATE_PHP5_BIN();
    $sysctl = $unix->find_program("sysctl");
    $EnableChilli = $sock->GET_INFO("EnableChilli");
    if (!is_numeric($EnableChilli)) {
        $EnableChilli = 0;
    }
    $KernelSendRedirects = $sock->GET_INFO("KernelSendRedirects");
    if (!is_numeric($KernelSendRedirects)) {
        $KernelSendRedirects = 1;
    }
    $save = false;
    $ChilliConf = unserialize(base64_decode($sock->GET_INFO("ChilliConf")));
    $ChilliConf = GetInterfaceArray($ChilliConf);
    $php = $unix->LOCATE_PHP5_BIN();
    if (!isset($ChilliConf["HS_UAMFREEWEB"])) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} FreeWeb Login page is not set...\n";
        }
    }
    if (!is_file("/var/www/c2/index.php")) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Installing CakePHP\n";
        }
        shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} CakePHP done\n";
        }
    }
    if (!is_file("/var/www/c2/yfi_cake/setup/coova_json/login.php")) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/var/www/c2/yfi_cake/setup/coova_json/login.php no such file Installing YFI CakePHP\n";
        }
        shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} YFI CakePHP done\n";
        }
    }
    if (!is_dir("/usr/share/coova_json")) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/usr/share/coova_json` no such directory Installing Coova JSon\n";
        }
        shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Coova JSon done\n";
        }
    }
    $unix->SystemCreateUser("chilli", "chilli");
    $f[] = "include /etc/chilli/main.conf";
    $f[] = "include /etc/chilli/hs.conf";
    $f[] = "include /etc/chilli/local.conf";
    $f[] = "ipup=/etc/chilli/up.sh";
    $f[] = "ipdown=/etc/chilli/down.sh";
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Chilli: `/etc/chilli.conf` done\n";
    }
    file_put_contents("/etc/chilli.conf", @implode("\n", $f));
    if (!is_numeric($ChilliConf["EnableSSLRedirection"])) {
        $ChilliConf["EnableSSLRedirection"] = 0;
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building main configuration: {$ChilliConf["HS_LANIF"]} -> {$ChilliConf["HS_WANIF"]}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Listen.....: {$ChilliConf["HS_UAMLISTEN"]}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} DHCP.......: {$ChilliConf["HS_DYNIP"]}/{$ChilliConf["HS_DYNIP_MASK"]} ({$ChilliConf["HS_NETWORK"]})\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Proxy Port.: {$ChilliConf["SQUID_HTTP_PORT"]}\n";
    }
    $ldap = new clladp();
    if (!is_numeric($ChilliConf["ENABLE_DHCP_RELAY"])) {
        $ChilliConf["ENABLE_DHCP_RELAY"] = 0;
    }
    $t[] = "# -*- mode: shell-script; -*-";
    $t[] = "#";
    $t[] = "#   Coova-Chilli Default Configurations. ";
    $t[] = "#   To customize, copy this file to /etc/chilli/config";
    $t[] = "#   and edit to your liking. This is included in shell scripts";
    $t[] = "#   that configure chilli and related programs before file 'config'. ";
    $t[] = "";
    $t[] = "";
    $t[] = "###";
    $t[] = "#   Local Network Configurations";
    $t[] = "# ";
    $t[] = "";
    if ($ChilliConf["HS_WANIF"] != null) {
        $t[] = "HS_WANIF={$ChilliConf["HS_WANIF"]}            # WAN Interface toward the Internet";
    }
    $t[] = "HS_LANIF={$ChilliConf["HS_LANIF"]}\t\t   # Subscriber Interface for client devices";
    $t[] = "HS_NETWORK={$ChilliConf["HS_NETWORK"]}\t   # HotSpot Network (must include HS_UAMLISTEN)";
    $t[] = "HS_NETMASK={$ChilliConf["HS_NETMASK"]}   # HotSpot Network Netmask";
    $t[] = "HS_UAMLISTEN={$ChilliConf["HS_UAMLISTEN"]}   # HotSpot IP Address (on subscriber network)";
    $t[] = "HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)";
    $t[] = "HS_UAMUIPORT=4990          # HotSpot UAM 'UI' Port (on subscriber network, for embedded portal)";
    $t[] = "HS_NATANYIP=off";
    //$t[]="HS_STATIP=off";
    //$t[]="HS_STATIP_MASK=";
    $t[] = "";
    if ($ChilliConf["HS_DYNIP"] != null) {
        $t[] = "HS_DYNIP={$ChilliConf["HS_DYNIP"]}";
    }
    if ($ChilliConf["HS_DYNIP_MASK"] != null) {
        $t[] = "HS_DYNIP_MASK={$ChilliConf["HS_DYNIP_MASK"]}";
    }
    if ($ChilliConf["HS_DNS_DOMAIN"] != null) {
        $t[] = "HS_DNS_DOMAIN={$ChilliConf["HS_DNS_DOMAIN"]}";
    }
    //$t[]="HS_STATIP={$ChilliConf["HS_STATIP"]}";
    //$t[]="HS_STATIP_MASK={$ChilliConf["HS_STATIP_MASK"]}";
    $t[] = "# DNS Servers";
    $t[] = "HS_DNS1={$ChilliConf["HS_UAMLISTEN"]}";
    $t[] = "HS_DNS2={$ChilliConf["HS_UAMLISTEN"]}";
    DefaultSplash($ChilliConf);
    if (!isset($ChilliConf["SQUID_HTTP_PORT"])) {
        $ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400);
        $save = true;
    }
    if (!is_numeric($ChilliConf["SQUID_HTTP_PORT"])) {
        $ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400);
        $save = true;
    }
    if (!isset($ChilliConf["SQUID_HTTPS_PORT"])) {
        $ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400);
        $save = true;
    }
    if (!is_numeric($ChilliConf["SQUID_HTTPS_PORT"])) {
        $ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400);
        $save = true;
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building DNSMasq settings\n";
    }
    dnsmasq_config();
    if ($ChilliConf["EnableSSLRedirection"] == 1) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is Active\n";
        }
        $t[] = "HS_UAMUISSL=on";
        $t[] = "HS_REDIRSSL=on";
        include_once dirname(__FILE__) . "/ressources/class.squid.inc";
        $squid = new squidbee();
        $t[] = $squid->SaveCertificate($ChilliConf["certificate_center"], false, false, true);
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is inactive\n";
        }
    }
    $ChilliConf["uamallowed"][$ChilliConf["HS_UAMFREEWEB"]] = true;
    $ChilliConf["uamallowed"]["127.0.0.1"] = true;
    $ChilliConf["uamallowed"][$ChilliConf["HS_WANIF_IP"]] = true;
    $ip = new IP();
    if ($ip->isIPAddress($ChilliConf["HS_DNS1"])) {
        $ChilliConf["uamallowed"][$ChilliConf["HS_DNS1"]] = true;
    }
    if ($ip->isIPAddress($ChilliConf["HS_DNS2"])) {
        $ChilliConf["uamallowed"][$ChilliConf["HS_DNS2"]] = true;
    }
    if ($ChilliConf["AD_SERVER"] != null) {
        $ChilliConf["uamallowed"][$ChilliConf["AD_SERVER"]] = true;
    }
    while (list($num, $ligne) = each($ChilliConf["uamallowed"])) {
        if (trim($num) == null) {
            continue;
        }
        if (is_numeric($num)) {
            continue;
        }
        $HS_UAMALLOW[] = $num;
    }
    if ($save) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Saving new configuration file...\n";
        }
        $NewArray = base64_encode(serialize($ChilliConf));
        $sock->SaveConfigFile($NewArray, "ChilliConf");
    }
    $RADIUS_IP = "127.0.0.1";
    if ($ChilliConf["RADIUS_IP"] != null) {
        $RADIUS_IP = $ChilliConf["RADIUS_IP"];
    }
    if (!is_numeric($ChilliConf["HS_LAN_ACCESS"])) {
        $ChilliConf["HS_LAN_ACCESS"] = 1;
    }
    $t[] = "HS_NASID=nas01";
    $t[] = "HS_RADIUS={$RADIUS_IP}";
    //$t[]="HS_RADIUS2=$RADIUS_IP";
    $t[] = "HS_UAMALLOW=" . @implode(",", $HS_UAMALLOW);
    //$t[]="HS_ACCTUPDATE";
    $t[] = "HS_RADSECRET={$ldap->ldap_password}";
    $t[] = "HS_UAMSECRET={$ldap->ldap_password}";
    $t[] = "HS_UAMALIASNAME=chilli";
    $t[] = "HS_NASIP={$RADIUS_IP}";
    if ($ChilliConf["HS_LAN_ACCESS"] == 1) {
        $t[] = "HS_LAN_ACCESS=on";
    } else {
        $t[] = "HS_LAN_ACCESS=off";
    }
    if ($ChilliConf["ENABLE_DHCP_RELAY"] == 1) {
        if ($ChilliConf["HS_DHCPRELAYAGENT"] != null) {
            if ($ChilliConf["HS_DHCPGATEWAY"] != null) {
                $t[] = "HS_DHCPRELAYAGENT={$ChilliConf["HS_DHCPRELAYAGENT"]}";
                $t[] = "HS_DHCPGATEWAY={$ChilliConf["HS_DHCPGATEWAY"]}";
            }
        }
    }
    if (is_numeric($ChilliConf["HS_UAMFREEWEB"])) {
        $ChilliConf["HS_UAMFREEWEB"] = null;
    }
    $t[] = "";
    //$t[]="HS_LAYER3=on";
    $t[] = "";
    $t[] = "# Put entire domains in the walled-garden with DNS inspection";
    $t[] = "# HS_UAMDOMAINS=\".paypal.com,.paypalobjects.com\"";
    $t[] = "HS_UAMSERVER={$ChilliConf["HS_UAMFREEWEB"]}";
    $t[] = "# HS_UAMSERVICE=";
    $t[] = "HS_UAMFORMAT=\"http://\$HS_UAMSERVER/hs_land.php\"";
    $t[] = "HS_UAMHOMEPAGE=\"http://{$ChilliConf["HS_UAMFREEWEB"]}/splash.php\"";
    $t[] = "HS_CONUP=\"" . __FILE__ . "\"";
    $t[] = "HS_CONDOWN=\"" . dirname(__FILE__) . "/exec.chilli.condown.php\"";
    $t[] = "";
    $t[] = "";
    $t[] = "###";
    $t[] = "#   Features not activated per-default (default to off)";
    $t[] = "# HS_RADCONF=off\t   # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)";
    $t[] = "HS_ANYIP=on\t\t   # Allow any IP address on subscriber LAN";
    $t[] = "HS_MACAUTH=on\t\t   # To turn on MAC Authentication";
    $t[] = "# HS_MACAUTHDENY=on\t   # Put client in 'drop' state on MAC Auth Access-Reject";
    $t[] = "# HS_MACAUTHMODE=local\t   # To allow MAC Authentication based on macallowed, not RADIUS";
    $t[] = "# HS_MACALLOW=\"...\"      # List of MAC addresses to authenticate (comma seperated)";
    $t[] = "# HS_USELOCALUSERS=on      # To use the /etc/chilli/localusers file";
    $t[] = "# HS_OPENIDAUTH=on\t   # To inform the RADIUS server to allow OpenID Auth";
    $t[] = "# HS_WPAGUESTS=on\t   # To inform the RADIUS server to allow WPA Guests";
    $t[] = "# HS_DNSPARANOIA=on\t   # To drop DNS packets containing something other";
    $t[] = "# HS_OPENIDAUTH=on\t   # To inform the RADIUS server to allow OpenID Auth";
    $t[] = "# HS_USE_MAP=on\t\t   # Short hand for allowing the required google";
    $t[] = "###";
    $t[] = "#   Other feature settings and their defaults";
    $t[] = "# HS_DEFSESSIONTIMEOUT=0   # Default session-timeout if not defined by RADIUS (0 for unlimited)";
    $t[] = "# HS_DEFIDLETIMEOUT=0\t   # Default idle-timeout if not defined by RADIUS (0 for unlimited)";
    $t[] = "# HS_DEFBANDWIDTHMAXDOWN=0   # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)";
    $t[] = "# HS_DEFBANDWIDTHMAXUP=0\t   # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)";
    $t[] = "";
    $t[] = "# HS_RADCONF=on\t\t   # gather the ChilliSpot-Config attributes in";
    $t[] = "#\t\t\t   # Administrative-User login";
    $t[] = "# HS_RADCONF_SERVER=rad01.coova.org\t\t # RADIUS Server";
    $t[] = "# HS_RADCONF_SECRET=coova-anonymous\t\t # RADIUS Shared Secret ";
    $t[] = "# HS_RADCONF_AUTHPORT=1812\t\t\t # Auth port";
    $t[] = "# HS_RADCONF_USER=chillispot\t\t\t # Username";
    $t[] = "# HS_RADCONF_PWD=chillispot\t\t\t # Password";
    $ALLOWPORTS["80"] = true;
    $ALLOWPORTS["443"] = true;
    $ALLOWPORTS["22"] = true;
    $ALLOWPORTS["2812"] = true;
    $ALLOWPORTS["53"] = true;
    $ALLOWPORTS["3990"] = true;
    $ALLOWPORTS["22"] = true;
    $ALLOWPORTS["9000"] = true;
    $ALLOWPORTS["389"] = true;
    $ALLOWPORTS["53"] = true;
    $ALLOWPORTS["1553"] = true;
    $ALLOWPORTS["137"] = true;
    $ALLOWPORTS["138"] = true;
    $ALLOWPORTS["139"] = true;
    $ALLOWPORTS["445"] = true;
    $ALLOWPORTS["80"] = true;
    $ALLOWPORTS["443"] = true;
    $ALLOWPORTS["1812"] = true;
    $ALLOWPORTS["3306"] = true;
    $ALLOWPORTS["47980"] = true;
    while (list($index, $line) = each($ALLOWPORTS)) {
        $PPORT[] = $index;
    }
    $t[] = "HS_TCP_PORTS=\"" . @implode(" ", $PPORT) . "\"";
    $t[] = "";
    $t[] = "###";
    $t[] = "#   Standard configurations";
    $t[] = "#";
    $t[] = "HS_MODE=hotspot";
    $t[] = "HS_TYPE=chillispot";
    $t[] = "# HS_RADAUTH=1812";
    $t[] = "# HS_RADACCT=1813";
    $t[] = "# HS_ADMUSR=chillispot";
    $t[] = "# HS_ADMPWD=chillispot";
    $t[] = "";
    $t[] = "";
    if ($ChilliConf["HS_PROVIDER"] == null) {
        $ChilliConf["HS_PROVIDER"] = "Artica";
    }
    if ($ChilliConf["HS_PROVIDER_LINK"] == null) {
        $ChilliConf["HS_PROVIDER_LINK"] = "http://www.articatech.net";
    }
    if ($ChilliConf["HS_LOC_NAME"] == null) {
        $ChilliConf["HS_LOC_NAME"] = "Artica HotSpot";
    }
    if ($ChilliConf["HS_LOC_NETWORK"] == null) {
        $ChilliConf["HS_LOC_NETWORK"] = "HotSpot Network";
    }
    $t[] = "HS_PROVIDER={$ChilliConf["HS_PROVIDER"]}";
    $t[] = "HS_PROVIDER_LINK={$ChilliConf["HS_PROVIDER_LINK"]}/";
    //$t[]="HS_LOC_NAME=\"{$ChilliConf["HS_LOC_NAME"]}\"	   # WISPr Location Name and used in portal";
    //$t[]="HS_LOC_NETWORK=\"{$ChilliConf["HS_LOC_NETWORK"]}\"	   # Network name";
    $t[] = "# HS_LOC_AC=408\t\t\t   # Phone area code";
    $t[] = "# HS_LOC_CC=1\t\t\t   # Phone country code";
    $t[] = "# HS_LOC_ISOCC=US\t\t   # ISO Country code";
    $t[] = "";
    $t[] = "# Embedded miniportal";
    $t[] = "# HS_REG_MODE=\"tos\" # or self, other";
    $t[] = "# HS_RAD_PROTO=\"pap\" # or mschapv2, chap";
    $t[] = "# HS_USE_MAP=on\n";
    echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: `/etc/chilli/config` done\n";
    echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: flush /etc/init.d..\n";
    chilli_init_d();
    file_put_contents("/etc/chilli/config", @implode("\n", $t));
    coova_web();
    shell_exec("{$php5} " . dirname(__FILE__) . "/exec.freeradius.php --build");
    if ($GLOBALS["RELOAD"]) {
        $kill = $unix->find_program("kill");
        shell_exec("/etc/init.d/chilli reconfigure");
        $pid = PID_NUM();
        if ($unix->process_exists($pid)) {
            shell_exec("{$kill} -HUP {$pid} 2>&1");
        } else {
            start();
        }
    }
}
예제 #6
0
function build()
{
    $sock = new sockets();
    $unix = new unix();
    $ini = new Bs_IniHandler();
    $IPADDRSSL = array();
    $IPADDRSSL2 = array();
    $ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters');
    $visible_hostname = $ini->_params["NETWORK"]["visible_hostname"];
    if ($visible_hostname == null) {
        $visible_hostname = $unix->hostname_g();
    }
    $SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr");
    $AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid");
    if (!is_numeric($AllowAllNetworksInSquid)) {
        $AllowAllNetworksInSquid = 1;
    }
    $ini->loadString($ArticaSquidParameters);
    NETWORK_ALL_INTERFACES();
    $LISTEN_PORT = intval($ini->_params["NETWORK"]["LISTEN_PORT"]);
    $ICP_PORT = intval(trim($ini->_params["NETWORK"]["ICP_PORT"]));
    $certificate_center = $ini->_params["NETWORK"]["certificate_center"];
    $SSL_BUMP = intval($ini->_params["NETWORK"]["SSL_BUMP"]);
    $LogsWarninStop = intval($sock->GET_INFO("LogsWarninStop"));
    $ssl = false;
    if ($ICP_PORT == 0) {
        $ICP_PORT = 3130;
    }
    if ($LISTEN_PORT == 0) {
        $LISTEN_PORT = 3128;
    }
    $squid = new squidbee();
    $q = new mysql_squid_builder();
    $IPADDRS = array();
    if ($SquidBinIpaddr != null) {
        if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$SquidBinIpaddr])) {
            $SquidBinIpaddr = null;
        } else {
            $IPADDRS[$SquidBinIpaddr] = $LISTEN_PORT;
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$SquidBinIpaddr}\n";
            }
        }
    }
    if ($SSL_BUMP == 1) {
        $ssl = true;
        $ssl_port = $squid->get_ssl_port();
    }
    if ($SquidBinIpaddr == null) {
        reset($GLOBALS["NETWORK_ALL_INTERFACES"]);
        while (list($ipaddr, $val) = each($GLOBALS["NETWORK_ALL_INTERFACES"])) {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$ipaddr}:{$LISTEN_PORT}\n";
            }
            $IPADDRS[$ipaddr] = $LISTEN_PORT;
            $IPADDRSSL[$ipaddr] = $ssl_port;
        }
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} visible hostname........: {$visible_hostname}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} AllowAllNetworksInSquid.: {$AllowAllNetworksInSquid}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} ICP Port................: {$ICP_PORT}\n";
    }
    if ($ssl) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} SSL Intercept...........: Yes - {$ssl_port}\n";
        }
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate_center}\n";
        }
        $MAINSSL = $squid->SaveCertificate($certificate_center, false, false, false, true);
        $f[] = $MAINSSL[0];
        $certificate = $MAINSSL[1]["certificate"];
        $key = $MAINSSL[1]["key"];
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate}\n";
        }
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Key.....................: {$key}\n";
        }
    }
    $sql = "SELECT * FROM proxy_ports WHERE enabled=1 and transparent=1";
    $results = $q->QUERY_SQL($sql);
    $f[] = "# --------- proxy_ports enabled=1 and transparent=1 -> " . mysql_num_rows($results) . " ports";
    while ($ligne = mysql_fetch_assoc($results)) {
        $ipaddr = $ligne["ipaddr"];
        $xport = $ligne["port"];
        $transparent_text = null;
        if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$ipaddr])) {
            $f[] = "# --------- table proxy_ports {$ipaddr}:{$xport} -> Hardware Error [" . __LINE__ . "]\n";
            $f[] = "# --------- http {$ipaddr} -> Hardware Error [" . __LINE__ . "]\n";
            continue;
        }
        if ($ssl) {
            $IPADDRSSL[$ipaddr] = $ssl_port;
        }
        $IPADDRS[$ipaddr] = $xport;
    }
    $transparent = " transparent";
    while (list($ipaddr, $xport) = each($IPADDRSSL)) {
        $IPADDRSSL2["{$ipaddr}:{$xport}"] = true;
    }
    while (list($ipaddr, $xport) = each($IPADDRS)) {
        $IPADDRS2["{$ipaddr}:{$xport}"] = true;
    }
    while (list($ipaddr, $none) = each($IPADDRS2)) {
        $f[] = "http_port {$ipaddr}{$transparent}";
    }
    if ($ssl) {
        $f[] = "# --------- https -> " . count($IPADDRSSL2) . " addresses";
        while (list($ipaddr, $none) = each($IPADDRSSL2)) {
            $f[] = "https_port {$ipaddr} transparent cert={$certificate} key={$key}";
        }
    }
    if ($AllowAllNetworksInSquid == 1) {
        $f[] = "acl localnet src all";
    }
    if ($AllowAllNetworksInSquid == 0) {
        $k = array();
        $NetworkScannerMasks = $sock->GET_INFO('NetworkScannerMasks');
        $tbl = explode("\n", $NetworkScannerMasks);
        if (is_array($tbl)) {
            while (list($num, $cidr) = each($tbl)) {
                if (trim($cidr) == null) {
                    continue;
                }
                $k[$cidr] = $cidr;
            }
        }
        if (count($this->network_array) > 0) {
            while (list($num, $val) = each($this->network_array)) {
                if ($val == null) {
                    continue;
                }
                $k[$val] = $val;
            }
        }
        if (count($k == 0)) {
            $f[] = "acl localnet src all";
        }
        if (count($k > 0)) {
            while (list($m, $l) = each($k)) {
                $s[] = $l;
            }
            $f[] = "acl localnet src " . implode(" ", $s);
        }
    }
    if ($ssl) {
    }
    $f[] = "acl all src all";
    $f[] = "acl manager proto cache_object";
    $f[] = "acl localhost src 127.0.0.1/32";
    $f[] = "acl to_localhost dst 127.0.0.0/8 0.0.0.0/32";
    $f[] = "acl SSL_ports port \"/etc/squid3/acls/SSLPorts\"";
    $f[] = "acl Safe_ports port 80\t\t# http";
    $f[] = "acl Safe_ports port 21\t\t# ftp";
    $f[] = "acl Safe_ports port 443\t\t# https";
    $f[] = "acl Safe_ports port 70\t\t# gopher";
    $f[] = "acl Safe_ports port 210\t\t# wais";
    $f[] = "acl Safe_ports port 1025-65535\t# unregistered ports";
    $f[] = "acl Safe_ports port 280\t\t# http-mgmt";
    $f[] = "acl Safe_ports port 488\t\t# gss-http";
    $f[] = "acl Safe_ports port 591\t\t# filemaker";
    $f[] = "acl Safe_ports port 777\t\t# multiling http";
    $f[] = "acl CONNECT method CONNECT";
    $f[] = "";
    $f[] = "";
    if ($sock->EnableUfdbGuard() == 1) {
        $f[] = ufdbguard27();
        $EnableUfdbGuardArtica = $sock->EnableUfdbGuardArtica();
        if (!is_file("/etc/squid3/acls/office365-nets.acl")) {
            @touch("/etc/squid3/acls/office365-nets.acl");
        }
        if (!is_file("/etc/squid3/acls/office365-domains.acl")) {
            @touch("/etc/squid3/acls/office365-domains.acl");
        }
        if (!is_file("/etc/squid3/acls/skype-nets.acl")) {
            @touch("/etc/squid3/acls/skype-nets.acl");
        }
        if (!is_file("/etc/squid3/acls/dropbox-nets.acl")) {
            @touch("/etc/squid3/acls/dropbox-nets.acl");
        }
        $f[] = "acl squidclient proto cache_object";
        $f[] = "acl MgRDest dst 127.0.0.1";
        $f[] = "acl MgRPort dst 127.0.0.1";
        $f[] = "acl MyTestPort src 127.0.0.1";
        $f[] = "acl MyLocalIpsDest dst 127.0.0.1";
        $f[] = "acl ToArticaWWW dstdomain .artica.fr .articatech.net .articatech.com";
        if ($EnableUfdbGuardArtica == 0) {
            $f[] = "acl UrlRewriteDenyList dstdomain \"/etc/squid3/url_rewrite_program.deny.db\"";
        }
        $f[] = "acl ArticaMetaWhiteDoms dstdomain \"/etc/squid3/artica-meta/whitelist-domains.db\"";
        $f[] = "acl ArticaMetaWhiteIPs dst \"/etc/squid3/artica-meta/whitelist-nets.db\"";
        $f[] = "acl BrowsersNoWebF browser -i \"/etc/squid3/acls/Browsers-nofilter.acl\"";
        $f[] = "acl whitelisted_mac_computers arp \"/etc/squid3/whitelisted-computers-by-mac.acl\"";
        $f[] = "acl office365_ips dst \"/etc/squid3/acls/office365-nets.acl\"";
        $f[] = "acl office365_www dstdomain \"/etc/squid3/acls/office365-domains.acl\"";
        $f[] = "acl skype_www dstdomain  .live.com  .skypeassets.com";
        $f[] = "acl skype_ips dst \"/etc/squid3/acls/skype-nets.acl\"";
        $f[] = "acl dropbox_ips dst \"/etc/squid3/acls/dropbox-nets.acl\"";
        $f[] = "acl dropbox_www dstdomain  .dropbox.com";
        $f[] = @file_get_contents("/etc/squid3/url_rewrite_access.conf");
    }
    $f[] = "http_access allow manager localhost";
    $f[] = "http_access deny manager";
    $f[] = "http_access deny !Safe_ports";
    $f[] = "http_access deny CONNECT !SSL_ports";
    $f[] = "http_access allow localnet";
    $f[] = "http_access deny all";
    $f[] = "icp_access allow localnet";
    $f[] = "icp_access deny all";
    $f[] = "cache_peer 127.0.0.1\tparent\t{$LISTEN_PORT}\t3130\tdefault";
    $f[] = "never_direct allow all";
    $f[] = "cache_mem 64 MB";
    $f[] = "maximum_object_size_in_memory 256 KB";
    $f[] = "memory_replacement_policy lru";
    $LOGFORMAT[] = "%>a";
    $LOGFORMAT[] = "%[ui";
    $LOGFORMAT[] = "%[un";
    $LOGFORMAT[] = "[%tl]";
    $LOGFORMAT[] = "\"%rm %ru HTTP/%rv\"";
    $LOGFORMAT[] = "%Hs";
    $LOGFORMAT[] = "%<st";
    $LOGFORMAT[] = "%Ss:";
    $LOGFORMAT[] = "%Sh";
    $LOGFORMAT[] = "UserAgent:\"%{User-Agent}>h\"";
    $LOGFORMAT[] = "Forwarded:\"%{X-Forwarded-For}>h\"";
    $f[] = "logformat common MAC:00:00:00:00:00:00 " . @implode(" ", $LOGFORMAT);
    $f[] = "access_log none";
    $f[] = "cache_store_log none";
    if ($LogsWarninStop == 0) {
        $f[] = "logfile_rotate 10";
    }
    if ($LogsWarninStop == 1) {
        $f[] = "logfile_rotate 0";
    }
    $f[] = "# emulate_httpd_log off";
    $f[] = "log_ip_on_direct on";
    $f[] = "mime_table /etc/squid27/mime.conf";
    $f[] = "# log_mime_hdrs off";
    $f[] = "pid_filename /var/run/squid/squid-nat.pid";
    $f[] = "debug_options ALL,1";
    $f[] = "log_fqdn on";
    $f[] = "client_netmask 255.255.255.255";
    $f[] = "strip_query_terms off";
    $f[] = "buffered_logs on";
    $f[] = "netdb_filename /var/log/squid/netdb_nat.state";
    if ($LogsWarninStop == 0) {
        $f[] = "cache_log /var/log/squid/cache-nat.log";
    }
    if ($LogsWarninStop == 1) {
        $f[] = "cache_log /dev/null";
    }
    $f[] = "#url_rewrite_program";
    $f[] = "# url_rewrite_children 5";
    $f[] = "# url_rewrite_concurrency 0";
    $f[] = "# url_rewrite_host_header on";
    $f[] = "refresh_pattern .\t\t0\t20%\t4320";
    $f[] = "cache_effective_user squid";
    $f[] = "cache_effective_group squid";
    $f[] = "httpd_suppress_version_string on";
    $f[] = "visible_hostname {$visible_hostname}";
    $f[] = "cache_dir null /tmp";
    $f[] = "# icon_directory /usr/share/squid27/icons";
    $f[] = "# error_directory /usr/share/squid27/errors/English";
    $f[] = "forwarded_for on";
    $f[] = "client_db on";
    $f[] = "";
    CheckFilesAndSecurity();
    @file_put_contents("/etc/squid27/squid.conf", @implode("\n", $f));
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid27/squid.conf done\n";
    }
}
예제 #7
0
function build()
{
    $sock = new sockets();
    $unix = new unix();
    $ini = new Bs_IniHandler();
    $IPADDRSSL = array();
    $IPADDRSSL2 = array();
    $ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters');
    $visible_hostname = $ini->_params["NETWORK"]["visible_hostname"];
    if ($visible_hostname == null) {
        $visible_hostname = $unix->hostname_g();
    }
    if (strpos($visible_hostname, ".") > 0) {
        $visible_hostnameTR = explode(".", $visible_hostname);
        $visible_hostnameTR[0] = $visible_hostnameTR[0] . "-nat";
        $visible_hostname = @implode(".", $visible_hostnameTR);
    } else {
        $visible_hostname = "nat-{$visible_hostname}";
    }
    $SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr");
    $AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid");
    if (!is_numeric($AllowAllNetworksInSquid)) {
        $AllowAllNetworksInSquid = 1;
    }
    $ini->loadString($ArticaSquidParameters);
    NETWORK_ALL_INTERFACES();
    $LISTEN_PORT = intval($ini->_params["NETWORK"]["LISTEN_PORT"]);
    $ICP_PORT = intval(trim($ini->_params["NETWORK"]["ICP_PORT"]));
    $certificate_center = $ini->_params["NETWORK"]["certificate_center"];
    $SSL_BUMP = intval($ini->_params["NETWORK"]["SSL_BUMP"]);
    $LogsWarninStop = intval($sock->GET_INFO("LogsWarninStop"));
    $ssl = false;
    if ($ICP_PORT == 0) {
        $ICP_PORT = 3130;
    }
    if ($LISTEN_PORT == 0) {
        $LISTEN_PORT = 3128;
    }
    $squid = new squidbee();
    $q = new mysql_squid_builder();
    $IPADDRS = array();
    $ParentSquid27Port = intval($sock->GET_INFO("ParentSquid27Port"));
    if ($ParentSquid27Port == 0) {
        $ParentSquid27Port = 13298;
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} visible hostname........: {$visible_hostname}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} AllowAllNetworksInSquid.: {$AllowAllNetworksInSquid}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} ICP Port................: {$ICP_PORT}\n";
    }
    $sql = "SELECT * FROM proxy_ports WHERE enabled=1 and is_nat=1";
    $results = $q->QUERY_SQL($sql);
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [CONF]: {$GLOBALS["SERVICE_NAME"]} " . mysql_num_rows($results) . " ports\n";
    }
    $f[] = "# --------- proxy_ports enabled=1 and is_nat=1 -> " . mysql_num_rows($results) . " ports";
    $MAINSSL = array();
    while ($ligne = mysql_fetch_assoc($results)) {
        $ipaddr = $ligne["ipaddr"];
        $xport = $ligne["port"];
        $ssl = intval($ligne["UseSSL"]);
        $eth = $ligne["nic"];
        $transparent_text = null;
        $ipaddr = "0.0.0.0";
        $transparent = " transparent";
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$eth} {$ipaddr}:{$xport}\n";
        }
        if ($eth != null) {
            $ipaddr = $GLOBALS["NETWORK_ALL_NICS"][$eth]["IPADDR"];
            if ($ipaddr == null) {
                $conf[] = "# --------- table proxy_ports {$eth} {$ipaddr}:{$xport} -> Hardware Error [" . __LINE__ . "]\n";
                $conf[] = "# --------- http {$ipaddr} -> Hardware Error -> 0.0.0.0 [" . __LINE__ . "]\n";
                $ipaddr = "0.0.0.0";
            }
        }
        $f[] = "# --------- Port {$xport} listen on {$eth} ({$ipaddr}) UseSSL={$ssl}";
        if ($ssl == 1) {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$ipaddr}:{$xport}: SSL Intercept...........: Yes - {$ssl_port}\n";
            }
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$ipaddr}:{$xport}: Certificate.............: {$ligne["sslcertificate"]}\n";
            }
            $MAINSSL = $squid->SaveCertificate($ligne["sslcertificate"], false, false, false, true);
            $f[] = $MAINSSL[0];
            $key = $MAINSSL[1]["key"];
            $certificate = $MAINSSL[1]["certificate"];
            $f[] = "https_port {$ipaddr}:{$xport} transparent cert={$certificate} key={$key}";
            continue;
        }
        $f[] = "http_port {$ipaddr}:{$xport}{$transparent}";
    }
    if ($AllowAllNetworksInSquid == 1) {
        $f[] = "acl localnet src all";
    }
    if ($AllowAllNetworksInSquid == 0) {
        $k = array();
        $NetworkScannerMasks = $sock->GET_INFO('NetworkScannerMasks');
        $tbl = explode("\n", $NetworkScannerMasks);
        if (is_array($tbl)) {
            while (list($num, $cidr) = each($tbl)) {
                if (trim($cidr) == null) {
                    continue;
                }
                $k[$cidr] = $cidr;
            }
        }
        if (count($this->network_array) > 0) {
            while (list($num, $val) = each($this->network_array)) {
                if ($val == null) {
                    continue;
                }
                $k[$val] = $val;
            }
        }
        if (count($k == 0)) {
            $f[] = "acl localnet src all";
        }
        if (count($k > 0)) {
            while (list($m, $l) = each($k)) {
                $s[] = $l;
            }
            $f[] = "acl localnet src " . implode(" ", $s);
        }
    }
    $f[] = "acl all src all";
    $f[] = "acl manager proto cache_object";
    $f[] = "acl localhost src 127.0.0.1/32";
    $f[] = "acl to_localhost dst 127.0.0.0/8 0.0.0.0/32";
    $f[] = "acl SSL_ports port \"/etc/squid3/acls/SSLPorts\"";
    $f[] = "acl Safe_ports port 80\t\t# http";
    $f[] = "acl Safe_ports port 21\t\t# ftp";
    $f[] = "acl Safe_ports port 443\t\t# https";
    $f[] = "acl Safe_ports port 70\t\t# gopher";
    $f[] = "acl Safe_ports port 210\t\t# wais";
    $f[] = "acl Safe_ports port 1025-65535\t# unregistered ports";
    $f[] = "acl Safe_ports port 280\t\t# http-mgmt";
    $f[] = "acl Safe_ports port 488\t\t# gss-http";
    $f[] = "acl Safe_ports port 591\t\t# filemaker";
    $f[] = "acl Safe_ports port 777\t\t# multiling http";
    $f[] = "acl CONNECT method CONNECT";
    $f[] = "";
    $f[] = "";
    $f[] = "http_access allow manager localhost";
    $f[] = "http_access deny manager";
    $f[] = "http_access deny !Safe_ports";
    $f[] = "http_access deny CONNECT !SSL_ports";
    $f[] = "http_access allow localnet";
    $f[] = "http_access deny all";
    $f[] = "icp_access allow localnet";
    $f[] = "icp_access deny all";
    $f[] = "cache_peer 127.0.0.1\tparent\t{$ParentSquid27Port}\t3130\tdefault";
    $f[] = "never_direct allow all";
    $f[] = "cache_mem 64 MB";
    $f[] = "maximum_object_size_in_memory 64 KB";
    $f[] = "memory_replacement_policy lru";
    $LOGFORMAT[] = "%>a";
    $LOGFORMAT[] = "%[ui";
    $LOGFORMAT[] = "%[un";
    $LOGFORMAT[] = "[%tl]";
    $LOGFORMAT[] = "\"%rm %ru HTTP/%rv\"";
    $LOGFORMAT[] = "%Hs";
    $LOGFORMAT[] = "%<st";
    $LOGFORMAT[] = "%Ss:";
    $LOGFORMAT[] = "%Sh";
    $LOGFORMAT[] = "UserAgent:\"%{User-Agent}>h\"";
    $LOGFORMAT[] = "Forwarded:\"%{X-Forwarded-For}>h\"";
    $f[] = "logformat common MAC:00:00:00:00:00:00 " . @implode(" ", $LOGFORMAT);
    $f[] = "access_log none";
    $f[] = "cache_store_log none";
    if ($LogsWarninStop == 0) {
        $f[] = "logfile_rotate 10";
    }
    if ($LogsWarninStop == 1) {
        $f[] = "logfile_rotate 0";
    }
    $f[] = "# emulate_httpd_log off";
    $f[] = "log_ip_on_direct on";
    $f[] = "mime_table /etc/squid27/mime.conf";
    $f[] = "# log_mime_hdrs off";
    $f[] = "pid_filename /var/run/squid/squid-nat.pid";
    $f[] = "debug_options ALL,1";
    $f[] = "log_fqdn on";
    $f[] = "client_netmask 255.255.255.255";
    $f[] = "strip_query_terms off";
    $f[] = "buffered_logs on";
    $f[] = "netdb_filename /var/log/squid/netdb_nat.state";
    if ($LogsWarninStop == 0) {
        $f[] = "cache_log /var/log/squid/cache-nat.log";
    }
    if ($LogsWarninStop == 1) {
        $f[] = "cache_log /dev/null";
    }
    $f[] = "#url_rewrite_program";
    $f[] = "# url_rewrite_children 5";
    $f[] = "# url_rewrite_concurrency 0";
    $f[] = "# url_rewrite_host_header on";
    $f[] = "refresh_pattern .\t\t0\t20%\t4320";
    $f[] = "cache_effective_user squid";
    $f[] = "cache_effective_group squid";
    $f[] = "httpd_suppress_version_string on";
    $f[] = "visible_hostname {$visible_hostname}";
    $f[] = "cache_dir null /tmp";
    $f[] = "# icon_directory /usr/share/squid27/icons";
    $f[] = "# error_directory /usr/share/squid27/errors/English";
    $f[] = "forwarded_for on";
    $f[] = "client_db on";
    $f[] = "";
    CheckFilesAndSecurity();
    @file_put_contents("/etc/squid27/squid.conf", @implode("\n", $f));
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid27/squid.conf done\n";
    }
}