[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. 0.6-2-gc4cdce8

Andreas B. Mundt andi.mundt at web.de
Sun Apr 22 19:07:29 UTC 2012 

The following commit has been merged in the master branch:
commit c4cdce8a3e625be81908bf9e4f5eef88c2e8b283
Author: Andreas B. Mundt <andi.mundt at web.de>
Date:   Sun Apr 22 16:41:35 2012 +0200

    Rework proxy/filter configuration on server and client.
    
    Fetch iceweasel's proxy configuration automatically from 'wpad.dat'.
    In addition, set http_proxy accordingly in '/etc/environment'.
    If dansguardian is installed on the server, configure squid to work in
    combination with the web filter software and redirect port 80 to 8080.

diff --git a/fai/config/files/var/www/wpad.dat/PROXY b/fai/config/files/var/www/wpad.dat/PROXY
deleted file mode 100644
index 9c153c1..0000000
--- a/fai/config/files/var/www/wpad.dat/PROXY
+++ /dev/null
@@ -1,4 +0,0 @@
-function FindProxyForURL(url, host) 
-{
-        return "PROXY webcache:3128; DIRECT";
-}
diff --git a/fai/config/package_config/PROXY b/fai/config/package_config/PROXY
index 10d9965..1771809 100644
--- a/fai/config/package_config/PROXY
+++ b/fai/config/package_config/PROXY
@@ -1,7 +1,7 @@
 ## Only list packages that are essential for the PROXY class.
 ## Put all setup-dependent packages in the SETUP_* class.
-PACKAGES aptitude 
+PACKAGES aptitude
 squid3
 adzapper
-## Uncomment for web filtering (and look at 'scripts/PROXY/*'):
+## Uncomment for web filtering:
 #dansguardian
diff --git a/fai/config/scripts/CLIENT_A/20-misc b/fai/config/scripts/CLIENT_A/20-misc
index 3345a8b..cef8995 100755
--- a/fai/config/scripts/CLIENT_A/20-misc
+++ b/fai/config/scripts/CLIENT_A/20-misc
@@ -9,3 +9,17 @@ fcopy -ir /etc/fai
 cat > $target/etc/apt/apt.conf.d/proxy <<EOF
 Acquire::http::Proxy "http://aptcache.intern:3142/";
 EOF
+
+## Fetch proxy information from wpad.dat:
+WPAD=/tmp/wpad.dat
+http_proxy=""; wget --output-document=$WPAD http://wpad.intern/wpad.dat
+PROXY=`cat $WPAD | grep PROXY | sed "s/^.*PROXY //" | sed "s/;.*$//"`
+ainsl $target/etc/environment "http_proxy=http://$PROXY/"
+
+if [ "$PROXY" == "webcache:8080" ] ; then
+    ## dansguardian is used, lock iceweasel proxy configuration:
+    ainsl $target/etc/iceweasel/pref/iceweasel.js 'lockPref("network.proxy.type", 4);'
+else
+    ## default configuration to wpad.dat proxy:
+    ainsl $target/etc/iceweasel/pref/iceweasel.js 'pref("network.proxy.type", 4);'
+fi
diff --git a/fai/config/scripts/PROXY/10-config b/fai/config/scripts/PROXY/10-config
index a8b83a0..67f5ec6 100755
--- a/fai/config/scripts/PROXY/10-config
+++ b/fai/config/scripts/PROXY/10-config
@@ -19,16 +19,10 @@ editfiles:
 	     InsertLine "url_rewrite_program /usr/bin/adzapper.wrapper"
 	  EndGroup
 
-	  ## Comment if dansguardian is used (only allow access from localhost):
 	  ReplaceAll "#acl localnet src 10.0.0.0/8" With "acl localnet src ${SUBNETMASK}"
+
 	  BeginGroupIfNoSuchLine "http_access allow localnet"
 	    LocateLineMatching "http_access allow localhost"
 	    InsertLine "http_access allow localnet"
 	  EndGroup
 	}
-
-## Uncomment if dansguardian is used:
-#	{ ${target}/etc/dansguardian/dansguardian.conf
-#	  ## Configure dansguardian:
-#	  ReplaceAll "^UNCONFIGURED" With "#UNCONFIGURED"
-#	}
diff --git a/fai/config/scripts/PROXY/20-wpad b/fai/config/scripts/PROXY/20-wpad
index eb13077..5b0ca08 100755
--- a/fai/config/scripts/PROXY/20-wpad
+++ b/fai/config/scripts/PROXY/20-wpad
@@ -1,4 +1,17 @@
 #!/bin/bash
 #
 
-fcopy /var/www/wpad.dat
+set -e
+
+if $ROOTCMD which dansguardian > /dev/null ; then
+    PORT="8080"
+else
+    PORT="3128"
+fi
+
+cat > $target/var/www/wpad.dat <<EOF
+function FindProxyForURL(url, host)
+{
+        return "PROXY webcache:$PORT; DIRECT";
+}
+EOF
diff --git a/fai/config/scripts/PROXY/30-dansguardian b/fai/config/scripts/PROXY/30-dansguardian
new file mode 100755
index 0000000..5bc6431
--- /dev/null
+++ b/fai/config/scripts/PROXY/30-dansguardian
@@ -0,0 +1,11 @@
+#!/bin/bash
+#
+
+set -e
+
+if $ROOTCMD which dansguardian > /dev/null ; then
+    ## enable dansguardian:
+    sed -i "s/^UNCONFIGURED/\# Line commented by FAI.  UNCONFIGURED/"  ${target}/etc/dansguardian/dansguardian.conf
+    ## disable access to squid from the network:
+    sed -i "/^http_access allow localnet$/d" ${target}/etc/squid3/squid.conf
+fi
diff --git a/fai/config/scripts/SERVER_A/10-misc b/fai/config/scripts/SERVER_A/10-misc
index ed5dd30..f1925ff 100755
--- a/fai/config/scripts/SERVER_A/10-misc
+++ b/fai/config/scripts/SERVER_A/10-misc
@@ -45,8 +45,14 @@ EOF
 if [ "$MAINSERVER_IPADDR" == "$GATEWAY" ] ; then
     cat >> $target/etc/network/interfaces <<EOF
       post-up iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
-      ## Uncomment if you use dansguardian:
-      #post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
+EOF
+    if $ROOTCMD which dansguardian > /dev/null ; then
+	cat >> $target/etc/network/interfaces <<EOF
+      ## Redirect port 80 to dansguardian:
+      post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
+EOF
+    fi
+    cat >> $target/etc/network/interfaces <<EOF
 
 # The external network interface
 allow-hotplug eth1

-- 
Debian-LAN development and packaging

More information about the debian-lan-devel mailing list