diff --git a/dist/rootfs/etc/openlan/proxy.json.example b/dist/rootfs/etc/openlan/proxy.json.example index 76ba829..3995dd0 100755 --- a/dist/rootfs/etc/openlan/proxy.json.example +++ b/dist/rootfs/etc/openlan/proxy.json.example @@ -21,7 +21,10 @@ }, { "listen": "0.0.0.0:11082", - "forward": "https://192.168.100.11:10443" + "forward": { + "protocol": "https", + "server": "192.168.100.11:10443" + } }, { "listen": "0.0.0.0:11083", diff --git a/dist/rootfs/var/openlan/script/install.sh b/dist/rootfs/var/openlan/script/install.sh index 411d95c..1c34db3 100755 --- a/dist/rootfs/var/openlan/script/install.sh +++ b/dist/rootfs/var/openlan/script/install.sh @@ -6,18 +6,27 @@ tmp="" installer="$0" archive=$(grep -a -n "__ARCHIVE_BELOW__:$" $installer | cut -f1 -d:) +OS="linux" +if type yum > /dev/null; then + OS="centos" +elif type apt > /dev/null; then + OS="ubuntu" +fi + function download() { tmp=$(mktemp -d) tail -n +$((archive + 1)) $installer | gzip -dc - | tar -xf - -C $tmp } function requires() { - if type yum > /dev/null; then - yum install -y xl2tpd openssl net-tools iptables iputils openvpn openvswitch dnsmasq bridge-utils iperf3 tcpdump ipset - elif type apt > /dev/null; then - apt-get install -y xl2tpd net-tools iptables iproute2 openvpn openvswitch-switch dnsmasq bridge-utils iperf3 tcpdump ipset + if [ "$OS"x == "centos"x ]; then + yum install -y openssl net-tools iptables iputils iperf3 tcpdump + yum install -y openvpn openvswitch dnsmasq bridge-utils ipset + elif [ "$OS"x == "ubuntu"x ]; then + apt-get install -y net-tools iptables iproute2 tcpdump ca-certificates iperf3 + apt-get install -y openvpn openvswitch-switch dnsmasq bridge-utils ipset else - echo "We didn't find any packet tool: yum or apt." + echo "We didn't find any packet tool: $OS" fi } @@ -48,6 +57,14 @@ function post() { [ ! -e "/var/openlan/confd/confd.sock" ] || { /usr/bin/ovsdb-client convert unix:///var/openlan/confd/confd.sock /var/openlan/confd.schema.json } + + if [ "$OS"x == "centos"x ]; then + cp -rf /var/openlan/cert/ca.crt /etc/pki/ca-trust/source/anchors/OpenLAN_CA.crt + update-ca-trust + elif [ "$OS"x == "ubuntu"x ]; then + cp -rf /var/openlan/cert/ca.crt /usr/local/share/ca-certificates/OpenLAN_CA.crt + update-ca-certificates + fi } function finish() { diff --git a/pkg/config/proxy.go b/pkg/config/proxy.go index 379eba6..b60b399 100755 --- a/pkg/config/proxy.go +++ b/pkg/config/proxy.go @@ -23,13 +23,19 @@ type SocksProxy struct { Auth Password `json:"auth,omitempty"` } +type HttpForward struct { + Protocol string `json:"protocol,omitempty"` + Server string `json:"server,omitempty"` + Insecure bool `json:"insecure,omitempty"` +} + type HttpProxy struct { - ConfDir string `json:"-"` - Listen string `json:"listen,omitempty"` - Auth Password `json:"auth,omitempty"` - Cert *Cert `json:"cert,omitempty"` - Password string `json:"password,omitempty"` - Forward string `json:"forward,omitempty"` + ConfDir string `json:"-"` + Listen string `json:"listen,omitempty"` + Auth Password `json:"auth,omitempty"` + Cert *Cert `json:"cert,omitempty"` + Password string `json:"password,omitempty"` + Forward *HttpForward `json:"forward,omitempty"` } func (h *HttpProxy) Correct() { diff --git a/pkg/proxy/http.go b/pkg/proxy/http.go index bd5f570..4abd878 100755 --- a/pkg/proxy/http.go +++ b/pkg/proxy/http.go @@ -161,14 +161,12 @@ func (t *HttpProxy) tunnel(w http.ResponseWriter, conn net.Conn) { t.out.Debug("HttpProxy.tunnel %s exit", conn.RemoteAddr()) } -func (t *HttpProxy) openConn(remote string) (net.Conn, error) { - if strings.HasPrefix(remote, "https://") { +func (t *HttpProxy) openConn(protocol, remote string, insecure bool) (net.Conn, error) { + if protocol == "https" { conf := &tls.Config{ - InsecureSkipVerify: true, + InsecureSkipVerify: insecure, } - return tls.Dial("tcp", remote[8:], conf) - } else if strings.HasPrefix(remote, "http://") { - remote = remote[7:] + return tls.Dial("tcp", remote, conf) } return net.Dial("tcp", remote) } @@ -234,15 +232,15 @@ func (t *HttpProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } - forward := t.cfg.Forward - if forward != "" { - t.out.Info("HttpProxy.ServeHTTP %s %s -> %s via %s", r.Method, r.RemoteAddr, r.URL.Host, forward) + fow := t.cfg.Forward + if fow != nil { + t.out.Info("HttpProxy.ServeHTTP %s %s -> %s via %s", r.Method, r.RemoteAddr, r.URL.Host, fow.Server) } else { t.out.Info("HttpProxy.ServeHTTP %s %s -> %s", r.Method, r.RemoteAddr, r.URL.Host) } - if forward != "" { - conn, err := t.openConn(forward) + if fow != nil { + conn, err := t.openConn(fow.Protocol, fow.Server, fow.Insecure) if err != nil { http.Error(w, err.Error(), http.StatusBadGateway) return @@ -255,7 +253,7 @@ func (t *HttpProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { conn.Write(dump) t.tunnel(w, conn) } else if r.Method == "CONNECT" { //RFC-7231 Tunneling TCP based protocols through Web Proxy servers - conn, err := t.openConn(r.URL.Host) + conn, err := t.openConn("", r.URL.Host, true) if err != nil { http.Error(w, err.Error(), http.StatusBadGateway) return