#!/bin/bash # # makeconf -- Shell script to produce a viable squid.conf file for use with # Jeanne, the modified reverse proxy. # Also creates a cache directory for squid and sets permissions properly # for the logs directory. # # By Marion Bates # Last revision November 9, 2001. # #### IMPORTANT: Change HOME to where you want the conf file to be created. #### It is recommended that you create the initial conf file somewhere else #### besides /etc and then COPY it to /etc in case you need to tweak it later! # If you need to change HOME, change the line below to reflect the path to the # reverse proxy stuff. HOME=/usr/mrp # Default to N so we loop through the question at least once CHECK1="N" CHECK2="N" CHECK3="N" CHECK4="N" CHECK5="N" CHECK6="N" CHECK7="N" CHECK8="N" CHECK9="N" echo "" echo "My HOME variable is set to $HOME, so this is where I will create squid.conf. Is this correct? If so, please type Y or y and hit return. If that's NOT correct, please answer N or n and edit this script such that HOME is set correctly. (How about /usr/mrp?)" read CHECK0 if [ "$CHECK0" = "Y" ] || [ "$CHECK0" = "y" ] ; then echo "" echo "Here we go! Please answer the following questions, and I will generate a squid configuration file based on your answers." echo "" while [ "$CHECK1" = "N" ] || [ "$CHECK1" = "n" ] ; do echo "What's the IP address of the REAL webserver?" read WEBSERVIP echo "You entered $WEBSERVIP. Is this correct? Y(y) or N(n)" read CHECK1 done if [ "$CHECK1" = "Y" ] || [ "$CHECK1" = "y" ] ; then while [ "$CHECK2" = "N" ] || [ "$CHECK2" = "n" ] ; do echo "What's the fully-qualified, visible hostname of the proxy? Try www.your-domain.com." read HOSTNAME echo "You entered $HOSTNAME. Is this correct?" read CHECK2 done if [ "$CHECK2" = "Y" ] || [ "$CHECK2" = "y" ] ; then while [ "$CHECK6" = "N" ] || [ "$CHECK6" = "n" ] ; do echo "What's the IP of the local network? This will probably end with a 0, unless you're doing variable-length subnet masking. You will be asked for the netmask next." read LOCALNET echo "You entered $LOCALNET. Is this correct?" read CHECK6 done if [ "$CHECK6" = "Y" ] || [ "$CHECK6" = "y" ] ; then while [ "$CHECK7" = "N" ] || [ "$CHECK7" = "n" ] ; do echo "What's the netmask (octet form, please) of that local network? 255.255.255.0 is likely." read LOCALMASK echo "You entered $LOCALMASK. Is this correct?" read CHECK7 done if [ "$CHECK7" = "Y" ] || [ "$CHECK7" = "y" ] ; then while [ "$CHECK3" = "N" ] || [ "$CHECK3" = "n" ] ; do echo "What port will the REAL webserver listen on? In our examples, 8080." read WEBPORT echo "You entered $WEBPORT. Is this correct?" read CHECK3 done if [ "$CHECK3" = "Y" ] || [ "$CHECK3" = "y" ] ; then while [ "$CHECK4" = "N" ] || [ "$CHECK4" = "n" ] ; do echo "How long, in seconds, do you want squid's cache to last? In our examples, 30 seconds." read CACHETIME echo "You entered $CACHETIME seconds. Is this correct?" read CHECK4 done if [ "$CHECK4" = "Y" ] || [ "$CHECK4" = "y" ] ; then while [ "$CHECK8" = "N" ] || [ "$CHECK8" = "n" ] ; do echo "What should the maximum size (in megabytes) of the cache directory be? In our examples, 1024." read CACHESIZE echo "You entered $CACHESIZE megabytes. Is this correct?" read CHECK8 done if [ "$CHECK8" = "Y" ] || [ "$CHECK8" = "y" ] ; then while [ "$CHECK5" = "N" ] || [ "$CHECK5" = "n" ] ; do echo "What is the full path to jeanne itself? (Should end with \"jeanne\", unless you changed the name of the program!) In our examples, it's /usr/mrp/jeanne." read JEANPATH echo "You entered $JEANPATH. Is this correct?" read CHECK5 done if [ "$CHECK5" = "Y" ] || [ "$CHECK5" = "y" ] ; then while [ "$CHECK9" = "N" ] || [ "$CHECK9" = "n" ] ; do echo "How many child processes should jeanne spawn? (If you're not sure what this means, enter 5.)" read CHILDREN echo "You entered $CHILDREN. Is this correct?" read CHECK9 done if [ "$CHECK9" = "Y" ] || [ "$CHECK9" = "y" ] ; then echo "Okay. Now generating squid.conf." sleep 1 echo "# squid.conf - basic httpd reverse proxy server configuration # Generated by makeconf, MB's minimalist script. # Make reverse proxy listen on port 80 like normal webserver. # Hostname will be www. http_port 80 visible_hostname $HOSTNAME # The IP address and port number of the real webserver located behind # the firewall. httpd_accel_host $WEBSERVIP httpd_accel_port $WEBPORT # Turn off the original proxy server. httpd_accel_with_proxy off # Configure the cache to be valid for 30 seconds. refresh_pattern . 0 0% $CACHETIME # The Access Control Lists # Everyone is allowed to use the GET method on the HTTP port 80. # For this example, assume your local net is 10.20.30.0. # All other methods and ports are denied. # For a more accurate description see the Squid documentation. acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl localnet src $LOCALNET/$LOCALMASK acl safeports port 80 acl safemethods method GET http_access deny !safeports http_access deny !safemethods http_access allow all # We'll get to this later on. Must be correct path to jeanne. redirect_program $JEANPATH # Make sure we never bypass the redirector redirector_bypass off # Give us $CHILDREN children redirect_children $CHILDREN # Make cache directories here: # use the ufs filetype (Squid likes it), make the max cache size # 1024 Mb, allow 16 level 1 cache subdirectories, and allow 256 # level 2 cache subdirectories (meaning that each of the 16 # level 1 directories can have 256 directories within itself.) cache_dir ufs /var/squid/cache $CACHESIZE 16 256 # End of squid.conf reverse proxy server configuration" > $HOME/squid.conf # Chmod the file so squid can read it. chmod 644 $HOME/squid.conf echo "" echo "Making directories: /var/squid, /var/squid/cache, and /usr/logs." # Make squid directory, if it's not already there if [ ! -e /var/squid ] ; then mkdir /var/squid fi # Make cache directory, if it's not already there if [ ! -e /var/squid/cache ] ; then mkdir /var/squid/cache fi chown nobody.nobody /var/squid/cache # Make a logs directory if [ ! -e /usr/logs ] ; then mkdir /usr/logs fi chown nobody.nobody /usr/logs echo "" echo "Asking squid to create its swap directories..." # Make squid create a cache (IS IT A GOOD IDEA TO DO THIS HERE?) /usr/sbin/squid -z # Make the user think we're actually doing something, cuz this # stuff happens way too fast. ;) sleep 1 echo "" echo "All done." fi fi fi fi fi fi fi fi fi fi