From: b Date: Thu, 17 Dec 2015 18:55:45 +0000 (+0000) Subject: minimal changes, some description. X-Git-Url: http://bicyclesonthemoon.info/git-projects/?a=commitdiff_plain;h=36fe8c8ec7f243412dd2f4ccbf08064d94934589;p=yplom%2Fproxy minimal changes, some description. git-svn-id: svn://botcastle1b/yplom/proxy@14 05ce6ebb-7522-4a6e-a768-0026ae12be9f --- diff --git a/access.1.pl b/access.1.pl index 77cc729..6bbaa1d 100644 --- a/access.1.pl +++ b/access.1.pl @@ -31,8 +31,7 @@ use proxy_lib qw(access); $|=1; -while () { - my $line=$_; +while (defined(my $line = )) { if ($line =~ s/^([0-9]+ )//) { print $1; } diff --git a/config.1.txt b/config.1.txt index f5b5182..074787d 100644 --- a/config.1.txt +++ b/config.1.txt @@ -3,7 +3,7 @@ #copy this to your Apache2 configuration, #remember to make the server listen on these ports: ###LISTEN_HTTP; -####LISTEN_HTTPS; +###LISTEN_HTTPS; ###VIRTUAL_HOST_HTTP; ###SERVER_ADMIN; diff --git a/configure.pl b/configure.pl index 0b08d37..1c9545d 100755 --- a/configure.pl +++ b/configure.pl @@ -19,13 +19,12 @@ unless (open $configfile, "<", $ARGV[0]) { # Read the config file, line format: # some_name = some value # some comment -while ($line = <$configfile>) { +while (defined(my $line = <$configfile>)) { $line =~ s/[\r\n]//g; - $line =~ s/#.*$//; - if ($line =~ /^ *([a-zA-Z0-9_]+) *= *(.*)$/){ - $name=$1; - $value=$2; - $value =~ s/ *$//; + $line =~ s/#.*$//; #comment + if ($line =~ /^[ \t]*([a-zA-Z0-9_\-\.]+)[ \t]*=[ \t]*([^ \t](.*[^ \t])?)[ \t]*$/){ + my $name=$1; + my $value=$2; $set{$name}=$value; } } @@ -108,7 +107,7 @@ $def{'CM'} = 'CM='.$set{'chmod'}; # ###SOME_NAME; # If found - replace. -while ($line = ) { +while (defined($line = )) { $line =~ s/[\r\n]//g; if ($line =~ /###([a-zA-Z0-9_]+);/) { print "$def{$1}\n"; diff --git a/proxy.1.pl b/proxy.1.pl index af0b02c..05244b5 100755 --- a/proxy.1.pl +++ b/proxy.1.pl @@ -190,14 +190,12 @@ sub proxy { # loop not only the port number but also the host name is required. But is not # always easy (or possible) to predict if a hostname will point to the proxy # or not. Blocking port numbers is easier. - #That's why the proxy should not be installed on the default port numbers, 80 + # That's why the proxy should not be installed on the default port numbers, 80 # or 443 because then it will not work! if ($port =~ BLOCK_PORT) { return fail("Status: 403 Forbidden\n","403 Forbidden","The proxy does not accept port number $port because of infinite loop prevention."); } - - foreach my $envk (keys %ENV) { # The relevant http variables either start with HTTP_ or CONTENT_. my $headarg=''; diff --git a/readthis.txt b/readthis.txt index 34f7efc..52cf1c3 100644 --- a/readthis.txt +++ b/readthis.txt @@ -1,4 +1,20 @@ -There will be more information later. +This is the proxy software. +It depends on some other software: +-Apache2 (2.2) +-Squid (3.5) +-Perl +-curl +-gzip (only for compressing old log files) +and for compilation: +-gcc +-cp +-mo +-rm +-chmod + +It might work with other versions of Apache2 or Squid. It may work with other +www server software (it uses the "HTTPS" CGI variable to detect if protocol is +HTTPS, "HTTPS" is not defined in rfc3875). Recommended situation is when the software and data directories belong to a dedicatad user account. @@ -11,7 +27,7 @@ To compile/install: Log in to the user account that will own the proxy. (If not, you will have to change file ownerships later.) -Edit the file 'settings' to have values relevant to your server. +Edit the file 'settings' to have values relevant to your server/computer. Create the directories defined there and set correct permissions and ownership. Run 'make.sh'. It will generate the programs and copy them to the correct location. @@ -23,3 +39,4 @@ Restart Apache2 and Squid. To set an username/password: Create a file in data_path/pass. Username is filename. Inside the file should be one line with URL-encoded password. +Usernames can be made of letters, numbers and "_". diff --git a/rewrite.1.pl b/rewrite.1.pl index 1ffe9ed..f612736 100755 --- a/rewrite.1.pl +++ b/rewrite.1.pl @@ -12,8 +12,8 @@ $|=1; -while () { - if ($_ =~ /^([0-9]+ )/) { +while (defined($line = )) { + if ($line =~ /^([0-9]+ )/) { print $1; } print 'OK rewrite-url="'.REWRITE_URL."\"\n"; diff --git a/settings b/settings index fec9225..ed34e17 100644 --- a/settings +++ b/settings @@ -1,14 +1,14 @@ #all directory paths must end with '/' and must already exist. bin_path = /yplom/bin/proxy/ #Where the software will be located -lib_path = /yplom/lib/proxy/ +lib_path = /yplom/lib/proxy/ #Where the library will be located data_path = /yplom/data/proxy/ #where the proxy will remember data; subdir: #access, pass, archive -log_path = /yplom/log/proxy/ #where the proxy will remember data +log_path = /yplom/log/proxy/ #where the proxy will write logs tmp_path = /yplom/tmp/proxy/ #for temporary fies www_path = /yplom/www/proxy/ #for the www server (unused) -#the server must recognise these domains as itself (127.0.0.1) +#the server must recognise these domains as itself (127.0.0.1)! #http and ssl proxy ports must be accessible from outside #Don't set the ports to default values of non-proxy http(s): 80, 443! http_proxy_domain = bicyclesonthemoon.info @@ -26,6 +26,8 @@ ssl_cert = /etc/apache2/ssl/proxy.crt # The domain and path used for proxy unlocking # doesn't have to be a real domain +# But if it's real it will be proxied without unlock verification! +# Better set your own domain here. unlock_domain = yplom.bicyclesonthemoon.info unlock_path = /proxy/unlock unlock_domain_regex = ^yplom\.bicyclesonthemoon\.info(:[0-9]*)?$ @@ -36,13 +38,17 @@ unlock_path_regex = ^\/proxy\/unlock\/?$ block_host_regex = ^(localhost|(botcastle[0-9]*))$ #Time in minutes -timeout_unlock = 90 -timeout_inact = 15 +timeout_unlock = 90 # lock the proxy this many minutes after unlocking +timeout_inact = 15 # lock the proxy this many minutes after last activity #Time in seconds timeout_arch = 172800 # how old files must be to safely remove them -path = /usr/local/bin:/usr/bin:/bin +path = /usr/local/bin:/usr/bin:/bin #The path environment variable. Must be + #overwritten if SETUID. Otherwise + #launching programs may fail. (Perl + #security...) +#paths to software perl = /usr/bin/perl curl = /usr/bin/curl chmod = /bin/chmod @@ -50,7 +56,7 @@ cp = /bin/cp mv = /bin/mv rm = /bin/rm gcc = /usr/bin/gcc -gzip = /bin/gzip +gzip = /bin/gzip # not needed if logs_uncompressed=0 c_flags = -g -Wall log_size_limit = 65536 # How big can a log file be