diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-09-18 02:21:42 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-09-18 02:21:42 +0000 |
| commit | 3a66b6211b8d06e494fb4ac73da5d59eacd4529d (patch) | |
| tree | 30e611c8c384248e7e3bb2c68618b79347eeb0df /etc | |
| parent | b701357d0f0d202f5828552c4829ff846ed25377 (diff) | |
| download | pfsense-3a66b6211b8d06e494fb4ac73da5d59eacd4529d.zip pfsense-3a66b6211b8d06e494fb4ac73da5d59eacd4529d.tar.gz | |
* Additional tuning parms
* Support captive portal SSL
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 26 | ||||
| -rw-r--r-- | etc/inc/system.inc | 17 |
2 files changed, 24 insertions, 19 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index fd9211d..e668cd5 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -154,21 +154,13 @@ EOD; /* start web server */ // mwexec("/usr/local/sbin/mini_httpd -a -M 0 -u root -maxproc 16" . // " -p 8000 -i {$g['varrun_path']}/mini_httpd.cp.pid"); - - /* generate lighttpd configuration */ - system_generate_lighty_config("{$g['varetc_path']}/lighty-CaptivePortal.conf", - $key, $cert, "lighty-CaptivePortal.pid", "8000", "/usr/local/captiveportal/"); - /* attempt to start lighthttpd */ - $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-CaptivePortal.conf"); - - /* fire up another one for HTTPS if requested */ + $cert = ""; + $key = ""; if (isset($config['captiveportal']['httpslogin']) && $config['captiveportal']['certificate'] && $config['captiveportal']['private-key']) { - $cert = base64_decode($config['captiveportal']['certificate']); $key = base64_decode($config['captiveportal']['private-key']); - $fd = fopen("{$g['varetc_path']}/cert-portal.pem", "w"); if (!$fd) { printf("Error: cannot open cert-portal.pem in system_webgui_start().\n"); @@ -179,12 +171,18 @@ EOD; fwrite($fd, "\n"); fwrite($fd, $key); fclose($fd); - - mwexec("/usr/local/sbin/mini_httpd -S -a -M 0 -E {$g['varetc_path']}/cert-portal.pem" . - " -u root -maxproc 16 -p 8001" . - " -i {$g['varrun_path']}/mini_httpd.cps.pid"); + + } + /* generate lighttpd configuration */ + system_generate_lighty_config("{$g['varetc_path']}/lighty-CaptivePortal.conf", + $key, $cert, "lighty-CaptivePortal.pid", "8000", "/usr/local/captiveportal/", + "cert-portal.pem"); + + /* attempt to start lighthttpd */ + $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-CaptivePortal.conf"); + /* generate passthru mac database */ captiveportal_passthrumac_configure(); /* create allowed ip database and insert ipfw rules to make it so */ diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 226e792..7c3678e 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -388,7 +388,8 @@ EOD; /* generate lighttpd configuration */ system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf", - $key, $cert, "lighty-webConfigurator.pid", "80", "/usr/local/www/"); + $key, $cert, "lighty-webConfigurator.pid", "80", "/usr/local/www/", + "cert.pem"); /* attempt to start lighthttpd */ $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf"); @@ -403,7 +404,9 @@ EOD; return $res; } -function system_generate_lighty_config($filename, $cert, $key, $pid_file, $port = "", $document_root = "/usr/local/www/") { +function system_generate_lighty_config($filename, $cert, $key, $pid_file, + $port = "", $document_root = "/usr/local/www/", + $cert_location = "cert.pem") { /* create directory to hold compressed items */ if(!is_dir("/tmp/lighttpd/cache/compress/")) @@ -560,6 +563,10 @@ fastcgi.server = ( ".php" => "max-procs" => 1, "max-load-per-proc" => 1, "idle-timeout" => 5, + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "2", + "PHP_FCGI_MAX_REQUESTS" => "100" + ), "bin-path" => "/usr/local/bin/php" ) ) @@ -568,12 +575,12 @@ fastcgi.server = ( ".php" => EOD; if($cert <> "" and $key <> "") { - $fd = fopen("{$g['varetc_path']}/cert.pem", "w"); + $fd = fopen("{$g['varetc_path']}/{$cert_location}", "w"); if (!$fd) { printf("Error: cannot open cert.pem in system_webgui_start().\n"); return 1; } - chmod("{$g['varetc_path']}/cert.pem", 0600); + chmod("{$g['varetc_path']}/{$cert_location}", 0600); fwrite($fd, $cert); fwrite($fd, "\n"); fwrite($fd, $key); @@ -581,7 +588,7 @@ EOD; $lighty_config .= "\n"; $lighty_config .= "## ssl configuration\n"; $lighty_config .= "ssl.engine = \"enable\"\n"; - $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/cert.pem\"\n\n"; + $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; } $fd = fopen("{$g['varetc_path']}/{$filename}", "w"); |
