VA/va-proxy
1
0
Fork 0
Code Issues Pull Requests Projects Releases 5 Wiki Activity

add fetchACLs script from OPNsense to download URL blacklists and build squid ACL

Browse Source
This commit is contained in:
Jörg Deckert 2025-01-28 18:27:15 +01:00
parent be0b6d8b8e
commit 23d89d9769
3 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Makefile
View File

@ -1,4 +1,6 @@
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
ca.pem = $(CHROOT)/etc/squid/ssl/ca.pem
ssl_db = $(CHROOT)/var/lib/squid/ssl_db
systemd-units: appliance/cert-renew.service appliance/cert-renew.timer
mkdir -p $(CHROOT)/usr/local/bin
@ -8,6 +10,14 @@ $(cert-renew.sh): appliance/cert-renew.sh
mkdir -p $(CHROOT)/etc/ssl
cp $< $@
$(ca.pem):
mkdir -p $(CHROOT)/etc/squid/ssl
openssl req -new -newkey rsa:2048 -subj '/C=DE/CN=proxy.example.net' -days 3650 -nodes -x509 -keyout $@ -out $@
$(ssl_db):
RUN /usr/libexec/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 20MB
RUN chown -R squid:squid /var/lib/squid/ssl_db
preinstall:
postinstall: systemd-units $(cert-renew.sh)
postinstall: systemd-units $(cert-renew.sh) $(ca.pem) $(ssl_db)

2
package.use
View File

@ -1,6 +1,8 @@
# Squid
net-proxy/squid caps pam ldap samba sasl kerberos radius ssl snmp logrotate ecap ssl-crtd perl tproxy
net-proxy/squidguard ldap
net-proxy/c-icap berkdb ipv6 ldap
net-proxy/c-icap-modules berkdb clamav
# Apache
www-servers/apache apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_connect apache2_modules_proxy_http apache2_modules_proxy_wstunnel

3
world
View File

@ -1,7 +1,10 @@
app-crypt/certbot-apache
app-crypt/certbot-nginx
net-proxy/c-icap
net-proxy/c-icap-modules
net-proxy/e2guardian
net-proxy/squid
net-proxy/squid-opnsense-fetchacls
net-proxy/squidguard
net-proxy/ufdbguard
www-apache/mod_wsgi