Merge branch 'master' into v7

NethServer · Jun 1, 2017 · 1143bdc · 1143bdc
2 parents 02be126 + 3972aea
commit 1143bdc
Show file tree

Hide file tree

Showing 9 changed files with 69 additions and 105 deletions.
diff --git a/administrator-manual/en/web_proxy.rst b/administrator-manual/en/web_proxy.rst
@@ -70,10 +70,34 @@ from specific IP or destined to some sites it's not routed through the HTTP/HTTP
 
 The proxy allows you to create:
 
-* bypass by source, configurable from :guilabel:`Hosts without proxy` section
-* bypass by destination, configurable from :guilabel:`Sites without proxy` section
+* bypass by domains
+* bypass by source
+* bypass by destination
 
-Bypass rules are also configured inside the WPAD file.
+Bypass by domains
+-----------------
+
+Bypass by domains can be configured from :guilabel:`Domains without proxy` section.
+All domains listed inside this page can be directly accessed from LAN clients.
+No antivirus or content filtering is applied to these domains.
+
+Every domain listed will be expanded also for its own sub-domains.
+For example, adding *nethserver.org* will bypass also *www.nethserver.org*, *mirror.nethserver.org*, etc.
+
+.. note:: All LAN clients must use the server itself as DNS, either directly or as a forwarder.
+
+Bypass by source and destinations
+---------------------------------
+
+A source bypass allows direct access to any HTTP/HTTPS sites from 
+selected hosts, host groups, IP ranges and network CIDR.
+Source bypasses are configurable from :guilabel:`Hosts without proxy` section.
+
+A destination bypass allows direct access from any LAN clients to HTTP/HTTPS sites hosted on specific hosts, 
+host groups or network CIDR.
+Destination bypasses are configurable from :guilabel:`Sites without proxy` section.
+
+These bypass rules are also configured inside the WPAD file.
 
 Report
 ======

diff --git a/developer-manual/en/c-icap.rst b/developer-manual/en/c-icap.rst
diff --git a/developer-manual/en/index.rst b/developer-manual/en/index.rst
@@ -41,8 +41,6 @@ Developer Manual
    certificate_management
    yum_plugin
    backup
-   gateway
-   ips
 
 .. toctree::
    :maxdepth: 2
@@ -70,31 +68,22 @@ Developer Manual
    ftp
    ups
    tftp
-   pop3_proxy
-   owncloud
-   roundcube
    collectd
    phone_home
-   web_proxy
-   web_antivirus
    content_filter
    webvirtmgr
    duc
    snmp
    tomcat7
    postgresql
    unixodbc
-   vpn
-   unbound
    ntopng
    samba_audit
    redis
    memcached
    smartd
    cups
    antivirus
-   c-icap
-   iaxmodem
    mysql
 
 .. toctree::

diff --git a/developer-manual/en/modules b/developer-manual/en/modules
@@ -24,3 +24,5 @@ nethserver-suricata
 nethserver-webtop5
 nethserver-ipsec-tunnels
 nethserver-openvpn
+nethserver-roundcubemail
+nethserver-unbound
diff --git a/developer-manual/en/nethserver-nextcloud.rst b/developer-manual/en/nethserver-nextcloud.rst
@@ -51,4 +51,4 @@ When using ``occ`` command, PHP 5.6 should be enabled inside the environment.
 
 Invocation example: ::
 
-  su - apache -s /bin/bash -c "source /opt/rh/rh-php56/enable; cd /usr/share/nextcloud/; php occ " ldap:show-config
+  su - apache -s /bin/bash -c "source /opt/rh/rh-php56/enable; cd /usr/share/nextcloud/; php occ ldap:show-config"
diff --git a/developer-manual/en/roundcube.rst → ...er-manual/en/nethserver-roundcubemail.rst b/developer-manual/en/roundcube.rst → ...er-manual/en/nethserver-roundcubemail.rst
@@ -1,11 +1,9 @@
-====================
-Webmail (Roundcube)
-====================
+========================
+nethserver-roundcubemail
+========================
 
 Roundcube is a fast webmail client written in PHP.
 
-Package: *nethserver-roundcubemail*.
-
 Database 
 ========
 
@@ -15,10 +13,10 @@ Available properites:
 
 * ``Server``: server address of the mail server, default is ``localhost``
 * ``access``: can be ``public`` or ``private``, default is ``public``
-  
+
   * *public*: webmail can be accessed from any networks
   * *private*: webmail can be accessed only from green interfaces and  trusted networks
-* ``PluginsList``: comma separated list of enabled plugins, default is ``managesieve,markasjunk``.  
+* ``PluginsList``: comma separated list of enabled plugins, default is ``managesieve,markasjunk``.
   Before adding an option to this property, please be sure the plugin is already installed.
   A list of bundled plugins can be found inside file:``/usr/share/roundcubemail/plugins`` directory.
 
@@ -31,3 +29,4 @@ Example: ::
 
 
 Configuration can be applied using the ``nethserver-roundcubemail-update`` event.
+
diff --git a/developer-manual/en/nethserver-squid.rst b/developer-manual/en/nethserver-squid.rst
@@ -14,6 +14,7 @@ All properties are saved in the ``squid`` key under the ``configuration`` databa
 Properties:
 
 * *BlueMode*: change Squid operation mode on blue networks. It has same values and defaults of ``GreenMode``
+* *BypassDomains*: comma separeted list of domains bypassed when the proxy is set in transparent mode
 * *DiskCache*: disabled by default, if enabled it actives the disk caching system for squid
 * *DiskCacheSize*: maximum value of squid cache on disk
 * *GreenMode*: change Squid operation mode on green networks.
@@ -89,6 +90,15 @@ Authentication schema depends on system configuration:
 Bypasses
 ========
 
+The implementation supports 3 kind of bypass:
+
+- source bypass
+- destination bypass
+- domains bypass
+
+Source and destination bypass
+-----------------------------
+
 Bypass rules are saved inside the ``fwrules`` databases.
 A bypass can be of two types:
 
@@ -108,8 +118,25 @@ Bypass example: ::
     Host=host;bosspc
     status=enabled
 
+Domains bypass
+---------------
+
+All requests to domains listed inside the ``BypassDomains`` property will not
+be redirect to the transparent proxy.
+
+The implementation uses the ipset feature of Dnsmasq.
+Each time a listed domain is accessed from the client, Dnsmasq resolves the IP
+and add it to ``squid-bypass`` ipset.
+The ``squid-bypass`` ipset is then used as exception inside Shorewall REDIRECT rule.
+
+Notes:
+
+* all clients must use the server as DNS
+* Dnsmasq name resolution works for the listed domains and all sub-domains
+
 Cache
 =====
+
 There is an *event* called ``nethserver-squid-clear-cache`` that empties the cache.
 
 WPAD

diff --git a/developer-manual/en/unbound.rst → developer-manual/en/nethserver-unbound.rst b/developer-manual/en/unbound.rst → developer-manual/en/nethserver-unbound.rst
@@ -1,8 +1,6 @@
-.. _unbound-section:
-
-=======
-Unbound
-=======
+===================
+nethserver-unbonund
+===================
 
 Unbound is a validating, recursive, and caching DNS resolver.
 Currently it's only used only as DNS server for anti-spam DNSBL implementation.
@@ -12,8 +10,8 @@ in well-known blacklists.
 Some blacklists doesn't allow multiple query from public DNS servers,
 thus the system needs a DNS server which can directly query the blacklist DNS.
 
-If the mail filter is installed, dnsmasq configuration is changed, and specific 
-domain query are redirect trough unbond. 
+If the mail filter is installed, dnsmasq configuration is changed, and specific
+domain query are redirect trough unbond.
 See: :file:`/etc/e-smith/templates/etc/dnsmasq.conf/26unbound_rbl`.
 
 Package: *nethserver-unbound*.
@@ -37,3 +35,4 @@ Example: ::
     status=enabled
 
 Configuration can be applied using the ``nethserver-unbound-update`` event.
+
diff --git a/developer-manual/en/web_antivirus.rst b/developer-manual/en/web_antivirus.rst