Merge pull request #539 from nodogsplash/4.5.0beta

Set version to 4.5.0beta

docs/source/conf.py

@@ -60,9 +60,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '4.4.1beta'
+version = '4.5.0beta'
 # The full version, including alpha/beta/rc tags.
-release = '4.4.1beta'
+release = '4.5.0beta'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/source/faq.rst

@@ -34,14 +34,20 @@ for v0.9.
 
   Enabling simple configuration for a FAS running on a remote shared web hosting server.
 
- * **FAS secure level 1 enhancement**
+ * **FAS secure level 1**
 
   From v4.3.0 onwards,  FAS secure level 1 supports token hashing. This enhances security and mitigates issues accessing ndsctl remotely to obtain the client token. This is particularly useful on legacy router devices with small flash and ram capacity.
 
 
  * **FAS secure level 2**
 
-  Enabling aes256cbc encryption on NDS data transferred to remote FAS, thus preventing knowledgable client users from bypassing verification.
+  Enabling aes256cbc encryption of NDS data transferred to remote FAS, thus preventing knowledgable client users from bypassing verification. Access to the FAS server using **http** protocol is enforced.
+
+ * **FAS secure level 3**
+
+  Enabling https access to a remote, Internet based FAS server, ensuring the client device does not receive any security warnings or errors. Access to the FAS server using **https** protocol is enforced.
+
+  Level 3 otherwise functions in the same way as level 2 with aes256cbc encryption of NDS data.
 
 Can I update from v0.9 to v1?
 *****************************

docs/source/fas.rst

@@ -247,18 +247,23 @@ Using a Shared Hosting Server for a Remote FAS
 
   fasremotefqdn = the **Fully Qualified Domain name** of the remote server
 
-Using the FAS Example Script
-****************************
+Using the FAS Example Scripts (fas-aes.php and fas-aes-https.php)
+*****************************************************************
 
-You can run the FAS example script locally on the same OpenWrt device that is running NDS (A minimum of 64MB of ram may be enough, but 128MB is recommended).
+You can run the FAS example script, fas-aes.php, locally on the same OpenWrt device that is running NDS (A minimum of 64MB of ram may be enough, but 128MB is recommended), or remotely on an Internet based FAS server. The use of http protocol is enforced.
+
+You can run the FAS example script, fas-aes-https.php, remotely on an Internet based https FAS server. The use of https protocol is enforced.
+
+Example Script File fas-aes.php
+===============================
 
 Assuming you have installed your web server of choice, configured it for port 2080 and added PHP support using the package php7-cgi, you can do the following.
 
  (Under other operating systems you may need to edit the nodogsplash.conf file in /etc/nodogsplash instead, but the process is very similar.)
 
  * Install the packages php7-cli and php7-mod-openssl
 
- * Create a folder /[server-web-root]/nds/
+ * Create a folder for the FAs script eg: /[server-web-root]/nds/ on the Internet FAS server
 
  * Place the file fas-aes.php in /[server-web-root]/nds/
 
@@ -268,15 +273,49 @@ Assuming you have installed your web server of choice, configured it for port 20
 
   adding the lines:
 
-    ``option fasport '2080'``
+    ``option fasport '2080'`` 
 
     ``option faspath '/nds/fas-aes.php'``
 
     ``option fas_secure_enabled '2'``
 
     ``option faskey '1234567890'``
 
- * Restart NDS using the command "service nodogsplash restart".
+ * Restart NDS using the command ``service nodogsplash restart``
+
+Example Script File fas-aes-https.php
+=====================================
+
+Assuming you have access to an Internet based https web server you can do the following.
+
+ (Under other operating systems you may need to edit the nodogsplash.conf file in /etc/nodogsplash instead, but the process is very similar.)
+
+ * Install the packages php7-cli and php7-mod-openssl on your NDS router
+
+ * Create a folder for the FAs script eg: /[server-web-root]/nds/ on the Internet FAS server
+
+ * Place the file fas-aes.php in /[server-web-root]/nds/
+
+   (You can find it in the /etc/nodogsplash directory.)
+
+ * Edit the file /etc/config/nodogsplash
+
+  adding the lines:
+
+    ``option fasport '443'`` (or the actual port in use if different)
+
+    ``option faspath '/nds/fas-aes-https.php'``
+
+    ``option fas_secure_enabled '3'``
+
+    ``option faskey '1234567890'``
+
+    ``option fasremoteip '46.32.240.41'`` (change this to the actual ip address of the remote server)
+
+    ``option fasremotefqdn 'blue-wave.net'`` (change this to the actual FQDN of the remote server)
+
+ * Restart NDS using the command ``service nodogsplash restart``
+
 
 Changing faskey
 ***************

docs/source/libraries.rst

@@ -48,7 +48,17 @@ unescape.sh
 ###########
 This utility allows an input string to be unescaped. It currently only supports url-decoding.
 
-It is used by NDS as the unescape callback for libmicrohttpd.
+It can be used by NDS as the unescape callback for libmicrohttpd.
+
+To enable, set the unescape_callback_enabled option to "1"
+
+To disable, set the unescape_callback_enabled option to "0"
+
+The default is disabled (use internal MHD unescape)
+
+eg In the OpenWrt configuration file
+
+	``option unescape_callback_enabled '0'``
 
   Usage: unescape.sh [-option] [escapedstring]
 

docs/source/ndsctl.rst

@@ -11,7 +11,7 @@ A nodogsplash install includes ndsctl, a separate application which provides som
 
     ``/usr/bin/ndsctl clients``
 
-* To print to stdout the list of clients in json format:
+* To print to stdout the list of clients and trusted devices in json format:
 
     ``/usr/bin/ndsctl json``