Lightsquid - make lighttpd listen on IPv6 + GUI cleanup

www/pfSense-pkg-Lightsquid/Makefile

@@ -1,8 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	pfSense-pkg-Lightsquid
-PORTVERSION=	3.0.4
-PORTREVISION=	3
+PORTVERSION=	3.0.5
 CATEGORIES=	www
 MASTER_SITES=	# empty
 DISTFILES=	# empty

www/pfSense-pkg-Lightsquid/files/usr/local/pkg/lightsquid.inc

@@ -3,7 +3,7 @@
  * lightsquid.inc
  *
  * part of pfSense (https://www.pfsense.org)
- * Copyright (c) 2015-2016 Rubicon Communications, LLC (Netgate)
+ * Copyright (c) 2015-2017 Rubicon Communications, LLC (Netgate)
  * Copyright (c) 2006-2012 Sergey Dvoriancev <dv_serg@mail.ru>
  * All rights reserved.
  *
@@ -52,7 +52,7 @@ if (is_array($config['installedpackages']['squid']['config'][0]) && $config['ins
 } else {
 	define('LS_SQUIDLOGPATH',	'/var/squid/logs');
 }
-		
+
 define('LS_SQUIDLOG',			'access.log');
 define('LS_IP2NAMEPATH',		LIGHTSQUID_BASE . '/libexec/lightsquid');
 define('CRONTAB_LS_TEMPLATE',		'/usr/local/bin/perl ' . LIGHTSQUID_BASE . '/www/lightsquid/lightparser.pl');
@@ -190,8 +190,20 @@ function lightsquid_write_webconfig() {
 #
 # Lightsquid lighttpd configuration file
 #
+
+EOF;
+
+	// Add this only if SSL is disabled, things break otherwise
+	if ($lightsquid_config['lighttpd_ls_ssl'] != "on") {
+		$lighttpd_ls_conf .= <<<EOF
 server.bind			= "0.0.0.0"
 server.port			= "{$lightsquid_config['lighttpd_ls_port']}"
+\$SERVER["socket"]		== "[::]:{$lightsquid_config['lighttpd_ls_port']}" {  }
+
+EOF;
+	}
+
+	$lighttpd_ls_conf .= <<<EOF
 server.event-handler		= "freebsd-kqueue"
 server.network-backend		= "freebsd-sendfile"
 server.dir-listing		= "disable"
@@ -274,52 +286,64 @@ auth.require = ( "/" =>
 )
 EOF;
 
-if (!isset($lightsquid_config['lighttpd_ls_ssl']) || ($lightsquid_config['lighttpd_ls_ssl'] == "on")) {
-	// Write out cert
-	$lscert =& lookup_cert($config['system']['webgui']['ssl-certref']);
-	if (!is_array($lscert) || !$lscert['crt'] || !$lscert['prv']) {
-		$lscert = system_webgui_create_certificate();
-	}
-	$cert = base64_decode($lscert['crt']);
-	$key = base64_decode($lscert['prv']);
-	$ca = ca_chain($lscert);
-	$cert = str_replace("\r", "", $cert);
-	$key = str_replace("\r", "", $key);
-	$cert = str_replace("\n\n", "\n", $cert);
-	$key = str_replace("\n\n", "\n", $key);
-	if (!empty($cert) && !empty($key)) {
-		$fd = fopen($lighttpd_ls_cert_path, "w");
-		if (!$fd) {
-			printf(gettext("Error: cannot open certificate file in lightsquid_write_webconfig().%s"), "\n");
-			return 1;
+	// SSL is enabled
+	if (!isset($lightsquid_config['lighttpd_ls_ssl']) || ($lightsquid_config['lighttpd_ls_ssl'] == "on")) {
+		// Write out cert
+		$lscert =& lookup_cert($config['system']['webgui']['ssl-certref']);
+		if (!is_array($lscert) || !$lscert['crt'] || !$lscert['prv']) {
+			$lscert = system_webgui_create_certificate();
 		}
-		chmod($lighttpd_ls_cert_path, 0600);
-		if (!empty($ca)) {
-			$cert_chain = $cert . "\n" . $ca;
-		} else {
-			$cert_chain = $cert;
+		$cert = base64_decode($lscert['crt']);
+		$key = base64_decode($lscert['prv']);
+		$ca = ca_chain($lscert);
+		$cert = str_replace("\r", "", $cert);
+		$key = str_replace("\r", "", $key);
+		$cert = str_replace("\n\n", "\n", $cert);
+		$key = str_replace("\n\n", "\n", $key);
+		if (!empty($cert) && !empty($key)) {
+			$fd = fopen($lighttpd_ls_cert_path, "w");
+			if (!$fd) {
+				printf(gettext("Error: cannot open certificate file in lightsquid_write_webconfig().%s"), "\n");
+				return 1;
+			}
+			chmod($lighttpd_ls_cert_path, 0600);
+			if (!empty($ca)) {
+				$cert_chain = $cert . "\n" . $ca;
+			} else {
+				$cert_chain = $cert;
+			}
+			fwrite($fd, $cert_chain);
+			fwrite($fd, $key);
+			fclose($fd);
 		}
-		fwrite($fd, $cert_chain);
-		fwrite($fd, $key);
-		fclose($fd);
-	}
-
-	// Add SSL config
-	$lighttpd_ls_conf .= <<<EOF
 
+		// Add SSL config
+		// Common SSL config snippet for use below
+		$lighttpd_ls_conf_sslcommon = <<<EOF
 ssl.engine		= "enable"
 ssl.pemfile		= "{$lighttpd_ls_cert_path}"
 ssl.use-sslv2		= "disable"
 ssl.use-sslv3		= "disable"
 ssl.honor-cipher-order	= "enable"
 ssl.cipher-list		= "AES128+EECDH:AES256+EECDH:AES128+EDH:AES256+EDH:AES128-SHA:AES256-SHA:!aNULL:!eNULL:!DSS"
-
 EOF;
+
+		// Configure IPv4 and IPv6 sockets
+		$lighttpd_ls_conf .= <<<EOF
+
+\$SERVER["socket"]	== "0.0.0.0:{$lightsquid_config['lighttpd_ls_port']}" {
+{$lighttpd_ls_conf_sslcommon}
 }
 
-	@file_put_contents('/var/etc/lightsquid/lighttpd_ls.conf', $lighttpd_ls_conf, LOCK_EX);
-	unset($lighttpd_ls_conf);
+\$SERVER["socket"]	== "[::]:{$lightsquid_config['lighttpd_ls_port']}" {
+{$lighttpd_ls_conf_sslcommon}
+}
+EOF;
 
+	} // endif - SSL is enabled
+
+	file_put_contents('/var/etc/lightsquid/lighttpd_ls.conf', $lighttpd_ls_conf, LOCK_EX);
+	unset($lighttpd_ls_conf);
 }
 
 /*
@@ -597,7 +621,7 @@ function lightsquid_validate_input($post, &$input_errors) {
 			$input_errors[] = "Please, configure Squid - General - Proxy Interface(s) to include 'loopback' interface.";
 		}
 	}
-	
+
 	/* 'Skip URL(s)' validation */
 	if ($post['lightsquid_skipurl'] != "") {
 		$hosts = explode("|", $post['lightsquid_skipurl']);

www/pfSense-pkg-Lightsquid/files/usr/local/pkg/lightsquid.xml

@@ -8,7 +8,7 @@
  * lightsquid.xml
  *
  * part of pfSense (https://www.pfsense.org)
- * Copyright (c) 2015-2016 Rubicon Communications, LLC (Netgate)
+ * Copyright (c) 2015-2017 Rubicon Communications, LLC (Netgate)
  * Copyright (c) 2006-2012 Sergey Dvoriancev <dv_serg@mail.ru>
  * All rights reserved.
  *
@@ -35,13 +35,6 @@
 		<section>Status</section>
 		<url>/pkg_edit.php?xml=lightsquid.xml</url>
 	</menu>
-	<tabs>
-		<tab>
-			<text>Settings</text>
-			<url>/pkg_edit.php?xml=lightsquid.xml</url>
-			<active/>
-		</tab>
-	</tabs>
 	<service>
 		<name>lightsquid_web</name>
 		<rcfile>lighttpd_ls.sh</rcfile>
@@ -57,18 +50,39 @@
 			<type>info</type>
 			<fielddescr>
 				<![CDATA[
-				<span class="errmsg">IMPORTANT: Perform these steps after install:</span>
+				Perform these steps after install
 				]]>
 			</fielddescr>
 			<description>
 				<![CDATA[
-				1/ <strong>Enable 'Access Logging' in the Squid package!</strong> It is strongly suggested to leave the 'Log Store Directory' in Squid package at default '/var/squid/logs' value.<br/><br/>
-				2/ <strong>ONLY if Squid is NOT set up as transparent proxy:</strong><br/>
-				-  Configure Squid - General - Proxy Interface(s) to include <strong>'loopback'</strong> interface (in addition to any other interfaces you want Squid to bind on).<br/><br/>
-				3/ <strong>Configure 'Report Template Settings' and 'Reporting Settings and Scheduler' below and Save when finished.</strong><br/><br/>
-				4/ <strong>Use the Refresh buttons in the 'Manual Refresh' section below to create initial LightSquid reports</strong>; otherwise you will get an error diagnostic page.<br/>
-				- <em>"Refresh"</em> will (re)parse today's entries only in Squid's current access.log.<br/>
-				- <em>"Refresh Full"</em> will (re)parse all entries in all Squid's access logs, including the rotated ones. <strong>Note: This may take long time to finish!</strong><br/>
+				<strong><span class="text-danger">IMPORTANT: </span>Click Info and follow the instructions below if this is initial install!</strong>
+				<div class="infoblock"><ol type="1">
+				<li>
+					<strong><span class="text-info">Enable and configure Squid logging</span></strong><br/>
+					Check 'Enable Access Logging' and configure 'Log Store Directory' on <a href="/pkg_edit.php?xml=squid.xml">Squid Proxy Server > General</a> page.<br/>
+					Hint: It is strongly suggested to leave the 'Log Store Directory' at default <code>/var/squid/logs</code> value.<br/><br/>
+				</li>
+				<li>
+					<strong><span class="text-info">(ONLY if Squid is NOT set up as transparent proxy)</span></strong><br/>
+					Configure 'Proxy Interface(s)' on <a href="/pkg_edit.php?xml=squid.xml">Squid Proxy Server > General</a> page to
+					include <strong>'loopback'</strong> interface (in addition to any other interfaces you want Squid to bind on).
+					This is required for sqstat to work.<br/><br/>
+				</li>
+				<li>
+					<strong><span class="text-info">Configure Lightsquid</span></strong><br/>
+					Complete the 'Report Template Settings' and 'Reporting Settings and Scheduler' sections below and <strong>Save when finished.</strong><br/><br/>
+				</li>
+				<li>
+					<strong><span class="text-info">Create initial Lightsquid reports</span></strong><br/>
+					Use the 'Refresh' buttons in the 'Manual Refresh' section below to create initial LightSquid reports.<br/>
+					<span class="text-danger">Important: </span>If you skip this step, you will get a diagnostic error page when you click 'Open Lightsquid'.
+					<dl class="dl-horizontal responsive">
+						<dt>Refresh</dt><dd>(Re)parse today's entries only in Squid's current access.log.</dd>
+						<dt>Refresh Full</dt><dd>(Re)parse all entries in all Squid's access logs, including the rotated ones.<br/>
+						<span class="text-info">Note: This may take a long time to finish!</span></dd>
+					</dl>
+				</li>
+				</ol></div>
 				]]>
 			</description>
 		</field>
@@ -79,35 +93,53 @@
 		<field>
 			<fielddescr>Lightsquid Web Port</fielddescr>
 			<fieldname>lighttpd_ls_port</fieldname>
-			<description>Port the lighttpd web server for lightsquid will listen on. (Default: 7445)</description>
+			<description>
+				<![CDATA[
+				Port the lighttpd web server for Lightsquid will listen on.
+				<span class="text-info">(Default: 7445)</span>
+				]]>
+			</description>
 			<type>input</type>
 			<size>5</size>
 			<default_value>7445</default_value>
+			<required/>
 		</field>
 		<field>
 			<fielddescr>Lightsquid Web SSL</fielddescr>
 			<fieldname>lighttpd_ls_ssl</fieldname>
 			<description>Use SSL for Lightsquid Web Access</description>
-			<sethelp>This option configures the lightsquid web server to use SSL and uses the WebGUI HTTPS certificate.</sethelp>
+			<sethelp>This option configures the Lightsquid web server to use SSL and uses the WebGUI HTTPS certificate.</sethelp>
 			<type>checkbox</type>
 			<default_value>on</default_value>
 		</field>
 
 		<field>
 			<fielddescr>Lightsquid Web User</fielddescr>
 			<fieldname>lighttpd_ls_user</fieldname>
-			<description>Username used to access lighttpd. (Default: admin)</description>
+			<description>
+				<![CDATA[
+				Username used to access lighttpd.
+				<span class="text-info">(Default: admin)</span>
+				]]>
+			</description>
 			<type>input</type>
 			<size>5</size>
 			<default_value>admin</default_value>
+			<required/>
 		</field>
 		<field>
 			<fielddescr>Lightsquid Web Password</fielddescr>
 			<fieldname>lighttpd_ls_password</fieldname>
-			<description>Password used to access lighttpd. (Default: pfsense)</description>
+			<description>
+				<![CDATA[
+				Password used to access lighttpd.
+				<span class="text-info">(Default: pfsense)</span>
+				]]>
+			</description>
 			<type>password</type>
 			<size>5</size>
 			<default_value>pfsense</default_value>
+			<required/>
 		</field>
 		<field>
 			<type>info</type>
@@ -182,17 +214,18 @@
 			<fieldname>lightsquid_ip2name</fieldname>
 			<description>
 				<![CDATA[
-				<table cellpadding=1 cellspacing=0 style="text-align: left;">
-				<tbody>
-					<tr><th colspan=2>Select which method(s) should be attempted (in the order listed below) to resolve IPs to hostnames:</th></tr>
-					<tr><th>IP         </th><td> - Do not resolve IP addresses.</td></tr>
-					<tr><th>Demo       </th><td> - Use Squid AUTHNAME, then DNSNAME, then IP.</td></tr>
-					<tr><th>DNS        </th><td> - Use DNSNAME.</td></tr>
-					<tr><th>Simple     </th><td> - Use Squid AUTHNAME, then IP address.</td></tr>
-					<tr><th>SMB        </th><td> - Use NetBIOS name.</td></tr>
-					<tr><th>Squidauth  </th><td> - Use Squid AUTHNAME, then IP address (allow international characters).</td></tr>
-				</tbody>
-				</table>
+				Select which method(s) should be attempted (in the order listed below) to resolve IPs to hostnames.<br/>
+				Click Info for details. <span class="text-info">(Default: DNS)</span>
+				<div class="infoblock">
+				<dl class="dl-horizontal responsive">
+					<dt>IP</dt><dd>Do not resolve IP addresses.</dt>
+					<dt>Demo</dt><dd>Use Squid AUTHNAME, then DNS hostname, then IP.</dt>
+					<dt>DNS</dt><dd>Use DNS hostname.</dt>
+					<dt>Simple</dt><dd>Use Squid AUTHNAME, then IP address.</dt>
+					<dt>SMB</dt><dd>Use NetBIOS name.</dt>
+					<dt>Squidauth</dt><dd>Use Squid AUTHNAME, then IP address (allows international characters).</dt>
+				</dl>
+				</div>
 				]]>
 			</description>
 			<type>select</type>
@@ -212,8 +245,10 @@
 			<description>
 				<![CDATA[
 				If you want to omit some sites from statistics (e.g., a local webserver), specify the URL(s) here.<br/>
-				Separate multiple entries by <strong>|</strong> character.<br/><br/>
-				Example: example.com|192.168.1.|example.net
+				<span class="text-info">
+				Separate multiple entries by <strong>|</strong> character.
+				<strong>Example: </strong><code>example.com|192.168.1.|example.net</code>
+				</span>
 				]]>
 			</description>
 			<type>textarea</type>
@@ -226,19 +261,23 @@
 			<description>
 				<![CDATA[
 				Select data refresh period. The reporting task will be executed every XX minutes/hours.<br/>
-				<strong>Legend:</strong>  (!),(*) - use only with fast hardware; (+) - recommended values.<br/>
+				<span class="text-info">
+				<strong>Legend:</strong>
+				&nbsp;&nbsp; (!)(*) &nbsp; Use only with fast hardware
+				&nbsp;&nbsp; (+) &nbsp; Recommended values
+				</span>
 				]]>
 			</description>
 			<type>select</type>
 			<default_value>lhp_none</default_value>
 			<options>
 				<option><name>none</name><value>lhp_none</value></option>
-				<option><name>10min(!)</name><value>lhp_10m</value></option>
-				<option><name>20min(!)</name><value>lhp_20m</value></option>
-				<option><name>30min(*)</name><value>lhp_30m</value></option>
-				<option><name>40min(*)</name><value>lhp_40m</value></option>
-				<option><name>50min(+)</name><value>lhp_50m</value></option>
-				<option><name>60min(+)</name><value>lhp_60m</value></option>
+				<option><name>10min (!)</name><value>lhp_10m</value></option>
+				<option><name>20min (!)</name><value>lhp_20m</value></option>
+				<option><name>30min (*)</name><value>lhp_30m</value></option>
+				<option><name>40min (*)</name><value>lhp_40m</value></option>
+				<option><name>50min (+)</name><value>lhp_50m</value></option>
+				<option><name>60min (+)</name><value>lhp_60m</value></option>
 				<option><name>2h</name><value>lhp_2h</value></option>
 				<option><name>3h</name><value>lhp_3h</value></option>
 				<option><name>4h</name><value>lhp_4h</value></option>
@@ -253,10 +292,12 @@
 			<fielddescr>Manual Refresh</fielddescr>
 			<description>
 				<![CDATA[
-				<button type="submit" class="btn btn-primary" name="refreshnow" id="refreshnow" value="Refresh Now"><i class="fa fa-refresh icon-embed-btn"></i>Refresh</button> will (re)parse today's entries only in Squid's current access.log.<br/><br/>
-				<button type="submit" class="btn btn-warning" name="refreshfull" id="refreshfull" value="Refresh Full"><i class="fa fa-retweet icon-embed-btn"></i>Refresh Full</button> will (re)parse all entries in all Squid's access logs, including the rotated ones.
-				<strong>Note: This may take long time to finish!</strong><br/><br/>
-				Press a button above to start background refresh (this will take some time).<br/>
+				Use these buttons to start a background refresh of the Lightsquid reports.<br/><br/>
+				<button type="submit" class="btn btn-primary" name="refreshnow" id="refreshnow" value="Refresh Now"><i class="fa fa-refresh icon-embed-btn"></i>Refresh</button>
+				Will (re)parse today's entries only in Squid's current access.log.<br/><br/>
+				<button type="submit" class="btn btn-warning" name="refreshfull" id="refreshfull" value="Refresh Full"><i class="fa fa-retweet icon-embed-btn"></i>Refresh Full</button>
+				Will (re)parse all entries in all Squid's access logs, including the rotated ones.
+				<span class="text-info">This may take a long time to finish!</span></dd>
 				]]>
 			</description>
 		</field>