From 518e1fbd3efdc76cfefbbf37e5cc2ea90b2b32b2 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Fri, 8 Mar 2024 12:55:12 +0100 Subject: [PATCH] www/caddy: a quick whitespace sweep (no functional changes) --- www/caddy/Makefile | 12 ++++++------ www/caddy/README.md | 16 ++++++++-------- www/caddy/pkg-descr | 6 +++--- .../OPNsense/Caddy/Api/GeneralController.php | 2 +- .../Caddy/Api/ReverseProxyController.php | 10 +++++----- .../OPNsense/Caddy/forms/dynamicdns.xml | 2 +- .../OPNsense/Caddy/Migrations/M1_1_3.php | 10 +++++----- .../mvc/app/views/OPNsense/Caddy/general.volt | 2 +- .../views/OPNsense/Caddy/reverse_proxy.volt | 8 ++++---- .../scripts/OPNsense/Caddy/caddy_control.py | 2 +- .../service/templates/OPNsense/Caddy/Caddyfile | 18 +++++++++--------- 11 files changed, 44 insertions(+), 44 deletions(-) diff --git a/www/caddy/Makefile b/www/caddy/Makefile index 31f2035bd..7059ebe9d 100644 --- a/www/caddy/Makefile +++ b/www/caddy/Makefile @@ -1,8 +1,8 @@ -PLUGIN_NAME= caddy -PLUGIN_VERSION= 1.5.1 -PLUGIN_REVISION= 2 -PLUGIN_DEPENDS= caddy-custom -PLUGIN_COMMENT= Easy to configure Reverse Proxy based on Caddy with Automatic HTTPS and Dynamic DNS -PLUGIN_MAINTAINER= cedrik@pischem.com +PLUGIN_NAME= caddy +PLUGIN_VERSION= 1.5.1 +PLUGIN_REVISION= 2 +PLUGIN_DEPENDS= caddy-custom +PLUGIN_COMMENT= Easy to configure Reverse Proxy based on Caddy with Automatic HTTPS and Dynamic DNS +PLUGIN_MAINTAINER= cedrik@pischem.com .include "../../Mk/plugins.mk" diff --git a/www/caddy/README.md b/www/caddy/README.md index a1ba325cb..3dbfc9571 100644 --- a/www/caddy/README.md +++ b/www/caddy/README.md @@ -21,8 +21,8 @@ ## License -- This project is licensed under the BSD 2-Clause "Simplified" license. See the LICENSE file for details. -- Caddy is licensed under the Apache License, Version 2.0. +- This project is licensed under the BSD 2-Clause "Simplified" license. See the LICENSE file for details. +- Caddy is licensed under the Apache License, Version 2.0. - OPNsense is licensed under the BSD 2-Clause “Simplified” license. ## Acknowledgments @@ -38,7 +38,7 @@ ## Prepare Caddy for use after the installation **Attention**, additional preparation of OPNsense needed: -- Make sure that port `80` and `443` aren't occupied. You have to change the default listen port to `8443` for example. Go to `System: Settings: Administration` to change the `TCP Port`. Then also enable `HTTP Redirect - Disable web GUI redirect rule`. +- Make sure that port `80` and `443` aren't occupied. You have to change the default listen port to `8443` for example. Go to `System: Settings: Administration` to change the `TCP Port`. Then also enable `HTTP Redirect - Disable web GUI redirect rule`. - If you have other reverse proxy or webserver plugins installed, make sure they don't use the same ports as Caddy - Create Firewall rules that allow 80 and 443 TCP to "This Firewall" on WAN and (optionally) LAN, OPT1 etc... - There is a lot of input validation. If you read all the hints, help texts and error messages, its unlikely that you create a configuration that won't work. @@ -67,7 +67,7 @@ ## General Settings - Dynamic DNS - `DynDns Check Http`: Optionally, enter an URL to test the current IP address of the firewall via HTTP procotol. Generally, this is not needed. Caddy uses default providers to test the current IP addresses. If you rather use your own, enter the https:// link to an IP address testing website. - `DynDns Check Interface`: Optionally, select an interface to extract the current IP address of the firewall. Attention, all IP addresses will be read from this interface. Only choose this option if you know the implications. -- `DynDns Check Interval`: Interval to poll for changes of the IP address. The default is 5 minutes. Can be a number between 1 to 1440 minutes. +- `DynDns Check Interval`: Interval to poll for changes of the IP address. The default is 5 minutes. Can be a number between 1 to 1440 minutes. - `DynDns IP Version`: Leave on None to set IPv4 A-Records and IPv6 AAAA-Records. Select "Ipv4 only" for setting A-Records. Select "IPv6 only" for setting AAAA-Records. - `DynDns TTL`: Set the TTL (time to live) for DNS Records. The default is 1 hour. Can be a number between 1 to 24 hours. @@ -84,7 +84,7 @@ - `Access List`: Restrict the access to this domain to a list of IP addresses you define in the `Access` Tab. This doesn't influence the Let's Encrypt certificate generation, so you can be as restrictive as you want here. - `Basic Auth`: Restrict the access to this domain to one or multiple users you define in the `Access` Tab. This doesn't influence the Let's Encrypt certificate generation, so you can be as restrictive as you want here. - `DNS-01 challenge`: Enable this if you want to use the `DNS-01` ACME challenge instead of HTTP challenge. This can be set per entry, so you can have both types of challenges at the same time for different entries. This option needs the `General Settings` - `DNS Provider` and `API KEY` set. -- `Dynamic DNS`: Enable Dynamic DNS, please configure DNS Provider and API Key in General Settings. The DNS Records of this domain will be automatically updated with your DNS Provider. +- `Dynamic DNS`: Enable Dynamic DNS, please configure DNS Provider and API Key in General Settings. The DNS Records of this domain will be automatically updated with your DNS Provider. - `Custom Certificate`: Use a Certificate you imported or generated in `System - Trust - Certificates`. The chain is generated automatically. `Certificate + Intermediate CA + Root CA`, `Certificate + Root CA` and `self signed Certificate` are all fully supported. - `HTTP Access Log`: Enable the HTTP request logging for this domain and its subdomains. This option is mostly for troubleshooting since it will log every single request. - `Description`: The description is mandatory. Create descriptions for each domain. Since there could be multiples of the same domain with different ports, do it like this: `foo.example.com` and `foo.example.com.8443`. @@ -182,10 +182,10 @@ Now you have a "Internet <-- HTTPS --> OPNsense (Caddy) <-- HTTP --> Backend Ser # Build caddy and os-caddy from source - As build system use a FreeBSD 13.2 - https://github.com/opnsense/tools - Use xcaddy to build your own caddy binary. Additonal Caddy plugins can be compiled in, here is an example: [Additional Plugins](https://github.com/opnsense/tools/blob/a555d25b11486835460a136af0b8ad2e517ae96b/config/24.1/make.conf#L94) -- Check the +MANIFEST file and put all dependant files into the right paths on your build system. Make sure to check your own file hashes with ```sha256 /path/to/file```. +- Check the +MANIFEST file and put all dependant files into the right paths on your build system. Make sure to check your own file hashes with ```sha256 /path/to/file```. - Use ```pkg create -M ./+MANIFEST``` in the folder of the ```+MANIFEST``` file. -- For os-caddy.pkg make sure you have the OPNsense tools build system properly set up. -- Build the os-caddy.pkg by going into /usr/plugins/devel/caddy/ and invoking ```make package``` +- For os-caddy.pkg make sure you have the OPNsense tools build system properly set up. +- Build the os-caddy.pkg by going into /usr/plugins/devel/caddy/ and invoking ```make package``` # Custom configuration files - The Caddyfile has an additional import from the path ```/usr/local/etc/caddy/caddy.d/```. You can place your own custom configuration files inside that adhere to the Caddyfile syntax. diff --git a/www/caddy/pkg-descr b/www/caddy/pkg-descr index f06e6c431..46d05631d 100644 --- a/www/caddy/pkg-descr +++ b/www/caddy/pkg-descr @@ -1,5 +1,5 @@ -Caddy - The Ultimate Server - makes your sites more secure, more reliable, and more scalable than any other solution. -By default, Caddy automatically obtains and renews TLS certificates for all your sites. +Caddy - The Ultimate Server - makes your sites more secure, more reliable, and more scalable than any other solution. +By default, Caddy automatically obtains and renews TLS certificates for all your sites. It's the most advanced HTTPS server in the world. Reverse Proxy HTTP, HTTPS, FastCGI, WebSockets, gRPC, FastCGI (usually PHP), and more! @@ -33,7 +33,7 @@ Plugin Changelog * A few typos in the general.volt and reverse_proxy.volt corrected. * The RealInterfaceField custom Fieldtype was removed and replaced with an OPNsense integrated template function to read the interface name. * Enable $internalModelUseSafeDelete in ReverseProxyController.php - Items can only be deleted when they are not referenced by other items, making deleting in the GUI safer since there can't be any orphaned configuration left behind. -* Migration script M1_1_3 from "Description" to "description" added. Lower case description is needed to be in line with some OPNsense integrated functions. +* Migration script M1_1_3 from "Description" to "description" added. Lower case description is needed to be in line with some OPNsense integrated functions. 1.5.0 diff --git a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/Api/GeneralController.php b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/Api/GeneralController.php index 21238afa1..299603a90 100644 --- a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/Api/GeneralController.php +++ b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/Api/GeneralController.php @@ -3,7 +3,7 @@ /** * Copyright (C) 2023-2024 Cedrik Pischem * Copyright (C) 2015 Deciso B.V. - * + * * All rights reserved. * * Redistribution and use in source and binary forms, with or without diff --git a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/Api/ReverseProxyController.php b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/Api/ReverseProxyController.php index 4415203b5..a1d71c831 100644 --- a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/Api/ReverseProxyController.php +++ b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/Api/ReverseProxyController.php @@ -136,8 +136,8 @@ class ReverseProxyController extends ApiMutableModelControllerBase { return $this->toggleBase("reverseproxy.handle", $uuid, $enabled); } - - + + /* AccessList Section */ public function searchAccessListAction() @@ -164,8 +164,8 @@ class ReverseProxyController extends ApiMutableModelControllerBase { return $this->delBase("reverseproxy.accesslist", $uuid); } - - + + /* BasicAuth Section */ public function searchBasicAuthAction() @@ -192,7 +192,7 @@ class ReverseProxyController extends ApiMutableModelControllerBase { if ($this->request->isPost()) { $postData = $this->request->getPost(); - + if (isset($postData['basicauth']['basicauthpass']) && !empty(trim($postData['basicauth']['basicauthpass']))) { $plainPassword = $postData['basicauth']['basicauthpass']; $hashedPassword = password_hash($plainPassword, PASSWORD_BCRYPT); diff --git a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dynamicdns.xml b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dynamicdns.xml index 836154910..0ed65411f 100644 --- a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dynamicdns.xml +++ b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dynamicdns.xml @@ -1,4 +1,4 @@ -
+ caddy.general.DynDnsSimpleHttp diff --git a/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Migrations/M1_1_3.php b/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Migrations/M1_1_3.php index a08a403b1..b8948233c 100644 --- a/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Migrations/M1_1_3.php +++ b/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Migrations/M1_1_3.php @@ -40,22 +40,22 @@ class M1_1_3 extends BaseModelMigration // Ensure there are reverse proxy configurations to process if (!empty($config->Pischem->caddy->reverseproxy)) { - + // Loop through each reverse proxy configuration in the stored configuration config.xml foreach ($config->Pischem->caddy->reverseproxy->children() as $configNode) { - + // Extract the UUID attribute to identify the configuration item $uuid = (string)$configNode->attributes()->uuid; - + // Check if the current configuration item has a 'Description' to migrate if (!empty($configNode->Description)) { - + // Store the value of 'Description' for migration $descriptionValue = (string)$configNode->Description; // Attempt to locate the corresponding node in the model using the UUID $modelNode = null; - + // Retrieve reverse proxy items from the model for matching UUID $reverseProxies = $model->getNodeByReference('reverseproxy')->iterateItems(); foreach ($reverseProxies as $item) { diff --git a/www/caddy/src/opnsense/mvc/app/views/OPNsense/Caddy/general.volt b/www/caddy/src/opnsense/mvc/app/views/OPNsense/Caddy/general.volt index 0b07581a4..fe8ecfe14 100644 --- a/www/caddy/src/opnsense/mvc/app/views/OPNsense/Caddy/general.volt +++ b/www/caddy/src/opnsense/mvc/app/views/OPNsense/Caddy/general.volt @@ -81,7 +81,7 @@ $('input, select, textarea').on('change', function() { $("#messageArea").hide(); }); - + // Reconfigure the Caddy service, additional validation with a validation API is made beforehand $("#reconfigureAct").SimpleActionButton({ onPreAction: function() { diff --git a/www/caddy/src/opnsense/mvc/app/views/OPNsense/Caddy/reverse_proxy.volt b/www/caddy/src/opnsense/mvc/app/views/OPNsense/Caddy/reverse_proxy.volt index 4c9750ee2..f152a356d 100644 --- a/www/caddy/src/opnsense/mvc/app/views/OPNsense/Caddy/reverse_proxy.volt +++ b/www/caddy/src/opnsense/mvc/app/views/OPNsense/Caddy/reverse_proxy.volt @@ -52,7 +52,7 @@ del:'/api/caddy/ReverseProxy/delHandle/', toggle:'/api/caddy/ReverseProxy/toggleHandle/', }); - + $("#accessListGrid").UIBootgrid({ search:'/api/caddy/ReverseProxy/searchAccessList/', get:'/api/caddy/ReverseProxy/getAccessList/', @@ -60,7 +60,7 @@ add:'/api/caddy/ReverseProxy/addAccessList/', del:'/api/caddy/ReverseProxy/delAccessList/', }); - + $("#basicAuthGrid").UIBootgrid({ search:'/api/caddy/ReverseProxy/searchBasicAuth/', get:'/api/caddy/ReverseProxy/getBasicAuth/', @@ -90,7 +90,7 @@ // Hide message area when starting new actions $('input, select, textarea').on('change', function() { $("#messageArea").hide(); - }); + }); // Adjusting the Reconfigure button to include validation in onPreAction $("#reconfigureAct").SimpleActionButton({ @@ -259,7 +259,7 @@ - +
diff --git a/www/caddy/src/opnsense/scripts/OPNsense/Caddy/caddy_control.py b/www/caddy/src/opnsense/scripts/OPNsense/Caddy/caddy_control.py index 2fc795ab4..da949afef 100755 --- a/www/caddy/src/opnsense/scripts/OPNsense/Caddy/caddy_control.py +++ b/www/caddy/src/opnsense/scripts/OPNsense/Caddy/caddy_control.py @@ -32,7 +32,7 @@ import sys def run_service_command(action, action_message): result = {"message": action_message} - + if action == "validate": try: # Call Setup script diff --git a/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile b/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile index 95892a590..079d3a19e 100644 --- a/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile +++ b/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile @@ -465,39 +465,39 @@ log { output file /var/log/caddy/access/{{ reverse['@uuid'] }}.log { roll_keep_for {{ generalSettings.LogAccessPlainKeep|default("10") }}d - } + } } {% endif %} {% endif %} {% set customCert = reverse.CustomCertificate|default("") %} {% set dnsChallenge = reverse.DnsChallenge|default("0") %} {{ tls_configuration(dnsProvider, dnsApiKey, customCert, dnsChallenge, dnsSecretApiKey, TlsDnsOptionalField1, TlsDnsOptionalField2, TlsDnsOptionalField3, TlsDnsOptionalField4, TlsDnsOptionalField5, TlsDnsOptionalField6) }} - + {% if not reverse.accesslist %} {% set basicauth_uuids = reverse.basicauth %} {{ basicauth_configuration(basicauth_uuids) }} {% endif %} - + {% for subdomain in helpers.toList('Pischem.caddy.reverseproxy.subdomain') %} {% if subdomain.enabled|default("0") == "1" and subdomain.reverse == reverse['@uuid'] %} @{{ subdomain['@uuid'] }} { host {{ subdomain.FromDomain }}{% if subdomain.FromPort %}:{{ subdomain.FromPort }}{% endif %} } handle @{{ subdomain['@uuid'] }} { - + {% if not subdomain.accesslist %} {% set subdomain_basicauth_uuids = subdomain.basicauth %} {{ basicauth_configuration(subdomain_basicauth_uuids) }} {% endif %} - + {% if subdomain.accesslist %} {% set accesslist = helpers.toList('Pischem.caddy.reverseproxy.accesslist') | selectattr('@uuid', 'equalto', subdomain.accesslist) | first %} {{ access_list_configuration(accesslist, accesslist.accesslistInvert|default("0") == "1") }} handle @{{ accesslist['@uuid'] }} { - + {% set subdomain_basicauth_uuids = subdomain.basicauth %} {{ basicauth_configuration(subdomain_basicauth_uuids) }} - + {% set subdomain_handles = helpers.toList('Pischem.caddy.reverseproxy.handle') | selectattr('subdomain', 'equalto', subdomain['@uuid']) | list %} {% for handle in subdomain_handles %} {% if handle.enabled|default("0") == "1" and handle.HandlePath %} @@ -534,10 +534,10 @@ {% set accesslist = helpers.toList('Pischem.caddy.reverseproxy.accesslist') | selectattr('@uuid', 'equalto', reverse.accesslist) | first %} {{ access_list_configuration(accesslist, accesslist.accesslistInvert|default("0") == "1") }} handle @{{ accesslist['@uuid'] }} { - + {% set basicauth_uuids = reverse.basicauth %} {{ basicauth_configuration(basicauth_uuids) }} - + {% set wildcard_handles = helpers.toList('Pischem.caddy.reverseproxy.handle') | selectattr('reverse', 'equalto', reverse['@uuid']) | selectattr('subdomain', 'undefined') | list %} {% for handle in wildcard_handles %} {% if handle.enabled|default("0") == "1" and handle.HandlePath %}