- New user and group sslh has been added.
- Added USELIBCAP to make transparent mode possible.
- red.up script has been added. If red IP changes, sslh will be restarted to run with the new IP.
- red.up script searches for sslh symlink in rc3.d, if nothing can be found, it will not start so it can be disabled via WUI (services.cgi).
- Symlinks for runlevels has been nevertheless added to sslh package to control it also via services.cgi.
- Configuration block has been added to sslh initscript.
- External IP address check will also be used for configure options.
- Configure provides currently only OpenVPN
- OpenVPN port will be automatically investigated.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
+etc/rc.d/init.d/networking/red.up/25-sslh
etc/rc.d/init.d/sslh
usr/sbin/sslh
--- /dev/null
+#!/bin/bash
+
+# Check if SSLH has been enabled in WUI
+if ls /etc/rc.d/rc3.d | grep -q '.*sslh' >/dev/null; then
+ # If SSLH is enabled and running but red0 gets a new IP, restart SSLH
+ if pgrep 'sslh' > /dev/null; then
+ /etc/init.d/sslh restart
+ else
+ # If sslh is not running yet, start it
+ /etc/init.d/sslh start
+ fi
+else
+ # If SSLH has been disabled on boot via services WUI, stop service
+ /etc/init.d/sslh stop
+fi
+
+# EOF
ln -sf ../init.d/client175 /etc/rc.d/rc0.d/K34client175
ln -sf ../init.d/client175 /etc/rc.d/rc3.d/S66client175
ln -sf ../init.d/client175 /etc/rc.d/rc6.d/K34client175
- ln -sf ../init.d/sslh /etc/rc.d/rc3.d/S98sslh
- ln -sf ../init.d/sslh /etc/rc.d/rc0.d/K02sslh
- ln -sf ../init.d/sslh /etc/rc.d/rc6.d/K02sslh
ln -sf ../init.d/vdradmin /etc/rc.d/rc3.d/S99vdradmin
ln -sf ../init.d/vdradmin /etc/rc.d/rc0.d/K01vdradmin
ln -sf ../init.d/vdradmin /etc/rc.d/rc6.d/K01vdradmin
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.7a
+VER = 1.20
THISAPP = sslh-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = sslh
-PAK_VER = 5
+PAK_VER = 6
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ee124654412198a5e11fe28acf10634d
+$(DL_FILE)_MD5 = 0db26ed2825b1ef6c83959a988279912
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && make CFLAGS="$(CFLAGS)" $(MAKETUNING) USELIBWRAP=
- cd $(DIR_APP) && install -v -m 755 sslh /usr/sbin
+ cd $(DIR_APP) && make CFLAGS="$(CFLAGS)" $(MAKETUNING) USELIBCAP=1 USELIBWRAP=
+ cd $(DIR_APP) && install -v -m 755 sslh-fork /usr/sbin/sslh
- #install initscripts
+ # Install initscripts
$(call INSTALL_INITSCRIPT,sslh)
+ # Install red.up
+ install -v -m 754 -D $(DIR_CONF)/sslh/25-sslh /etc/rc.d/init.d/networking/red.up/25-sslh
@rm -rf $(DIR_APP)
@$(POSTBUILD)
# Based on sysklogd script from LFS-3.1 and earlier.
# Rewritten by Gerard Beekmans - gerard@linuxfromscratch.org
+#
+#############################################################
+#
. /etc/sysconfig/rc
. $rc_functions
+DAEMON="/usr/sbin/sslh"
+PID="/var/run/sslh.pid"
+
+# Check external IP address and ports
+EXTERNAL_IP_ADDRESS="$(</var/ipfire/red/local-ipaddress)"
+
+# Investigate OpenVPN port
+IPFIREOPENVPN=$(awk '/port/ { print $2 }' /var/ipfire/ovpn/server.conf)
+
+# Loopback interface
+LO="127.0.0.1"
+
+# Used TCP ports
+LISTENPORT="443"
+OPENVPNPORT=${IPFIREOPENVPN}
+
+# Configuration options
+DAEMON_OPTS="
+--user sslh
+--listen ${EXTERNAL_IP_ADDRESS}:${LISTENPORT}
+--openvpn ${LO}:${OPENVPNPORT}
+--pidfile ${PID}
+-C /var/empty
+"
+
case "$1" in
start)
boot_mesg "Starting SSLH Deamon..."
-
- LOCAL_IP_ADDRESS="$(</var/ipfire/red/local-ipaddress)"
- if [ -z "${LOCAL_IP_ADDRESS}" ]; then
+ if [ -z "${EXTERNAL_IP_ADDRESS}" ]; then
echo_failure
boot_mesg -n "FAILURE:\n\nCould not determine" ${FAILURE}
boot_mesg -n " your external IP address."
boot_mesg "" ${NORMAL}
exit 1
fi
-
- loadproc /usr/sbin/sslh -u nobody \
- -p "${LOCAL_IP_ADDRESS}:443" -s localhost:222 -l localhost:444
+ loadproc ${DAEMON} ${DAEMON_OPTS}
evaluate_retval
;;
stop)
boot_mesg "Stopping SSLH Deamon..."
- killproc /usr/sbin/sslh
+ killproc ${DAEMON}
+ rm -f ${PID}
evaluate_retval
;;
;;
status)
- statusproc /usr/sbin/sslh
+ statusproc ${DAEMON}
;;
*)
#
. /opt/pakfire/lib/functions.sh
extract_files
-ln -s /etc/init.d/sslh /etc/rc.d/init.d/networking/red.up/50-sslh
+
+# Add user and group for sslh if not already done
+if ! getent group sslh &>/dev/null; then
+ groupadd -g 131 sslh
+fi
+
+if ! getent passwd sslh; then
+ useradd -u 123 -g sslh -c "SSLH daemon user" -d /var/empty -s /bin/false sslh
+fi
+
+# Set symlink for runlevels
+ln -svf ../init.d/sslh /etc/rc.d/rc0.d/K02sslh
+ln -svf ../init.d/sslh /etc/rc.d/rc3.d/S98sslh
+ln -svf ../init.d/sslh /etc/rc.d/rc6.d/K02sslh
+
start_service --background ${NAME}
. /opt/pakfire/lib/functions.sh
stop_service ${NAME}
remove_files
-rm -f /etc/rc.d/init.d/networking/red.up/50-sslh
+
+# Delete symlinks in runlevels
+rm -f /etc/rc.d/rc?.d/???sslh;