Step 4: Install Web Safety CoreΒΆ

Run 04_websafety.sh script to install the core components for Web Safety. Contents of this script are shown below. After that we will install Admin UI for Squid and Web Safety on the next step.

#!/bin/bash

# all packages are installed as root
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

# default arc
MAJOR="9.0.0"
MINOR="13EE"

# get latest build
curl -O https://packages.diladele.com/websafety-core/$MAJOR.$MINOR/amd64/release/redhat9/websafety-${MAJOR}-${MINOR}.x86_64.rpm

# and install it
dnf -y install websafety-${MAJOR}-${MINOR}.x86_64.rpm

# web safety runs using the same user as squid
chown -R squid:squid /opt/websafety

# for the authenticated portal to work we need to show our own deny info for 511 requests
# due to the bug in squid it thinks the path start in templates not on / 
mkdir -p /usr/share/squid/errors/templates/opt/websafety/etc/squid

# so we make a link to trick it 
ln -s /opt/websafety/etc/squid/portal.html /usr/share/squid/errors/templates/opt/websafety/etc/squid/portal.html

Now run the 05_integrate.sh script from the same folder to perform integration of Squid proxy and core components of Web Safety.

#!/bin/bash

# integration should be done as root
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

# allow connection to squid
firewall-cmd --permanent --zone=public --add-port=3128/tcp
firewall-cmd --reload

# adjust the squid.conf
if [ ! -f /etc/squid/squid.conf.original ]; then
    mv /etc/squid/squid.conf /etc/squid/squid.conf.original
fi

# copy new config
cp squid.conf /etc/squid/squid.conf

# allow web ui read-only access to squid configuration file
chmod o+r /etc/squid/squid.conf

# allow web ui read-only access to squid logs
chmod o+x /var/log/squid
chmod -R o+r /var/log/squid

# create storage for generated ssl certificates
SSL_DB=/var/spool/squid/ssldb
if [ -d $SSL_DB ]; then
	rm -Rf $SSL_DB
fi

/usr/lib64/squid/security_file_certgen -c -s $SSL_DB -M 4MB

# and change its ownership
chown -R squid:squid $SSL_DB

# parse the resulting config just to be sure
/usr/sbin/squid -k parse

# restart squid to load all config
systemctl restart squid

Note that the script installs a predefined squid.conf file. This configuration file will only contain one single reference to Web Safety generated configuration files as indicated below.

#
# squid.conf - fully managed by Web Safety Admin UI (Web UI)
#

#
# the conf files in /opt/websafety/etc/squid/* folder are generated based on templates
# stored in /opt/websafety/var/console/squid/templates/squid/conf/* folder. For now, 
# not all settings of Squid can be managed from Web UI; sometimes it is necessary 
# to edit the templates manually and then click Save and Restart from Web UI 
# to actually regenerate configuration files from these templates.
#
# We are adding more and more Squid management into Web UI but the work is not yet
# over. Hopefully in several releases you will seldom need to manually change the
# templates.
#
#
include "/opt/websafety/etc/squid/squid.conf"

Good, core components of Web Safety are now installed and we can move on to installing the Admin UI on the following step.