as title says really. any changes to /usr/local/etc/squid/squid.conf get overwritten on system updates/changes in the GUI. I want to add something (specifically tcp_outgoing_address) that needs to be persistently in there. (doesn't appear to be a GUI option to set this).
I've read something about pre-auth and post-auth folders but from looking at whats in them currently, the contents of such doesn't seem to appear in the squid.conf file so i dont think it works like that. Plus those folders seem to be very specifically relating to opnsense and I cannot find any documentation on them.
Please advise.
Thanks
It's documented here:
https://docs.opnsense.org/development/backend/templates.html#target-overwrites
Cheers,
Franco
Great, thank you. I wasn't aware that you referred to this as 'templates'. I'll give it a read. :)
Ok i just tested this
created a additional entry to the +TARGETS file of test.conf and added the line to that
test.conf:/usr/local/etc/squid/squid.conf
but it seems to completely overwrite the .squid.conf with the contents of test.conf. it doesn't append the contents to the end of the squid.conf file which is what I need.
Is there a way of doing that? Also is this way of doing it likely to break/be reset on any system update, or are these files explicitly exempt from being touched during an update?
thanks
:edit: I just added the line to the bottom of the squid.conf template file. seems to have worked for nwo. but it's not ideal i guess as i'm sure that file will be replaced should there be any updates to the proxy in the future.
@Franco can you please shed some light on this how to proceed?
Sorry, it's in the documentation.
I repeat as said a number of times: DO NOT EDIT EXISTING FILES.
If you need to edit an existing template you copy it to the override and adjust this one. But from that point on you OWN it and have to MAINTAIN it. Same rules apply to us.
Sometimes services include a file inclusion mechanism (squid does too), but again I'm really not here to support how to do things the community as a whole (contributions!) won't benefit from.
Cheers,
Franco
Hi Franco,
thanks a lot for your reply, now it is clear regarding the template.
I found a lot of posts regarding this specific issue in the forum. And the Community will benefit from this feature, especially new opnsense users who use squid proxy and openvpn together should be able to rely on squid using the VPN IP and not the real Wan IP is being communicated in the background when surfing through internet. It would be great to have a user voice here in the forum and to be able to vote for new features.
Thx!
I meant if there is a PR on GitHub I'm happy to help and dig up stuff, but I don't see that here for the moment at least.
Cheers,
Franco
Franco, n00bs don't understand what github is, let alone a PR. Bear in mind that a lot of users of OPNsense are not massively technical and i dare say that most are not developers
Even knowing as Non-Dev what Github is, it will go definitly faster for a Dev to open a PR ...
The testing till know, and the workaround are in this post and here https://forum.opnsense.org/index.php?topic=26484.0 available
Just Executing the Script via Cron is still not working..
Im happy to Test further
br
The Non-Dev :)
I'm not sure how to argue this.
In order to get features into the project *someone* needs to add it. If nobody involved here adds a PR it's likely that they need to find *someone* else to open a PR or commit code.
I don't see code and I don't see *someone* yet.
Am I missing something? And please don't say there is no help here or lack of documentation.
Cheers,
Franco
right, but as i say, neither of us are developers. so suggesting to create a PR on your repository is not an option and frankly assuming that people can is pretty ridiculous. surely you have a method of creating RFE's?
> [...] ridiculous [...]
I assure you it's not. Maybe you misunderstood.
Cheers,
Franco
maybe i did. a PR, from what i understand is to provide code to a repository with the view of the owner of the project pulling that code into their codebase. is that not correct?
Correct, what I said was merely:
I can't help with all the questions regarding building something that doesn't reach the project.
There is documentation, there is working code.
If you want review open a PR. If not, you are on your own now.
Cheers,
Franco
Quote from: franco on March 10, 2022, 01:48:37 PM
It's documented here:
https://docs.opnsense.org/development/backend/templates.html#target-overwrites
I have read this docs now three times and still don't understand how this will help me to add additional configuration lines to squid.conf
If someone has used the templates to change squid.conf and share his knowledge I would be happy to create a Pull Request (PR) for the docs.
@franco : Or is there any other site / wiki where we can share/find such HowTo's ??
Hint #1 found in https://forum.opnsense.org/index.php?topic=5892.msg24457#msg24457