net/ntopng: listen address configuration, Redis password support, and other config improvments

databases/redis/src/opnsense/mvc/app/controllers/OPNsense/Redis/Api/ServiceController.php

@@ -39,6 +39,22 @@ class ServiceController extends ApiMutableServiceControllerBase
     protected static $internalServiceEnabled = 'general.enabled';
     protected static $internalServiceName = 'redis';
 
+    private function shouldNtopngReconfig() {
+        $cnf = \OPNsense\Core\Config::getInstance()->object();
+
+        if ($cnf->OPNsense && $cnf->OPNsense->ntopng && $cnf->OPNsense->ntopng->general) {
+            if ((string)$cnf->OPNsense->ntopng->general->redisconnection !== '') {
+                return false;
+            }
+
+
+            if ((string)$cnf->OPNsense->ntopng->general->enabled === '1') {
+                return true;
+            }
+        }
+        return false;
+    }
+
     /**
      * remove database folder
      * @return array
@@ -49,4 +65,18 @@ public function resetdbAction()
         $response = $backend->configdRun("redis resetdb");
         return array("response" => $response);
     }
+
+    public function reconfigureAction() {
+        $result = parent::reconfigureAction();
+
+        if ($result['status'] == 'ok') {
+            if ($this->shouldNtopngReconfig()) {
+                $backend = new Backend();
+                $backend->configdRun('template reload OPNsense/Ntopng');
+                $backend->configdRun('ntopng restart');
+            }
+        }
+
+        return $result;
+    }
 }

databases/redis/src/opnsense/mvc/app/models/OPNsense/Redis/Redis.php

@@ -29,7 +29,26 @@
 namespace OPNsense\Redis;
 
 use OPNsense\Base\BaseModel;
+use OPNsense\Base\Messages\Message;
 
 class Redis extends BaseModel
 {
+    public function performValidation($validateFullModel = false)
+    {
+        $messages = parent::performValidation($validateFullModel);
+
+        $password = (string)$this->security->password;
+
+        if (!empty($password) && (strpos($password, '\\') !== false || strpos($password, '`') !== false)) {
+            $message = new Message(
+                gettext(
+                    "Password cannot contain backslash (\\) or backtick (`) characters",
+                ),
+                "security.password"
+            );
+            $messages->appendMessage($message);
+        }
+
+        return $messages;
+    }
 }

net/ntopng/src/opnsense/mvc/app/controllers/OPNsense/Ntopng/forms/general.xml

@@ -13,23 +13,32 @@
         <help>Select the interface to listen to. Set to none if you want to choose the interface via ntopng UI.</help>
     </field>
     <field>
-        <id>general.httpport</id>
-        <label>HTTP Port</label>
-        <type>text</type>
-        <help>HTTP Port this service listens on.</help>
+        <id>general.addresseshttp</id>
+        <label>Listen addresses (HTTP)</label>
+        <style>tokenize</style>
+        <type>select_multiple</type>
+        <allownew>true</allownew>
+        <help>Address(es) this service listens on.</help>
     </field>
     <field>
-        <id>general.httpsport</id>
-        <label>HTTPS Port</label>
+        <id>general.addresseshttps</id>
+        <label>Listen address (HTTPS)</label>
         <type>text</type>
-        <help>HTTPS Port this service listens on. If you enable HTTPS you will be redirected from HTTP to HTTPS. Please select a certificate below</help>
+        <help>Address this service listens on. (the limit of 1 address comes from ntopng)</help>
     </field>
     <field>
         <id>general.cert</id>
         <label>Certificate</label>
         <type>dropdown</type>
         <help>Set the certificate to use for HTTPS connections.</help>
     </field>
+    <field>
+        <id>general.redisconnection</id>
+        <label>Redis connection override</label>
+        <type>text</type>
+        <advanced>true</advanced>
+        <help>the defines the redis connections as per --redis in www.ntop.org/guides/ntopng/cli_options/cli_options.html</help>
+    </field>
     <field>
         <id>general.dnsmode</id>
         <label>DNS Mode</label>

net/ntopng/src/opnsense/mvc/app/models/OPNsense/Ntopng/General.php

@@ -29,7 +29,61 @@
 namespace OPNsense\Ntopng;
 
 use OPNsense\Base\BaseModel;
+use OPNsense\Base\Messages\Message;
 
 class General extends BaseModel
 {
+    public function performValidation($validateFullModel = false)
+    {
+        $messages = parent::performValidation($validateFullModel);
+
+
+        $http = (string)$this->addresseshttp;
+        $https = (string)$this->addresseshttps;
+
+        if ($http === '' && $https === '') {
+            $msg = gettext('Please input at least an HTTP or HTTPS port.');
+
+            $messages->appendMessage(new Message(
+                $msg,
+                'addresseshttp'
+            ));
+
+            $messages->appendMessage(new Message(
+                $msg,
+                'addresseshttps'
+            ));
+        }
+
+
+        $redis_conn = (string)$this->redisconnection;
+
+        if (trim($redis_conn) === '' && $redis_conn !== '') {
+            $messages->appendMessage(new Message(
+                gettext(
+                    "Can't be all whitespace"
+                ),
+                'redisconnection'
+            ));
+        } else {
+            if ($redis_conn !== ltrim($redis_conn)) {
+                $messages->appendMessage(new Message(
+                    gettext(
+                        "Can't have leading whitespace"
+                    ),
+                    'redisconnection'
+                ));
+            }
+            if ($redis_conn !== rtrim($redis_conn)) {
+                $messages->appendMessage(new Message(
+                    gettext(
+                        "Can't have trailing whitespace"
+                    ),
+                    'redisconnection'
+                ));
+            }
+        }
+
+        return $messages;
+    }
 }

net/ntopng/src/opnsense/mvc/app/models/OPNsense/Ntopng/General.xml

@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/ntopng/general</mount>
     <description>ntopng configuration</description>
-    <version>0.0.2</version>
+    <version>0.1.3</version>
     <items>
         <enabled type="BooleanField">
             <Default>0</Default>
@@ -12,31 +12,37 @@
             <Multiple>Y</Multiple>
             <AllowDynamic>Y</AllowDynamic>
         </interface>
-        <httpport type="PortField">
-            <Required>Y</Required>
-            <Default>3000</Default>
-        </httpport>
-        <httpsport type="PortField">
+        <addresseshttp type="IPPortField">
+            <Required>N</Required>
+            <Default>[::]:3000,0.0.0.0:3000</Default>
+            <AsList>Y</AsList>
+        </addresseshttp>
+        <addresseshttps type="IPPortField">
             <Required>N</Required>
+            <Default></Default>
             <Constraints>
                 <check001>
-                    <ValidationMessage>Please select a HTTPS port and a valid certificate</ValidationMessage>
+                    <ValidationMessage>Please select an HTTPS port and a valid certificate</ValidationMessage>
                     <type>AllOrNoneConstraint</type>
                     <addFields>
                         <field1>cert</field1>
                     </addFields>
                 </check001>
             </Constraints>
-        </httpsport>
+            <AsList>N</AsList>
+        </addresseshttps>
         <cert type="CertificateField">
             <Type>cert</Type>
             <Required>N</Required>
             <Constraints>
                 <check001>
-                    <reference>httpsport.check001</reference>
+                    <reference>addresseshttps.check001</reference>
                 </check001>
             </Constraints>
         </cert>
+        <redisconnection type="TextField">
+            <Required>N</Required>
+        </redisconnection>
         <dnsmode type="OptionField">
             <Required>N</Required>
             <OptionValues>

net/ntopng/src/opnsense/service/templates/OPNsense/Ntopng/ntopng.conf

@@ -2,17 +2,29 @@
 {% from 'OPNsense/Macros/interface.macro' import physical_interface %}
 {%   if helpers.exists('OPNsense.ntopng.general.interface') and OPNsense.ntopng.general.interface != '' %}
 {%     for iface in OPNsense.ntopng.general.interface.split(',') %}
--i={{ physical_interface(iface) }}
+--interface={{ physical_interface(iface) }}
 {%     endfor %}
 {%   endif %}
-{%   if helpers.exists('OPNsense.ntopng.general.httpport') and OPNsense.ntopng.general.httpport != '' %}
--w={{ OPNsense.ntopng.general.httpport }}
+
+{%   if helpers.exists('OPNsense.ntopng.general.addresseshttp') and OPNsense.ntopng.general.addresseshttp != '' %}
+--http-port="{{ OPNsense.ntopng.general.addresseshttp }}"
+{%   else %}
+--http-port=0
 {%   endif %}
-{%   if helpers.exists('OPNsense.ntopng.general.httpsport') and OPNsense.ntopng.general.httpsport != '' %}
--W={{ OPNsense.ntopng.general.httpsport }}
+
+{%   if helpers.exists('OPNsense.ntopng.general.addresseshttps') and OPNsense.ntopng.general.addresseshttps != '' %}
+--https-port="{{ OPNsense.ntopng.general.addresseshttps }}"
+{%   endif %}
+
+{%   if helpers.exists('OPNsense.ntopng.general.redisconnection') and OPNsense.ntopng.general.redisconnection != '' %}
+--redis={{ OPNsense.ntopng.general.redisconnection }}
+{%   elif helpers.exists('OPNsense.redis.security.password') and OPNsense.redis.security.password != '' %}
+--redis=localhost:{{ OPNsense.redis.general.port | default('6379') }}:{{ OPNsense.redis.security.password }}
+{%   elif helpers.exists('OPNsense.redis.general.port') and OPNsense.redis.general.port != '' %}
+--redis=localhost:{{ OPNsense.redis.general.port }}
 {%   endif %}
 {%   if helpers.exists('OPNsense.ntopng.general.dnsmode') and OPNsense.ntopng.general.dnsmode != '' %}
--n={{ OPNsense.ntopng.general.dnsmode }}
+--dns-mode={{ OPNsense.ntopng.general.dnsmode }}
 {%   endif %}
--d=/var/db/ntopng
+--data-dir=/var/db/ntopng
 {% endif %}