Merge branch 'master' of https://github.com/liudf0716/apfree_wifidog

README.md

@@ -29,24 +29,26 @@ Apfree-WiFidog is an open source captive portal solution for wireless router whi
 
 **[中文介绍](https://github.com/liudf0716/apfree_wifidog/blob/master/README_ZH.md)**
 
-## Features different between original wifidog and us
+## Enhancement of apfree-wifidog 
 
-It has some awesome features:
+In fact, the title should be why we choose apfree-wifidog, the reason was the following: 
 
-* *Compatible with original wifidog protocol*. You can seamless migration Apfree WiFidog to connect your auth server if you runned traditional wifidog.
+>  Stable
 
-* *HTTPS support*. Not only `HTTP`, Apfree WiFiDog can capture `HTTPS` URL request. It's a big deference between traditional WiFiDog.
+apfree-wifidog was widely used in tens of thousands device, which were running in business scene. In order to improve its stable, we rewrite all iptables rule by api instead of fork call, which will easily cause deadlock in multithread-fork running environment
 
-* *Efficient performance*. Run shell command `time curl --compressed` to test the Apfree WiFiDog reaction rate, `HTTP` response time is 0.05s and `HTTPS` is about 0.2s.
+> Efficent
 
-* *Dynamical bulk loading*. Support MAC address and IP address bulk loading with out restart Apfree WiFiDog.
+apfree-wifidog's http request-response is more short, u can find statistic data in our test document
 
-* *Wide application of business*. Apfree WiFidog has been installed and used in tens of thousands routers from KunTeng.Org and partners. Users have been affirmed, fully embodies the applicability, reliability.
+> More features
+
+apfree-wifidog support https redirect, mac temporary-pass, ip,domain,pan-domain,white-mac,black-mac rule and etc.
 
 
 ----
 
-## Added to Openwrt&LEDE 
+## How to added apfree-wifidog into Openwrt package 
 
 Please go to [package_apfree_wifidog](https://github.com/KunTengRom/package_apfree_wifidog)
 
@@ -55,43 +57,69 @@ Please go to [package_apfree_wifidog](https://github.com/KunTengRom/package_apfr
 
 ## Getting started
 
-After compiling and installing Apfree WiFiDog into your local router, run the `ps | grep wifidog` command. The `ps | grep wifidog` command queries the Linux system for information about Apfree WiFiDog.
+before starting apfree-wifidog, we must know how to configure it. apfree-wifidog use OpenWrt standard uci config system, all your apfree-wifidog configure information stored in `/etc/confg/wifidog`, which will be parsed by  `/etc/init.d/wifidog` to /tmp/wifidog.conf, apfree-wifidog's real configure file is `/tmp/wifidog.conf`
+
+The default apfree-wifidog UCI configuration file like this:
 
 ```
-root@lede:~# ps | grep wifidog
- 1406 root      6532 S    /usr/bin/wifidog -c /tmp/wifidog.conf -f -d 0
+config wifidog
+    option  gateway_interface   'br-lan'
+    option  auth_server_hostname    'wifidog.kunteng.org.cn'
+    option  auth_server_port    8001
+    option  auth_server_path    '/wifidog/'
+    option  check_interval      60
+    option  client_timeout      72000
+    option  httpd_max_conn      200
+    option  pool_mode           1
+    option  thread_number       5
+    option  queue_size          20
+    option  wired_passed        0
+    option  enable      0
 ```
 
-In this example, we can see Apfree WiFiDog has run automatically. This command shows some useful information:
+> auth_server_hostname was apfree-wifidog auth server, it can be domain or ip; wifidog.kunteng.org.cn is a free auth server we provided, it was also open source 
+
+> pool_mode means whether to support thread pool, default supporting it cause this mode is more efficient according to our testing, u can tune thread_number and queue_size to adapt your environment, but we suggest using default value
 
-* `/usr/bin/wifidog` is the executable binary daemon program, it's named `wifidog` for compatible.
-* `/tmp/wifidog.conf` is the WiFiDog's configuration file that generated by parsing `/etc/config/wifidog`. The `UCI` format file `/etc/config/wifidog` is the main configuration file for user, and it will be used by Apfree WiFidog to generate wifidog reader file `/tmp/wifidog.conf`.
-* Using operations of `-c -f -d` for default parameters, and you can get their by running command `wifidog --help`.
+> wired_passed means whether LAN access devices need to auth or not, value 1 means no need to auth 
 
+> enable means whether start apfree-wifidog when we executed `/etc/init.d/wifidog start`, if u wanted to start apfree-wifidog, you must set enable to 1 before executing `/etc/init.d/wifidog start`
 
-The default UCI configuration file like this:
+### How to support https rediret
+
+In order to support https redirect, apfree-wifidog need x509 pem cert and private key, u can generate youself like this:
 
 ```
-config wifidog
-        option gateway_interface 'br-lan'
-        option auth_server_hostname 'entrance.yourauth.org'
-        option auth_server_port '80'
-        option auth_server_path '/wifidog/'
-        option check_interval '60'
-        option client_timeout '72000'
-        option httpd_max_conn '200'
-        option pool_mode '1'
-        option thread_number '5'
-        option queue_size '20'
-        option wired_passed '1'
-        option trusted_domains 'www.baidu.com,www.qq.com,www.qq.com.cn,www.weixin.com'
+PX5G_BIN="/usr/sbin/px5g"
+OPENSSL_BIN="/usr/bin/openssl"
+APFREE_CERT="/etc/apfree.crt"
+APFREE_KEY="/etc/apfree.key"
+
+generate_keys() {
+    local days bits country state location commonname
+
+    # Prefer px5g for certificate generation (existence evaluated last)
+    local GENKEY_CMD=""
+    local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
+    [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform pem -nodes"
+    [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -pem"
+    [ -n "$GENKEY_CMD" ] && {
+        $GENKEY_CMD \
+            -days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${APFREE_KEY}.new" -out "${APFREE_CERT}.new" \
+            -subj /C="${country:-CN}"/ST="${state:-localhost}"/L="${location:-Unknown}"/O="${commonname:-ApFreeWiFidog}$UNIQUEID"/CN="${commonname:-ApFreeWiFidog}"
+        sync
+        mv "${APFREE_KEY}.new" "${APFREE_KEY}"
+        mv "${APFREE_CERT}.new" "${APFREE_CERT}"
+    }
+}
+
 ```
 
-wired_passed means whether LAN access devices need to auth or not, value 1 means no need to auth 
+or when u start `/etc/init.d/wifidog start`, it will generate it automatically
 
-Domains of `www.baidu.com,www.qq.com,www.qq.com.cn,www.weixin.com` is trusted in this default configuration file, and you can modify it to what you want.
+### Attention! when apfree-wifidog redirect https request, u will receive certificate file is illegal warning, no need to panic, it's normal response
 
-### Apfree wifidog Auth server open source project
+### apfree-wifidog Auth server open source project
 
 apfree wifidog's official auth server is [wwas](https://github.com/wificoin-project/wificoin-wifidog-auth-server), which support wfc pay and weixin auth-mode and more auth-way will be support.