Skip to content

Step 4: Install Web Safety Core

To install the core components of Web Safety, navigate to core sub folder and run script 04_websafety.sh. Contents of this script are shown below. 

#!/bin/bash

# all packages are installed as root
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

# install web safety core daemons
MAJOR="9.3.0"
MINOR="2BCF"
ARCH="amd64"

# download
wget https://packages.diladele.com/websafety-core/$MAJOR.$MINOR/$ARCH/release/ubuntu22/websafety-$MAJOR.${MINOR}_$ARCH.deb

# install
dpkg --install websafety-$MAJOR.${MINOR}_$ARCH.deb

# for the authenticated portal to work we need to show our own deny info for 511 requests
# due to the bug in squid it thinks the path start in templates not on / 
mkdir -p /usr/share/squid/errors/templates/opt/websafety/etc/squid

# so we make a link to trick it 
ln -s /opt/websafety/etc/squid/portal.html /usr/share/squid/errors/templates/opt/websafety/etc/squid/portal.html

# web safety runs using the same user as squid
chown -R proxy:proxy /opt/websafety

Now run the 05_integrate.sh script from the same folder to perform integration of Squid proxy and core components of Web Safety.

#!/bin/bash

# all packages are installed as root
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

# install required system packages
apt -y install cron htop mc net-tools jq vim

# replace the squid config
if [ ! -f /etc/squid/squid.conf.default ]; then
    cp -f /etc/squid/squid.conf /etc/squid/squid.conf.default
fi
cp -f squid.conf /etc/squid/squid.conf

# re-initialize storage for mimicked ssl certificates
SSL_DB=/var/spool/squid/ssldb
if [ -d $SSL_DB ]; then
    rm -Rf $SSL_DB
fi
/usr/lib/squid/security_file_certgen -c -s $SSL_DB -M 4MB
if [ $? -ne 0 ]; then
    echo "Error $? while initializing SSL certificate storage, exiting..."
    exit 1
fi

# relabel folder and logs
chown -R proxy:proxy $SSL_DB
chown -R proxy:proxy /var/log/squid

# and restart all daemons
systemctl start wsicapd && service squid restart
Note that the script installs a predefined squid.conf file. This configuration file will only contain one single reference to Web Safety generated configuration files as indicated below. 

#
# squid.conf - fully managed by Web Safety
#

#
# the conf files in /opt/websafety/etc/squid/* folder are generated based on templates
# stored in /opt/websafety-ui/var/console/squid/templates/squid/conf/* folder. For now, 
# not all settings of Squid can be managed from Web UI; sometimes it is necessary 
# to edit the templates manually and then click Save and Restart from Web UI 
# to actually regenerate configuration files from these templates.
#
# We are adding more and more Squid management into Web UI but the work is not yet
# over. Hopefully in several releases you will seldom need to manually change the
# templates.
#
#
include "/opt/websafety/etc/squid/squid.conf"

Good, core components of Web Safety are now installed and we can move on to installing the Admin UI on the following step.