aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiBa-NL <pba_2k3@yahoo.com>2013-03-06 00:08:28 +0100
committerPiBa-NL <pba_2k3@yahoo.com>2013-03-06 00:08:28 +0100
commit00240df580c59b9a54dafafcbf5524d266f1616e (patch)
tree4bd43d2d80f9abd7d5741a006717cf765c27627f
parentc0ef04b32c9556106550e47b2d1e58de67ab4142 (diff)
downloadpfsense-packages-00240df580c59b9a54dafafcbf5524d266f1616e.tar.gz
pfsense-packages-00240df580c59b9a54dafafcbf5524d266f1616e.tar.bz2
pfsense-packages-00240df580c59b9a54dafafcbf5524d266f1616e.zip
haproxy-devel,
-allow shared frontend with SSL offloading -error checking+reporting to user while applying configuration.
-rw-r--r--config/haproxy-devel/haproxy.inc40
-rwxr-xr-xconfig/haproxy-devel/haproxy_global.php10
-rw-r--r--config/haproxy-devel/haproxy_listeners.php10
-rw-r--r--config/haproxy-devel/haproxy_listeners_edit.php42
-rw-r--r--config/haproxy-devel/haproxy_pool_edit.php13
-rw-r--r--config/haproxy-devel/haproxy_pools.php10
6 files changed, 89 insertions, 36 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index 559788c7..fce05008 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -343,14 +343,17 @@ function write_backend($fd, $name, $pool, $frontend) {
if($pool['balance'])
fwrite ($fd, "\tbalance\t\t\t" . $pool['balance'] . "\n");
- if($pool['connection_timeout'])
- fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n");
+ if(!$pool['connection_timeout'])
+ $pool['connection_timeout'] = 30000;
+ fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n");
- if($pool['server_timeout'])
- fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n");
+ if(!$pool['server_timeout'])
+ $pool['server_timeout'] = 30000;
+ fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n");
- if($pool['retries'])
- fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n");
+ if(!$pool['retries'])
+ $pool['retries'] = 3;
+ fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n");
if($pool['stats_enabled']=='yes') {
fwrite ($fd, "\tstats\t\t\tenable\n");
@@ -424,6 +427,14 @@ function haproxy_configure() {
return haproxy_check_run(1);
}
+function haproxy_check_writtenconfig_error() {
+ $configcheckoutput = shell_exec("haproxy -c -V -f /var/etc/haproxy.cfg 2>&1");
+ if (!strstr($configcheckoutput, "Configuration file is valid"))
+ return $configcheckoutput;
+ else
+ return false;
+}
+
function haproxy_writeconf() {
global $config, $g;
@@ -471,13 +482,13 @@ function haproxy_writeconf() {
//check ssl info
if ($backend['ssloffload']){
//ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem
- $ssl_info="ssl crt /var/etc/{$backend['name']}.{$backend['port']}.crt {$backend['dcertadv']}";
+ $ssl_crt=" crt /var/etc/{$backend['name']}.{$backend['port']}.crt";
$cert = lookup_cert($backend['ssloffloadcert']);
$certcontent = base64_decode($cert['crt']).base64_decode($cert['prv']);
file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent);
unset($certcontent);
}else{
- $ssl_info="";
+ $ssl_crt="";
unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt");
}
@@ -499,7 +510,12 @@ function haproxy_writeconf() {
$b['max_connections'] = $backend['max_connections'];
$b['client_timeout'] = $backend['client_timeout'];
$b['advanced'] = $backend['advanced'];
- $b['ssl_info'] = $ssl_info;
+
+ if ($ssl_crt != "") {
+ if ($b['ssl_info'] == "")
+ $b['ssl_info'] = "ssl {$backend['dcertadv']}";
+ $b['ssl_info'] .= $ssl_crt;
+ }
// pointer to each backend
$b['config'][] = $backend;
@@ -566,8 +582,10 @@ function haproxy_writeconf() {
if($bind['max_connections'])
fwrite ($fd, "\tmaxconn\t\t\t" . $bind['max_connections'] . "\n");
- if($bind['client_timeout'])
- fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n");
+ if(!$bind['client_timeout'])
+ $bind['client_timeout'] = 30000;
+
+ fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n");
// Combine the rest of the listener configs
diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php
index 340c578b..61c654cf 100755
--- a/config/haproxy-devel/haproxy_global.php
+++ b/config/haproxy-devel/haproxy_global.php
@@ -48,8 +48,14 @@ if ($_POST) {
config_lock();
$retval = haproxy_configure();
config_unlock();
- $savemsg = get_std_save_message($retval);
- unlink_if_exists($d_haproxyconfdirty_path);
+
+ $result = haproxy_check_writtenconfig_error();
+ if ($result)
+ $savemsg = gettext($result);
+ else {
+ $savemsg = get_std_save_message($retval);
+ unlink_if_exists($d_haproxyconfdirty_path);
+ }
} else {
if ($_POST['enable']) {
$reqdfields = explode(" ", "maxconn");
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php
index c5c41714..88cdb62f 100644
--- a/config/haproxy-devel/haproxy_listeners.php
+++ b/config/haproxy-devel/haproxy_listeners.php
@@ -48,8 +48,14 @@ if ($_POST) {
config_lock();
$retval = haproxy_configure();
config_unlock();
- $savemsg = get_std_save_message($retval);
- unlink_if_exists($d_haproxyconfdirty_path);
+
+ $result = haproxy_check_writtenconfig_error();
+ if ($result)
+ $savemsg = gettext($result);
+ else {
+ $savemsg = get_std_save_message($retval);
+ unlink_if_exists($d_haproxyconfdirty_path);
+ }
}
}
diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php
index 75004afe..32cf0020 100644
--- a/config/haproxy-devel/haproxy_listeners_edit.php
+++ b/config/haproxy-devel/haproxy_listeners_edit.php
@@ -139,6 +139,7 @@ if (isset($id) && $a_backend[$id]) {
$pconfig['name'] = $a_backend[$id]['name'];
$pconfig['desc'] = $a_backend[$id]['desc'];
$pconfig['status'] = $a_backend[$id]['status'];
+ $pconfig['secondary'] = $a_backend[$id]['secondary'];
$pconfig['type'] = $a_backend[$id]['type'];
@@ -185,7 +186,7 @@ if ($_POST) {
if ($port && !is_numeric($port))
$input_errors[] = "The field 'Port' value is not a number.";
- if (!is_numeric($_POST['client_timeout']))
+ if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout']))
$input_errors[] = "The field 'Client timeout' value is not a number.";
/* Ensure that our pool names are unique */
@@ -240,6 +241,7 @@ if ($_POST) {
update_if_changed("name", $backend['name'], $_POST['name']);
update_if_changed("description", $backend['desc'], $_POST['desc']);
update_if_changed("status", $backend['status'], $_POST['status']);
+ update_if_changed("secondary", $backend['secondary'], $_POST['secondary']);
update_if_changed("type", $backend['type'], $_POST['type']);
update_if_changed("cookie_name", $backend['cookie_name'], $_POST['cookie_name']);
update_if_changed("forwardfor", $backend['forwardfor'], $_POST['forwardfor']);
@@ -281,10 +283,11 @@ include("head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()">
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<style type="text/css">
.haproxy_mode_http{display:none;}
.haproxy_ssloffloading_enabled{display:none;}
+ .haproxy_primary{}
</style>
<?php if($one_two): ?>
@@ -451,6 +454,7 @@ include("head.inc");
{
setCSSdisplay(".haproxy_ssloffloading_enabled", ssloffload.checked);
setCSSdisplay(".haproxy_mode_http", type.value == "http");
+ setCSSdisplay(".haproxy_primary", !secondary.checked);
}
function type_change() {
@@ -505,6 +509,14 @@ include("head.inc");
</td>
</tr>
<tr align="left">
+ <td width="22%" valign="top" class="vncell">Shared Frontend</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="secondary" name="secondary" type="checkbox" value="yes" <?php if ($pconfig['secondary']=='yes') echo "checked"; ?> onclick="updatevisibility();">secondary backend</checkbox><br/>
+ Use this setting to configure multiple backends/accesslists for a single frontend.<br/>
+ All settings of which only 1 can exist will be hidden. And
+ </td>
+ </tr>
+ <tr align="left">
<td width="22%" valign="top" class="vncellreq">Status</td>
<td width="78%" class="vtable" colspan="2">
<select name="status" id="status">
@@ -546,6 +558,12 @@ include("head.inc");
<div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div>
</td>
</tr>
+ <tr class="haproxy_primary" align="left">
+ <td width="22%" valign="top" class="vncellreq">Max connections</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10">
+ </td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Backend server pool</td>
<td width="78%" class="vtable">
@@ -573,7 +591,7 @@ include("head.inc");
<option value="health"<?php if($pconfig['type'] == "health") echo " SELECTED"; ?>>Health</option>
</select>
</td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell">Access Control lists</td>
<td width="78%" class="vtable" colspan="2" valign="top">
@@ -632,21 +650,15 @@ include("head.inc");
</tr>
</table>
<br/>&nbsp;<br/>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table class="haproxy_primary" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="top" class="listtopic">Advanced settings</td>
</tr>
<tr align="left">
- <td width="22%" valign="top" class="vncellreq">Max connections</td>
- <td width="78%" class="vtable" colspan="2">
- <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10">
- </td>
- </tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncellreq">Client timeout</td>
+ <td width="22%" valign="top" class="vncell">Client timeout</td>
<td width="78%" class="vtable" colspan="2">
<input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10">
- <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div>
+ <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (default 30000).</div>
</td>
</tr>
<tr align="left">
@@ -677,8 +689,10 @@ include("head.inc");
NOTE: paste text into this box that you would like to pass thru.
</td>
</tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
</table>
- <br/>&nbsp;<br/>
<?
global $haproxy_sni_ssloffloading;
if ($haproxy_sni_ssloffloading):
@@ -747,6 +761,8 @@ include("head.inc");
rows = 1;
totalrows = <?php echo $counter; ?>;
loaded = <?php echo $counter; ?>;
+
+ updatevisibility();
</script>
<?php include("fend.inc"); ?>
</body>
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index fa46efb2..09474f02 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -88,13 +88,13 @@ if ($_POST) {
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name']))
$input_errors[] = "The field 'Name' contains invalid characters.";
- if (!is_numeric($_POST['connection_timeout']))
+ if ($_POST['connection_timeout'] !== "" && !is_numeric($_POST['connection_timeout']))
$input_errors[] = "The field 'Connection timeout' value is not a number.";
- if (!is_numeric($_POST['server_timeout']))
+ if ($_POST['server_timeout'] !== "" && !is_numeric($_POST['server_timeout']))
$input_errors[] = "The field 'Server timeout' value is not a number.";
- if (!$_POST['retries'] && is_numeric($_POST['retries']))
+ if ($_POST['retries'] !== "" && !is_numeric($_POST['retries']))
$input_errors[] = "The field 'Retries' value is not a number.";
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username']))
@@ -215,7 +215,7 @@ row_helper();
<input type='hidden' name='address_type' value='textbox' />
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()">
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC"">
<style type="text/css">
.haproxy_stats_visible{display:none;}
</style>
@@ -476,14 +476,14 @@ row_helper();
<td width="22%" valign="top" class="vncellreq">Connection timeout</td>
<td width="78%" class="vtable" colspan="2">
<input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64">
- <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div>
+ <div>the time (in milliseconds) we give up if the connection does not complete within (default 30000).</div>
</td>
</tr>
<tr align="left">
<td width="22%" valign="top" class="vncellreq">Server timeout</td>
<td width="78%" class="vtable" colspan="2">
<input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64">
- <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div>
+ <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (default 30000).</div>
</td>
</tr>
<tr align="left">
@@ -586,6 +586,7 @@ set by the 'retries' parameter.</div>
rows = 1;
totalrows = <?php echo $counter; ?>;
loaded = <?php echo $counter; ?>;
+ updatevisibility();
</script>
</body>
</html>
diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php
index bad4bf09..07e7d106 100644
--- a/config/haproxy-devel/haproxy_pools.php
+++ b/config/haproxy-devel/haproxy_pools.php
@@ -52,8 +52,14 @@ if ($_POST) {
config_lock();
$retval = haproxy_configure();
config_unlock();
- $savemsg = get_std_save_message($retval);
- unlink_if_exists($d_haproxyconfdirty_path);
+
+ $result = haproxy_check_writtenconfig_error();
+ if ($result)
+ $savemsg = gettext($result);
+ else {
+ $savemsg = get_std_save_message($retval);
+ unlink_if_exists($d_haproxyconfdirty_path);
+ }
}
}