diff options
author | PiBa-NL <pba_2k3@yahoo.com> | 2013-03-06 00:08:28 +0100 |
---|---|---|
committer | PiBa-NL <pba_2k3@yahoo.com> | 2013-03-06 00:08:28 +0100 |
commit | 00240df580c59b9a54dafafcbf5524d266f1616e (patch) | |
tree | 4bd43d2d80f9abd7d5741a006717cf765c27627f | |
parent | c0ef04b32c9556106550e47b2d1e58de67ab4142 (diff) | |
download | pfsense-packages-00240df580c59b9a54dafafcbf5524d266f1616e.tar.gz pfsense-packages-00240df580c59b9a54dafafcbf5524d266f1616e.tar.bz2 pfsense-packages-00240df580c59b9a54dafafcbf5524d266f1616e.zip |
haproxy-devel,
-allow shared frontend with SSL offloading
-error checking+reporting to user while applying configuration.
-rw-r--r-- | config/haproxy-devel/haproxy.inc | 40 | ||||
-rwxr-xr-x | config/haproxy-devel/haproxy_global.php | 10 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_listeners.php | 10 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_listeners_edit.php | 42 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_pool_edit.php | 13 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_pools.php | 10 |
6 files changed, 89 insertions, 36 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 559788c7..fce05008 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -343,14 +343,17 @@ function write_backend($fd, $name, $pool, $frontend) { if($pool['balance']) fwrite ($fd, "\tbalance\t\t\t" . $pool['balance'] . "\n"); - if($pool['connection_timeout']) - fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); + if(!$pool['connection_timeout']) + $pool['connection_timeout'] = 30000; + fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); - if($pool['server_timeout']) - fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); + if(!$pool['server_timeout']) + $pool['server_timeout'] = 30000; + fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); - if($pool['retries']) - fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n"); + if(!$pool['retries']) + $pool['retries'] = 3; + fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n"); if($pool['stats_enabled']=='yes') { fwrite ($fd, "\tstats\t\t\tenable\n"); @@ -424,6 +427,14 @@ function haproxy_configure() { return haproxy_check_run(1); } +function haproxy_check_writtenconfig_error() { + $configcheckoutput = shell_exec("haproxy -c -V -f /var/etc/haproxy.cfg 2>&1"); + if (!strstr($configcheckoutput, "Configuration file is valid")) + return $configcheckoutput; + else + return false; +} + function haproxy_writeconf() { global $config, $g; @@ -471,13 +482,13 @@ function haproxy_writeconf() { //check ssl info if ($backend['ssloffload']){ //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem - $ssl_info="ssl crt /var/etc/{$backend['name']}.{$backend['port']}.crt {$backend['dcertadv']}"; + $ssl_crt=" crt /var/etc/{$backend['name']}.{$backend['port']}.crt"; $cert = lookup_cert($backend['ssloffloadcert']); $certcontent = base64_decode($cert['crt']).base64_decode($cert['prv']); file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent); unset($certcontent); }else{ - $ssl_info=""; + $ssl_crt=""; unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt"); } @@ -499,7 +510,12 @@ function haproxy_writeconf() { $b['max_connections'] = $backend['max_connections']; $b['client_timeout'] = $backend['client_timeout']; $b['advanced'] = $backend['advanced']; - $b['ssl_info'] = $ssl_info; + + if ($ssl_crt != "") { + if ($b['ssl_info'] == "") + $b['ssl_info'] = "ssl {$backend['dcertadv']}"; + $b['ssl_info'] .= $ssl_crt; + } // pointer to each backend $b['config'][] = $backend; @@ -566,8 +582,10 @@ function haproxy_writeconf() { if($bind['max_connections']) fwrite ($fd, "\tmaxconn\t\t\t" . $bind['max_connections'] . "\n"); - if($bind['client_timeout']) - fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); + if(!$bind['client_timeout']) + $bind['client_timeout'] = 30000; + + fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); // Combine the rest of the listener configs diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index 340c578b..61c654cf 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -48,8 +48,14 @@ if ($_POST) { config_lock(); $retval = haproxy_configure(); config_unlock(); - $savemsg = get_std_save_message($retval); - unlink_if_exists($d_haproxyconfdirty_path); + + $result = haproxy_check_writtenconfig_error(); + if ($result) + $savemsg = gettext($result); + else { + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } } else { if ($_POST['enable']) { $reqdfields = explode(" ", "maxconn"); diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index c5c41714..88cdb62f 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -48,8 +48,14 @@ if ($_POST) { config_lock(); $retval = haproxy_configure(); config_unlock(); - $savemsg = get_std_save_message($retval); - unlink_if_exists($d_haproxyconfdirty_path); + + $result = haproxy_check_writtenconfig_error(); + if ($result) + $savemsg = gettext($result); + else { + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } } } diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index 75004afe..32cf0020 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -139,6 +139,7 @@ if (isset($id) && $a_backend[$id]) { $pconfig['name'] = $a_backend[$id]['name']; $pconfig['desc'] = $a_backend[$id]['desc']; $pconfig['status'] = $a_backend[$id]['status']; + $pconfig['secondary'] = $a_backend[$id]['secondary']; $pconfig['type'] = $a_backend[$id]['type']; @@ -185,7 +186,7 @@ if ($_POST) { if ($port && !is_numeric($port)) $input_errors[] = "The field 'Port' value is not a number."; - if (!is_numeric($_POST['client_timeout'])) + if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout'])) $input_errors[] = "The field 'Client timeout' value is not a number."; /* Ensure that our pool names are unique */ @@ -240,6 +241,7 @@ if ($_POST) { update_if_changed("name", $backend['name'], $_POST['name']); update_if_changed("description", $backend['desc'], $_POST['desc']); update_if_changed("status", $backend['status'], $_POST['status']); + update_if_changed("secondary", $backend['secondary'], $_POST['secondary']); update_if_changed("type", $backend['type'], $_POST['type']); update_if_changed("cookie_name", $backend['cookie_name'], $_POST['cookie_name']); update_if_changed("forwardfor", $backend['forwardfor'], $_POST['forwardfor']); @@ -281,10 +283,11 @@ include("head.inc"); ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()"> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <style type="text/css"> .haproxy_mode_http{display:none;} .haproxy_ssloffloading_enabled{display:none;} + .haproxy_primary{} </style> <?php if($one_two): ?> @@ -451,6 +454,7 @@ include("head.inc"); { setCSSdisplay(".haproxy_ssloffloading_enabled", ssloffload.checked); setCSSdisplay(".haproxy_mode_http", type.value == "http"); + setCSSdisplay(".haproxy_primary", !secondary.checked); } function type_change() { @@ -505,6 +509,14 @@ include("head.inc"); </td> </tr> <tr align="left"> + <td width="22%" valign="top" class="vncell">Shared Frontend</td> + <td width="78%" class="vtable" colspan="2"> + <input id="secondary" name="secondary" type="checkbox" value="yes" <?php if ($pconfig['secondary']=='yes') echo "checked"; ?> onclick="updatevisibility();">secondary backend</checkbox><br/> + Use this setting to configure multiple backends/accesslists for a single frontend.<br/> + All settings of which only 1 can exist will be hidden. And + </td> + </tr> + <tr align="left"> <td width="22%" valign="top" class="vncellreq">Status</td> <td width="78%" class="vtable" colspan="2"> <select name="status" id="status"> @@ -546,6 +558,12 @@ include("head.inc"); <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div> </td> </tr> + <tr class="haproxy_primary" align="left"> + <td width="22%" valign="top" class="vncellreq">Max connections</td> + <td width="78%" class="vtable" colspan="2"> + <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10"> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq">Backend server pool</td> <td width="78%" class="vtable"> @@ -573,7 +591,7 @@ include("head.inc"); <option value="health"<?php if($pconfig['type'] == "health") echo " SELECTED"; ?>>Health</option> </select> </td> - </tr> + </tr> <tr> <td width="22%" valign="top" class="vncell">Access Control lists</td> <td width="78%" class="vtable" colspan="2" valign="top"> @@ -632,21 +650,15 @@ include("head.inc"); </tr> </table> <br/> <br/> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table class="haproxy_primary" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td colspan="2" valign="top" class="listtopic">Advanced settings</td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Max connections</td> - <td width="78%" class="vtable" colspan="2"> - <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10"> - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Client timeout</td> + <td width="22%" valign="top" class="vncell">Client timeout</td> <td width="78%" class="vtable" colspan="2"> <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10"> - <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div> + <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (default 30000).</div> </td> </tr> <tr align="left"> @@ -677,8 +689,10 @@ include("head.inc"); NOTE: paste text into this box that you would like to pass thru. </td> </tr> + <tr> + <td> </td> + </tr> </table> - <br/> <br/> <? global $haproxy_sni_ssloffloading; if ($haproxy_sni_ssloffloading): @@ -747,6 +761,8 @@ include("head.inc"); rows = 1; totalrows = <?php echo $counter; ?>; loaded = <?php echo $counter; ?>; + + updatevisibility(); </script> <?php include("fend.inc"); ?> </body> diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index fa46efb2..09474f02 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -88,13 +88,13 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; - if (!is_numeric($_POST['connection_timeout'])) + if ($_POST['connection_timeout'] !== "" && !is_numeric($_POST['connection_timeout'])) $input_errors[] = "The field 'Connection timeout' value is not a number."; - if (!is_numeric($_POST['server_timeout'])) + if ($_POST['server_timeout'] !== "" && !is_numeric($_POST['server_timeout'])) $input_errors[] = "The field 'Server timeout' value is not a number."; - if (!$_POST['retries'] && is_numeric($_POST['retries'])) + if ($_POST['retries'] !== "" && !is_numeric($_POST['retries'])) $input_errors[] = "The field 'Retries' value is not a number."; if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) @@ -215,7 +215,7 @@ row_helper(); <input type='hidden' name='address_type' value='textbox' /> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()"> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC""> <style type="text/css"> .haproxy_stats_visible{display:none;} </style> @@ -476,14 +476,14 @@ row_helper(); <td width="22%" valign="top" class="vncellreq">Connection timeout</td> <td width="78%" class="vtable" colspan="2"> <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64"> - <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div> + <div>the time (in milliseconds) we give up if the connection does not complete within (default 30000).</div> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncellreq">Server timeout</td> <td width="78%" class="vtable" colspan="2"> <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64"> - <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div> + <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (default 30000).</div> </td> </tr> <tr align="left"> @@ -586,6 +586,7 @@ set by the 'retries' parameter.</div> rows = 1; totalrows = <?php echo $counter; ?>; loaded = <?php echo $counter; ?>; + updatevisibility(); </script> </body> </html> diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php index bad4bf09..07e7d106 100644 --- a/config/haproxy-devel/haproxy_pools.php +++ b/config/haproxy-devel/haproxy_pools.php @@ -52,8 +52,14 @@ if ($_POST) { config_lock(); $retval = haproxy_configure(); config_unlock(); - $savemsg = get_std_save_message($retval); - unlink_if_exists($d_haproxyconfdirty_path); + + $result = haproxy_check_writtenconfig_error(); + if ($result) + $savemsg = gettext($result); + else { + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } } } |