diff options
author | jim-p <jimp@pfsense.org> | 2014-09-23 15:26:16 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2014-09-23 15:26:16 -0400 |
commit | 15516c35954279dd04d1cc8a852f8107a1564673 (patch) | |
tree | 68d3d0929a32888c5044763f3b5c5fcc5f6a2270 /config/haproxy-devel/haproxy.inc | |
parent | 1430a34fd0278868052da6a6f8ccd32505300778 (diff) | |
parent | 56b0123f775788eb53610b7ab463e4852dbafa3c (diff) | |
download | pfsense-packages-15516c35954279dd04d1cc8a852f8107a1564673.tar.gz pfsense-packages-15516c35954279dd04d1cc8a852f8107a1564673.tar.bz2 pfsense-packages-15516c35954279dd04d1cc8a852f8107a1564673.zip |
Merge pull request #706 from PiBa-NL/haproxy_1.5.3_extra
Diffstat (limited to 'config/haproxy-devel/haproxy.inc')
-rw-r--r-- | config/haproxy-devel/haproxy.inc | 44 |
1 files changed, 31 insertions, 13 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 0b8a5a12..a4e9ba06 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -1417,15 +1417,29 @@ function haproxy_check_run($reload) { } else mwexec("/usr/local/sbin/ipfw_context -d haproxy", true); + if (file_exists('/var/run/haproxy.pid')){ + $old_pid = file_get_contents('/var/run/haproxy.pid'); + } else + $old_pid = 'none'; + if (haproxy_is_running()) { if (isset($a_global['terminate_on_reload'])) $sf_st = "-st";//terminate old process as soon as the new process is listening else $sf_st = "-sf";//finish serving existing connections exit when done, and the new process is listening + + syslog(LOG_NOTICE, "haproxy: reload old pid:$old_pid"); exec("/usr/local/sbin/haproxy -f {$configpath}/haproxy.cfg -p /var/run/haproxy.pid $sf_st `cat /var/run/haproxy.pid` 2>&1", $output, $errcode); } else { + syslog(LOG_NOTICE, "haproxy: starting old pid:$old_pid"); exec("/usr/local/sbin/haproxy -f {$configpath}/haproxy.cfg -p /var/run/haproxy.pid -D 2>&1", $output, $errcode); } + if (file_exists('/var/run/haproxy.pid')){ + $new_pid = file_get_contents('/var/run/haproxy.pid'); + } else + $new_pid = 'none'; + syslog(LOG_NOTICE, "haproxy: started new pid:$new_pid"); + foreach($output as $line) $haproxy_run_message .= "<br/>" . htmlspecialchars($line) . "\n"; } else { @@ -1617,17 +1631,17 @@ function get_frontend_acls($frontend) { $poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']); $aclname = "SNI_" . $poolname; - if (isset($frontend['ssloffloadacl']) || isset($frontend['ssloffloadaclnondefault'])) { + if (ifset($frontend['ssloffloadacl']) == 'yes' || ifset($frontend['ssloffloadaclnondefault']) == 'yes') { $cert = lookup_cert($frontend['ssloffloadcert']); $cert_cn = cert_get_cn($cert['crt']); $descr = haproxy_escape_acl_name($cert['descr']); unset($cert); $acl_item = array(); - if (isset($frontend['ssloffloadacl']) && isset($frontend['ssloffloadaclnondefault'])) { + if (ifset($frontend['ssloffloadacl']) == 'yes' && ifset($frontend['ssloffloadaclnondefault']) == 'yes') { $acl_item['descr'] = "Certificate ACL match regex: ^{$cert_cn}(:([0-9]){1,5})?$"; $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_regex', 'value' => "^{$cert_cn}(:([0-9]){1,5})?$"); - } elseif (isset($frontend['ssloffloadaclnondefault'])) { + } elseif (ifset($frontend['ssloffloadaclnondefault']) == 'yes') { $acl_item['descr'] = "Certificate ACL starts with: {$cert_cn}:"; $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_starts_with', 'value' => $cert_cn.":"); } else { @@ -1636,7 +1650,7 @@ function get_frontend_acls($frontend) { } $result[] = $acl_item; } - if (isset($frontend['ssloffloadacladditional']) || isset($frontend['ssloffloadacladditionalnondefault'])) { + if (ifset($frontend['ssloffloadacladditional']) == 'yes' || ifset($frontend['ssloffloadacladditionalnondefault']) == 'yes') { $certs = $frontend['ha_certificates']['item']; if (is_array($certs)){ foreach($certs as $certref){ @@ -1646,10 +1660,10 @@ function get_frontend_acls($frontend) { unset($cert); $acl_item = array(); - if (isset($frontend['ssloffloadacladditional']) && isset($frontend['ssloffloadacladditionalnondefault'])) { + if (ifset($frontend['ssloffloadacladditional']) == 'yes' && ifset($frontend['ssloffloadacladditionalnondefault']) == 'yes') { $acl_item['descr'] = "Certificate ACL match regex: ^{$cert_cn}(:([0-9]){1,5})?$"; $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_regex', 'value' => "^({$cert_cn}(($)|(:.*)))"); - } elseif (isset($frontend['ssloffloadacladditionalnondefault'])) { + } elseif (ifset($frontend['ssloffloadacladditionalnondefault']) == 'yes') { $acl_item['descr'] = "Certificate ACL starts with: {$cert_cn}:"; $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_starts_with', 'value' => $cert_cn.":"); } else { @@ -1721,13 +1735,17 @@ function haproxy_find_create_certificate($certificatename) { $cert = array(); $cert['refid'] = uniqid(); $cert['descr'] = gettext($certificatename); - mwexec("/usr/local/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key"); - mwexec("/usr/local/bin/openssl req -new -x509 -nodes -sha256 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt"); - $crt = file_get_contents("{$g['tmp_path']}/ssl.crt"); - $key = file_get_contents("{$g['tmp_path']}/ssl.key"); - unlink("{$g['tmp_path']}/ssl.key"); - unlink("{$g['tmp_path']}/ssl.crt"); - cert_import($cert, $crt, $key); + + $new_cert = array(); + $dn = array( + "organizationName" => "haproxy-pfsense", + "commonName" => "haproxy-pfsense" + ); + $new_cert = array(); + ca_create($new_cert, 1024, 2000, $dn); + $crt = base64_decode($new_cert['crt']); + $prv = base64_decode($new_cert['prv']); + cert_import($cert, $crt, $prv); $a_cert[] = $cert; return $cert; } |