diff options
| author | PiBa-NL <pba_2k3@yahoo.com> | 2013-03-04 00:24:00 +0100 |
|---|---|---|
| committer | PiBa-NL <pba_2k3@yahoo.com> | 2013-03-04 00:24:00 +0100 |
| commit | b9c747aa763690dea3a00be3fa55811f8665b465 (patch) | |
| tree | f15092659db32e112afb944b03429376bd1d7bac /config/haproxy-devel/haproxy.inc | |
| parent | fea3c94f99d40325bfb17a3861b55866a216ed1f (diff) | |
| download | pfsense-packages-b9c747aa763690dea3a00be3fa55811f8665b465.tar.gz pfsense-packages-b9c747aa763690dea3a00be3fa55811f8665b465.tar.bz2 pfsense-packages-b9c747aa763690dea3a00be3fa55811f8665b465.zip | |
haproxy-devel, improvements (but 'breaks' parts current config)
-moved the 'backend' config fields to page where they make more sense without "magic merging" of frontend settings..
-certificate can now be chosen from certificate manager certificates
to find any 'config problems' run "haproxy -c -V -f /var/etc/haproxy.cfg" on a console/ssh session
Diffstat (limited to 'config/haproxy-devel/haproxy.inc')
| -rw-r--r-- | config/haproxy-devel/haproxy.inc | 57 |
1 files changed, 25 insertions, 32 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index ab56f34c..05264c87 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -61,8 +61,7 @@ $a_acltypes[] = array('name' => 'path_contains', 'descr' => 'Path contains', 'mode' => 'http', 'syntax' => 'path_dir -i'); $a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP', 'mode' => '', 'syntax' => 'src'); -if ($haproxy_sni_ssloffloading) -{ +if ($haproxy_sni_ssloffloading) { $a_acltypes[] = array('name' => 'ssl_sni_matches', 'descr' => 'Server Name Indication TLS extension matches', 'mode' => 'https', 'syntax' => 'req_ssl_sni -i', 'advancedoptions' => "tcp-request inspect-delay 5s\r\ntcp-request content accept if { req_ssl_hello_type 1 }"); } @@ -341,34 +340,34 @@ function write_backend($fd, $name, $pool, $frontend) { fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n"); - if($frontend['balance']) - fwrite ($fd, "\tbalance\t\t\t" . $frontend['balance'] . "\n"); + if($pool['balance']) + fwrite ($fd, "\tbalance\t\t\t" . $pool['balance'] . "\n"); - if($frontend['connection_timeout']) - fwrite ($fd, "\tcontimeout\t\t" . $frontend['connection_timeout'] . "\n"); + if($pool['connection_timeout']) + fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); - if($frontend['server_timeout']) - fwrite ($fd, "\tsrvtimeout\t\t" . $frontend['server_timeout'] . "\n"); + if($pool['server_timeout']) + fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); - if($frontend['retries']) - fwrite ($fd, "\tretries\t\t\t" . $frontend['retries'] . "\n"); + if($pool['retries']) + fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n"); - if($frontend['stats_enabled']=='yes') { + if($pool['stats_enabled']=='yes') { fwrite ($fd, "\tstats\t\t\tenable\n"); - if($frontend['stats_uri']) - fwrite ($fd, "\tstats\t\t\turi ".$frontend['stats_uri']."\n"); - if($frontend['stats_realm']) - fwrite ($fd, "\tstats\t\t\trealm " . $frontend['stats_realm'] . "\n"); + if($pool['stats_uri']) + fwrite ($fd, "\tstats\t\t\turi ".$pool['stats_uri']."\n"); + if($pool['stats_realm']) + fwrite ($fd, "\tstats\t\t\trealm " . $pool['stats_realm'] . "\n"); else fwrite ($fd, "\tstats\t\t\trealm .\n"); - fwrite ($fd, "\tstats\t\t\tauth " . $frontend['stats_username'].":". $frontend['stats_password']."\n"); + fwrite ($fd, "\tstats\t\t\tauth " . $pool['stats_username'].":". $pool['stats_password']."\n"); - if($frontend['stats_node_enabled']=='yes') - fwrite ($fd, "\tstats\t\t\tshow-node " . $frontend['stats_node'] . "\n"); - if($frontend['stats_desc']) - fwrite ($fd, "\tstats\t\t\tshow-desc " . $frontend['stats_desc'] . "\n"); - if($frontend['stats_refresh']) - fwrite ($fd, "\tstats\t\t\trefresh " . $frontend['stats_refresh'] . "\n"); + if($pool['stats_node_enabled']=='yes') + fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n"); + if($pool['stats_desc']) + fwrite ($fd, "\tstats\t\t\tshow-desc " . $pool['stats_desc'] . "\n"); + if($pool['stats_refresh']) + fwrite ($fd, "\tstats\t\t\trefresh " . $pool['stats_refresh'] . "\n"); } $uri = $pool['monitor_uri']; @@ -397,15 +396,6 @@ function write_backend($fd, $name, $pool, $frontend) { $a_servers = &$pool['ha_servers']['item']; foreach($a_servers as $be) { - if(!$be['port']) { - // the listener can specify a default port - $be['port'] = $frontend['svrport']; - } - if(!$be['port']) { - // last resort, use the frontend port - $ports = split(",", "{$frontend['port']},"); - $be['port'] = $ports[0]; - } if (!$be['name']) $be['name'] = $be['address']; if($be['backup']) { @@ -472,7 +462,10 @@ function haproxy_writeconf() { if ($backend['ssloffload']){ //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem $ssl_info="ssl crt /var/etc/{$backend['name']}.{$backend['port']}.crt {$backend['dcertadv']}"; - file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt",base64_decode($backend['dcert'])); + $cert = lookup_cert($backend['ssloffloadcert']); + $certcontent = base64_decode($cert['crt']).base64_decode($cert['prv']); + file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent); + unset($certcontent); }else{ $ssl_info=""; unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt"); |