varnish - fixes for pfsense 2.2 and widget improvements

3 files changed, 79 insertions, 34 deletions

diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc
index 813d61cf..bca02203 100644
--- a/config/varnish3/varnish.inc
+++ b/config/varnish3/varnish.inc
@@ -34,12 +34,15 @@
 /* ========================================================================== */
 $shortcut_section = "varnish";
 
-$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pf_version > 2.0)
-	define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m"));
-else
-  define('VARNISH_LOCALBASE','/usr/local');
-
+$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
+if (is_dir('/usr/pbi/varnish-' . php_uname("m"))) {
+	if ($pfs_version == 2.2)
+		define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")."/local");
+	else
+		define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m"));
+} else {
+	define('VARNISH_LOCALBASE','/usr/local');
+}
 
 function varnish_settings_post_validate($post, &$input_errors) {
 	if( !is_numeric($post['storagesize']))
@@ -463,7 +466,18 @@ function sync_package_varnish() {
 						$vcl_recv_set_basic .= "\tset req.http.X-Forwarded-For = req.http.X-Forwarded-For + \",\" + client.ip;\n\n";
 					break;
 					case 'create':
-						$vcl_recv_set_basic .= "\tset req.http.X-Forwarded-Varnish = client.ip;\n\n";
+						$vcl_acls="acl SslOffloadServers {\n\t\"localhost\";";
+						$sslservers= split (" ",$vcl['ssloffload']);
+						foreach ($sslservers as $sslserver){
+							if (preg_match("/(\S+)\/(d+)/",$sslserver,$sslm))
+								$vcl_acls.="\n\t\"{$sslm[1]}\"/{$sslm[2]};";
+							else
+								$vcl_acls.="\n\t\"{$sslserver}\";";
+						}
+						$vcl_acls.="}\n";
+						$vcl_recv_set_basic .= "\tif (req.http.X-Forwarded-For && client.ip ~ SslOffloadServers){\n\t\t";
+						$vcl_recv_set_basic .= "set req.http.X-Forwarded-Varnish = req.http.X-Forwarded-For;\n\t}";
+						$vcl_recv_set_basic .= "else{\n\t\tset req.http.X-Forwarded-Varnish = client.ip;\n\n\t}";
 					break;
 					case 'unset':
 						$vcl_recv_set_basic .= "\tunset req.http.X-Forwarded-For;\n\n";
@@ -578,6 +592,7 @@ sub vcl_error {
 
 {$backends}
 {$vcl_hash}
+{$vcl_acls}
 sub vcl_recv {
 	{$vcl_recv_early}
 	{$vcl_recv_set_basic}
diff --git a/config/varnish3/varnish.widget.php b/config/varnish3/varnish.widget.php
index b675f416..c6fdfe78 100755
--- a/config/varnish3/varnish.widget.php
+++ b/config/varnish3/varnish.widget.php
@@ -48,35 +48,56 @@ $img['Healthy']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up
 ?><div id='varnish'><?php
 open_table();
 
-if ($config['installedpackages']['varnishsettings']['config'][0])
-	$mgm=$config['installedpackages']['varnishsettings']['config'][0]['managment'];
-if ($mgm != ""){
-	print "<pre>";
-	print "<td class=\"vncellt\"width=30%><strong>Cache hits</strong></td>";
-	print "<td class=\"vncellt\"width=30%><strong>Cache hits pass</strong></td>";
-	print "<td class=\"vncellt\"width=30%><strong>Cache Missed</strong></td></tr>";
+print "<pre>";
+print "<td class=\"vncellt\"width=30%><strong>Cache hits</strong></td>";
+print "<td class=\"vncellt\"width=30%><strong>Cache hits pass</strong></td>";
+print "<td class=\"vncellt\"width=30%><strong>Cache Missed</strong></td></tr>";
+$backends=exec("varnishstat -1",$debug);
+foreach ($debug as $line){
+        if (preg_match("/(\S+)\s+(\d+)/",$line,$matches))
+                $vs[$matches[1]]=$matches[2];
+        }
+print "<td class=\"listlr\">".number_format($vs['cache_hit']) ."</td>";
+print "<td class=\"listlr\">".number_format($vs['cache_hitpass']) ."</td>";
+print "<td class=\"listlr\">".number_format($vs['cache_miss'])."</td></tr>";
+close_table();
 
-	$backends=exec("varnishadm -T " . escapeshellarg($mgm) . " stats",$debug);
-	foreach ($debug as $line){
-		if (preg_match("/(\d+)\s+Cache\s+(hits.for|hits|misses)/",$line,$matches))
-				$cache[preg_replace("/\s+/","",$matches[2])]=$matches[1];
-		if (preg_match("/(\d+)\s+Client\s+(\w+)/",$line,$matches))
-				$client[$matches[2]]=$matches[1];
-		}
-	print "<td class=\"listlr\">".$cache['hits'] ."</td>";
-	print "<td class=\"listlr\">".$cache['hitsfor'] ."</td>";
-	print "<td class=\"listlr\">".$cache['misses']."</td></tr>";
- 	close_table();
+open_table();
+print "<td class=\"vncellt\" width=30%><strong>Conn. Accepted</strong></td>";
+print "<td class=\"vncellt\" width=30%><strong>Req. received</strong></td>";
+print "<td class=\"vncellt\" width=30%><strong>Uptime</strong></td></tr>";
+print "<td class=\"listlr\">".number_format($vs['client_conn']) ."</td>";
+print "<td class=\"listlr\">".number_format($vs['client_req']) ."</td>";
+print "<td class=\"listlr\">".(int)($vs['uptime'] / 86400) . "+ ". gmdate("H:i:s",($vs['uptime'] % 86400))."</td></tr>";
+close_table();
 
- 	open_table();
-	print "<td class=\"vncellt\" width=30%><strong>Conn. Accepted</strong></td>";
-	print "<td class=\"vncellt\" width=30%><strong>Req. received</strong></td>";
-	print "<td class=\"vncellt\" width=30%><strong>Uptime</strong></td></tr>";
-	print "<td class=\"listlr\">".$client['connections'] ."</td>";
-	print "<td class=\"listlr\">".$client['requests'] ."</td>";
-	print "<td class=\"listlr\">".$client['uptime']."</td></tr>";
- 	close_table();
+open_table();
+print "<td class=\"vncellt\" width=70%><strong>Host</strong></td>";
+print "<td class=\"vncellt\" width=15%><strong>Header(Rx)</strong></td>";
+print "<td class=\"vncellt\" width=15%><strong>Header(Tx)</strong></td></tr>";
+unset($debug);
+$backends=exec("varnishtop -I '^Host:' -1",$debug);
+foreach ($debug as $line){
+        if (preg_match("/(\S+)\s+(\w+)Header.Host: (\S+)/",$line,$lm))
+           $varnish_hosts[$lm[3]][$lm[2]]=$lm[1];
+}
+if (is_array($varnish_hosts)){
+	foreach ($varnish_hosts as $v_key=>$v_value){
+        print "<td class=\"listlr\">". $v_key ."</td>";
+        print "<td class=\"listlr\" align=\"Right\">". number_format($v_value['Rx']) ."</td>";
+        print "<td class=\"listlr\" align=\"Right\">".number_format($v_value['Tx'])."</td></tr>";
+	}
+}
+else{
+	print "<td class=\"listlr\">No traffic</td><td class=\"listlr\"></td><td class=\"listlr\"></td></tr>";
+}
 
+close_table();
+
+
+if ($config['installedpackages']['varnishsettings']['config'][0])
+        $mgm=$config['installedpackages']['varnishsettings']['config'][0]['managment'];
+if ($mgm != ""){
  	open_table();
 	print "<td class=\"vncellt\" width=30%><strong>Backend</strong></td>";
 	print "<td class=\"vncellt\" width=30%><strong>LB applied</strong></td>";
diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml
index d957714d..99e29663 100644
--- a/config/varnish3/varnish_settings.xml
+++ b/config/varnish3/varnish_settings.xml
@@ -223,7 +223,7 @@
 		<field>
 			<fielddescr>Foward client IP</fielddescr>
 			<fieldname>xforward</fieldname>
-			<description>Select how to forward clients real IP.</description>
+			<description><![CDATA[Select how to forward clients real IP.]]></description>
 			<type>select</type>
 			<options>
 				<option><name>set X-Forwarded-For</name><value>set</value></option>
@@ -233,6 +233,15 @@
 			</options>
 		</field>
 		<field>
+			<fielddescr>SSL Offload server ACL</fielddescr>
+			<fieldname>ssloffload</fieldname>
+			<description><![CDATA[Use <b>x-forwarded-for</b> var instead of <b>client.ip</b> to set <b>X-Forwarded-Varnish</b> on Forward<br>
+							SSL offload servers must be configured to forward client info. if not set you can get a blank var forwarded to backend.<br>
+							use space to specify more then one host or network.]]></description>
+			<type>input</type>
+	    	<size>30</size>
+	    </field>
+		<field>
 			<fielddescr>Fetch Grace</fielddescr>
 			<fieldname>grace</fieldname>
 			<description><![CDATA[<a href="https://www.varnish-cache.org/trac/wiki/VCLExampleGrace">How many time varnish will keep cached objects.</a> HINT 60s, 30m, 1h]]></description>