aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorPiBa-NL <pba_2k3@yahoo.com>2014-04-07 23:55:28 +0200
committerPiBa-NL <pba_2k3@yahoo.com>2014-04-07 23:55:28 +0200
commit939d46241ec26019b0bbcd6424ad93dda25a4302 (patch)
tree2677070c08f61f1d20100c0de40d5b8cb0c1e53a /config
parentf9b4780bec0f2994c93c8cdac5c7646a9b5b6a84 (diff)
downloadpfsense-packages-939d46241ec26019b0bbcd6424ad93dda25a4302.tar.gz
pfsense-packages-939d46241ec26019b0bbcd6424ad93dda25a4302.tar.bz2
pfsense-packages-939d46241ec26019b0bbcd6424ad93dda25a4302.zip
haproxy-devel, consistent fronted type usage across secondary backends, and showing correct acl's in overview.
Diffstat (limited to 'config')
-rw-r--r--config/haproxy-devel/haproxy.inc92
-rw-r--r--config/haproxy-devel/haproxy_listeners.php14
2 files changed, 51 insertions, 55 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index e1cfdbbe..1d85cc51 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -504,27 +504,17 @@ function write_backend($fd, $name, $pool, $frontend) {
global $a_checktypes, $a_cookiemode;
$a_servers = &$pool['ha_servers']['item'];
- $frontendtype = strtolower($frontend['type']);
-
- unset($sslserverpresent);
- if (is_array($a_servers))
- {
- foreach($a_servers as $be) {
- if (!$be['status'] == "inactive")
- continue;
- if ($be['ssl'])
- $sslserverpresent = true;
- }
- }
+ $frontendtype = $frontend['type'];
+ $frontend_ip = haproxy_interface_ip($frontend['extaddr']);
fwrite ($fd, "backend " . $name . "\n");
// https is an alias for tcp for clarity purposes
- if(strtolower($frontend['type']) == "https") {
- $backend_type = "tcp";
+ if($frontendtype == "https") {
+ $backend_mode = "tcp";
} else {
- $backend_type = $frontend['type'];
+ $backend_mode = $frontendtype;
}
- fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n");
+ fwrite ($fd, "\tmode\t\t\t" . $backend_mode . "\n");
if ($frontendtype == "http") {
if ($pool["persist_cookie_enabled"] == "yes") {
@@ -702,7 +692,7 @@ function write_backend($fd, $name, $pool, $frontend) {
$ssl = "";
if ($be['ssl'] == 'yes')
{
- $ssl = $backend_type == "http" ? ' ssl' : ' check-ssl';
+ $ssl = $frontendtype == "http" ? ' ssl' : ' check-ssl';
}
$weight = "";
if (is_numeric($be['weight'])){
@@ -837,11 +827,11 @@ function haproxy_writeconf($configpath) {
unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt");
continue;
}
-
+ $primaryfrontend = get_primaryfrontend($frontend);
$bname = get_frontend_ipport($frontend);
//check ssl info
- if (strtolower($frontend['type']) == "http" && $frontend['ssloffload']){
+ if (strtolower($primaryfrontend['type']) == "http" && $frontend['ssloffload']){
//ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem
$filename = "$configpath/{$frontend['name']}.{$frontend['port']}.pem";
$ssl_crt = " crt $filename";
@@ -866,7 +856,6 @@ function haproxy_writeconf($configpath) {
$a_bind[$bname] = array();
$a_bind[$bname]['config'] = array();
// Settings which are used only from the primary frontend
- $primaryfrontend = get_primaryfrontend($frontend);
$a_bind[$bname]['name'] = $primaryfrontend['name'];
$a_bind[$bname]['extaddr'] = $primaryfrontend['extaddr'];
$a_bind[$bname]['port'] = $primaryfrontend['port'];
@@ -883,7 +872,7 @@ function haproxy_writeconf($configpath) {
if (($frontend['secondary'] != 'yes') && ($frontend['name'] != $b['name'])) {
// only 1 frontend can be the primary for a set of frontends that share 1 address:port.
- $input_errors[] = "Multiple primary frondends for $bname";
+ $input_errors[] = "Multiple primary frontends for $bname use the 'Shared Frontend' option instead";
}
if ($ssl_crt != "") {
@@ -912,8 +901,15 @@ function haproxy_writeconf($configpath) {
// Prepare ports for processing by splitting
$portss = "{$bind['port']},";
$ports = split(",", $portss);
- $ssl_info = $bind['ssl_info'];
- $advanced_bind = $bind['advanced_bind'];
+
+ if($bind['type'] == "http") {
+ // ssl offloading is only possible in http mode.
+ $ssl_info = $bind['ssl_info'];
+ $advanced_bind = $bind['advanced_bind'];
+ } else {
+ $ssl_info = "";
+ $advanced_bind = "";
+ }
// Initialize variable
$listenip = "";
@@ -944,7 +940,7 @@ function haproxy_writeconf($configpath) {
}
}
- // https is an alias for tcp for clarity purpouses
+ // https is an alias for tcp for clarity purposes
if($bind['type'] == "https") {
$backend_type = "tcp";
} else {
@@ -984,16 +980,13 @@ function haproxy_writeconf($configpath) {
foreach ($bind['config'] as $frontend) {
$a_acl = get_frontend_acls($frontend);
- $poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']);
-
- // Create different pools if the svrport is set
- if ($frontend['svrport'] > 0)
- $poolname .= "_" . $frontend['svrport'];
+ $poolname = $frontend['backend_serverpool'] . "_" . strtolower($bind['type']);
if (!isset($a_pendingpl[$poolname])) {
$a_pendingpl[$poolname] = array();
$a_pendingpl[$poolname]['name'] = $poolname;
- $a_pendingpl[$poolname]['frontend'] = $frontend;
+ $a_pendingpl[$poolname]['backend'] = $frontend['backend_serverpool'];
+ $a_pendingpl[$poolname]['frontend'] = $bind;
}
// Write this out once, and must be before any backend config text
@@ -1044,7 +1037,7 @@ function haproxy_writeconf($configpath) {
if (is_array($a_pendingpl) && is_array($a_backends)) {
foreach ($a_pendingpl as $pending) {
foreach ($a_backends as $pool) {
- if ($pending['frontend']['backend_serverpool'] == $pool['name']) {
+ if ($pending['backend'] == $pool['name']) {
write_backend($fd, $pending['name'], $pool, $pending['frontend']);
}
}
@@ -1339,7 +1332,7 @@ function get_primaryfrontend($frontend) {
function get_frontend_ipport($frontend,$userfriendly=false) {
$mainfrontend = get_primaryfrontend($frontend);
- $result = haproxy_interface_ip($mainfrontend['extaddr'],$userfriendly);
+ $result = haproxy_interface_ip($mainfrontend['extaddr'], $userfriendly);
if ($userfriendly and is_ipaddrv6($result))
$result = "[{$result}]";
return $result . ":" . $mainfrontend['port'];
@@ -1393,6 +1386,7 @@ function get_haproxy_frontends($excludeitem="") {
}
function get_frontend_acls($frontend) {
+ $mainfrontend = get_primaryfrontend($frontend);
$result = array();
$a_acl = &$frontend['ha_acls']['item'];
if (is_array($a_acl))
@@ -1403,7 +1397,7 @@ function get_frontend_acls($frontend) {
continue;
// Filter out acls for different modes
- if ($acl['mode'] != '' && $acl['mode'] != strtolower($frontend['type']))
+ if ($acl['mode'] != '' && $acl['mode'] != strtolower($mainfrontend['type']))
continue;
$acl_item = array();
@@ -1414,7 +1408,6 @@ function get_frontend_acls($frontend) {
}
}
- $mainfrontend = get_primaryfrontend($frontend);
if (strtolower($mainfrontend['type']) == "http" && $mainfrontend['ssloffload']) {
$a_acl = &$frontend['ha_acls']['item'];
if(!is_array($a_acl))
@@ -1435,17 +1428,15 @@ function get_frontend_acls($frontend) {
if ($frontend['ssloffloadacladditional']){
$certs = $frontend['ha_certificates']['item'];
if (is_array($certs)){
- if (count($certs) > 0){
- foreach($certs as $certref){
- $cert = lookup_cert($certref['ssl_certificate']);
- $cert_cn = cert_get_cn($cert['crt']);
- $descr = haproxy_escape_acl_name($cert['descr']);
- unset($cert);
- $acl_item = array();
- $acl_item['descr'] = "Additional certificate ACLs: ".$cert_cn;
- $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
- $result[] = $acl_item;
- }
+ foreach($certs as $certref){
+ $cert = lookup_cert($certref['ssl_certificate']);
+ $cert_cn = cert_get_cn($cert['crt']);
+ $descr = haproxy_escape_acl_name($cert['descr']);
+ unset($cert);
+ $acl_item = array();
+ $acl_item['descr'] = "Additional certificate ACLs: ".$cert_cn;
+ $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
+ $result[] = $acl_item;
}
}
}
@@ -1456,11 +1447,12 @@ function get_frontend_acls($frontend) {
function get_backend($name) {
global $config;
$a_backend = &$config['installedpackages']['haproxy']['ha_pools']['item'];
- foreach($a_backend as $key => $backend)
- {
- if ($backend['name'] == $name)
- return $backend;
- }
+ if(is_array($a_backend))
+ foreach($a_backend as $key => $backend)
+ {
+ if ($backend['name'] == $name)
+ return $backend;
+ }
return null;
}
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php
index b259c6fb..cbb263c5 100644
--- a/config/haproxy-devel/haproxy_listeners.php
+++ b/config/haproxy-devel/haproxy_listeners.php
@@ -123,8 +123,10 @@ include("head.inc");
$a_frontend_grouped = array();
foreach($a_frontend as &$frontend2) {
+ $mainfrontend = get_primaryfrontend($frontend2);
$ipport = get_frontend_ipport($frontend2, true);
$frontend2['ipport'] = $ipport;
+ $frontend2['type'] = $mainfrontend['type'];
$a_frontend_grouped[$ipport][] = $frontend2;
}
ksort($a_frontend_grouped);
@@ -181,11 +183,13 @@ include("head.inc");
$backend_serverpool = $frontend['backend_serverpool'];
$backend = get_backend($backend_serverpool );
- $servers = $backend['ha_servers']['item'];
- $backend_serverpool_hint = gettext("Servers in pool:");
- if (is_array($servers)){
- foreach($servers as $server){
- $backend_serverpool_hint .= "\n".$server['address'].":".$server['port'];
+ if ($backend && is_array($backend['ha_servers']['item'])){
+ $servers = $backend['ha_servers']['item'];
+ $backend_serverpool_hint = gettext("Servers in pool:");
+ if (is_array($servers)){
+ foreach($servers as $server){
+ $backend_serverpool_hint .= "\n".$server['address'].":".$server['port'];
+ }
}
}
?>