diff options
-rw-r--r-- | config/haproxy-devel/haproxy.inc | 24 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy.xml | 5 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_listeners.php | 3 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_stats.php | 71 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_templates.php | 220 | ||||
-rw-r--r-- | config/haproxy-devel/pkg_haproxy_tabs.inc | 1 | ||||
-rw-r--r-- | pkg_config.10.xml | 2 | ||||
-rw-r--r-- | pkg_config.8.xml | 2 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
9 files changed, 254 insertions, 76 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index fd086cfc..950d5f5b 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -630,7 +630,7 @@ function haproxy_find_acl($name) { function write_backend($configpath, $fd, $name, $pool, $frontend) { if(!is_array($pool['ha_servers']['item']) && !$pool['stats_enabled']=='yes') return; - global $a_checktypes, $a_cookiemode, $a_files, $a_error; + global $a_checktypes, $a_cookiemode, $a_files_cache, $a_error; $a_servers = &$pool['ha_servers']['item']; $frontendtype = $frontend['type']; @@ -696,13 +696,13 @@ function write_backend($configpath, $fd, $name, $pool, $frontend) { if (is_arrayset($pool,'errorfiles','item')) { foreach($pool['errorfiles']['item'] as $errorfile) { - if (!is_array($a_files))// load only once - $a_files = haproxy_get_fileslist(); + if (!is_array($a_files_cache))// load only once + $a_files_cache = haproxy_get_fileslist(); $file = $errorfile['errorfile']; $errorcodes = explode(",",$errorfile['errorcode']); foreach($errorcodes as $errorcode) { $filename = "$configpath/errorfile_{$name}_{$errorcode}_{$file}"; - $content = base64_decode($a_files[$file]['content']); + $content = base64_decode($a_files_cache[$file]['content']); $content = str_replace('{errormsg}', $a_error[$errorcode]['descr'], $content); $content = str_replace('{errorcode}', $errorcode, $content); file_put_contents($filename, $content); @@ -1285,6 +1285,7 @@ function haproxy_writeconf($configpath) { $a_acl_combine[$name][] = $entry['ref']; } + $config_usebackend = ""; foreach ($a_acl_combine as $a_usebackend) { $aclnames = ""; foreach ($a_usebackend as $entry) { @@ -1308,7 +1309,7 @@ function haproxy_writeconf($configpath) { $aclname = $i . "_" . $entry['name']; $aclnames .= $aclname." "; - fwrite ($fd, "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n"); + $config_usebackend .= "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n"; if ($acl['inspect-delay'] != '') $inspectdelay = $acl['inspect-delay']; @@ -1317,16 +1318,19 @@ function haproxy_writeconf($configpath) { $advancedextra[$acl['syntax']] = $acl['advancedoptions']."\n"; $i++; } - fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n"); + $config_usebackend .= "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n"; } } - if ($default_backend) - fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n"); - if ($inspectdelay > 0) fwrite ($fd, "\ttcp-request inspect-delay\t" . $inspectdelay . "\n"); foreach($advancedextra as $extra) fwrite ($fd, "\t".$extra."\n"); + + fwrite ($fd, $config_usebackend); + + if ($default_backend) + fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n"); + fwrite ($fd, "\n"); } } @@ -1755,7 +1759,7 @@ function haproxy_check_config() { foreach($ipports as $ipport) { $id = "{$ipport['addr']}:{$ipport['port']}"; if (isset($activefrontends[$id])) - $issues['P_'.$id] = "Multiple primary frontends with IP:Port \"$id\""; + $issues['P_'.$id] = "Multiple primary frontends with IP:Port \"$id\", use Shared-Frontends instead."; else $activefrontends[$id] = true; } diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml index 6156c174..da2b4648 100644 --- a/config/haproxy-devel/haproxy.xml +++ b/config/haproxy-devel/haproxy.xml @@ -108,6 +108,11 @@ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_stats.php</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_templates.php</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_socketinfo.inc</item> diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index 8105345e..301dd253 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -184,8 +184,9 @@ include("head.inc"); if ($isadvset) echo "<img src=\"$img_adv\" title=\"" . gettext("Advanced settings set") . ": {$isadvset}\" border=\"0\" />"; + $backend_serverpool_hint = ""; $backend_serverpool = $frontend['backend_serverpool']; - $backend = get_backend($backend_serverpool ); + $backend = get_backend($backend_serverpool); if ($backend && is_array($backend['ha_servers']) && is_array($backend['ha_servers']['item'])){ $servers = $backend['ha_servers']['item']; $backend_serverpool_hint = gettext("Servers in pool:"); diff --git a/config/haproxy-devel/haproxy_stats.php b/config/haproxy-devel/haproxy_stats.php index 10dd136a..302793b6 100644 --- a/config/haproxy-devel/haproxy_stats.php +++ b/config/haproxy-devel/haproxy_stats.php @@ -32,6 +32,10 @@ require_once("haproxy_socketinfo.inc"); $pconfig = $config['installedpackages']['haproxy']; if (isset($_GET['haproxystats']) || isset($_GET['scope']) || (isset($_POST) && isset($_POST['action']))){ + if (!(isset($pconfig['enable']) && $pconfig['localstatsport'] && is_numeric($pconfig['localstatsport']))){ + print 'In the "Settings" configure a internal stats port and enable haproxy for this to be functional. Also make sure the service is running.'; + return; + } $fail = false; try{ $request = ""; @@ -79,48 +83,6 @@ if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { } $a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; -function haproxy_add_stats_example() { - global $config, $d_haproxyconfdirty_path; - $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; - $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item']; - $webcert = haproxy_find_create_certificate("HAProxy stats default"); - - $backend = array(); - $backend["name"] = "HAProxy_stats_ssl_backend"; - $backend["stats_enabled"] = "yes"; - $backend["stats_uri"] = "/"; - $backend["stats_refresh"] = "10"; - $a_backends[] = $backend; - $changecount++; - - $frontend = array(); - $frontend["name"] = "HAProxy_stats_ssl_frontend"; - $frontend["status"] = "active"; - $frontend["type"] = "http"; - $frontend["port"] = "444"; - $frontend["extaddr"] = "lan_ipv4"; - $frontend["ssloffload"] = "yes"; - $frontend["ssloffloadcert"] = $webcert['refid']; - $frontend["backend_serverpool"] = $backend["name"]; - $a_frontends[] = $frontend; - $changecount++; - $changedesc = "add new HAProxy stats example"; - - if ($changecount > 0) { - echo "touching: $d_haproxyconfdirty_path"; - touch($d_haproxyconfdirty_path); - write_config($changedesc); - } -} - -if (isset($_GET['add_stats_example'])) { - haproxy_add_stats_example(); - write_config(); - touch($d_haproxyconfdirty_path); - header("Location: haproxy_listeners.php"); - exit; -} - if ($_POST) { if ($_POST['apply']) { $result = haproxy_check_and_run($savemsg, true); @@ -177,31 +139,16 @@ echo "</td>"; <br/> As the page is forwarded through the pfSense gui, this might cause some functionality to not work.<br/> Though the normal haproxy stats page can be tweaked more, and doesn't use a user/pass from pfSense itself.<br/> - Some examples are configurable automatic page refresh,<br/> - only showing certain servers, not providing admin options, and can be accessed from wherever the associated frontend is accessible.(as long as rules permit access)<br/> - To use this or for simply an example how to use SSL-offloading configure stats on either a real backend while utilizing the 'stats uri'. - Or create a backend specifically for serving stats, for that you can start with the 'stats example' template below.<br/> + Some examples are configurable automatic page refresh, only showing certain servers, not providing admin options,<br/> + and can be accessed from wherever the associated frontend is accessible.(as long as rules permit access)<br/> + To use this or for simply an example how to use SSL-offloading configure stats on either a real backend while utilizing the 'stats uri'.<br/> + Or create a backend specifically for serving stats, for that you can start with the 'stats example' from the template tab.<br/> </td> </tr> <tr> <td> </td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic">Stats example template</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Example</td> - <td class="vtable"> - As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.<br/> - <a href="haproxy_stats.php?add_stats_example=1">TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl</a><br/> - <br/> - After applying the changes made by the template use this link to visit the stats page: <a target="_blank" href="https://<?=get_interface_ip("lan");?>:444">https://pfSense-LAN-ip:444/</a> - </td> - </tr> - <tr> - <td> </td> - </tr> - <tr> <td colspan="2" valign="top" class="listtopic">HAProxy stick-tables</td> </tr> <tr> @@ -241,7 +188,7 @@ echo "</td>"; <iframe id="frame_haproxy_stats" width="1000px" height="1500px" seamless=1 src="/haproxy_stats.php?haproxystats=1<?=$request;?>"></iframe> <? } else { ?> <br/> - In the "Settings" configure a internal stats port and enable haproxy for this to be functional.<br/> + In the "Settings" configure a internal stats port and enable haproxy for this to be functional. Also make sure the service is running.<br/> <br/> <? } ?> <?}?> diff --git a/config/haproxy-devel/haproxy_templates.php b/config/haproxy-devel/haproxy_templates.php new file mode 100644 index 00000000..478c83a3 --- /dev/null +++ b/config/haproxy-devel/haproxy_templates.php @@ -0,0 +1,220 @@ +<?php +/* + haproxy_templates.php + part of pfSense (https://www.pfsense.org/) + Copyright (C) 2014 PiBa-NL + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("authgui.inc"); +require_once("config.inc"); + +$pconfig = $config['installedpackages']['haproxy']; +require_once("guiconfig.inc"); +$shortcut_section = "haproxy"; +require_once("haproxy.inc"); +require_once("certs.inc"); +require_once("haproxy_utils.inc"); +require_once("pkg_haproxy_tabs.inc"); + +if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { + $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); +} +$a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; + +function haproxy_add_stats_example() { + global $config, $d_haproxyconfdirty_path; + $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; + $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $webcert = haproxy_find_create_certificate("HAProxy stats default"); + + $backend = array(); + $backend["name"] = "HAProxy_stats_ssl_backend"; + $backend["stats_enabled"] = "yes"; + $backend["stats_uri"] = "/"; + $backend["stats_refresh"] = "10"; + $a_backends[] = $backend; + $changecount++; + + $frontend = array(); + $frontend["name"] = "HAProxy_stats_ssl_frontend"; + $frontend["status"] = "active"; + $frontend["type"] = "http"; + $frontend["a_extaddr"]["item"]["stats_name"]["extaddr"] = "lan_ipv4"; + $frontend["a_extaddr"]["item"]["stats_name"]["extaddr_port"] = "444"; + $frontend["a_extaddr"]["item"]["stats_name"]["extaddr_ssl"] = "yes"; + $frontend["ssloffloadcert"] = $webcert['refid']; + $frontend["backend_serverpool"] = $backend["name"]; + $a_frontends[] = $frontend; + $changecount++; + $changedesc = "add new HAProxy stats example"; + + if ($changecount > 0) { + header("Location: haproxy_listeners.php"); + echo "touching: $d_haproxyconfdirty_path"; + touch($d_haproxyconfdirty_path); + write_config($changedesc); + exit; + } +} + +function template_errorfile() { + global $config, $d_haproxyconfdirty_path, $savemsg; + + $a_files = &$config['installedpackages']['haproxy']['files']['item']; + if (!is_array($a_files)) $a_files = array(); + + $a_files_cache = haproxy_get_fileslist(); + if (!isset($a_files_cache["ExampleErrorfile"])) { + $errorfile = <<<EOD +HTTP/1.0 503 Service Unavailable +Cache-Control: no-cache +Connection: close +Content-Type: text/html + +<html> + <head> + <title>Sorry the webserver you are trying to contact is currently not available.</title> + </head> + <body style="font-family:Arial,Helvetica,sans-serif;"> + <div style="margin: 0 auto; width: 960px;"> + <h2>Sorry the webserver you are trying to contact is currently not available.</h2> + </div> +The error returned is [<i>{errorcode} {errormsg}</i>] please try again later. + </body> +</html> +EOD; + $newfile = array(); + $newfile['name'] = "ExampleErrorfile"; + $newfile['content'] = base64_encode($errorfile); + $a_files[] = $newfile; + $changecount++; + $changedesc = "Errorfile added from template"; + } else { + $savemsg = "File 'ExampleErrorfile' is already configured on the Files tab."; + } + + if ($changecount > 0) { + header("Location: haproxy_files.php"); + echo "touching: $d_haproxyconfdirty_path"; + touch($d_haproxyconfdirty_path); + write_config($changedesc); + exit; + } +} + +if (isset($_GET['add_stats_example'])) { + $templateid = $_GET['add_stats_example']; + switch ($templateid) { + case "1": + haproxy_add_stats_example(); + break; + case "2": + template_errorfile(); + break; + } +} + +if ($_POST) { + if ($_POST['apply']) { + $result = haproxy_check_and_run($savemsg, true); + if ($result) + unlink_if_exists($d_haproxyconfdirty_path); + } +} + +$pgtitle = "Services: HAProxy: Templates"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="haproxy_templates.php" method="post"> +<?php if($one_two): ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php endif; ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_haproxyconfdirty_path)): ?> +<?php print_info_box_np("The haproxy configuration has been changed.<br/>You must apply the changes in order for them to take effect.");?><br/> +<?php endif; ?> +</form> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> + <?php + haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "templates"); + ?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" height="100%" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Templates</td> + </tr> + <tr> + <td colspan="2">This page contains some templates that can be added into the haproxy configuration to possible ways to configure haproxy using this the webgui from this package.</td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Stats SSL frontent+backend</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> + <a href="haproxy_templates.php?add_stats_example=1">Create configuration</a> + </td> + <td class="vtable"> + As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.<br/> + TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl<br/> + <br/> + After applying the changes made by the template use this link to visit the stats page: <a target="_blank" href="https://<?=get_interface_ip("lan");?>:444">https://pfSense-LAN-ip:444/</a> + </td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Errorfile</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> + <a href="haproxy_templates.php?add_stats_example=2">Create configuration</a> + </td> + <td class="vtable"> + As an basic example of an errorfile with name 'ExampleErrorfile' will be added if it does not exist. + This file can then be used in the 'Error files' in the backend settings. + </td> + </tr> + <tr> + <td> </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/haproxy-devel/pkg_haproxy_tabs.inc b/config/haproxy-devel/pkg_haproxy_tabs.inc index f49d2b67..a74ee20a 100644 --- a/config/haproxy-devel/pkg_haproxy_tabs.inc +++ b/config/haproxy-devel/pkg_haproxy_tabs.inc @@ -15,6 +15,7 @@ $haproxy_tab_array['haproxy']['backend'] = Array(name => "Backend", url => "hapr $haproxy_tab_array['haproxy']['files'] = Array(name => "Files", url => "haproxy_files.php"); $haproxy_tab_array['haproxy']['stats'] = Array(name => "Stats", url => "haproxy_stats.php"); $haproxy_tab_array['haproxy']['statsfs'] = Array(name => "Stats FS", url => "haproxy_stats.php?haproxystats=1"); +$haproxy_tab_array['haproxy']['templates'] = Array(name => "Templates", url => "haproxy_templates.php"); function haproxy_display_top_tabs_active($top_tabs, $activetab) { $tab_array = array(); diff --git a/pkg_config.10.xml b/pkg_config.10.xml index b44be67b..e3c9d63a 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -153,7 +153,7 @@ Supports ACLs for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5.9 pkg v 0.13</version> + <version>1.5.9 pkg v 0.14</version> <status>Release</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 16034af2..da3a797b 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -166,7 +166,7 @@ Supports ACLs for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5.3 pkg v 0.13</version> + <version>1.5.3 pkg v 0.14</version> <status>Release</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 1b4ab8d9..368f2bc2 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -153,7 +153,7 @@ Supports ACLs for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5.3 pkg v 0.13</version> + <version>1.5.3 pkg v 0.14</version> <status>Release</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> |