aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/haproxy-devel/haproxy.inc24
-rw-r--r--config/haproxy-devel/haproxy.xml5
-rw-r--r--config/haproxy-devel/haproxy_listeners.php3
-rw-r--r--config/haproxy-devel/haproxy_stats.php71
-rw-r--r--config/haproxy-devel/haproxy_templates.php220
-rw-r--r--config/haproxy-devel/pkg_haproxy_tabs.inc1
-rw-r--r--pkg_config.10.xml2
-rw-r--r--pkg_config.8.xml2
-rw-r--r--pkg_config.8.xml.amd642
9 files changed, 254 insertions, 76 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index fd086cfc..950d5f5b 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -630,7 +630,7 @@ function haproxy_find_acl($name) {
function write_backend($configpath, $fd, $name, $pool, $frontend) {
if(!is_array($pool['ha_servers']['item']) && !$pool['stats_enabled']=='yes')
return;
- global $a_checktypes, $a_cookiemode, $a_files, $a_error;
+ global $a_checktypes, $a_cookiemode, $a_files_cache, $a_error;
$a_servers = &$pool['ha_servers']['item'];
$frontendtype = $frontend['type'];
@@ -696,13 +696,13 @@ function write_backend($configpath, $fd, $name, $pool, $frontend) {
if (is_arrayset($pool,'errorfiles','item')) {
foreach($pool['errorfiles']['item'] as $errorfile) {
- if (!is_array($a_files))// load only once
- $a_files = haproxy_get_fileslist();
+ if (!is_array($a_files_cache))// load only once
+ $a_files_cache = haproxy_get_fileslist();
$file = $errorfile['errorfile'];
$errorcodes = explode(",",$errorfile['errorcode']);
foreach($errorcodes as $errorcode) {
$filename = "$configpath/errorfile_{$name}_{$errorcode}_{$file}";
- $content = base64_decode($a_files[$file]['content']);
+ $content = base64_decode($a_files_cache[$file]['content']);
$content = str_replace('{errormsg}', $a_error[$errorcode]['descr'], $content);
$content = str_replace('{errorcode}', $errorcode, $content);
file_put_contents($filename, $content);
@@ -1285,6 +1285,7 @@ function haproxy_writeconf($configpath) {
$a_acl_combine[$name][] = $entry['ref'];
}
+ $config_usebackend = "";
foreach ($a_acl_combine as $a_usebackend) {
$aclnames = "";
foreach ($a_usebackend as $entry) {
@@ -1308,7 +1309,7 @@ function haproxy_writeconf($configpath) {
$aclname = $i . "_" . $entry['name'];
$aclnames .= $aclname." ";
- fwrite ($fd, "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n");
+ $config_usebackend .= "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n";
if ($acl['inspect-delay'] != '')
$inspectdelay = $acl['inspect-delay'];
@@ -1317,16 +1318,19 @@ function haproxy_writeconf($configpath) {
$advancedextra[$acl['syntax']] = $acl['advancedoptions']."\n";
$i++;
}
- fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n");
+ $config_usebackend .= "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n";
}
}
- if ($default_backend)
- fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n");
-
if ($inspectdelay > 0)
fwrite ($fd, "\ttcp-request inspect-delay\t" . $inspectdelay . "\n");
foreach($advancedextra as $extra)
fwrite ($fd, "\t".$extra."\n");
+
+ fwrite ($fd, $config_usebackend);
+
+ if ($default_backend)
+ fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n");
+
fwrite ($fd, "\n");
}
}
@@ -1755,7 +1759,7 @@ function haproxy_check_config() {
foreach($ipports as $ipport) {
$id = "{$ipport['addr']}:{$ipport['port']}";
if (isset($activefrontends[$id]))
- $issues['P_'.$id] = "Multiple primary frontends with IP:Port \"$id\"";
+ $issues['P_'.$id] = "Multiple primary frontends with IP:Port \"$id\", use Shared-Frontends instead.";
else
$activefrontends[$id] = true;
}
diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml
index 6156c174..da2b4648 100644
--- a/config/haproxy-devel/haproxy.xml
+++ b/config/haproxy-devel/haproxy.xml
@@ -108,6 +108,11 @@
<item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_stats.php</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_templates.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_socketinfo.inc</item>
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php
index 8105345e..301dd253 100644
--- a/config/haproxy-devel/haproxy_listeners.php
+++ b/config/haproxy-devel/haproxy_listeners.php
@@ -184,8 +184,9 @@ include("head.inc");
if ($isadvset)
echo "<img src=\"$img_adv\" title=\"" . gettext("Advanced settings set") . ": {$isadvset}\" border=\"0\" />";
+ $backend_serverpool_hint = "";
$backend_serverpool = $frontend['backend_serverpool'];
- $backend = get_backend($backend_serverpool );
+ $backend = get_backend($backend_serverpool);
if ($backend && is_array($backend['ha_servers']) && is_array($backend['ha_servers']['item'])){
$servers = $backend['ha_servers']['item'];
$backend_serverpool_hint = gettext("Servers in pool:");
diff --git a/config/haproxy-devel/haproxy_stats.php b/config/haproxy-devel/haproxy_stats.php
index 10dd136a..302793b6 100644
--- a/config/haproxy-devel/haproxy_stats.php
+++ b/config/haproxy-devel/haproxy_stats.php
@@ -32,6 +32,10 @@ require_once("haproxy_socketinfo.inc");
$pconfig = $config['installedpackages']['haproxy'];
if (isset($_GET['haproxystats']) || isset($_GET['scope']) || (isset($_POST) && isset($_POST['action']))){
+ if (!(isset($pconfig['enable']) && $pconfig['localstatsport'] && is_numeric($pconfig['localstatsport']))){
+ print 'In the "Settings" configure a internal stats port and enable haproxy for this to be functional. Also make sure the service is running.';
+ return;
+ }
$fail = false;
try{
$request = "";
@@ -79,48 +83,6 @@ if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) {
}
$a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item'];
-function haproxy_add_stats_example() {
- global $config, $d_haproxyconfdirty_path;
- $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item'];
- $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item'];
- $webcert = haproxy_find_create_certificate("HAProxy stats default");
-
- $backend = array();
- $backend["name"] = "HAProxy_stats_ssl_backend";
- $backend["stats_enabled"] = "yes";
- $backend["stats_uri"] = "/";
- $backend["stats_refresh"] = "10";
- $a_backends[] = $backend;
- $changecount++;
-
- $frontend = array();
- $frontend["name"] = "HAProxy_stats_ssl_frontend";
- $frontend["status"] = "active";
- $frontend["type"] = "http";
- $frontend["port"] = "444";
- $frontend["extaddr"] = "lan_ipv4";
- $frontend["ssloffload"] = "yes";
- $frontend["ssloffloadcert"] = $webcert['refid'];
- $frontend["backend_serverpool"] = $backend["name"];
- $a_frontends[] = $frontend;
- $changecount++;
- $changedesc = "add new HAProxy stats example";
-
- if ($changecount > 0) {
- echo "touching: $d_haproxyconfdirty_path";
- touch($d_haproxyconfdirty_path);
- write_config($changedesc);
- }
-}
-
-if (isset($_GET['add_stats_example'])) {
- haproxy_add_stats_example();
- write_config();
- touch($d_haproxyconfdirty_path);
- header("Location: haproxy_listeners.php");
- exit;
-}
-
if ($_POST) {
if ($_POST['apply']) {
$result = haproxy_check_and_run($savemsg, true);
@@ -177,31 +139,16 @@ echo "</td>";
<br/>
As the page is forwarded through the pfSense gui, this might cause some functionality to not work.<br/>
Though the normal haproxy stats page can be tweaked more, and doesn't use a user/pass from pfSense itself.<br/>
- Some examples are configurable automatic page refresh,<br/>
- only showing certain servers, not providing admin options, and can be accessed from wherever the associated frontend is accessible.(as long as rules permit access)<br/>
- To use this or for simply an example how to use SSL-offloading configure stats on either a real backend while utilizing the 'stats uri'.
- Or create a backend specifically for serving stats, for that you can start with the 'stats example' template below.<br/>
+ Some examples are configurable automatic page refresh, only showing certain servers, not providing admin options,<br/>
+ and can be accessed from wherever the associated frontend is accessible.(as long as rules permit access)<br/>
+ To use this or for simply an example how to use SSL-offloading configure stats on either a real backend while utilizing the 'stats uri'.<br/>
+ Or create a backend specifically for serving stats, for that you can start with the 'stats example' from the template tab.<br/>
</td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic">Stats example template</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">Example</td>
- <td class="vtable">
- As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.<br/>
- <a href="haproxy_stats.php?add_stats_example=1">TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl</a><br/>
- <br/>
- After applying the changes made by the template use this link to visit the stats page: <a target="_blank" href="https://<?=get_interface_ip("lan");?>:444">https://pfSense-LAN-ip:444/</a>
- </td>
- </tr>
- <tr>
- <td>&nbsp;</td>
- </tr>
- <tr>
<td colspan="2" valign="top" class="listtopic">HAProxy stick-tables</td>
</tr>
<tr>
@@ -241,7 +188,7 @@ echo "</td>";
<iframe id="frame_haproxy_stats" width="1000px" height="1500px" seamless=1 src="/haproxy_stats.php?haproxystats=1<?=$request;?>"></iframe>
<? } else { ?>
<br/>
- In the "Settings" configure a internal stats port and enable haproxy for this to be functional.<br/>
+ In the "Settings" configure a internal stats port and enable haproxy for this to be functional. Also make sure the service is running.<br/>
<br/>
<? } ?>
<?}?>
diff --git a/config/haproxy-devel/haproxy_templates.php b/config/haproxy-devel/haproxy_templates.php
new file mode 100644
index 00000000..478c83a3
--- /dev/null
+++ b/config/haproxy-devel/haproxy_templates.php
@@ -0,0 +1,220 @@
+<?php
+/*
+ haproxy_templates.php
+ part of pfSense (https://www.pfsense.org/)
+ Copyright (C) 2014 PiBa-NL
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+require_once("authgui.inc");
+require_once("config.inc");
+
+$pconfig = $config['installedpackages']['haproxy'];
+require_once("guiconfig.inc");
+$shortcut_section = "haproxy";
+require_once("haproxy.inc");
+require_once("certs.inc");
+require_once("haproxy_utils.inc");
+require_once("pkg_haproxy_tabs.inc");
+
+if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) {
+ $config['installedpackages']['haproxy']['ha_backends']['item'] = array();
+}
+$a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item'];
+
+function haproxy_add_stats_example() {
+ global $config, $d_haproxyconfdirty_path;
+ $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item'];
+ $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item'];
+ $webcert = haproxy_find_create_certificate("HAProxy stats default");
+
+ $backend = array();
+ $backend["name"] = "HAProxy_stats_ssl_backend";
+ $backend["stats_enabled"] = "yes";
+ $backend["stats_uri"] = "/";
+ $backend["stats_refresh"] = "10";
+ $a_backends[] = $backend;
+ $changecount++;
+
+ $frontend = array();
+ $frontend["name"] = "HAProxy_stats_ssl_frontend";
+ $frontend["status"] = "active";
+ $frontend["type"] = "http";
+ $frontend["a_extaddr"]["item"]["stats_name"]["extaddr"] = "lan_ipv4";
+ $frontend["a_extaddr"]["item"]["stats_name"]["extaddr_port"] = "444";
+ $frontend["a_extaddr"]["item"]["stats_name"]["extaddr_ssl"] = "yes";
+ $frontend["ssloffloadcert"] = $webcert['refid'];
+ $frontend["backend_serverpool"] = $backend["name"];
+ $a_frontends[] = $frontend;
+ $changecount++;
+ $changedesc = "add new HAProxy stats example";
+
+ if ($changecount > 0) {
+ header("Location: haproxy_listeners.php");
+ echo "touching: $d_haproxyconfdirty_path";
+ touch($d_haproxyconfdirty_path);
+ write_config($changedesc);
+ exit;
+ }
+}
+
+function template_errorfile() {
+ global $config, $d_haproxyconfdirty_path, $savemsg;
+
+ $a_files = &$config['installedpackages']['haproxy']['files']['item'];
+ if (!is_array($a_files)) $a_files = array();
+
+ $a_files_cache = haproxy_get_fileslist();
+ if (!isset($a_files_cache["ExampleErrorfile"])) {
+ $errorfile = <<<EOD
+HTTP/1.0 503 Service Unavailable
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html>
+ <head>
+ <title>Sorry the webserver you are trying to contact is currently not available.</title>
+ </head>
+ <body style="font-family:Arial,Helvetica,sans-serif;">
+ <div style="margin: 0 auto; width: 960px;">
+ <h2>Sorry the webserver you are trying to contact is currently not available.</h2>
+ </div>
+The error returned is [<i>{errorcode} {errormsg}</i>] please try again later.
+ </body>
+</html>
+EOD;
+ $newfile = array();
+ $newfile['name'] = "ExampleErrorfile";
+ $newfile['content'] = base64_encode($errorfile);
+ $a_files[] = $newfile;
+ $changecount++;
+ $changedesc = "Errorfile added from template";
+ } else {
+ $savemsg = "File 'ExampleErrorfile' is already configured on the Files tab.";
+ }
+
+ if ($changecount > 0) {
+ header("Location: haproxy_files.php");
+ echo "touching: $d_haproxyconfdirty_path";
+ touch($d_haproxyconfdirty_path);
+ write_config($changedesc);
+ exit;
+ }
+}
+
+if (isset($_GET['add_stats_example'])) {
+ $templateid = $_GET['add_stats_example'];
+ switch ($templateid) {
+ case "1":
+ haproxy_add_stats_example();
+ break;
+ case "2":
+ template_errorfile();
+ break;
+ }
+}
+
+if ($_POST) {
+ if ($_POST['apply']) {
+ $result = haproxy_check_and_run($savemsg, true);
+ if ($result)
+ unlink_if_exists($d_haproxyconfdirty_path);
+ }
+}
+
+$pgtitle = "Services: HAProxy: Templates";
+include("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<form action="haproxy_templates.php" method="post">
+<?php if($one_two): ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+<?php endif; ?>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_haproxyconfdirty_path)): ?>
+<?php print_info_box_np("The haproxy configuration has been changed.<br/>You must apply the changes in order for them to take effect.");?><br/>
+<?php endif; ?>
+</form>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+ <?php
+ haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "templates");
+ ?>
+ </td></tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" height="100%" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Templates</td>
+ </tr>
+ <tr>
+ <td colspan="2">This page contains some templates that can be added into the haproxy configuration to possible ways to configure haproxy using this the webgui from this package.</td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Stats SSL frontent+backend</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">
+ <a href="haproxy_templates.php?add_stats_example=1">Create configuration</a>
+ </td>
+ <td class="vtable">
+ As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.<br/>
+ TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl<br/>
+ <br/>
+ After applying the changes made by the template use this link to visit the stats page: <a target="_blank" href="https://<?=get_interface_ip("lan");?>:444">https://pfSense-LAN-ip:444/</a>
+ </td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Errorfile</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">
+ <a href="haproxy_templates.php?add_stats_example=2">Create configuration</a>
+ </td>
+ <td class="vtable">
+ As an basic example of an errorfile with name 'ExampleErrorfile' will be added if it does not exist.
+ This file can then be used in the 'Error files' in the backend settings.
+ </td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/haproxy-devel/pkg_haproxy_tabs.inc b/config/haproxy-devel/pkg_haproxy_tabs.inc
index f49d2b67..a74ee20a 100644
--- a/config/haproxy-devel/pkg_haproxy_tabs.inc
+++ b/config/haproxy-devel/pkg_haproxy_tabs.inc
@@ -15,6 +15,7 @@ $haproxy_tab_array['haproxy']['backend'] = Array(name => "Backend", url => "hapr
$haproxy_tab_array['haproxy']['files'] = Array(name => "Files", url => "haproxy_files.php");
$haproxy_tab_array['haproxy']['stats'] = Array(name => "Stats", url => "haproxy_stats.php");
$haproxy_tab_array['haproxy']['statsfs'] = Array(name => "Stats FS", url => "haproxy_stats.php?haproxystats=1");
+$haproxy_tab_array['haproxy']['templates'] = Array(name => "Templates", url => "haproxy_templates.php");
function haproxy_display_top_tabs_active($top_tabs, $activetab) {
$tab_array = array();
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index b44be67b..e3c9d63a 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -153,7 +153,7 @@
Supports ACLs for smart backend switching.]]></descr>
<website>http://haproxy.1wt.eu/</website>
<category>Services</category>
- <version>1.5.9 pkg v 0.13</version>
+ <version>1.5.9 pkg v 0.14</version>
<status>Release</status>
<required_version>2.2</required_version>
<config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 16034af2..da3a797b 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -166,7 +166,7 @@
Supports ACLs for smart backend switching.]]></descr>
<website>http://haproxy.1wt.eu/</website>
<category>Services</category>
- <version>1.5.3 pkg v 0.13</version>
+ <version>1.5.3 pkg v 0.14</version>
<status>Release</status>
<required_version>2.1</required_version>
<config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 1b4ab8d9..368f2bc2 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -153,7 +153,7 @@
Supports ACLs for smart backend switching.]]></descr>
<website>http://haproxy.1wt.eu/</website>
<category>Services</category>
- <version>1.5.3 pkg v 0.13</version>
+ <version>1.5.3 pkg v 0.14</version>
<status>Release</status>
<required_version>2.1</required_version>
<config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file>