diff options
-rw-r--r-- | config/bandwidthd/bandwidthd.inc | 58 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy.inc | 57 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_listeners.php | 4 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_listeners_edit.php | 447 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_pool_edit.php | 260 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_pools.php | 4 |
6 files changed, 473 insertions, 357 deletions
diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index c0115d81..8821ac76 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -228,14 +228,41 @@ EOD; $bandwidthd_nano_dir = "/var/bandwidthd"; $bandwidthd_htdocs_dir = $bandwidthd_nano_dir . "/htdocs"; $rc['start'] = <<<EOD -/bin/mkdir -p {$bandwidthd_nano_dir} -/bin/mkdir -p {$bandwidthd_htdocs_dir} -/bin/ln -s {$bandwidthd_base_dir}/bandwidthd {$bandwidthd_nano_dir}/bandwidthd -/bin/ln -s {$bandwidthd_config_dir} {$bandwidthd_nano_dir}/etc +if [ ! -d "{$bandwidthd_nano_dir}" ] ; then + if [ -e "{$bandwidthd_nano_dir}" ] ; then + /bin/rm -f {$bandwidthd_nano_dir} + fi + /bin/mkdir -p {$bandwidthd_nano_dir} +fi +if [ ! -d "{$bandwidthd_htdocs_dir}" ] ; then + if [ -e "{$bandwidthd_htdocs_dir}" ] ; then + /bin/rm -f {$bandwidthd_htdocs_dir} + fi + /bin/mkdir -p {$bandwidthd_htdocs_dir} +fi +if [ ! -L "{$bandwidthd_nano_dir}/bandwidthd" ] ; then + if [ -e "{$bandwidthd_nano_dir}/bandwidthd" ] ; then + /bin/rm -Rf {$bandwidthd_nano_dir}/bandwidthd + fi + /bin/ln -s {$bandwidthd_base_dir}/bandwidthd {$bandwidthd_nano_dir}/bandwidthd +fi +if [ ! -L "{$bandwidthd_nano_dir}/etc" ] ; then + if [ -e "{$bandwidthd_nano_dir}/etc" ] ; then + /bin/rm -Rf {$bandwidthd_nano_dir}/etc + fi + /bin/ln -s {$bandwidthd_config_dir} {$bandwidthd_nano_dir}/etc +fi + cd {$bandwidthd_nano_dir} {$bandwidthd_nano_dir}/bandwidthd cd - EOD; + if (!is_dir($bandwidthd_nano_dir)) { + if (file_exists($bandwidthd_nano_dir)) { + unlink($bandwidthd_nano_dir); + } + mkdir($bandwidthd_nano_dir); + } } else { $bandwidthd_htdocs_dir = $bandwidthd_base_dir . "/htdocs"; $rc['start'] = <<<EOD @@ -246,16 +273,29 @@ EOD; /* write out rc.d start/stop file */ write_rcfile($rc); - exec("/bin/rm /usr/local/www/bandwidthd"); - exec("/bin/ln -s " . $bandwidthd_htdocs_dir . " /usr/local/www/bandwidthd"); - exec("echo \"Please start bandwidthd to populate this directory.\" > " . $bandwidthd_htdocs_dir . "/index.html"); + if (!is_dir($bandwidthd_htdocs_dir)) { + if (file_exists($bandwidthd_htdocs_dir)) { + unlink($bandwidthd_htdocs_dir); + } + mkdir($bandwidthd_htdocs_dir); + } + $bandwidthd_www_link = $g["www_path"] . "/bandwidthd"; + if (!is_link($bandwidthd_www_link)) { + if (file_exists($bandwidthd_www_link)) { + // It is a file and not a link - clean it up. + unlink($bandwidthd_www_link); + } + symlink($bandwidthd_htdocs_dir, $bandwidthd_www_link); + } + $bandwidthd_index_file = $bandwidthd_htdocs_dir . "/index.html"; + if (!file_exists($bandwidthd_index_file)) { + exec("echo \"Please start bandwidthd to populate this directory.\" > " . $bandwidthd_index_file); + } conf_mount_ro(); config_unlock(); - stop_service("bandwidthd"); start_service("bandwidthd"); - } ?> diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index ab56f34c..05264c87 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -61,8 +61,7 @@ $a_acltypes[] = array('name' => 'path_contains', 'descr' => 'Path contains', 'mode' => 'http', 'syntax' => 'path_dir -i'); $a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP', 'mode' => '', 'syntax' => 'src'); -if ($haproxy_sni_ssloffloading) -{ +if ($haproxy_sni_ssloffloading) { $a_acltypes[] = array('name' => 'ssl_sni_matches', 'descr' => 'Server Name Indication TLS extension matches', 'mode' => 'https', 'syntax' => 'req_ssl_sni -i', 'advancedoptions' => "tcp-request inspect-delay 5s\r\ntcp-request content accept if { req_ssl_hello_type 1 }"); } @@ -341,34 +340,34 @@ function write_backend($fd, $name, $pool, $frontend) { fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n"); - if($frontend['balance']) - fwrite ($fd, "\tbalance\t\t\t" . $frontend['balance'] . "\n"); + if($pool['balance']) + fwrite ($fd, "\tbalance\t\t\t" . $pool['balance'] . "\n"); - if($frontend['connection_timeout']) - fwrite ($fd, "\tcontimeout\t\t" . $frontend['connection_timeout'] . "\n"); + if($pool['connection_timeout']) + fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); - if($frontend['server_timeout']) - fwrite ($fd, "\tsrvtimeout\t\t" . $frontend['server_timeout'] . "\n"); + if($pool['server_timeout']) + fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); - if($frontend['retries']) - fwrite ($fd, "\tretries\t\t\t" . $frontend['retries'] . "\n"); + if($pool['retries']) + fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n"); - if($frontend['stats_enabled']=='yes') { + if($pool['stats_enabled']=='yes') { fwrite ($fd, "\tstats\t\t\tenable\n"); - if($frontend['stats_uri']) - fwrite ($fd, "\tstats\t\t\turi ".$frontend['stats_uri']."\n"); - if($frontend['stats_realm']) - fwrite ($fd, "\tstats\t\t\trealm " . $frontend['stats_realm'] . "\n"); + if($pool['stats_uri']) + fwrite ($fd, "\tstats\t\t\turi ".$pool['stats_uri']."\n"); + if($pool['stats_realm']) + fwrite ($fd, "\tstats\t\t\trealm " . $pool['stats_realm'] . "\n"); else fwrite ($fd, "\tstats\t\t\trealm .\n"); - fwrite ($fd, "\tstats\t\t\tauth " . $frontend['stats_username'].":". $frontend['stats_password']."\n"); + fwrite ($fd, "\tstats\t\t\tauth " . $pool['stats_username'].":". $pool['stats_password']."\n"); - if($frontend['stats_node_enabled']=='yes') - fwrite ($fd, "\tstats\t\t\tshow-node " . $frontend['stats_node'] . "\n"); - if($frontend['stats_desc']) - fwrite ($fd, "\tstats\t\t\tshow-desc " . $frontend['stats_desc'] . "\n"); - if($frontend['stats_refresh']) - fwrite ($fd, "\tstats\t\t\trefresh " . $frontend['stats_refresh'] . "\n"); + if($pool['stats_node_enabled']=='yes') + fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n"); + if($pool['stats_desc']) + fwrite ($fd, "\tstats\t\t\tshow-desc " . $pool['stats_desc'] . "\n"); + if($pool['stats_refresh']) + fwrite ($fd, "\tstats\t\t\trefresh " . $pool['stats_refresh'] . "\n"); } $uri = $pool['monitor_uri']; @@ -397,15 +396,6 @@ function write_backend($fd, $name, $pool, $frontend) { $a_servers = &$pool['ha_servers']['item']; foreach($a_servers as $be) { - if(!$be['port']) { - // the listener can specify a default port - $be['port'] = $frontend['svrport']; - } - if(!$be['port']) { - // last resort, use the frontend port - $ports = split(",", "{$frontend['port']},"); - $be['port'] = $ports[0]; - } if (!$be['name']) $be['name'] = $be['address']; if($be['backup']) { @@ -472,7 +462,10 @@ function haproxy_writeconf() { if ($backend['ssloffload']){ //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem $ssl_info="ssl crt /var/etc/{$backend['name']}.{$backend['port']}.crt {$backend['dcertadv']}"; - file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt",base64_decode($backend['dcert'])); + $cert = lookup_cert($backend['ssloffloadcert']); + $certcontent = base64_decode($cert['crt']).base64_decode($cert['prv']); + file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent); + unset($certcontent); }else{ $ssl_info=""; unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt"); diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index 1f6031c2..c5c41714 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -98,7 +98,7 @@ include("head.inc"); <tr> <td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="20%" class="listhdrr">Name</td> <td width="30%" class="listhdrr">Description</td> @@ -153,6 +153,7 @@ include("head.inc"); </td> </tr> <?php $i++; endforeach; ?> + <tfoot> <tr> <td class="list" colspan="5"></td> <td class="list"> @@ -163,6 +164,7 @@ include("head.inc"); </table> </td> </tr> + </tfoot> </table> </div> </table> diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index b0207421..0c39ac7f 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -33,6 +33,78 @@ require("guiconfig.inc"); require_once("haproxy.inc"); +function get_certificat_usage($refid) { + $usage = array(); + $cert = lookup_cert($refid); + if (is_cert_revoked($cert)) + $usage[] = "Revoked"; + if (is_webgui_cert($refid)) + $usage[] = "webConfigurator"; + if (is_user_cert($refid)) + $usage[] = "User Cert"; + if (is_openvpn_server_cert($refid)) + $usage[] = "OpenVPN Server"; + if (is_openvpn_client_cert($refid)) + $usage[] = "OpenVPN Client"; + if (is_ipsec_cert($cert['refid'])) + $usage[] = "IPsec Tunnel"; + if (is_captiveportal_cert($refid)) + $usage[] = "Captive Portal"; + + return $usage; +} + +/// This function (is intendet to) provides a uniform way to retrieve a list of use selectable certificates +function get_certificates_server($get_includeWebCert=false) { + global $config; + $certificates=array(); + $a_cert = &$config['cert']; + foreach ($a_cert as $cert) + { + if ($get_ca == false && is_webgui_cert($cert['refid'])) + continue; + + $selected = ""; + $caname = ""; + $inuse = ""; + $revoked = ""; + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = " (CA: {$ca['descr']})"; + if ($pconfig['certref'] == $cert['refid']) + $selected = "selected"; + if (cert_in_use($cert['refid'])) + $inuse = " *In Use"; + if (is_cert_revoked($cert)) + $revoked = " *Revoked"; + + $usagestr=""; + $usage = get_certificat_usage($cert['refid']); + foreach($usage as $use){ + $usagestr .= " " . $use; + } + if ($usagestr != "") + $usagestr = " (".trim($usagestr).")"; + + $certificates[$cert['refid']] = $cert['descr'] . $caname . $inuse . $revoked . $usagestr; + } + return $certificates; +} + +function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="") +{ + if (count($keyvaluelist)>0){ + echo "<select name=\"$name\" class=\"formselect\">"; + foreach($keyvaluelist as $key => $desc){ + $selectedhtml = $key == $selected ? "selected" : ""; + echo "<option value=\"{$key}\" {$selectedhtml}>{$desc}</option>"; + } + echo "</select>"; + } else { + echo $listEmptyMessage; + } +} + function haproxy_acl_select($mode) { global $a_acltypes; @@ -66,25 +138,11 @@ if (isset($id) && $a_backend[$id]) { $pconfig['name'] = $a_backend[$id]['name']; $pconfig['desc'] = $a_backend[$id]['desc']; $pconfig['status'] = $a_backend[$id]['status']; - $pconfig['connection_timeout'] = $a_backend[$id]['connection_timeout']; - $pconfig['server_timeout'] = $a_backend[$id]['server_timeout']; - $pconfig['retries'] = $a_backend[$id]['retries']; $pconfig['type'] = $a_backend[$id]['type']; - $pconfig['balance'] = $a_backend[$id]['balance']; $pconfig['forwardfor'] = $a_backend[$id]['forwardfor']; $pconfig['httpclose'] = $a_backend[$id]['httpclose']; - - $pconfig['stats_enabled'] = $a_backend[$id]['stats_enabled']; - $pconfig['stats_username'] = $a_backend[$id]['stats_username']; - $pconfig['stats_password'] = $a_backend[$id]['stats_password']; - $pconfig['stats_uri'] = $a_backend[$id]['stats_uri']; - $pconfig['stats_realm'] = $a_backend[$id]['stats_realm']; - $pconfig['stats_node_enabled'] = $a_backend[$id]['stats_node_enabled']; - $pconfig['stats_node'] = $a_backend[$id]['stats_node']; - $pconfig['stats_desc'] = $a_backend[$id]['stats_desc']; - $pconfig['stats_refresh'] = $a_backend[$id]['stats_refresh']; $pconfig['type'] = $a_backend[$id]['type']; $pconfig['extaddr'] = $a_backend[$id]['extaddr']; @@ -92,10 +150,9 @@ if (isset($id) && $a_backend[$id]) { $pconfig['max_connections'] = $a_backend[$id]['max_connections']; $pconfig['client_timeout'] = $a_backend[$id]['client_timeout']; $pconfig['port'] = $a_backend[$id]['port']; - $pconfig['svrport'] = $a_backend[$id]['svrport']; $pconfig['a_acl']=&$a_backend[$id]['ha_acls']['item']; $pconfig['advanced'] = base64_decode($a_backend[$id]['advanced']); - $pconfig['dcert'] = base64_decode($a_backend[$id]['dcert']); + $pconfig['ssloffloadcert'] = $a_backend[$id]['ssloffloadcert']; $pconfig['dcertadv'] = $a_backend[$id]['dcertadv']; $pconfig['ssloffload'] = $a_backend[$id]['ssloffload']; } @@ -112,39 +169,13 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if ($_POST['stats_enabled']) { - $reqdfields = explode(" ", "name connection_timeout server_timeout stats_username stats_password stats_uri stats_realm"); - $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout,Stats Username,Stats Password,Stats Uri,Stats Realm"); - } else { - $reqdfields = explode(" ", "name connection_timeout server_timeout"); - $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout"); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - $reqdfields = explode(" ", "name type port max_connections client_timeout"); - $reqdfieldsn = explode(",", "Name,Type,Port,Max connections,Client timeout"); - + $reqdfields = explode(" ", "name type port max_connections"); + $reqdfieldsn = explode(",", "Name,Type,Port,Max connections"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; - if (!is_numeric($_POST['connection_timeout'])) - $input_errors[] = "The field 'Connection timeout' value is not a number."; - - if (!is_numeric($_POST['server_timeout'])) - $input_errors[] = "The field 'Server timeout' value is not a number."; - - if (!$_POST['retries'] && is_numeric($_POST['retries'])) - $input_errors[] = "The field 'Retries' value is not a number."; - - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) - $input_errors[] = "The field 'Stats Username' contains invalid characters."; - - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password'])) - $input_errors[] = "The field 'Stats Password' contains invalid characters."; - if (!is_numeric($_POST['max_connections'])) $input_errors[] = "The field 'Max connections' value is not a number."; @@ -208,32 +239,18 @@ if ($_POST) { update_if_changed("name", $backend['name'], $_POST['name']); update_if_changed("description", $backend['desc'], $_POST['desc']); update_if_changed("status", $backend['status'], $_POST['status']); - update_if_changed("connection_timeout", $backend['connection_timeout'], $_POST['connection_timeout']); - update_if_changed("server_timeout", $backend['server_timeout'], $_POST['server_timeout']); - update_if_changed("retries", $backend['retries'], $_POST['retries']); update_if_changed("type", $backend['type'], $_POST['type']); - update_if_changed("balance", $backend['balance'], $_POST['balance']); update_if_changed("cookie_name", $backend['cookie_name'], $_POST['cookie_name']); update_if_changed("forwardfor", $backend['forwardfor'], $_POST['forwardfor']); update_if_changed("httpclose", $backend['httpclose'], $_POST['httpclose']); - update_if_changed("stats_enabled", $backend['stats_enabled'], $_POST['stats_enabled']); - update_if_changed("stats_username", $backend['stats_username'], $_POST['stats_username']); - update_if_changed("stats_password", $backend['stats_password'], $_POST['stats_password']); - update_if_changed("stats_uri", $backend['stats_uri'], $_POST['stats_uri']); - update_if_changed("stats_realm", $backend['stats_realm'], $_POST['stats_realm']); - update_if_changed("stats_node_enabled", $backend['stats_node_enabled'], $_POST['stats_node_enabled']); - update_if_changed("stats_node", $backend['stats_node'], $_POST['stats_node']); - update_if_changed("stats_desc", $backend['stats_desc'], $_POST['stats_desc']); - update_if_changed("stats_refresh", $backend['stats_refresh'], $_POST['stats_refresh']); update_if_changed("type", $backend['type'], $_POST['type']); update_if_changed("port", $backend['port'], $_POST['port']); - update_if_changed("svrport", $backend['svrport'], $_POST['svrport']); update_if_changed("extaddr", $backend['extaddr'], $_POST['extaddr']); update_if_changed("backend_serverpool", $backend['backend_serverpool'], $_POST['backend_serverpool']); update_if_changed("max_connections", $backend['max_connections'], $_POST['max_connections']); update_if_changed("client_timeout", $backend['client_timeout'], $_POST['client_timeout']); update_if_changed("advanced", $backend['advanced'], base64_encode($_POST['advanced'])); - update_if_changed("dcert", $backend['dcert'], base64_encode($_POST['dcert'])); + update_if_changed("ssloffloadcert", $backend['ssloffloadcert'], $_POST['ssloffloadcert']); update_if_changed("dcertadv", $backend['dcertadv'], $_POST['dcertadv']); update_if_changed("ssloffload", $backend['ssloffload'], $_POST['ssloffload']); $backend['ha_acls']['item'] = $a_acl; @@ -263,7 +280,12 @@ include("head.inc"); ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()"> + <style type="text/css"> + .haproxy_mode_http{display:none;} + .haproxy_ssloffloading_enabled{display:none;} + </style> + <?php if($one_two): ?> <script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script> <script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script> @@ -411,45 +433,35 @@ include("head.inc"); rowtype[2] = "textbox"; rowsize[2] = "35"; - function toggle_stats() { - var stats_enabled=document.getElementById('stats_enabled'); - var stats_realm_row=document.getElementById('stats_realm_row'); - var stats_username_row=document.getElementById('stats_username_row'); - var stats_password_row=document.getElementById('stats_password_row'); - var stats_uri_row=document.getElementById('stats_uri_row'); - var stats_node_enabled_row=document.getElementById('stats_node_enabled_row'); - var stats_node_row=document.getElementById('stats_node_row'); - var stats_desc_row=document.getElementById('stats_desc_row'); - var stats_refresh_row=document.getElementById('stats_refresh_row'); - - if (stats_enabled.checked) { - stats_realm_row.style.display=''; - stats_username_row.style.display=''; - stats_password_row.style.display=''; - stats_uri_row.style.display=''; - stats_node_enabled_row.style.display=''; - stats_node_row.style.display=''; - stats_desc_row.style.display=''; - stats_refresh_row.style.display=''; - } else { - stats_realm_row.style.display='none'; - stats_username_row.style.display='none'; - stats_password_row.style.display='none'; - stats_uri_row.style.display='none'; - stats_node_enabled_row.style.display='none'; - stats_node_row.style.display='none'; - stats_desc_row.style.display='none'; - stats_refresh_row.style.display='none'; + function setCSSdisplay(cssID, display) + { + var ss = document.styleSheets; + for (var i=0; i<ss.length; i++) { + var rules = ss[i].cssRules || ss[i].rules; + for (var j=0; j<rules.length; j++) { + if (rules[j].selectorText === cssID) { + rules[j].style.display = display ? "" : "none"; + } + } } } + + function updatevisibility() + { + setCSSdisplay(".haproxy_ssloffloading_enabled", ssloffload.checked); + setCSSdisplay(".haproxy_mode_http", type.value == "http"); + } + function type_change() { var type, d, i, j, el, row; var count = <?=count($a_acltypes);?>; var acl = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['name']."'," ?> ]; var mode = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['mode']."'," ?> ]; - d = document; + d = document; type = d.getElementById("type").value; + + for (i = 0; i < 99; i++) { el = d.getElementById("acl_expression" + i); row = d.getElementById("aclrow" + i); @@ -465,6 +477,7 @@ include("head.inc"); } } } + updatevisibility(); } </script> <?php include("fbegin.inc"); ?> @@ -473,6 +486,7 @@ include("head.inc"); <p class="pgtitle"><?=$pgtitle?></p> <?php endif; ?> <form action="haproxy_listeners_edit.php" method="post" name="iform" id="iform"> + <div class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td colspan="2" valign="top" class="listtopic">Edit haproxy listener</td> @@ -549,13 +563,6 @@ include("head.inc"); ?> </select> <tr align="left"> - <td width="22%" valign="top" class="vncell">Server Port</td> - <td width="78%" class="vtable" colspan="2"> - <input name="svrport" type="text" <?if(isset($pconfig['svrport'])) echo "value=\"{$pconfig['svrport']}\"";?> size="10" maxlength="10"> - <div>The default server port.</div> - </td> - </tr> - <tr align="left"> <td width="22%" valign="top" class="vncellreq">Type</td> <td width="78%" class="vtable" colspan="2"> <select name="type" id="type" onchange="type_change();"> @@ -619,7 +626,7 @@ include("head.inc"); <a onclick="javascript:addRowTo('acltable'); return false;" href="#"> <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> </a><br/> - For more information about ACL's please see <a href='http://haproxy.1wt.eu/download/1.3/doc/configuration.txt' target='_new'>HAProxy Documentation</a> Section 7 - Using ACL's + For more information about ACL's please see <a href='http://haproxy.1wt.eu/download/1.5/doc/configuration.txt' target='_new'>HAProxy Documentation</a> Section 7 - Using ACL's </td> </tr> </table> @@ -629,235 +636,88 @@ include("head.inc"); <td colspan="2" valign="top" class="listtopic">Advanced settings</td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Connection timeout</td> + <td width="22%" valign="top" class="vncellreq">Max connections</td> <td width="78%" class="vtable" colspan="2"> - <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64"> - <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div> + <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10"> </td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Server timeout</td> + <td width="22%" valign="top" class="vncellreq">Client timeout</td> <td width="78%" class="vtable" colspan="2"> - <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64"> - <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div> + <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10"> + <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div> </td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncell">Retries</td> + <td width="22%" valign="top" class="vncell">Use 'forwardfor' option</td> <td width="78%" class="vtable" colspan="2"> - <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="64"> - <div>After a connection failure to a server, it is possible to retry, potentially -on another server. This is useful if health-checks are too rare and you don't -want the clients to see the failures. The number of attempts to reconnect is -set by the 'retries' parameter (2).</div> + <input id="forwardfor" name="forwardfor" type="checkbox" value="yes" <?php if ($pconfig['forwardfor']=='yes') echo "checked"; ?>> + <br/> + The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which + contains the client's IP address. This is useful to let the final web server + know what the client address was (eg for statistics on domains) </td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Balance</td> + <td width="22%" valign="top" class="vncell">Use 'httpclose' option</td> <td width="78%" class="vtable" colspan="2"> - <table width="100%"> - <tr> - <td width="20%" valign="top"> - <input type="radio" name="balance" id="balance" value="roundrobin"<?php if($pconfig['balance'] == "roundrobin") echo " CHECKED"; ?>>Round robin</input> - </td> - <td> - Each server is used in turns, according to their weights. - This is the smoothest and fairest algorithm when the server's - processing time remains equally distributed. This algorithm - is dynamic, which means that server weights may be adjusted - on the fly for slow starts for instance. - </td> - </tr> - <tr> - <td width="20%" valign="top"> - <input type="radio" name="balance" id="balance" value="static-rr"<?php if($pconfig['balance'] == "static-rr") echo " CHECKED"; ?>>Static Round Robin</input> - </td> - <td> - Each server is used in turns, according to their weights. - This algorithm is as similar to roundrobin except that it is - static, which means that changing a server's weight on the - fly will have no effect. On the other hand, it has no design - limitation on the number of servers, and when a server goes - up, it is always immediately reintroduced into the farm, once - the full map is recomputed. It also uses slightly less CPU to - run (around -1%). - </td> - </tr> - <tr> - <td width="20%" valign="top"> - <input type="radio" name="balance" id="balance" value="leastconn"<?php if($pconfig['balance'] == "leastconn") echo " CHECKED"; ?>>Least Connections</input> - </td> - <td> - The server with the lowest number of connections receives the - connection. Round-robin is performed within groups of servers - of the same load to ensure that all servers will be used. Use - of this algorithm is recommended where very long sessions are - expected, such as LDAP, SQL, TSE, etc... but is not very well - suited for protocols using short sessions such as HTTP. This - algorithm is dynamic, which means that server weights may be - adjusted on the fly for slow starts for instance. - </td> - </tr> - <tr><td valign="top"><input type="radio" name="balance" id="balance" value="source"<?php if($pconfig['balance'] == -"source") echo " CHECKED"; ?>>Source</input></td><td> - The source IP address is hashed and divided by the total - weight of the running servers to designate which server will - receive the request. This ensures that the same client IP - address will always reach the same server as long as no - server goes down or up. If the hash result changes due to the - number of running servers changing, many clients will be - directed to a different server. This algorithm is generally - used in TCP mode where no cookie may be inserted. It may also - be used on the Internet to provide a best-effort stickyness - to clients which refuse session cookies. This algorithm is - static, which means that changing a server's weight on the - fly will have no effect. - </td> - </tr> - </table> + <input id="httpclose" name="httpclose" type="checkbox" value="yes" <?php if ($pconfig['httpclose']=='yes') echo "checked"; ?>> + <br/> + The 'httpclose' option removes any 'Connection' header both ways, and + adds a 'Connection: close' header in each direction. This makes it easier to + disable HTTP keep-alive than the previous 4-rules block. </td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncell">Stats Enabled</td> + <td width="22%" valign="top" class="vncell">Advanced pass thru</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='toggle_stats();'><br/> - EXAMPLE: haproxystats - </td> - </tr> - <tr align="left" id='stats_realm_row' name='stats_realm_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> - <td width="22%" valign="top" class="vncellreq">Stats Realm</td> - <td width="78%" class="vtable" colspan="2"> - <input id="stats_realm" name="stats_realm" type="text" <?if(isset($pconfig['stats_realm'])) echo "value=\"{$pconfig['stats_realm']}\"";?> size="64"> - </td> - </tr> - <tr align="left" id='stats_uri_row' name='stats_uri_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> - <td width="22%" valign="top" class="vncellreq">Stats Uri</td> - <td width="78%" class="vtable" colspan="2"> - <input id="stats_uri" name="stats_uri" type="text" <?if(isset($pconfig['stats_uri'])) echo "value=\"{$pconfig['stats_uri']}\"";?> size="64"><br/> - EXAMPLE: /haproxy?stats + <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea> + <br/> + NOTE: paste text into this box that you would like to pass thru. </td> </tr> - <tr align="left" id='stats_username_row' name='stats_username_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> - <td width="22%" valign="top" class="vncellreq">Stats Username</td> - <td width="78%" class="vtable" colspan="2"> - <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"{$pconfig['stats_username']}\"";?> size="64"> - </td> + </table> + <br/> <br/> +<? + global $haproxy_sni_ssloffloading; + if ($haproxy_sni_ssloffloading): +?> + <table class="haproxy_mode_http" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">SSL Offloading</td> </tr> - - <tr align="left" id='stats_password_row' name='stats_password_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> - <td width="22%" valign="top" class="vncellreq">Stats Password</td> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Use Offloading</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_password" name="stats_password" type="password" <?if(isset($pconfig['stats_password'])) echo "value=\"{$pconfig['stats_password']}\"";?> size="64"> + <input id="ssloffload" name="ssloffload" type="checkbox" value="yes" <?php if ($pconfig['ssloffload']=='yes') echo "checked";?> onclick="updatevisibility();"><strong>Use Offloading</strong></input> <br/> + The SSL Offloading will reduce web servers load by encrypt data to users on internet and send it without encrytion to internal servers. </td> </tr> - <tr align="left" id='stats_node_enabled_row' name='stats_node_enabled_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> - <td width="22%" valign="top" class="vncell">Stats Enable Node Name</td> + <tr class="haproxy_ssloffloading_enabled" align="left"> + <td width="22%" valign="top" class="vncell">Certificate</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_node_enabled" name="stats_node_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_node_enabled']=='yes') echo "checked"; ?>> + <? + $servercerts = get_certificates_server(); + echo_html_select("ssloffloadcert", $servercerts, $pconfig['ssloffloadcert'], '<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>.'); + ?> <br/> + NOTE: choose the cert to use on this frontend. </td> </tr> - <tr align="left" id='stats_node_row' name='stats_node_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> - <td width="22%" valign="top" class="vncell">Stats Node</td> + <tr class="haproxy_ssloffloading_enabled" align="left"> + <td width="22%" valign="top" class="vncell">Advanced ssl options</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_node" name="stats_node" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_node']}\"";?> size="64"><br/> - The node name is displayed in the stats and helps to differentiate which server in a cluster is actually serving clients.<br/> - Leave blank to use the system name. - </td> - </tr> - <tr align="left" id='stats_desc_row' name='stats_desc_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> - <td width="22%" valign="top" class="vncell">Stats Description</td> - <td width="78%" class="vtable" colspan="2"> - <input id="stats_desc" name="stats_desc" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_desc']}\"";?> size="64"><br/> - </td> - </tr> - <tr align="left" id='stats_refresh_row' name='stats_refresh_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> - <td width="22%" valign="top" class="vncell">Stats Refresh</td> - <td width="78%" class="vtable" colspan="2"> - <input id="stats_refresh" name="stats_refresh" type="text" <?if(isset($pconfig['stats_refresh'])) echo "value=\"{$pconfig['stats_refresh']}\"";?> size="10" maxlength="30"><br/> - Specify the refresh rate of the stats page in seconds, or specified time unit (us, ms, s, m, h, d). + <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64"> + <br/> + NOTE: Paste additional ssl options(without commas) to include on ssl listening options.<br> + some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets </td> </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Max connections</td> - <td width="78%" class="vtable" colspan="2"> - <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10"> - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Client timeout</td> - <td width="78%" class="vtable" colspan="2"> - <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10"> - <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div> - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Use 'forwardfor' option</td> - <td width="78%" class="vtable" colspan="2"> - <input id="forwardfor" name="forwardfor" type="checkbox" value="yes" <?php if ($pconfig['forwardfor']=='yes') echo "checked"; ?>> - <br/> - The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which - contains the client's IP address. This is useful to let the final web server - know what the client address was (eg for statistics on domains) - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Use 'httpclose' option</td> - <td width="78%" class="vtable" colspan="2"> - <input id="httpclose" name="httpclose" type="checkbox" value="yes" <?php if ($pconfig['httpclose']=='yes') echo "checked"; ?>> - <br/> - The 'httpclose' option removes any 'Connection' header both ways, and - adds a 'Connection: close' header in each direction. This makes it easier to - disable HTTP keep-alive than the previous 4-rules block. - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Advanced pass thru</td> - <td width="78%" class="vtable" colspan="2"> - <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea> - <br/> - NOTE: paste text into this box that you would like to pass thru. - </td> - </tr> - </table> - <br/> <br/> -<? - global $haproxy_sni_ssloffloading; - if ($haproxy_sni_ssloffloading): -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic">SSL Offloading</td> + <td> </td> </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Use Offloading</td> - <td width="78%" class="vtable" colspan="2"> - <input id="ssloffload" name="ssloffload" type="checkbox" value="yes" <?php if ($pconfig['ssloffload']=='yes') echo "checked"; ?>> - <br/> - The SSL Offloading will reduce web servers load by encrypt data to users on internet and send it without encrytion to internal servers. - </td> - </tr> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">cert</td> - <td width="78%" class="vtable" colspan="2"> - <textarea name='dcert' rows="8" cols="70" id='dcert'><?php echo $pconfig['dcert']; ?></textarea> - <br/> - NOTE: paste cert and rsa key to use on this frontend. - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Advanced ssl options</td> - <td width="78%" class="vtable" colspan="2"> - <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64"> - <br/> - NOTE: Paste additional ssl options(without commas) to include on ssl listening options.<br> - some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets - </td> - </tr> </table> - <br/> <br/> <? endif; ?> @@ -878,6 +738,7 @@ set by the 'retries' parameter (2).</div> </td> </tr> </table> + </div> </form> <br> <script type="text/javascript"> diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index 4560bea2..6720122b 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -47,6 +47,9 @@ else if (isset($_GET['dup'])) $id = $_GET['dup']; +global $simplefields; +$simplefields = array("retries","balance","connection_timeout","server_timeout", "stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_node_enabled","stats_node","stats_desc","stats_refresh"); + if (isset($id) && $a_pools[$id]) { $pconfig['name'] = $a_pools[$id]['name']; $pconfig['checkinter'] = $a_pools[$id]['checkinter']; @@ -54,6 +57,9 @@ if (isset($id) && $a_pools[$id]) { $pconfig['cookie'] = $a_pools[$id]['cookie']; $pconfig['advanced'] = base64_decode($a_pools[$id]['advanced']); $pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item']; + + foreach($simplefields as $stat) + $pconfig[$stat] = $a_pools[$id][$stat]; } if (isset($_GET['dup'])) @@ -70,11 +76,31 @@ if ($_POST) { $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($_POST['stats_enabled']) { + $reqdfields = explode(" ", "name stats_username stats_password stats_uri stats_realm"); + $reqdfieldsn = explode(",", "Name,Stats Username,Stats Password,Stats Uri,Stats Realm"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + } + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; + + if (!is_numeric($_POST['connection_timeout'])) + $input_errors[] = "The field 'Connection timeout' value is not a number."; + + if (!is_numeric($_POST['server_timeout'])) + $input_errors[] = "The field 'Server timeout' value is not a number."; + + if (!$_POST['retries'] && is_numeric($_POST['retries'])) + $input_errors[] = "The field 'Retries' value is not a number."; + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) + $input_errors[] = "The field 'Stats Username' contains invalid characters."; + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password'])) + $input_errors[] = "The field 'Stats Password' contains invalid characters."; /* Ensure that our pool names are unique */ for ($i=0; isset($config['installedpackages']['haproxy']['ha_pools']['item'][$i]); $i++) @@ -149,6 +175,10 @@ if ($_POST) { update_if_changed("checkinter", $pool['checkinter'], $_POST['checkinter']); update_if_changed("monitor_uri", $pool['monitor_uri'], $_POST['monitor_uri']); + global $simplefields; + foreach($simplefields as $stat) + update_if_changed($stat, $pool[$stat], $_POST[$stat]); + if (isset($id) && $a_pools[$id]) { $a_pools[$id] = $pool; } else { @@ -175,7 +205,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; -$pgtitle = "HAProxy: pool: Edit"; +$pgtitle = "HAProxy: Backend: Edit"; include("head.inc"); row_helper(); @@ -184,16 +214,37 @@ row_helper(); <input type='hidden' name='address_type' value='textbox' /> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<script type="text/javascript" language="javascript" src="pool.js"></script> - +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()"> + <style type="text/css"> + .haproxy_stats_visible{display:none;} + </style> <script language="javascript"> -function clearcombo(){ - for (var i=document.iform.serversSelect.options.length-1; i>=0; i--){ - document.iform.serversSelect.options[i] = null; - } - document.iform.serversSelect.selectedIndex = -1; -} + function clearcombo(){ + for (var i=document.iform.serversSelect.options.length-1; i>=0; i--){ + document.iform.serversSelect.options[i] = null; + } + document.iform.serversSelect.selectedIndex = -1; + } + + function setCSSdisplay(cssID, display) + { + var ss = document.styleSheets; + for (var i=0; i<ss.length; i++) { + var rules = ss[i].cssRules || ss[i].rules; + for (var j=0; j<rules.length; j++) { + if (rules[j].selectorText === cssID) { + rules[j].style.display = display ? "" : "none"; + } + } + } + } + + function updatevisibility() + { + setCSSdisplay(".haproxy_stats_visible", stats_enabled.checked); + } + + </script> <script type="text/javascript"> rowname[0] = "server_name"; @@ -218,6 +269,7 @@ function clearcombo(){ <p class="pgtitle"><?=$pgtitle?></p> <?php endif; ?> <form action="haproxy_pool_edit.php" method="post" name="iform" id="iform"> + <div class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td colspan="2" valign="top" class="listtopic">Edit HAProxy pool</td> @@ -248,11 +300,11 @@ function clearcombo(){ <td width="78%" class="vtable" colspan="2" valign="top"> <table class="" width="100%" cellpadding="0" cellspacing="0" id='servertable'> <tr> - <td width="30%" class="">Name</td> - <td width="30%" class="">Address</td> - <td width="18%" class="">Port</td> - <td width="18%" class="">Weight</td> - <td width="5%" class="">Backup</td> + <td width="30%" class="listhdrr">Name</td> + <td width="30%" class="listhdrr">Address</td> + <td width="18%" class="listhdrr">Port</td> + <td width="18%" class="listhdrr">Weight</td> + <td width="5%" class="listhdr">Backup</td> <td width="4%" class=""></td> </tr> <?php @@ -266,11 +318,11 @@ function clearcombo(){ foreach ($a_servers as $server) { ?> <tr id="tr_view_<?=$counter;?>" name="tr_view_<?=$counter;?>"> - <td class="vtable"><?=$server['name']; ?></td> - <td class="vtable"><?=$server['address']; ?></td> - <td class="vtable"><?=$server['port']; ?></td> - <td class="vtable"><?=$server['weight']; ?></td> - <td class="vtable"><?=$server['backup']; ?></td> + <td class="vtable listlr"><?=$server['name']; ?></td> + <td class="vtable listr"><?=$server['address']; ?></td> + <td class="vtable listr"><?=$server['port']; ?></td> + <td class="vtable listr"><?=$server['weight']; ?></td> + <td class="vtable listr"><?=$server['backup']; ?></td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"><tr> <td valign="middle"> @@ -313,6 +365,71 @@ function clearcombo(){ </td> </tr> <tr align="left"> + <td width="22%" valign="top" class="vncellreq">Balance</td> + <td width="78%" class="vtable" colspan="2"> + <table width="100%"> + <tr> + <td width="20%" valign="top"> + <input type="radio" name="balance" id="balance" value="roundrobin"<?php if($pconfig['balance'] == "roundrobin") echo " CHECKED"; ?>>Round robin</input> + </td> + <td> + Each server is used in turns, according to their weights. + This is the smoothest and fairest algorithm when the server's + processing time remains equally distributed. This algorithm + is dynamic, which means that server weights may be adjusted + on the fly for slow starts for instance. + </td> + </tr> + <tr> + <td width="20%" valign="top"> + <input type="radio" name="balance" id="balance" value="static-rr"<?php if($pconfig['balance'] == "static-rr") echo " CHECKED"; ?>>Static Round Robin</input> + </td> + <td> + Each server is used in turns, according to their weights. + This algorithm is as similar to roundrobin except that it is + static, which means that changing a server's weight on the + fly will have no effect. On the other hand, it has no design + limitation on the number of servers, and when a server goes + up, it is always immediately reintroduced into the farm, once + the full map is recomputed. It also uses slightly less CPU to + run (around -1%). + </td> + </tr> + <tr> + <td width="20%" valign="top"> + <input type="radio" name="balance" id="balance" value="leastconn"<?php if($pconfig['balance'] == "leastconn") echo " CHECKED"; ?>>Least Connections</input> + </td> + <td> + The server with the lowest number of connections receives the + connection. Round-robin is performed within groups of servers + of the same load to ensure that all servers will be used. Use + of this algorithm is recommended where very long sessions are + expected, such as LDAP, SQL, TSE, etc... but is not very well + suited for protocols using short sessions such as HTTP. This + algorithm is dynamic, which means that server weights may be + adjusted on the fly for slow starts for instance. + </td> + </tr> + <tr><td valign="top"><input type="radio" name="balance" id="balance" value="source"<?php if($pconfig['balance'] == +"source") echo " CHECKED"; ?>>Source</input></td><td> + The source IP address is hashed and divided by the total + weight of the running servers to designate which server will + receive the request. This ensures that the same client IP + address will always reach the same server as long as no + server goes down or up. If the hash result changes due to the + number of running servers changing, many clients will be + directed to a different server. This algorithm is generally + used in TCP mode where no cookie may be inserted. It may also + be used on the Internet to provide a best-effort stickyness + to clients which refuse session cookies. This algorithm is + static, which means that changing a server's weight on the + fly will have no effect. + </td> + </tr> + </table> + </td> + </tr> + <tr align="left"> <td width="22%" valign="top" class="vncell">Check freq</td> <td width="78%" class="vtable" colspan="2"> <input name="checkinter" type="text" <?if(isset($pconfig['checkinter'])) echo "value=\"{$pconfig['checkinter']}\"";?>size="20"> milliseconds @@ -334,6 +451,106 @@ function clearcombo(){ NOTE: paste text into this box that you would like to pass thru. </td> </tr> + </table> + <br/> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Advanced settings</td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncellreq">Connection timeout</td> + <td width="78%" class="vtable" colspan="2"> + <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64"> + <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div> + </td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncellreq">Server timeout</td> + <td width="78%" class="vtable" colspan="2"> + <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64"> + <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div> + </td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Retries</td> + <td width="78%" class="vtable" colspan="2"> + <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="64"> + <div>After a connection failure to a server, it is possible to retry, potentially +on another server. This is useful if health-checks are too rare and you don't +want the clients to see the failures. The number of attempts to reconnect is +set by the 'retries' parameter.</div> + </td> + </tr> + </table> + <br/> <br/> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Statistics</td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Stats Enabled</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();'> + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_realm_row' name='stats_realm_row'> + <td width="22%" valign="top" class="vncellreq">Stats Realm</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_realm" name="stats_realm" type="text" <?if(isset($pconfig['stats_realm'])) echo "value=\"{$pconfig['stats_realm']}\"";?> size="64"><br/> + EXAMPLE: haproxystats + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_uri_row' name='stats_uri_row'> + <td width="22%" valign="top" class="vncellreq">Stats Uri</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_uri" name="stats_uri" type="text" <?if(isset($pconfig['stats_uri'])) echo "value=\"{$pconfig['stats_uri']}\"";?> size="64"><br/> + EXAMPLE: /haproxy?stats + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_username_row' name='stats_username_row'> + <td width="22%" valign="top" class="vncellreq">Stats Username</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"{$pconfig['stats_username']}\"";?> size="64"> + </td> + </tr> + + <tr class="haproxy_stats_visible" align="left" id='stats_password_row' name='stats_password_row'> + <td width="22%" valign="top" class="vncellreq">Stats Password</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_password" name="stats_password" type="password" <?if(isset($pconfig['stats_password'])) echo "value=\"{$pconfig['stats_password']}\"";?> size="64"> + <br/> + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_node_enabled_row' name='stats_node_enabled_row'> + <td width="22%" valign="top" class="vncell">Stats Enable Node Name</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_node_enabled" name="stats_node_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_node_enabled']=='yes') echo "checked"; ?>> + <br/> + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_node_row' name='stats_node_row'> + <td width="22%" valign="top" class="vncell">Stats Node</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_node" name="stats_node" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_node']}\"";?> size="64"><br/> + The node name is displayed in the stats and helps to differentiate which server in a cluster is actually serving clients.<br/> + Leave blank to use the system name. + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_desc_row' name='stats_desc_row'> + <td width="22%" valign="top" class="vncell">Stats Description</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_desc" name="stats_desc" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_desc']}\"";?> size="64"><br/> + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_refresh_row' name='stats_refresh_row'> + <td width="22%" valign="top" class="vncell">Stats Refresh</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_refresh" name="stats_refresh" type="text" <?if(isset($pconfig['stats_refresh'])) echo "value=\"{$pconfig['stats_refresh']}\"";?> size="10" maxlength="30"><br/> + Specify the refresh rate of the stats page in seconds, or specified time unit (us, ms, s, m, h, d). + </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr align="left"> <td width="22%" valign="top"> </td> <td width="78%"> @@ -345,6 +562,7 @@ function clearcombo(){ </td> </tr> </table> + </div> </form> <br> <?php include("fend.inc"); ?> diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php index 52b7650d..bad4bf09 100644 --- a/config/haproxy-devel/haproxy_pools.php +++ b/config/haproxy-devel/haproxy_pools.php @@ -100,7 +100,7 @@ include("head.inc"); <tr> <td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="30%" class="listhdrr">Name</td> <td width="10%" class="listhdrr">Servers</td> @@ -150,6 +150,7 @@ include("head.inc"); </td> </tr> <?php $i++; endforeach; ?> + <tfoot> <tr> <td class="list" colspan="3"></td> <td class="list"> @@ -160,6 +161,7 @@ include("head.inc"); </table> </td> </tr> + </tfoot> </table> </div> </table> |