aboutsummaryrefslogtreecommitdiffstats
path: root/config/haproxy-devel
diff options
context:
space:
mode:
Diffstat (limited to 'config/haproxy-devel')
-rw-r--r--config/haproxy-devel/haproxy.inc297
-rw-r--r--config/haproxy-devel/haproxy.xml5
-rwxr-xr-xconfig/haproxy-devel/haproxy_global.php28
-rw-r--r--config/haproxy-devel/haproxy_listeners.php4
-rw-r--r--config/haproxy-devel/haproxy_listeners_edit.php33
-rw-r--r--config/haproxy-devel/haproxy_xmlrpcsyncclient.inc148
6 files changed, 297 insertions, 218 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index f8434327..912f1fb3 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -31,9 +31,7 @@
require_once("functions.inc");
require_once("pkg-utils.inc");
require_once("notices.inc");
-
-global $haproxy_sni_ssloffloading;
-$haproxy_sni_ssloffloading=true;// can only be used with recent 1.5-dev17 builds.
+require_once("haproxy_xmlrpcsyncclient.inc");
$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty";
@@ -62,10 +60,9 @@ $a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP',
'mode' => '', 'syntax' => 'src %1$s');
$a_acltypes[] = array('name' => 'backendservercount', 'descr' => 'Minimum count usable servers',
'mode' => '', 'syntax' => 'nbsrv(%2$s) ge %1$d', 'parameters' => 'value,backendname');
-if ($haproxy_sni_ssloffloading) {
- $a_acltypes[] = array('name' => 'ssl_sni_matches', 'descr' => 'Server Name Indication TLS extension matches',
- 'mode' => 'https', 'syntax' => 'req_ssl_sni -i %1$s', 'advancedoptions' => "tcp-request inspect-delay 5s\n\ttcp-request content accept if { req_ssl_hello_type 1 }");
-}
+// 'ssl_sni_matches' was added in HAProxy1.5dev17
+$a_acltypes[] = array('name' => 'ssl_sni_matches', 'descr' => 'Server Name Indication TLS extension matches',
+ 'mode' => 'https', 'syntax' => 'req_ssl_sni -i %1$s', 'advancedoptions' => "tcp-request inspect-delay 5s\n\ttcp-request content accept if { req_ssl_hello_type 1 }");
$a_checktypes['none'] = array('name' => 'none', 'syntax' => '',
'descr' => 'No health checks will be performed.');
@@ -73,7 +70,7 @@ $a_checktypes['Basic'] = array('name' => 'Basic', 'syntax' => '',
'descr' => 'Basic socket connection check');
$a_checktypes['HTTP'] = array('name' => 'HTTP', 'syntax' => 'httpchk',
'descr' => 'HTTP protocol to check on the servers health, can also be used for HTTPS servers(requirs checking the SSL box for the servers).', 'parameters' => "uri,method,version");
-/* 'Agent' was added in HAProxy1.5dev18 */
+// 'Agent' was added in HAProxy1.5dev18
$a_checktypes['Agent'] = array('name' => 'Agent', 'syntax' => 'lb-agent-chk', 'usedifferenport' => 'yes',
'descr' => 'Use a TCP connection to read an ASCII string of the form 100%,75%,drain,down (others in haproxy manual)');
$a_checktypes['LDAP'] = array('name' => 'LDAP', 'syntax' => 'ldap-check',
@@ -99,6 +96,15 @@ $a_httpcheck_method['PUT'] = array('name' => 'PUT', 'syntax' => 'PUT');
$a_httpcheck_method['DELETE'] = array('name' => 'DELETE', 'syntax' => 'DELETE');
$a_httpcheck_method['TRACE'] = array('name' => 'TRACE', 'syntax' => 'TRACE');
+$a_closetypes['none'] = array('name' => 'none', 'syntax' => '',
+ 'descr' => 'No close headers will be changed.');
+$a_closetypes['httpclose'] = array('name' => 'httpclose', 'syntax' => 'httpclose',
+ 'descr' => 'The "httpclose" option removes any "Connection" header both ways, and adds a "Connection: close" header in each direction. This makes it easier to disable HTTP keep-alive than the previous 4-rules block.');
+$a_closetypes['http-server-close'] = array('name' => 'http-server-close', 'syntax' => 'http-server-close',
+ 'descr' => 'By default, when a client communicates with a server, HAProxy will only analyze, log, and process the first request of each connection. Setting "option http-server-close" enables HTTP connection-close mode on the server side while keeping the ability to support HTTP keep-alive and pipelining on the client side. This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side to save server resources.');
+$a_closetypes['forceclose'] = array('name' => 'forceclose', 'syntax' => 'forceclose',
+ 'descr' => 'Some HTTP servers do not necessarily close the connections when they receive the "Connection: close" set by "option httpclose", and if the client does not close either, then the connection remains open till the timeout expires. This causes high number of simultaneous connections on the servers and shows high global session times in the logs. Note that this option also enables the parsing of the full request and response, which means we can close the connection to the server very quickly, releasing some resources earlier than with httpclose.');
+
function haproxy_custom_php_deinstall_command() {
exec("cd /var/db/pkg && pkg_delete `ls | grep haproxy`");
exec("rm /usr/local/pkg/haproxy.inc");
@@ -197,6 +203,7 @@ EOD;
fclose($fd);
exec("/etc/rc.d/devd restart");
+ $writeconfigupdate = false;
/* Do XML upgrade from haproxy 0.31 to haproxy-dev */
if (is_array($config['installedpackages']['haproxy']['ha_servers'])) {
/* We have an old config */
@@ -240,7 +247,7 @@ EOD;
$a_pools[] = $pool;
}
unset($config['installedpackages']['haproxy']['ha_servers']);
- write_config();
+ $writeconfigupdate = true;
}
/* XML update to: pkg v1.3 and 'pool' changed to 'backend_serverpool' because 'pool' was added to listtags() in xmlparse.inc */
@@ -252,7 +259,7 @@ EOD;
$frontend['backend_serverpool'] = $backend_serverpool;
unset($frontend['pool']);
}
- write_config();
+ $writeconfigupdate = true;
}
//also move setting for existing 2.0 installations as only the new variable is used
if (isset($config['installedpackages']['haproxy']['ha_backends']['item'][0]['pool']))
@@ -263,9 +270,21 @@ EOD;
$frontend['backend_serverpool'] = $backend_serverpool;
unset($frontend['pool']);
}
- write_config();
+ $writeconfigupdate = true;
}
-
+ // update config to "haproxy-devel 1.5-dev19 pkg v0.5"
+ $a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item'];
+ if(is_array($a_backends)) {
+ foreach ($a_backends as &$bind) {
+ if($bind['httpclose'] && $bind['httpclose'] == "yes" ) {
+ $bind['httpclose'] = "httpclose";
+ $writeconfigupdate = true;
+ }
+ }
+ }
+ if ($writeconfigupdate)
+ write_config("haproxy, update xml config version");
+
conf_mount_ro();
exec("/usr/local/etc/rc.d/haproxy.sh start");
@@ -299,7 +318,7 @@ function haproxy_install_cron($should_install) {
$cron_item['command'] = "/usr/local/etc/rc.d/haproxy.sh check";
$config['cron']['item'][] = $cron_item;
parse_config(true);
- write_config();
+ write_config("haproxy, install cron CARP job");
configure_cron();
}
break;
@@ -308,7 +327,7 @@ function haproxy_install_cron($should_install) {
if($x > 0) {
unset($config['cron']['item'][$x]);
parse_config(true);
- write_config();
+ write_config("haproxy, remove cron CARP job");
}
configure_cron();
}
@@ -318,34 +337,6 @@ function haproxy_install_cron($should_install) {
function haproxy_find_acl($name) {
global $a_acltypes;
-
- /* XXX why is this broken from xmlsync? */
- if (!$a_acltypes) {
- $a_acltypes = array();
- $a_acltypes[] = array('name' => 'host_starts_with', 'descr' => 'Host starts with',
- 'mode' => 'http', 'syntax' => 'hdr_beg(host) -i');
- $a_acltypes[] = array('name' => 'host_ends_with', 'descr' => 'Host ends with',
- 'mode' =>'http', 'syntax' => 'hdr_end(host) -i');
- $a_acltypes[] = array('name' => 'host_matches', 'descr' => 'Host matches',
- 'mode' =>'http', 'syntax' => 'hdr(host) -i');
- $a_acltypes[] = array('name' => 'host_regex', 'descr' => 'Host regex',
- 'mode' =>'http', 'syntax' => 'hdr_reg(host) -i');
- $a_acltypes[] = array('name' => 'host_contains', 'descr' => 'Host contains',
- 'mode' => 'http', 'syntax' => 'hdr_dir(host) -i');
- $a_acltypes[] = array('name' => 'path_starts_with', 'descr' => 'Path starts with',
- 'mode' => 'http', 'syntax' => 'path_beg -i');
- $a_acltypes[] = array('name' => 'path_ends_with', 'descr' => 'Path ends with',
- 'mode' => 'http', 'syntax' => 'path_end -i');
- $a_acltypes[] = array('name' => 'path_matches', 'descr' => 'Path matches',
- 'mode' => 'http', 'syntax' => 'path -i');
- $a_acltypes[] = array('name' => 'path_regex', 'descr' => 'Path regex',
- 'mode' => 'http', 'syntax' => 'path_reg -i');
- $a_acltypes[] = array('name' => 'path_contains', 'descr' => 'Path contains',
- 'mode' => 'http', 'syntax' => 'path_dir -i');
- $a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP',
- 'mode' => '', 'syntax' => 'src');
- }
-
if($a_acltypes) {
foreach ($a_acltypes as $acl) {
if ($acl['name'] == $name)
@@ -610,31 +601,28 @@ function haproxy_writeconf($configfile) {
$bname = get_frontend_ipport($backend);
- if ($backend['extaddr']=='localhost')
- $backend['extaddr'] = "127.0.0.1";
-
if (!is_array($a_bind[$bname])) {
$a_bind[$bname] = array();
$a_bind[$bname]['config'] = array();
- // Settings which are constant for a merged frontend
- $a_bind[$bname]['name'] = $backend['name'];
- $a_bind[$bname]['extaddr'] = $backend['extaddr'];
- $a_bind[$bname]['port'] = $backend['port'];
+ // Settings which are used only from the primary frontend
+ $primaryfrontend = get_primaryfrontend($backend);
+ $a_bind[$bname]['name'] = $primaryfrontend['name'];
+ $a_bind[$bname]['extaddr'] = $primaryfrontend['extaddr'];
+ $a_bind[$bname]['port'] = $primaryfrontend['port'];
+ $a_bind[$bname]['type'] = $primaryfrontend['type'];
+ $a_bind[$bname]['forwardfor'] = $primaryfrontend['forwardfor'];
+ $a_bind[$bname]['httpclose'] = $primaryfrontend['httpclose'];
+ $a_bind[$bname]['max_connections'] = $primaryfrontend['max_connections'];
+ $a_bind[$bname]['client_timeout'] = $primaryfrontend['client_timeout'];
+ $a_bind[$bname]['advanced'] = $primaryfrontend['advanced'];
+ $a_bind[$bname]['ssloffload'] = $primaryfrontend['ssloffload'];
+ $a_bind[$bname]['advanced_bind'] = $primaryfrontend['advanced_bind'];
}
$b = &$a_bind[$bname];
- // Overwrite ?
- if ($backend['secondary'] != 'yes') {
- if (isset($b['type']))
+ if (($backend['secondary'] != 'yes') && ($backend['name'] != $b['name'])) {
+ // only 1 frontend can be the primary for a set of frontends that share 1 address:port.
$input_errors[] = "Multiple primary frondends for $bname";
- $b['type'] = $backend['type'];
- $b['forwardfor'] = $backend['forwardfor'];
- $b['httpclose'] = $backend['httpclose'];
- $b['max_connections'] = $backend['max_connections'];
- $b['client_timeout'] = $backend['client_timeout'];
- $b['advanced'] = $backend['advanced'];
- $b['ssloffload'] = $backend['ssloffload'];
- $b['advanced_bind'] = $backend['advanced_bind'];
}
if ($ssl_crt != "") {
@@ -706,8 +694,8 @@ function haproxy_writeconf($configfile) {
if ($backend_type == 'http')
{
- if($bind['httpclose'])
- fwrite ($fd, "\toption\t\t\thttpclose\n");
+ if($bind['httpclose'] && $bind['httpclose'] != "none" )
+ fwrite ($fd, "\toption\t\t\t{$bind['httpclose']}\n");
if($bind['forwardfor']) {
fwrite ($fd, "\toption\t\t\tforwardfor\n");
@@ -742,7 +730,7 @@ function haproxy_writeconf($configfile) {
$poolname .= "_" . $bconfig['svrport'];
// Write this out once, and must be before any backend config text
- if ($default_backend = "" || $bconfig['secondary'] != 'yes') {
+ if ($default_backend == "" || $bconfig['secondary'] != 'yes') {
$default_backend = $poolname;
}
@@ -808,29 +796,18 @@ function haproxy_writeconf($configfile) {
}
fwrite ($fd, "\n");
- // Sync HAProxy configuration (if enabled)
- if(isset($config['installedpackages']['haproxy']['enablesync'])) {
- if($config['installedpackages']['haproxy']['synchost1']) {
- haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost1'],
- $config['installedpackages']['haproxy']['syncpassword']);
- }
- if($config['installedpackages']['haproxy']['synchost2']) {
- haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost2'],
- $config['installedpackages']['haproxy']['syncpassword']);
- }
- if($config['installedpackages']['haproxy']['synchost3']) {
- haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost3'],
- $config['installedpackages']['haproxy']['syncpassword']);
- }
- }
-
- // create config file
+ // close config file
fclose($fd);
if ($input_errors)
{
require_once("guiconfig.inc");
print_input_errors($input_errors);
+ } else {
+ // Only sync to xmlrpc backup machine if no errors are found in config
+ if(isset($config['installedpackages']['haproxy']['enablesync'])) {
+ haproxy_do_xmlrpc_sync();
+ }
}
if (isset($a_global['carpdev']))
@@ -996,117 +973,46 @@ function killprocesses($processname, $pidfile, $signal = "KILL") {
exec("kill -$signal `pgrep -x $processname | grep -w -f $pidfile`");
}
-function haproxy_do_xmlrpc_sync($sync_to_ip, $password) {
- global $config, $g;
-
- if(!$password)
- return;
-
- if(!$sync_to_ip)
- return;
+function haproxy_sync_xmlrpc_settings() {
+ global $config;
+ // preserve 'old' sync settings, that should not be overwritten by xmlrpc-sync.
+ $enable = isset($config['installedpackages']['haproxy']['enablesync']);
- // Do not allow syncing to self.
- $donotsync = false;
- $lanip = find_interface_ip($config['interfaces']['lan']['if']);
- if($lanip == $sync_to_ip)
- $donotsync = true;
- $wanip = find_interface_ip($config['interfaces']['wan']['if']);
- if($wanip == $sync_to_ip)
- $donotsync = true;
- for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
- $optip = find_interface_ip($config['interfaces']['opt' . $j]['if']);
- if($optip == $sync_to_ip)
- $donotsync = true;
- }
- if($donotsync) {
- log_error("Disallowing sync loop for HAProxy sync.");
- return;
- }
+ $config['installedpackages']['haproxy'] = $config['installedpackages']['haproxysyncpkg'];
+ unset($config['installedpackages']['haproxysyncpkg']);
+
+ // restore 'old' settings.
+ $config['installedpackages']['haproxy']['enablesync'] = $enable ? true : false;
+
+ write_config("haproxy, xmlrpc config synced"); // Write new 'merged' configuration
+}
- $xmlrpc_sync_neighbor = $sync_to_ip;
- if($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* if port is empty lets rely on the protocol selection */
- if($port == "") {
- if($config['system']['webgui']['protocol'] == "http")
- $port = "80";
- else
- $port = "443";
- }
- $synchronizetoip .= $sync_to_ip;
+function haproxy_do_xmlrpc_sync() {
+ $syncinfo = array();
+ $syncinfo['sync_logname'] = "HAProxy";
+ $syncinfo['data'] = haproxy_xmlrpc_sync_prepare_config();
+ $syncinfo['sync_include'] = "/usr/local/pkg/haproxy.inc";
+ $syncinfo['sync_done_execute'] = "haproxy_xmlrpc_sync_configure";
+ xmlrpc_sync_execute($syncinfo);
+}
+function haproxy_xmlrpc_sync_prepare_config() {
/* xml will hold the sections to sync */
+ global $config;
$xml = array();
- $xml['haproxy'] = $config['installedpackages']['haproxy'];
-
- // Prevent sync loops
- unset($xml['synchost1']);
- unset($xml['synchost2']);
- unset($xml['synchost3']);
- unset($xml['syncpassword']);
-
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* set a few variables needed for sync code borrowed from filter.inc */
- $url = $synchronizetoip;
- log_error("Beginning HAProxy XMLRPC sync to {$url}:{$port}.");
- $method = 'pfsense.merge_installedpackages_section_xmlrpc';
- $msg = new XML_RPC_Message($method, $params);
- $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- if($g['debug'])
- $cli->setDebug(1);
- /* send our XMLRPC message and timeout after 250 seconds */
- $resp = $cli->send($msg, "250");
- if(!$resp) {
- $error = "A communications error occurred while attempting HAProxy XMLRPC sync with {$url}:{$port}.";
- log_error($error);
- file_notice("sync_settings", $error, "HAProxy Settings Sync", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, "250");
- $error = "An error code was received while attempting HAProxy XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
- file_notice("sync_settings", $error, "HAProxy Settings Sync", "");
- } else {
- log_error("HAProxy XMLRPC sync successfully completed with {$url}:{$port}.");
- }
+ $xml['haproxysyncpkg'] = $config['installedpackages']['haproxy'];
+ return $xml;
+}
- /* tell haproxy to reload our settings on the destionation sync host. */
- $method = 'pfsense.exec_php';
- $execcmd = "require_once('/usr/local/pkg/haproxy.inc');\n";
- $execcmd .= "haproxy_configure();\n";
+function haproxy_xmlrpc_sync_configure() {
+ // this function is called by xmlrpc after config has been synced.
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
-
- log_error("HAProxy XMLRPC reload data {$url}:{$port}.");
- $msg = new XML_RPC_Message($method, $params);
- $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- $resp = $cli->send($msg, "250");
- if(!$resp) {
- $error = "A communications error occurred while attempting HAProxy XMLRPC sync with {$url}:{$port} (exec_php).";
- log_error($error);
- file_notice("sync_settings", $error, "HAProxy Settings Reload", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, "250");
- $error = "An error code was received while attempting HAProxy XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
- file_notice("sync_settings", $error, "HAProxy Settings Sync", "");
- } else {
- log_error("HAProxy XMLRPC reload data success with {$url}:{$port} (exec_php).");
+ haproxy_sync_xmlrpc_settings();
+ haproxy_configure(); // Configure HAProxy config files to use the new configuration.
+
+ // sync 2nd and further nodes in the chain if applicable.
+ if(isset($config['installedpackages']['haproxy']['enablesync'])) {
+ haproxy_do_xmlrpc_sync();
}
}
@@ -1123,20 +1029,27 @@ function get_frontend_id($name) {
return null;
}
-function get_frontend_ipport($fontend) {
+function get_primaryfrontend($frontend) {
global $config;
$a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item'];
- if ($fontend['secondary'] == 'yes')
- $mainfontend = $a_backend[get_frontend_id($fontend['primary_frontend'])];
+ if ($frontend['secondary'] == 'yes')
+ $mainfrontend = $a_backend[get_frontend_id($frontend['primary_frontend'])];
else
- $mainfontend = $fontend;
- if($mainfontend['extaddr'] == "any")
+ $mainfrontend = $frontend;
+ return $mainfrontend;
+}
+
+function get_frontend_ipport($frontend) {
+ $mainfrontend = get_primaryfrontend($frontend);
+ if($mainfrontend['extaddr'] == "any")
$result = "0.0.0.0";
- elseif($mainfontend['extaddr'])
- $result = $mainfontend['extaddr'];
+ elseif ($mainfrontend['extaddr'] == "localhost")
+ $result = "127.0.0.1";
+ elseif($mainfrontend['extaddr'])
+ $result = $mainfrontend['extaddr'];
else
$result = get_current_wan_address('wan');
- return $result . ":" . $mainfontend['port'];
+ return $result . ":" . $mainfrontend['port'];
}
function haproxy_check_config() {
diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml
index 4511bde4..bfd7f437 100644
--- a/config/haproxy-devel/haproxy.xml
+++ b/config/haproxy-devel/haproxy.xml
@@ -95,6 +95,11 @@
<item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_socketinfo.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy.widget.php</item>
diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php
index dbc55847..ff8d1280 100755
--- a/config/haproxy-devel/haproxy_global.php
+++ b/config/haproxy-devel/haproxy_global.php
@@ -59,26 +59,26 @@ if ($_POST) {
if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn'])))
$input_errors[] = "The maximum number of connections should be numeric.";
- if($_POST['synchost1'] && !is_ipaddr($_POST['synchost1']))
+ /*if($_POST['synchost1'] && !is_ipaddr($_POST['synchost1']))
$input_errors[] = "Synchost1 needs to be an IPAddress.";
if($_POST['synchost2'] && !is_ipaddr($_POST['synchost2']))
$input_errors[] = "Synchost2 needs to be an IPAddress.";
if($_POST['synchost3'] && !is_ipaddr($_POST['synchost3']))
- $input_errors[] = "Synchost3 needs to be an IPAddress.";
+ $input_errors[] = "Synchost3 needs to be an IPAddress.";*/
if (!$input_errors) {
$config['installedpackages']['haproxy']['enable'] = $_POST['enable'] ? true : false;
$config['installedpackages']['haproxy']['terminate_on_reload'] = $_POST['terminate_on_reload'] ? true : false;
$config['installedpackages']['haproxy']['maxconn'] = $_POST['maxconn'] ? $_POST['maxconn'] : false;
$config['installedpackages']['haproxy']['enablesync'] = $_POST['enablesync'] ? true : false;
- $config['installedpackages']['haproxy']['synchost1'] = $_POST['synchost1'] ? $_POST['synchost1'] : false;
- $config['installedpackages']['haproxy']['synchost2'] = $_POST['synchost2'] ? $_POST['synchost2'] : false;
- $config['installedpackages']['haproxy']['synchost2'] = $_POST['synchost3'] ? $_POST['synchost3'] : false;
+ //$config['installedpackages']['haproxy']['synchost1'] = $_POST['synchost1'] ? $_POST['synchost1'] : false;
+ //$config['installedpackages']['haproxy']['synchost2'] = $_POST['synchost2'] ? $_POST['synchost2'] : false;
+ //$config['installedpackages']['haproxy']['synchost2'] = $_POST['synchost3'] ? $_POST['synchost3'] : false;
$config['installedpackages']['haproxy']['remotesyslog'] = $_POST['remotesyslog'] ? $_POST['remotesyslog'] : false;
$config['installedpackages']['haproxy']['logfacility'] = $_POST['logfacility'] ? $_POST['logfacility'] : false;
$config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false;
$config['installedpackages']['haproxy']['carpdev'] = $_POST['carpdev'] ? $_POST['carpdev'] : false;
- $config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false;
+ //$config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false;
$config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false;
$config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false;
touch($d_haproxyconfdirty_path);
@@ -91,10 +91,10 @@ $pconfig['enable'] = isset($config['installedpackages']['haproxy']['enable']);
$pconfig['terminate_on_reload'] = isset($config['installedpackages']['haproxy']['terminate_on_reload']);
$pconfig['maxconn'] = $config['installedpackages']['haproxy']['maxconn'];
$pconfig['enablesync'] = isset($config['installedpackages']['haproxy']['enablesync']);
-$pconfig['syncpassword'] = $config['installedpackages']['haproxy']['syncpassword'];
-$pconfig['synchost1'] = $config['installedpackages']['haproxy']['synchost1'];
-$pconfig['synchost2'] = $config['installedpackages']['haproxy']['synchost2'];
-$pconfig['synchost3'] = $config['installedpackages']['haproxy']['synchost3'];
+//$pconfig['syncpassword'] = $config['installedpackages']['haproxy']['syncpassword'];
+//$pconfig['synchost1'] = $config['installedpackages']['haproxy']['synchost1'];
+//$pconfig['synchost2'] = $config['installedpackages']['haproxy']['synchost2'];
+//$pconfig['synchost3'] = $config['installedpackages']['haproxy']['synchost3'];
$pconfig['remotesyslog'] = $config['installedpackages']['haproxy']['remotesyslog'];
$pconfig['logfacility'] = $config['installedpackages']['haproxy']['logfacility'];
$pconfig['loglevel'] = $config['installedpackages']['haproxy']['loglevel'];
@@ -337,12 +337,15 @@ function enable_change(enable_change) {
<td colspan="2" valign="top" class="listtopic">Configuration synchronization</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell">&nbsp;</td>
+ <td width="22%" valign="top" class="vncell">HAProxy Sync</td>
<td width="78%" class="vtable">
<input name="enablesync" type="checkbox" value="yes" <?php if ($pconfig['enablesync']) echo "checked"; ?>>
- <strong>Sync HAProxy configuration to backup CARP members via XMLRPC.</strong>
+ <strong>Sync HAProxy configuration to backup CARP members via XMLRPC.</strong><br/>
+ Note: remember to also turn on HAProxy Sync on the backup nodes.<br/>
+ The synchronisation host and password are those configured in pfSense main <a href="/system_hasync.php">"System: High Availability Sync"</a> settings.
</td>
</tr>
+<!--
<tr>
<td width="22%" valign="top" class="vncell">Synchronization password</td>
<td width="78%" class="vtable">
@@ -375,6 +378,7 @@ function enable_change(enable_change) {
<strong>Synchronize settings to this hosts IP address.</strong>
</td>
</tr>
+-->
<tr>
<td>
&nbsp;
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php
index 7b6e3d58..6d9c9dc1 100644
--- a/config/haproxy-devel/haproxy_listeners.php
+++ b/config/haproxy-devel/haproxy_listeners.php
@@ -166,9 +166,9 @@ include("head.inc");
$isadvset = "";
if ($frontend['advanced_bind']) $isadvset .= "Advanced bind: {$frontend['advanced_bind']}\r\n";
- if ($frontend['advanced']) $isadvset .= "advanced settings used\r\n";
+ if ($frontend['advanced']) $isadvset .= "Advanced pass thru setting used\r\n";
if ($isadvset)
- echo "<img src=\"$img_adv\" title=\"" . gettext("advanced settings set") . ": {$isadvset}\" border=\"0\">";
+ echo "<img src=\"$img_adv\" title=\"" . gettext("Advanced settings set") . ": {$isadvset}\" border=\"0\">";
?>
</td>
diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php
index 8f9c2484..d37444c0 100644
--- a/config/haproxy-devel/haproxy_listeners_edit.php
+++ b/config/haproxy-devel/haproxy_listeners_edit.php
@@ -229,6 +229,15 @@ if ($_POST) {
if($backend['name'] != "")
$changedesc .= " modified '{$backend['name']}' pool:";
+
+ // update references to this primary frontend
+ if ($backend['name'] != $_POST['name']) {
+ foreach($a_backend as &$frontend) {
+ if ($frontend['primary_frontend'] == $backend['name']) {
+ $frontend['primary_frontend'] = $_POST['name'];
+ }
+ }
+ }
foreach($simplefields as $stat)
update_if_changed($stat, $backend[$stat], $_POST[$stat]);
@@ -454,6 +463,12 @@ include("head.inc");
setCSSdisplay(".haproxy_secondary", secondary.checked);
type_change(type);
+
+ http_close = d.getElementById("httpclose").value;
+ http_close_description = d.getElementById("http_close_description");
+ http_close_description.innerHTML=closetypes[http_close]["descr"];
+ http_close_description.setAttribute('style','padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt; height:30px');
+ http_close_description.setAttribute('style','padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt; height:'+http_close_description.scrollHeight+'px');
}
function type_change(type) {
@@ -689,11 +704,10 @@ include("head.inc");
<tr align="left" class="haproxy_mode_http">
<td width="22%" valign="top" class="vncell">Use 'httpclose' option</td>
<td width="78%" class="vtable" colspan="2">
- <input id="httpclose" name="httpclose" type="checkbox" value="yes" <?php if ($pconfig['httpclose']=='yes') echo "checked"; ?>>
- <br/>
- The 'httpclose' option removes any 'Connection' header both ways, and
- adds a 'Connection: close' header in each direction. This makes it easier to
- disable HTTP keep-alive than the previous 4-rules block.
+ <?
+ echo_html_select("httpclose",$a_closetypes,$pconfig['httpclose']?$pconfig['httpclose']:"none","","updatevisibility();");
+ ?><br/>
+ <textarea readonly="yes" cols="70" rows="3" id="http_close_description" name="http_close_description" style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea>
</td>
</tr>
<tr align="left">
@@ -716,10 +730,6 @@ include("head.inc");
<td>&nbsp;</td>
</tr>
</table>
-<?
- global $haproxy_sni_ssloffloading;
- if ($haproxy_sni_ssloffloading):
-?>
<table class="haproxy_mode_http" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="top" class="listtopic">SSL Offloading</td>
@@ -762,9 +772,6 @@ include("head.inc");
<td>&nbsp;</td>
</tr>
</table>
-<?
- endif;
-?>
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr align="left">
<td width="22%" valign="top">&nbsp;</td>
@@ -788,6 +795,8 @@ include("head.inc");
<script type="text/javascript">
<?
phparray_to_javascriptarray($primaryfrontends,"primaryfrontends",Array('/*','/*/name','/*/ref','/*/ref/type','/*/ref/ssloffload'));
+ phparray_to_javascriptarray($a_closetypes,"closetypes",Array('/*','/*/name','/*/descr'));
+
?>
</script>
diff --git a/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc b/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc
new file mode 100644
index 00000000..781b7544
--- /dev/null
+++ b/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc
@@ -0,0 +1,148 @@
+<?php
+/*
+ haproxy_xmlrpcsyncclient.inc
+ Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
+ Copyright (C) 2008 Remco Hoef
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* include all configuration functions */
+require_once("functions.inc");
+require_once("pkg-utils.inc");
+require_once("notices.inc");
+
+function xmlrpc_sync_execute($syncinfo) {
+ // name that is logged if something fails during syncing
+ $sync_logname = $syncinfo['sync_logname'];
+ // configuration data to sync
+ $xml = $syncinfo['data'];
+ // include file in which the "function sync_done_execute(){xxx}" must be pressent
+ $sync_include = $syncinfo['sync_include'];
+ // executes to apply the changed configuration on the target system
+ $sync_function = $syncinfo['sync_done_execute'];
+
+ global $config, $g;
+ //if(!$password)
+ $password = $config['hasync']['password'];
+ if(!$password)
+ return;
+
+ //if(!$sync_to_ip)
+ $sync_to_ip = $config['hasync']['synchronizetoip'];
+ if(!$sync_to_ip)
+ return;
+
+ // Do not allow syncing to self.
+ $donotsync = false;
+ $localips = get_configured_ip_addresses();
+ if (in_array($sync_to_ip, $localips , true))
+ $donotsync = true;
+
+ if($donotsync) {
+ log_error("Disallowing sync loop for {$sync_logname} sync.");
+ return;
+ }
+
+ $xmlrpc_sync_neighbor = $sync_to_ip;
+ if($config['system']['webgui']['protocol'] != "") {
+ $synchronizetoip = $config['system']['webgui']['protocol'];
+ $synchronizetoip .= "://";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if($port == "") {
+ if($config['system']['webgui']['protocol'] == "http")
+ $port = "80";
+ else
+ $port = "443";
+ }
+ $synchronizetoip .= $sync_to_ip;
+
+ /* xml will hold the sections to sync */
+ //$xml = prepare_xmlrpc_sync_config();
+
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ /* set a few variables needed for sync code borrowed from filter.inc */
+ $url = $synchronizetoip;
+ log_error("Beginning {$sync_logname} XMLRPC sync to {$url}:{$port}.");
+ $method = 'pfsense.merge_installedpackages_section_xmlrpc';
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials('admin', $password);
+ if($g['debug'])
+ $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after 250 seconds */
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting {$sync_logname} XMLRPC sync with {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "{$sync_logname} Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting {$sync_logname} XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "{$sync_logname} Settings Sync", "");
+ } else {
+ log_error("{$sync_logname} XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+
+ /* tell package to reload our settings on the destination sync host. */
+ $method = 'pfsense.exec_php';
+ $execcmd = "require_once('{$sync_include}');\n";
+ $execcmd .= "{$sync_function}();\n";
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($execcmd)
+ );
+
+ log_error("{$sync_logname} XMLRPC reload data {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials('admin', $password);
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting {$sync_logname} XMLRPC sync with {$url}:{$port} (exec_php).";
+ log_error($error);
+ file_notice("sync_settings", $error, "{$sync_logname} Settings Reload", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting {$sync_logname} XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "{$sync_logname} Settings Sync", "");
+ } else {
+ log_error("{$sync_logname} XMLRPC reload data success with {$url}:{$port} (exec_php).");
+ }
+}
+
+?>
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-06 06:55:17 +0000