aboutsummaryrefslogtreecommitdiffstats
path: root/config/haproxy
diff options
context:
space:
mode:
Diffstat (limited to 'config/haproxy')
-rw-r--r--config/haproxy/haproxy.inc51
-rwxr-xr-xconfig/haproxy/haproxy_global.php12
-rwxr-xr-xconfig/haproxy/haproxy_listeners.php2
-rwxr-xr-xconfig/haproxy/haproxy_listeners_edit.php25
-rwxr-xr-xconfig/haproxy/haproxy_pool_edit.php4
-rwxr-xr-xconfig/haproxy/haproxy_pools.php2
6 files changed, 68 insertions, 28 deletions
diff --git a/config/haproxy/haproxy.inc b/config/haproxy/haproxy.inc
index 1e29f358..61957252 100644
--- a/config/haproxy/haproxy.inc
+++ b/config/haproxy/haproxy.inc
@@ -58,6 +58,9 @@ $a_acltypes[] = array('name' => 'path_contains', 'descr' => 'Path contains',
$a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP',
'mode' => '', 'syntax' => 'src');
+//$a_acltypes[] = array('name' => 'ssl_sni_matches', 'descr' => 'Server Name Indication TLS extension matches',
+// 'mode' => 'https', 'syntax' => 'req_ssl_sni -i');
+
function haproxy_custom_php_deinstall_command() {
exec("cd /var/db/pkg && pkg_delete `ls | grep haproxy`");
exec("rm /usr/local/pkg/haproxy.inc");
@@ -186,7 +189,7 @@ EOD;
/* link to frontend */
foreach ($a_backends as $id => $be) {
if ($a_backends[$id]['name'] == $oldserver['backend']) {
- $a_backends[$id]['pool'] = $pool['name'];
+ $a_backends[$id]['backend_serverpool'] = $pool['name'];
$pool['monitor_uri'] = $be['monitor_uri'];
unset($a_backends[$id]['monitor_uri']);
break;
@@ -201,6 +204,29 @@ EOD;
unset($config['installedpackages']['haproxy']['ha_servers']);
write_config();
}
+
+ /* XML update to: pkg v1.3 and 'pool' changed to 'backend_serverpool' because 'pool' was added to listtags() in xmlparse.inc */
+ if (is_array($config['installedpackages']['haproxy']['ha_backends']['item'][0]['pool']))
+ {
+ foreach($config['installedpackages']['haproxy']['ha_backends']['item'] as &$frontend)
+ {
+ $backend_serverpool = $frontend['pool'][0];
+ $frontend['backend_serverpool'] = $backend_serverpool;
+ unset($frontend['pool']);
+ }
+ write_config();
+ }
+ //also move setting for existing 2.0 installations as only the new variable is used
+ if (isset($config['installedpackages']['haproxy']['ha_backends']['item'][0]['pool']))
+ {
+ foreach($config['installedpackages']['haproxy']['ha_backends']['item'] as &$frontend)
+ {
+ $backend_serverpool = $frontend['pool'];
+ $frontend['backend_serverpool'] = $backend_serverpool;
+ unset($frontend['pool']);
+ }
+ write_config();
+ }
conf_mount_ro();
@@ -420,7 +446,7 @@ function haproxy_writeconf() {
foreach ($a_backends as $backend) {
if($backend['status'] != 'active')
continue;
- if(!$backend['pool'])
+ if(!$backend['backend_serverpool'])
continue;
$bname = $backend['extaddr'] . ":" . $backend['port'];
@@ -508,7 +534,7 @@ function haproxy_writeconf() {
fwrite ($fd, "\tmaxconn\t\t\t" . $bind['max_connections'] . "\n");
if($bind['client_timeout'])
- fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n");
+ fwrite ($fd, "\ttimeout client\t\t" . $bind['client_timeout'] . "\n");
// Combine the rest of the listener configs
@@ -519,7 +545,7 @@ function haproxy_writeconf() {
if(!is_array($a_acl))
$a_acl=array();
- $poolname = $bconfig['pool'] . "_" . strtolower($bconfig['type']);
+ $poolname = $bconfig['backend_serverpool'] . "_" . strtolower($bconfig['type']);
// Create different pools if the svrport is set
if ($bconfig['svrport'] > 0)
@@ -564,7 +590,7 @@ function haproxy_writeconf() {
if (is_array($a_pendingpl) && is_array($a_pools)) {
foreach ($a_pendingpl as $pending) {
foreach ($a_pools as $pool) {
- if ($pending['frontend']['pool'] == $pool['name']) {
+ if ($pending['frontend']['backend_serverpool'] == $pool['name']) {
write_backend($fd, $pending['name'], $pool, $pending['frontend']);
}
}
@@ -576,15 +602,18 @@ function haproxy_writeconf() {
if(isset($config['installedpackages']['haproxy']['enablesync'])) {
if($config['installedpackages']['haproxy']['synchost1']) {
haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost1'],
+ $config['installedpackages']['haproxy']['syncusername'],
$config['installedpackages']['haproxy']['syncpassword']);
}
if($config['installedpackages']['haproxy']['synchost2']) {
haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost2'],
+ $config['installedpackages']['haproxy']['syncusername'],
$config['installedpackages']['haproxy']['syncpassword']);
}
if($config['installedpackages']['haproxy']['synchost3']) {
haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost3'],
- $config['installedpackages']['haproxy']['syncpassword']);
+ $config['installedpackages']['haproxy']['syncusername'],
+ $config['installedpackages']['haproxy']['syncpassword']);
}
}
@@ -647,7 +676,7 @@ function haproxy_check_run($reload) {
}
-function haproxy_do_xmlrpc_sync($sync_to_ip, $password) {
+function haproxy_do_xmlrpc_sync($sync_to_ip, $username, $password) {
global $config, $g;
if(!$password)
@@ -655,6 +684,9 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) {
if(!$sync_to_ip)
return;
+
+ if (empty($username))
+ $username = "admin";
// Do not allow syncing to self.
$donotsync = false;
@@ -697,6 +729,7 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) {
unset($xml['synchost1']);
unset($xml['synchost2']);
unset($xml['synchost3']);
+ unset($xml['syncusername']);
unset($xml['syncpassword']);
/* assemble xmlrpc payload */
@@ -711,7 +744,7 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) {
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
if($g['debug'])
$cli->setDebug(1);
/* send our XMLRPC message and timeout after 250 seconds */
@@ -744,7 +777,7 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) {
log_error("HAProxy XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
$resp = $cli->send($msg, "250");
if(!$resp) {
$error = "A communications error occurred while attempting HAProxy XMLRPC sync with {$url}:{$port} (exec_php).";
diff --git a/config/haproxy/haproxy_global.php b/config/haproxy/haproxy_global.php
index 340c578b..c09b202f 100755
--- a/config/haproxy/haproxy_global.php
+++ b/config/haproxy/haproxy_global.php
@@ -82,8 +82,9 @@ if ($_POST) {
$config['installedpackages']['haproxy']['logfacility'] = $_POST['logfacility'] ? $_POST['logfacility'] : false;
$config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false;
$config['installedpackages']['haproxy']['carpdev'] = $_POST['carpdev'] ? $_POST['carpdev'] : false;
+ $config['installedpackages']['haproxy']['syncusername'] = $_POST['syncusername'] ? $_POST['syncusername'] : false;
$config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false;
- $config['installedpackages']['haproxy']['advanced'] = base64_encode($_POST['advanced']) ? $_POST['advanced'] : false;
+ $config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false;
$config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false;
touch($d_haproxyconfdirty_path);
write_config();
@@ -95,6 +96,7 @@ if ($_POST) {
$pconfig['enable'] = isset($config['installedpackages']['haproxy']['enable']);
$pconfig['maxconn'] = $config['installedpackages']['haproxy']['maxconn'];
$pconfig['enablesync'] = isset($config['installedpackages']['haproxy']['enablesync']);
+$pconfig['syncusername'] = $config['installedpackages']['haproxy']['syncusername'];
$pconfig['syncpassword'] = $config['installedpackages']['haproxy']['syncpassword'];
$pconfig['synchost1'] = $config['installedpackages']['haproxy']['synchost1'];
$pconfig['synchost2'] = $config['installedpackages']['haproxy']['synchost2'];
@@ -336,6 +338,14 @@ function enable_change(enable_change) {
</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell">Synchronization username</td>
+ <td width="78%" class="vtable">
+ <input name="syncusername" type="text" value="<?= empty($pconfig['syncusername']) ? 'admin' : $pconfig['syncusername'];?>">
+ <br/>
+ <strong>Enter the username that will be used during configuration synchronization. This is generally "admin" or an admin-level privileged account on the target system.</strong>
+ </td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell">Synchronization password</td>
<td width="78%" class="vtable">
<input name="syncpassword" type="password" value="<?=$pconfig['syncpassword'];?>">
diff --git a/config/haproxy/haproxy_listeners.php b/config/haproxy/haproxy_listeners.php
index ef67108b..1f6031c2 100755
--- a/config/haproxy/haproxy_listeners.php
+++ b/config/haproxy/haproxy_listeners.php
@@ -140,7 +140,7 @@ include("head.inc");
<?=$textss . $backend['type'] . $textse;?>
</td>
<td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';">
- <?=$textss . $backend['pool'] . $textse;?>
+ <?=$textss . $backend['backend_serverpool'] . $textse;?>
</td>
<td class="list" nowrap>
<table border="0" cellspacing="0" cellpadding="1">
diff --git a/config/haproxy/haproxy_listeners_edit.php b/config/haproxy/haproxy_listeners_edit.php
index 22be121b..1695b5d5 100755
--- a/config/haproxy/haproxy_listeners_edit.php
+++ b/config/haproxy/haproxy_listeners_edit.php
@@ -83,7 +83,7 @@ if (isset($id) && $a_backend[$id]) {
$pconfig['type'] = $a_backend[$id]['type'];
$pconfig['extaddr'] = $a_backend[$id]['extaddr'];
- $pconfig['pool'] = $a_backend[$id]['pool'];
+ $pconfig['backend_serverpool'] = $a_backend[$id]['backend_serverpool'];
$pconfig['max_connections'] = $a_backend[$id]['max_connections'];
$pconfig['client_timeout'] = $a_backend[$id]['client_timeout'];
$pconfig['port'] = $a_backend[$id]['port'];
@@ -218,7 +218,7 @@ if ($_POST) {
update_if_changed("port", $backend['port'], $_POST['port']);
update_if_changed("svrport", $backend['svrport'], $_POST['svrport']);
update_if_changed("extaddr", $backend['extaddr'], $_POST['extaddr']);
- update_if_changed("pool", $backend['pool'], $_POST['pool']);
+ update_if_changed("backend_serverpool", $backend['backend_serverpool'], $_POST['backend_serverpool']);
update_if_changed("max_connections", $backend['max_connections'], $_POST['max_connections']);
update_if_changed("client_timeout", $backend['client_timeout'], $_POST['client_timeout']);
update_if_changed("advanced", $backend['advanced'], base64_encode($_POST['advanced']));
@@ -507,22 +507,19 @@ include("head.inc");
</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncellreq">Server pool</td>
+ <td width="22%" valign="top" class="vncellreq">Backend server pool</td>
<td width="78%" class="vtable">
- <select name="pool" class="formfld">
+
+ <select id="backend_serverpool" name="backend_serverpool" class="formfld">
<?php
if (is_array($a_pools)) {
- foreach ($a_pools as $p):
- ?>
- <option value="<?=$p['name'];?>" <?php if ($p['name'] == $pconfig['pool']) echo "selected"; ?>>
- <?=htmlspecialchars("{$p['name']}");?>
- </option>
- <?php
- endforeach;
+ foreach ($a_pools as $p) {
+ $selected = $p['name'] == $pconfig['backend_serverpool'] ? 'selected' : '';
+ $name = htmlspecialchars("{$p['name']}");
+ echo "<option value=\"{$p['name']}\" $selected>$name</option>";
+ }
} else {
- ?>
- <option value="-">-</option>
- <?php
+ echo "<option value=\"-\">-</option>";
}
?>
</select>
diff --git a/config/haproxy/haproxy_pool_edit.php b/config/haproxy/haproxy_pool_edit.php
index d25f0675..4560bea2 100755
--- a/config/haproxy/haproxy_pool_edit.php
+++ b/config/haproxy/haproxy_pool_edit.php
@@ -133,8 +133,8 @@ if ($_POST) {
$a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item'];
for ( $i = 0; $i < count($a_backend); $i++) {
- if ($a_backend[$i]['pool'] == $pool['name'])
- $a_backend[$i]['pool'] = $_POST['name'];
+ if ($a_backend[$i]['backend_serverpool'] == $pool['name'])
+ $a_backend[$i]['backend_serverpool'] = $_POST['name'];
}
}
diff --git a/config/haproxy/haproxy_pools.php b/config/haproxy/haproxy_pools.php
index e11fb0c9..52b7650d 100755
--- a/config/haproxy/haproxy_pools.php
+++ b/config/haproxy/haproxy_pools.php
@@ -114,7 +114,7 @@ include("head.inc");
$fe_list = "";
$sep = "";
foreach ($a_backends as $backend) {
- if($backend['pool'] == $pool['name']) {
+ if($backend['backend_serverpool'] == $pool['name']) {
$fe_list .= $sep . $backend['name'];
$sep = ", ";
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-22 02:25:24 +0000