diff options
Diffstat (limited to 'config')
34 files changed, 1020 insertions, 389 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 912f1fb3..f768ef01 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -31,6 +31,7 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("notices.inc"); +require_once("haproxy_utils.inc"); require_once("haproxy_xmlrpcsyncclient.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; @@ -107,7 +108,7 @@ $a_closetypes['forceclose'] = array('name' => 'forceclose', 'syntax' => 'forcecl function haproxy_custom_php_deinstall_command() { exec("cd /var/db/pkg && pkg_delete `ls | grep haproxy`"); - exec("rm /usr/local/pkg/haproxy.inc"); + exec("rm /usr/local/pkg/haproxy*"); exec("rm /usr/local/www/haproxy*"); exec("rm /usr/local/etc/rc.d/haproxy.sh"); exec("rm /etc/devd/haproxy.conf"); @@ -280,6 +281,18 @@ EOD; $bind['httpclose'] = "httpclose"; $writeconfigupdate = true; } + if (!$bind['extaddr']){ + $bind['extaddr'] = "wan_ipv4"; + $writeconfigupdate = true; + } + if ($bind['extaddr'] == "localhost"){ + $bind['extaddr'] = "localhost_ipv4"; + $writeconfigupdate = true; + } + if ($bind['extaddr'] == "any"){ + $bind['extaddr'] = "any_ipv4"; + $writeconfigupdate = true; + } } } if ($writeconfigupdate) @@ -592,6 +605,13 @@ function haproxy_writeconf($configfile) { $ssl_crt=" crt /var/etc/{$backend['name']}.{$backend['port']}.crt"; $cert = lookup_cert($backend['ssloffloadcert']); $certcontent = base64_decode($cert['crt'])."\r\n".base64_decode($cert['prv']); + + $certchaincontent = ca_chain($cert); + if ($certchaincontent != "") { + $certcontent .= "\r\n" . $certchaincontent; + } + unset($certchaincontent); + file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent); unset($certcontent); }else{ @@ -657,14 +677,12 @@ function haproxy_writeconf($configfile) { $listenip = ""; // Process and add bind directives for ports - foreach($ports as $port) { - if($port) { - if($bind['extaddr'] == "any") - $listenip .= "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info} {$advanced_bind}\n"; - elseif($bind['extaddr']) - $listenip .= "\tbind\t\t\t{$bind['extaddr']}:{$port} {$ssl_info} {$advanced_bind}\n"; - else - $listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info} {$advanced_bind}\n"; + $ip = haproxy_interface_ip($bind['extaddr']); + if ($ip){ + foreach($ports as $port) { + if($port) { + $listenip .= "\tbind\t\t\t$ip:{$port} {$ssl_info} {$advanced_bind}\n"; + } } } @@ -715,7 +733,7 @@ function haproxy_writeconf($configfile) { fwrite ($fd, "\ttimeout client\t\t" . $bind['client_timeout'] . "\n"); - // Combine the rest of the listener configs + // Combine the rest of the frontend configs $default_backend = ""; $i = 0; foreach ($bind['config'] as $bconfig) { @@ -1039,16 +1057,11 @@ function get_primaryfrontend($frontend) { return $mainfrontend; } -function get_frontend_ipport($frontend) { +function get_frontend_ipport($frontend,$userfriendly=false) { $mainfrontend = get_primaryfrontend($frontend); - if($mainfrontend['extaddr'] == "any") - $result = "0.0.0.0"; - elseif ($mainfrontend['extaddr'] == "localhost") - $result = "127.0.0.1"; - elseif($mainfrontend['extaddr']) - $result = $mainfrontend['extaddr']; - else - $result = get_current_wan_address('wan'); + $result = haproxy_interface_ip($mainfrontend['extaddr'],$userfriendly); + if ($userfriendly and is_ipaddrv6($result)) + $result = "[{$result}]"; return $result . ":" . $mainfrontend['port']; } @@ -1099,7 +1112,7 @@ function get_haproxy_frontends($excludeitem="") { return $result; } -function get_frontent_acls($frontend) { +function get_frontend_acls($frontend) { $result = array(); $a_acl = &$frontend['ha_acls']['item']; if (is_array($a_acl)) @@ -1123,30 +1136,15 @@ function get_frontent_acls($frontend) { return $result; } -function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) { - $offset = str_repeat(' ',$nestID); - $itemName = "item$nestID"; - echo "{$offset}$nodeName = {};\n"; - if (is_array($items)) - foreach ($items as $key => $item) - { - if (in_array($path.'/'.$key, $includeitems)) - $subpath = $path.'/'.$key; - else - $subpath = $path.'/*'; - if (in_array($subpath, $includeitems) || in_array($path.'/*', $includeitems)) { - if (is_array($item)) { - $subNodeName = "item$nestID"; - phparray_to_javascriptarray_recursive($nestID+1, $subpath, $items[$key], $subNodeName, $includeitems); - echo "{$offset}{$nodeName}['{$key}'] = $itemName;\n"; - } else - echo "{$offset}{$nodeName}['$key'] = '$item';\n"; - } - } -} - -function phparray_to_javascriptarray($items, $javaMapName, $includeitems) { - phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); +function get_backend($name) { + global $config; + $a_backend = &$config['installedpackages']['haproxy']['ha_pools']['item']; + foreach($a_backend as $key => $backend) + { + if ($backend['name'] == $name) + return $backend; + } + return null; } function haproxy_escapestring($configurationsting) { @@ -1155,19 +1153,4 @@ function haproxy_escapestring($configurationsting) { return str_replace('#', '\\#', $result); } -function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="") { - if (count($keyvaluelist)>0){ - if ($onchangeEvent != "") - $onchangeEvent .= " onchange=$onchangeEvent"; - echo "<select name=\"$name\" id=\"$name\" class=\"formselect\"$onchangeEvent>"; - foreach($keyvaluelist as $key => $desc){ - $selectedhtml = $key == $selected ? "selected" : ""; - echo "<option value=\"{$key}\" {$selectedhtml}>{$desc['name']}</option>"; - } - echo "</select>"; - } else { - echo $listEmptyMessage; - } -} - ?> diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml index bfd7f437..803bd978 100644 --- a/config/haproxy-devel/haproxy.xml +++ b/config/haproxy-devel/haproxy.xml @@ -100,10 +100,20 @@ <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_utils.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy.widget.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/shortcuts/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/haproxy-devel/pkg_haproxy.inc</item> + </additional_files_needed> <custom_delete_php_command> </custom_delete_php_command> <custom_add_php_command> diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index ff8d1280..bd1846e2 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -28,9 +28,10 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require_once("guiconfig.inc"); require_once("haproxy.inc"); +require_once("haproxy_utils.inc"); require_once("globals.inc"); if (!is_array($config['installedpackages']['haproxy'])) @@ -41,6 +42,11 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + if ($_POST['calculate_certificate_chain']) { + $changed = haproxy_recalculate_certifcate_chain(); + if ($changed > 0) + touch($d_haproxyconfdirty_path); + } else if ($_POST['apply']) { $result = haproxy_check_and_run($savemsg, true); if ($result) @@ -144,8 +150,8 @@ function enable_change(enable_change) { /* active tabs */ $tab_array = array(); $tab_array[] = array("Settings", true, "haproxy_global.php"); - $tab_array[] = array("Listener", false, "haproxy_listeners.php"); - $tab_array[] = array("Server Pool", false, "haproxy_pools.php"); + $tab_array[] = array("Frontend", false, "haproxy_listeners.php"); + $tab_array[] = array("Backend", false, "haproxy_pools.php"); display_top_tabs($tab_array); ?> </td></tr> @@ -154,6 +160,20 @@ function enable_change(enable_change) { <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> + <td colspan="2" valign="top" class="listtopic">Recalculate certificate chain.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> </td> + <td width="78%" class="vtable"> + <input type="hidden" name="calculate_certificate_chain" id="calculate_certificate_chain"> + <input type="button" class="formbtn" value="Recalculate certificate chains" onclick="$('calculate_certificate_chain').value='true';document.iform.submit();"> + <br/> + This can be required after certificates have been created or imported. As pfSense 2.1.0 currently does not + always keep track of these dependencies which might be required to create a proper certificate chain when using SSLoffloading. + </td> + </tr> + + <tr> <td colspan="2" valign="top" class="listtopic">General settings</td> </tr> <tr> diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index 6d9c9dc1..d802023c 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -28,10 +28,11 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require_once("guiconfig.inc"); require_once("haproxy.inc"); require_once("certs.inc"); +require_once("haproxy_utils.inc"); if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); @@ -71,7 +72,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; -$pgtitle = "Services: HAProxy: Listener"; +$pgtitle = "Services: HAProxy: Frontends"; include("head.inc"); ?> @@ -92,8 +93,8 @@ include("head.inc"); /* active tabs */ $tab_array = array(); $tab_array[] = array("Settings", false, "haproxy_global.php"); - $tab_array[] = array("Listener", true, "haproxy_listeners.php"); - $tab_array[] = array("Server Pool", false, "haproxy_pools.php"); + $tab_array[] = array("Frontend", true, "haproxy_listeners.php"); + $tab_array[] = array("Backend", false, "haproxy_pools.php"); display_top_tabs($tab_array); ?> </td></tr> @@ -108,7 +109,7 @@ include("head.inc"); <td width="30%" class="listhdrr">Description</td> <td width="20%" class="listhdrr">Address</td> <td width="5%" class="listhdrr">Type</td> - <td width="10%" class="listhdrr">Server pool</td> + <td width="10%" class="listhdrr">Backend</td> <td width="20%" class="listhdrr">Parent</td> <td width="5%" class="list"></td> </tr> @@ -125,7 +126,7 @@ include("head.inc"); $a_frontend_grouped = array(); foreach($a_frontend as &$frontend2) { - $ipport = get_frontend_ipport($frontend2); + $ipport = get_frontend_ipport($frontend2, true); $frontend2['ipport'] = $ipport; $a_frontend_grouped[$ipport][] = $frontend2; } @@ -156,7 +157,7 @@ include("head.inc"); echo '<img src="'.$img_cert.'" title="SSL offloading cert: '.$cert['descr'].'" alt="SSL offloading" border="0" height="16" width="16" />'; } - $acls = get_frontent_acls($frontend); + $acls = get_frontend_acls($frontend); $isaclset = ""; foreach ($acls as $acl) { $isaclset .= " " . $acl['descr']; @@ -170,6 +171,15 @@ include("head.inc"); if ($isadvset) echo "<img src=\"$img_adv\" title=\"" . gettext("Advanced settings set") . ": {$isadvset}\" border=\"0\">"; + $backend_serverpool = $frontend['backend_serverpool']; + $backend = get_backend($backend_serverpool ); + $servers = $backend['ha_servers']['item']; + $backend_serverpool_hint = gettext("Servers in pool:"); + if (is_array($servers)){ + foreach($servers as $server){ + $backend_serverpool_hint .= "\n".$server['address'].":".$server['port']; + } + } ?> </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> @@ -179,13 +189,15 @@ include("head.inc"); <?=$frontend['desc'];?> </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> - <?=$frontend['ipport'];?> + <?=str_replace(" "," ",$frontend['ipport']);?> </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> <?=$frontend['type']?> </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> + <div title='<?=$backend_serverpool_hint;?>'> <?=$frontend['backend_serverpool']?> + </div> </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> <?=$frontend['secondary'] == 'yes' ? $frontend['primary_frontend'] : "";?> @@ -193,9 +205,9 @@ include("head.inc"); <td class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$frontendname;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit frontend");?>" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$frontendname;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete frontend");?>" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("clone frontend");?>" width="17" height="17" border="0"></a></td> </tr> </table> </td> @@ -208,7 +220,7 @@ include("head.inc"); <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a href="haproxy_listeners_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new frontend");?>" width="17" height="17" border="0"></a></td> </tr> </table> </td> diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index d37444c0..d5d44e5d 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -29,9 +29,10 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require("guiconfig.inc"); require_once("haproxy.inc"); +require_once("haproxy_utils.inc"); /* Compatibility function for pfSense 2.0 */ if (!function_exists("cert_get_purpose")) { @@ -274,6 +275,9 @@ if (!$id) $pgtitle = "HAProxy: Frontend: Edit"; include("head.inc"); + +$primaryfrontends = get_haproxy_frontends($pconfig['name']); +$interfaces = haproxy_get_bindable_interfaces(); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -323,7 +327,7 @@ include("head.inc"); else seltext = "<?php echo haproxy_acl_select('http');?>"; if (seltext == '') { - alert("No ACL types available in current listener mode"); + alert("No ACL types available in current frontend type"); return; } @@ -501,6 +505,19 @@ include("head.inc"); <p class="pgtitle"><?=$pgtitle?></p> <?php endif; ?> <form action="haproxy_listeners_edit.php" method="post" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> + <?php + /* active tabs */ + $tab_array = array(); + $tab_array[] = array("Settings", false, "haproxy_global.php"); + $tab_array[] = array("Frontend", true, "haproxy_listeners.php"); + $tab_array[] = array("Backend", false, "haproxy_pools.php"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr> + <td> <div class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> @@ -526,11 +543,16 @@ include("head.inc"); <option value="disabled"<?php if($pconfig['status'] == "disabled") echo " SELECTED"; ?>>Disabled</option> </select> </td> - </tr> + </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Shared Frontend</td> <td width="78%" class="vtable" colspan="2"> + <?if (count($primaryfrontends)==0){ ?> + <b>At least 1 primary frontend is needed.</b><br/><br/> + <? } else{ ?> <input id="secondary" name="secondary" type="checkbox" value="yes" <?php if ($pconfig['secondary']=='yes') echo "checked"; ?> onclick="updatevisibility();"/> + <? } ?> + This can be used to host a second or more website on the same IP:Port combination.<br/> Use this setting to configure multiple backends/accesslists for a single frontend.<br/> All settings of which only 1 can exist will be hidden.<br/> The frontend settings will be merged into 1 set of frontend configuration. @@ -540,7 +562,6 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq">Primary frontend</td> <td width="78%" class="vtable" colspan="2"> <? - $primaryfrontends = get_haproxy_frontends($pconfig['name']); echo_html_select('primary_frontend',$primaryfrontends, $pconfig['primary_frontend'],"You must first create a 'primary' frontend.","updatevisibility();"); ?> </td> @@ -548,22 +569,9 @@ include("head.inc"); <tr class="haproxy_primary"> <td width="22%" valign="top" class="vncellreq">External address</td> <td width="78%" class="vtable"> - <select name="extaddr" class="formfld"> - <option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option> - <option value="localhost" <?php if ('localhost' == $pconfig['extaddr']) echo "selected"; ?>>Localhost</option> - <?php - if (is_array($config['virtualip']['vip'])): - foreach ($config['virtualip']['vip'] as $sn): - ?> - <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['extaddr']) echo "selected"; ?>> - <?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?> - </option> - <?php - endforeach; - endif; + <? + echo_html_select('extaddr', $interfaces, $pconfig['extaddr']); ?> - <option value="any" <?php if($pconfig['extaddr'] == "any") echo "selected"; ?>>any</option> - </select> <br /> <span class="vexpl"> If you want this rule to apply to another IP address than the IP address of the interface chosen above, @@ -575,7 +583,7 @@ include("head.inc"); <tr class="haproxy_primary" align="left"> <td width="22%" valign="top" class="vncellreq">External port</td> <td width="78%" class="vtable" colspan="2"> - <input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="30" maxlength="500"> + <input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="10" maxlength="500"> <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div> </td> </tr> @@ -739,7 +747,10 @@ include("head.inc"); <td width="78%" class="vtable" colspan="2"> <input id="ssloffload" name="ssloffload" type="checkbox" value="yes" <?php if ($pconfig['ssloffload']=='yes') echo "checked";?> onclick="updatevisibility();"><strong>Use Offloading</strong></input> <br/> - The SSL Offloading will reduce web servers load by encrypt data to users on internet and send it without encrytion to internal servers. + SSL Offloading will reduce web servers load by maintaining and encrypting connection with users on internet while sending and retrieving data without encrytion to internal servers. + Also more ACL rules and http logging may be configured when this option is used. + Certificates can be imported into the <a href="/system_camanager.php" target="_new">pfSense "Certificate Authority Manager"</a> + Please be aware this possibly will not work with all web applications. Some applications will require setting the SSL checkbox on the backend server configurations so the connection to the webserver will also be a encrypted connection, in that case there will be a slight overall performance loss. </td> </tr> <tr class="haproxy_ssloffloading_enabled" align="left"> @@ -789,7 +800,7 @@ include("head.inc"); </td> </tr> </table> - </div> + </div></td></tr></table> </form> <br> <script type="text/javascript"> diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index a7a56b1c..b6673a0a 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -28,9 +28,10 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require("guiconfig.inc"); require_once("haproxy.inc"); +require_once("haproxy_utils.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; @@ -67,7 +68,7 @@ if (isset($id) && $a_pools[$id]) { if (isset($_GET['dup'])) unset($id); -$changedesc = "Services: HAProxy: pools: "; +$changedesc = "Services: HAProxy: Backend server pool: "; $changecount = 0; if ($_POST) { @@ -137,7 +138,7 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name)) $input_errors[] = "The field 'Name' contains invalid characters."; - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_address)) + if (!is_ipaddr($server_address)) $input_errors[] = "The field 'Address' contains invalid characters."; if (!preg_match("/.{2,}/", $server_name)) @@ -215,7 +216,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; -$pgtitle = "HAProxy: Backend: Edit"; +$pgtitle = "HAProxy: Backend server pool: Edit"; include("head.inc"); row_helper(); @@ -316,10 +317,24 @@ foreach($simplefields as $field){ <p class="pgtitle"><?=$pgtitle?></p> <?php endif; ?> <form action="haproxy_pool_edit.php" method="post" name="iform" id="iform"> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> + <?php + /* active tabs */ + $tab_array = array(); + $tab_array[] = array("Settings", false, "haproxy_global.php"); + $tab_array[] = array("Frontend", false, "haproxy_listeners.php"); + $tab_array[] = array("Backend", true, "haproxy_pools.php"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr> + <td> <div class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic">Edit HAProxy pool</td> + <td colspan="2" valign="top" class="listtopic">Edit HAProxy Backend server pool</td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncellreq">Name</td> @@ -350,7 +365,7 @@ foreach($simplefields as $field){ <td width="5%" class="listhdrr">Port</td> <td width="5%" class="listhdrr">SSL</td> <td width="8%" class="listhdrr">Weight</td> - <td width="5%" class="listhdr">Backup</td> + <td width="5%" class="listhdrr">Mode</td> <td width="15%" class="listhdr">Advanced</td> <td width="4%" class=""></td> </tr> @@ -534,10 +549,7 @@ foreach($simplefields as $field){ NOTE: paste text into this box that you would like to pass thru. Applied to the backend section. </td> </tr> - - </table> - <br/> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr><td> </td></tr> <tr> <td colspan="2" valign="top" class="listtopic">Health checking</td> </tr> @@ -611,39 +623,35 @@ FLUSH PRIVILEGES;</pre> Fill in the TCP portnumber the healthcheck should be performed on. </td> </tr> - </table> - <br/> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr><td> </td></tr> <tr> <td colspan="2" valign="top" class="listtopic">Advanced settings</td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Connection timeout</td> <td width="78%" class="vtable" colspan="2"> - <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64"> + <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="20"> <div>the time (in milliseconds) we give up if the connection does not complete within (default 30000).</div> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Server timeout</td> <td width="78%" class="vtable" colspan="2"> - <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64"> + <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="20"> <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (default 30000).</div> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Retries</td> <td width="78%" class="vtable" colspan="2"> - <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="64"> + <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="20"> <div>After a connection failure to a server, it is possible to retry, potentially on another server. This is useful if health-checks are too rare and you don't want the clients to see the failures. The number of attempts to reconnect is set by the 'retries' parameter.</div> </td> </tr> - </table> - <br/> <br/> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr><td> </td></tr> <tr> <td colspan="2" valign="top" class="listtopic">Statistics</td> </tr> @@ -719,8 +727,7 @@ set by the 'retries' parameter.</div> Specify the refresh rate of the stats page in seconds, or specified time unit (us, ms, s, m, h, d). </td> </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr><td> </td></tr> <tr align="left"> <td width="22%" valign="top"> </td> <td width="78%"> @@ -733,6 +740,7 @@ set by the 'retries' parameter.</div> </tr> </table> </div> + </td></tr></table> </form> <br> <?php include("fend.inc"); ?> diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php index 2d0189a5..faffa810 100644 --- a/config/haproxy-devel/haproxy_pools.php +++ b/config/haproxy-devel/haproxy_pools.php @@ -28,7 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require_once("guiconfig.inc"); require_once("haproxy.inc"); @@ -67,7 +67,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; -$pgtitle = "Services: HAProxy: Server pools"; +$pgtitle = "Services: HAProxy: Backend server pools"; include("head.inc"); ?> @@ -88,8 +88,8 @@ include("head.inc"); /* active tabs */ $tab_array = array(); $tab_array[] = array("Settings", false, "haproxy_global.php"); - $tab_array[] = array("Listener", false, "haproxy_listeners.php"); - $tab_array[] = array("Server Pool", true, "haproxy_pools.php"); + $tab_array[] = array("Frontend", false, "haproxy_listeners.php"); + $tab_array[] = array("Backend", true, "haproxy_pools.php"); display_top_tabs($tab_array); ?> </td></tr> @@ -102,7 +102,7 @@ include("head.inc"); <td width="25%" class="listhdrr">Name</td> <td width="10%" class="listhdrr">Servers</td> <td width="10%" class="listhdrr">Check</td> - <td width="30%" class="listhdrr">Listener</td> + <td width="30%" class="listhdrr">Frontend</td> <td width="10%" class="list"></td> </tr> <?php @@ -152,9 +152,9 @@ include("head.inc"); <td class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a href="haproxy_pool_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_pools.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_pool_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_pool_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit backend");?>" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_pools.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete backend");?>" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_pool_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("clone backend");?>" width="17" height="17" border="0"></a></td> </tr> </table> </td> @@ -169,7 +169,7 @@ include("head.inc"); <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a href="haproxy_pool_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_pool_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new backend");?>" width="17" height="17" border="0"></a></td> </tr> </table> </td> diff --git a/config/haproxy-devel/haproxy_utils.inc b/config/haproxy-devel/haproxy_utils.inc new file mode 100644 index 00000000..f4df2433 --- /dev/null +++ b/config/haproxy-devel/haproxy_utils.inc @@ -0,0 +1,269 @@ +<?php +/* + haproxy_utils.php + part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 PiBa-NL + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + This file contains functions which are NOT specific to HAProxy and may/could/should + be moved to the general pfSense php library for possible easy use by other parts of pfSense +*/ + +require_once("config.inc"); + +function haproxy_interface_ip($interfacebindname,$userfriendly=false){ + $list = haproxy_get_bindable_interfaces(); + $item = $list[$interfacebindname]; + $result = $item['ip']; + if ($userfriendly && !$result) + $result = $item['name']; + return $result; +} +function haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="any,localhost,real,carp,ipalias"){ + // returns a list of ALL interface/IPs that can be used to bind a service to. + // filtered by the conditions given in the two filter parameters. + // result array includes: + // $bindable[key] can be stored and compared with previous setings + // $bindable[key]['ip'] the current IP (possibly changes for dhcp enabled interfaces..) + // $bindable[key]['description'] can be shown to user in a selection box + + global $config; + $ipverions = split(',',$ipv); + $interfacetypes= split(',',$interfacetype); + + $bindable = array(); + if (in_array("ipv4",$ipverions)){ + if (in_array('any',$interfacetypes)){ + $item = array(); + $item[ip] = '0.0.0.0'; + $item[name] = 'any (IPv4)'; + $bindable['any_ipv4'] = $item; + } + if (in_array('localhost',$interfacetypes)){ + $item = array(); + $item[ip] = '127.0.0.1'; + $item[name] = 'localhost (IPv4)'; + $bindable['localhost_ipv4'] = $item; + } + if (in_array('real',$interfacetypes)){ + foreach($config['interfaces'] as $if => $ifdetail) { + if (!isset($ifdetail['enable'])) + continue; + if (!isset($ifdetail['ipaddr'])) + continue; + $item = array(); + $item[ip] = get_interface_ip($if); + $item[name] = $ifdetail['descr'].' address (IPv4)'; + $bindable[$if.'_ipv4'] = $item; + } + } + if (in_array('carp',$interfacetypes)){ + $carplist = get_configured_carp_interface_list(); + foreach ($carplist as $carpif => $carpip){ + if (is_ipaddrv4($carpip)){ + $item = array(); + $item['ip'] = $carpip; + $item['name'] = $carpip." (".get_vip_descr($carpip).")"; + $bindable[$carpip] = $item; + } + } + + } + if (in_array('ipalias',$interfacetypes)){ + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif){ + if (is_ipaddrv4($aliasip)){ + $item = array(); + $item['ip'] = $aliasip; + $item['name'] = $aliasip." (".get_vip_descr($aliasip).")"; + $bindable[$aliasip.'_ipv4'] = $item; + } + } + } + } + if (in_array("ipv6",$ipverions)){ + if (in_array('any',$interfacetypes)){ + $item = array(); + $item[ip] = '::'; + $item[name] = 'any (IPv6)'; + $bindable['any_ipv6'] = $item; + } + if (in_array('localhost',$interfacetypes)){ + $item = array(); + $item[ip] = '::1'; + $item[name] = 'localhost (IPv6)'; + $bindable['localhost_ipv6'] = $item; + } + if (in_array('real',$interfacetypes)){ + foreach($config['interfaces'] as $if => $ifdetail) { + if (!isset($ifdetail['enable'])) + continue; + if (!isset($ifdetail['ipaddrv6'])) + continue; + $item = array(); + $item[ip] = get_interface_ipv6($if); + $item[name] = $ifdetail['descr'].' address (IPv6)'; + $bindable[$if.'_ipv6'] = $item; + } + } + if (in_array('carp',$interfacetypes)){ + $carplist = get_configured_carp_interface_list(); + foreach ($carplist as $carpif => $carpip){ + if (is_ipaddrv6($carpip)){ + $item = array(); + $item['ip'] = $carpip; + $item['name'] = $carpip." (".get_vip_descr($carpip).")"; + $bindable[$carpip] = $item; + } + } + + } + if (in_array('ipalias',$interfacetypes)){ + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif){ + if (is_ipaddrv6($aliasip)){ + $item = array(); + $item['ip'] = $aliasip; + $item['name'] = $aliasip." (".get_vip_descr($aliasip).")"; + $bindable[$aliasip] = $item; + } + } + } + } + return $bindable; +} + +function haproxy_get_cert_extensions($crt){ + $cert = openssl_x509_parse(base64_decode($crt['crt'])); + return $cert['extensions']; +} + +function haproxy_get_cert_authoritykeyidentifier($cert) +{ + $certextension = haproxy_get_cert_extensions($cert); + $lines = preg_split('/[\n]+/',$certextension['authorityKeyIdentifier']); + return substr($lines[0],6);// cut off the starting string 'keyid:' +} +function haproxy_get_cert_subjectKeyIdentifier($cert) +{ + $certextension = haproxy_get_cert_extensions($cert); + $lines = preg_split('/[\n]+/',$certextension['subjectKeyIdentifier']); + return $lines[0]; +} + +function haproxy_cert_signed_by($cert, $signedbycert) { + // checks if $cert was signed by $signedbycert + // this does NOT validate a proper signature but only checks if the extension properties match. + $authoritykeyid = haproxy_get_cert_authoritykeyidentifier($cert); + $subjectid = haproxy_get_cert_subjectKeyIdentifier($signedbycert); + return $authoritykeyid == $subjectid; +} + +function haproxy_get_certificates(){ + global $config; + $allcerts = array(); + foreach($config['cert'] as &$cert) + $allcerts[] = &$cert; + foreach($config['ca'] as &$cert) + $allcerts[] = &$cert; + return $allcerts; +} +function haproxy_recalculate_certifcate_chain(){ + // and set "selfsigned" for certificates that where used to sign themselves + // recalculate the "caref" for all certificates where it is currently unkown. + + $allcertificates = haproxy_get_certificates(); + $items_recalculated = 0; + foreach($allcertificates as &$cert){ + $recalculate=false; + if (!isset($cert['selfsigned'])){ + if (!isset($cert['caref'])) + $recalculate=true; + else { + $ca = lookup_ca($cert['caref']); + if (!$ca) + $recalculate=true; + } + } + if ($recalculate){ + foreach($allcertificates as &$signedbycert){ + if(haproxy_cert_signed_by($cert, $signedbycert)){ + if ($cert['refid'] == $signedbycert['refid']){ + $cert['selfsigned'] = true; + } else { + $cert['caref'] = $signedbycert['refid']; + } + $items_recalculated++; + } + } + } + } + if ($items_recalculated > 0) + write_config("Services: HAProxy: Recalculated $items_recalculated certificate chains."); + return $items_recalculated; +} + +function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) { + $offset = str_repeat(' ',$nestID); + $itemName = "item$nestID"; + echo "{$offset}$nodeName = {};\n"; + if (is_array($items)) + foreach ($items as $key => $item) + { + if (in_array($path.'/'.$key, $includeitems)) + $subpath = $path.'/'.$key; + else + $subpath = $path.'/*'; + if (in_array($subpath, $includeitems) || in_array($path.'/*', $includeitems)) { + if (is_array($item)) { + $subNodeName = "item$nestID"; + phparray_to_javascriptarray_recursive($nestID+1, $subpath, $items[$key], $subNodeName, $includeitems); + echo "{$offset}{$nodeName}['{$key}'] = $itemName;\n"; + } else + echo "{$offset}{$nodeName}['$key'] = '$item';\n"; + } + } +} +function phparray_to_javascriptarray($items, $javaMapName, $includeitems) { + phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); +} + +function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="") { + if (count($keyvaluelist)>0){ + if ($onchangeEvent != "") + $onchangeEvent .= " onchange=$onchangeEvent"; + echo "<select name=\"$name\" id=\"$name\" class=\"formselect\"$onchangeEvent>"; + foreach($keyvaluelist as $key => $desc){ + $selectedhtml = $key == $selected ? "selected" : ""; + $name = htmlspecialchars($desc['name']); + echo "<option value=\"{$key}\" {$selectedhtml}>{$name}</option>"; + } + echo "</select>"; + } else { + echo $listEmptyMessage; + } +} + +?>
\ No newline at end of file diff --git a/config/haproxy-devel/pkg_haproxy.inc b/config/haproxy-devel/pkg_haproxy.inc new file mode 100755 index 00000000..1e5c75c2 --- /dev/null +++ b/config/haproxy-devel/pkg_haproxy.inc @@ -0,0 +1,11 @@ +<?php + +global $shortcuts; + +$shortcuts['haproxy'] = array(); +$shortcuts['haproxy']['main'] = "haproxy_global.php"; +$shortcuts['haproxy']['log'] = "diag_logs.php"; +$shortcuts['haproxy']['status'] = "status_services.php"; +$shortcuts['haproxy']['service'] = "HAProxy"; + +?> diff --git a/config/haproxy-legacy/haproxy.inc b/config/haproxy-legacy/haproxy.inc index dfbec28c..47dc5474 100644 --- a/config/haproxy-legacy/haproxy.inc +++ b/config/haproxy-legacy/haproxy.inc @@ -1,6 +1,7 @@ <?php /* haproxy.inc + Copyright (C) 2013 Marcello Coutinho Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef All rights reserved. @@ -28,6 +29,7 @@ */ /* include all configuration functions */ +$shortcut_section = "haproxy"; require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("notices.inc"); @@ -40,6 +42,31 @@ function haproxy_custom_php_deinstall_command() { exec("rm /usr/local/www/haproxy*"); } +function migrate_old_sync_config(){ + global $g, $config; + //move Sync HAProxy configuration (if enabled) + $write_config=0; + if(is_array($config['installedpackages']['haproxy'])){ + $haproxy_cfg=$config['installedpackages']['haproxy']; + if (isset($haproxy_cfg['enablesync'])) { + for($si=1;$si<=3;$si++){ + if($haproxy_cfg['synchost'.$si]) { + $config['installedpackages']['haproxysync']['config'][0]['row'][]=array('enabless'=>'ON', + 'ipaddress'=>$haproxy_cfg['synchost'.$si], + 'username'=> 'admin', + 'password'=> $haproxy_cfg['syncpassword']); + unset($config['installedpackages']['haproxy']['synchost'.$si]); + $write_config++; + } + } + } + } + if ($write_config > 0){ + unset($config['installedpackages']['haproxy']['enablesync']); + unset($config['installedpackages']['haproxy']['syncpassword']); + write_config("Haproxy - Migrate old sync config from global to sync tab."); + } +} function haproxy_custom_php_install_command() { global $g, $config; conf_mount_rw(); @@ -90,7 +117,7 @@ EOD; fwrite($fd, $haproxy); fclose($fd); exec("chmod a+rx /usr/local/etc/rc.d/haproxy.sh"); - + migrate_old_sync_config(); conf_mount_ro(); exec("/usr/local/etc/rc.d/haproxy.sh start"); @@ -274,26 +301,11 @@ function haproxy_configure() { } fwrite ($fd, "\n"); } - // Sync HAProxy configuration (if enabled) - if(isset($config['installedpackages']['haproxy']['enablesync'])) { - if($config['installedpackages']['haproxy']['synchost1']) { - haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost1'], - $config['installedpackages']['haproxy']['syncpassword']); - } - if($config['installedpackages']['haproxy']['synchost2']) { - haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost2'], - $config['installedpackages']['haproxy']['syncpassword']); - } - if($config['installedpackages']['haproxy']['synchost3']) { - haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost3'], - $config['installedpackages']['haproxy']['syncpassword']); - } - } } // create config file fclose($fd); - + $freebsd_version = substr(trim(`uname -r`), 0, 1); if(!file_exists("/usr/bin/limits")) { exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits"); @@ -301,7 +313,7 @@ function haproxy_configure() { } exec("/usr/bin/limits -n 300014"); - + // reload haproxy if(isset($a_global['enable'])) { if(is_process_running('haproxy')) { @@ -309,13 +321,69 @@ function haproxy_configure() { } else { exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D"); } + haproxy_sync_on_changes(); return (0); } else { + haproxy_sync_on_changes(); return (1); } } -function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { +/* Uses XMLRPC to synchronize the changes to a remote node */ +function haproxy_sync_on_changes() { + global $config, $g; + if (is_array($config['installedpackages']['haproxysync']['config'])){ + $haproxy_sync=$config['installedpackages']['haproxysync']['config'][0]; + $synctimeout = $haproxy_sync['synctimeout']; + $synconchanges = $haproxy_sync['synconchanges']; + switch ($synconchanges){ + case "manual": + if (is_array($haproxy_sync['row'])){ + $rs=$haproxy_sync['row']; + } + else{ + log_error("[haproxy] xmlrpc sync is enabled but there is no hosts to push haproxy config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress']=$system_carp['synchronizetoip']; + $rs[0]['username']=$system_carp['username']; + $rs[0]['password']=$system_carp['password']; + $rs[0]['enabless']=true; + if (! is_ipaddr($system_carp['synchronizetoip'])){ + log_error("[haproxy] xmlrpc sync is enabled but there is no system backup hosts to push haproxy config."); + return; + } + } + else{ + log_error("[haproxy] xmlrpc sync is enabled but there is no system backup hosts to push haproxy config."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)){ + log_error("[haproxy] xmlrpc sync is starting."); + foreach($rs as $sh){ + $sync_to_ip = $sh['ipaddress']; + if($sh['username']) + $username = $sh['username']; + else + $username = 'admin'; + if($sh['password'] && $sh['ipaddress'] && $sh['enabless']) + haproxy_do_xmlrpc_sync($sh['ipaddress'], $username, $sh['password'],$synctimeout); + } + log_error("[haproxy] xmlrpc sync is ending."); + } + } +} + +function haproxy_do_xmlrpc_sync($sync_to_ip, $username="admin", $password,$synctimeout="30") { global $config, $g; if(!$password) @@ -323,6 +391,7 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { if(!$sync_to_ip) return; + // Do not allow syncing to self. $donotsync = false; @@ -379,18 +448,18 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); if($g['debug']) $cli->setDebug(1); - /* send our XMLRPC message and timeout after 250 seconds */ - $resp = $cli->send($msg, "250"); + /* send our XMLRPC message and timeout after $synctimeout seconds */ + $resp = $cli->send($msg, $synctimeout); if(!$resp) { $error = "A communications error occurred while attempting HAProxy XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "HAProxy Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting HAProxy XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "HAProxy Settings Sync", ""); @@ -412,15 +481,15 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { log_error("HAProxy XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - $resp = $cli->send($msg, "250"); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); if(!$resp) { $error = "A communications error occurred while attempting HAProxy XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "HAProxy Settings Reload", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting HAProxy XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "HAProxy Settings Sync", ""); diff --git a/config/haproxy-legacy/haproxy.xml b/config/haproxy-legacy/haproxy.xml index 556a1178..5706f3c7 100644 --- a/config/haproxy-legacy/haproxy.xml +++ b/config/haproxy-legacy/haproxy.xml @@ -65,6 +65,11 @@ <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_sync.xml</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_frontends.php</item> @@ -89,6 +94,11 @@ <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_servers_edit.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/shortcuts/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/haproxy-legacy/pkg_haproxy.inc</item> + </additional_files_needed> <custom_delete_php_command> </custom_delete_php_command> <custom_add_php_command> diff --git a/config/haproxy-legacy/haproxy_frontends.php b/config/haproxy-legacy/haproxy_frontends.php index d50133b8..e97fbc7b 100755 --- a/config/haproxy-legacy/haproxy_frontends.php +++ b/config/haproxy-legacy/haproxy_frontends.php @@ -28,7 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require_once("guiconfig.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; @@ -92,6 +92,7 @@ include("head.inc"); $tab_array[] = array("Settings", false, "haproxy_global.php"); $tab_array[] = array("Frontends", true, "haproxy_frontends.php"); $tab_array[] = array("Servers", false, "haproxy_servers.php"); + $tab_array[] = array("Sync", false, "pkg_edit.php?xml=haproxy_sync.xml"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/config/haproxy-legacy/haproxy_frontends_edit.php b/config/haproxy-legacy/haproxy_frontends_edit.php index df2411b2..99391fe9 100755 --- a/config/haproxy-legacy/haproxy_frontends_edit.php +++ b/config/haproxy-legacy/haproxy_frontends_edit.php @@ -3,6 +3,7 @@ /* haproxy_frontends_edit.php part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 Marcello Coutinho Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -28,7 +29,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require("guiconfig.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; @@ -113,12 +114,14 @@ if ($_POST) { if (!$_POST['retries'] && is_numeric($_POST['retries'])) $input_errors[] = "The field 'Retries' value is not a number."; + + if ($_POST['stats_enabled'] == "yes"){ + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) + $input_errors[] = "The field 'Stats Username' contains invalid characters."; - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) - $input_errors[] = "The field 'Stats Username' contains invalid characters."; - - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password'])) - $input_errors[] = "The field 'Stats Password' contains invalid characters."; + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password'])) + $input_errors[] = "The field 'Stats Password' contains invalid characters."; + } if (!is_numeric($_POST['max_connections'])) $input_errors[] = "The field 'Max connections' value is not a number."; @@ -391,7 +394,21 @@ include("head.inc"); <p class="pgtitle"><?=$pgtitle?></p> <?php endif; ?> <form action="haproxy_frontends_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td class="tabnavtbl"> + <?php + /* active tabs */ + $tab_array = array(); + $tab_array[] = array("Settings", false, "haproxy_global.php"); + $tab_array[] = array("Frontends", true, "haproxy_frontends.php"); + $tab_array[] = array("Servers", false, "haproxy_servers.php"); + $tab_array[] = array("Sync", false, "pkg_edit.php?xml=haproxy_sync.xml"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr><td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td colspan="2" valign="top" class="listtopic">Edit haproxy backend</td> </tr> @@ -408,30 +425,6 @@ include("head.inc"); </td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Connection timeout</td> - <td width="78%" class="vtable" colspan="2"> - <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64"> - <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div> - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Server timeout</td> - <td width="78%" class="vtable" colspan="2"> - <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64"> - <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div> - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Retries</td> - <td width="78%" class="vtable" colspan="2"> - <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="64"> - <div>After a connection failure to a server, it is possible to retry, potentially -on another server. This is useful if health-checks are too rare and you don't -want the clients to see the failures. The number of attempts to reconnect is -set by the 'retries' parameter (2).</div> - </td> - </tr> - <tr align="left"> <td width="22%" valign="top" class="vncellreq">Type</td> <td width="78%" class="vtable" colspan="2"> <select name="type" id="type" onchange="type_change();"> @@ -441,7 +434,43 @@ set by the 'retries' parameter (2).</div> <option value="health"<?php if($pconfig['type'] == "health") echo " SELECTED"; ?>>Health</option> </select> </td> - </tr> + </tr> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncellreq">Port</td> + <td width="78%" class="vtable" colspan="2"> + <input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="6" maxlength="500"> + <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Listen address</td> + <td width="78%" class="vtable"> + <select name="extaddr" class="formfld"> + <option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option> + <option value="127.0.0.1" <?php if($pconfig['extaddr'] == "127.0.0.1") echo "selected"; ?>>127.0.0.1 (Localhost)</option> + <?php + if (is_array($config['virtualip']['vip'])): + foreach ($config['virtualip']['vip'] as $sn): + ?> + <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['extaddr']) echo "selected"; ?>> + <?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?> + </option> + <?php + endforeach; + endif; + ?> + <option value="any" <?php if($pconfig['extaddr'] == "any") echo "selected"; ?>>any</option> + </select> + <br/> + <span class="vexpl"> + If you want this rule to apply to another IP address than the IP address of the interface chosen above, + select it here (you need to define <a href="firewall_virtual_ip.php">Virtual IP</a> addresses on the first). + Also note that if you are trying to redirect connections on the LAN select the "any" option.<br> + While using carp, select localhost and forward via NAT. + </span> + </td> + </tr> <tr align="left"> <td width="22%" valign="top" class="vncellreq">Balance</td> <td width="78%" class="vtable" colspan="2"> @@ -507,6 +536,69 @@ set by the 'retries' parameter (2).</div> </table> </td> </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Use 'forwardfor' option</td> + <td width="78%" class="vtable" colspan="2"> + <input id="forwardfor" name="forwardfor" type="checkbox" value="yes" <?php if ($pconfig['forwardfor']=='yes') echo "checked"; ?>> + <br/> + The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which + contains the client's IP address. This is useful to let the final web server + know what the client address was (eg for statistics on domains) + </td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Use 'httpclose' option</td> + <td width="78%" class="vtable" colspan="2"> + <input id="httpclose" name="httpclose" type="checkbox" value="yes" <?php if ($pconfig['httpclose']=='yes') echo "checked"; ?>> + <br/> + The 'httpclose' option removes any 'Connection' header both ways, and + adds a 'Connection: close' header in each direction. This makes it easier to + disable HTTP keep-alive than the previous 4-rules block. + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Connection limits</td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncellreq">Connection timeout</td> + <td width="78%" class="vtable" colspan="2"> + <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64"> + <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div> + </td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncellreq">Server timeout</td> + <td width="78%" class="vtable" colspan="2"> + <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64"> + <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div> + </td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Retries</td> + <td width="78%" class="vtable" colspan="2"> + <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="6"> + <div>After a connection failure to a server, it is possible to retry, potentially +on another server. This is useful if health-checks are too rare and you don't +want the clients to see the failures. The number of attempts to reconnect is +set by the 'retries' parameter (2).</div> + </td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Max connections</td> + <td width="78%" class="vtable" colspan="2"> + <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10"> + </td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Client timeout</td> + <td width="78%" class="vtable" colspan="2"> + <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10"> + <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Backend stats</td> + </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Stats Enabled</td> <td width="78%" class="vtable" colspan="2"> @@ -530,14 +622,14 @@ set by the 'retries' parameter (2).</div> <tr align="left" id='stats_username_row' name='stats_username_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> <td width="22%" valign="top" class="vncellreq">Stats Username</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"{$pconfig['stats_username']}\"";?> size="64"> + <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"{$pconfig['stats_username']}\"";?> size="25"> </td> </tr> <tr align="left" id='stats_password_row' name='stats_password_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> <td width="22%" valign="top" class="vncellreq">Stats Password</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_password" name="stats_password" type="password" <?if(isset($pconfig['stats_password'])) echo "value=\"{$pconfig['stats_password']}\"";?> size="64"> + <input id="stats_password" name="stats_password" type="password" <?if(isset($pconfig['stats_password'])) echo "value=\"{$pconfig['stats_password']}\"";?> size="25"> <br/> </td> </tr> @@ -565,7 +657,7 @@ set by the 'retries' parameter (2).</div> <tr align="left" id='stats_refresh_row' name='stats_refresh_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>> <td width="22%" valign="top" class="vncell">Stats Refresh</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_refresh" name="stats_refresh" type="text" <?if(isset($pconfig['stats_refresh'])) echo "value=\"{$pconfig['stats_refresh']}\"";?> size="10" maxlength="30"><br/> + <input id="stats_refresh" name="stats_refresh" type="text" <?if(isset($pconfig['stats_refresh'])) echo "value=\"{$pconfig['stats_refresh']}\"";?> size="6" maxlength="30"><br/> Specify the refresh rate of the stats page in seconds, or specified time unit (us, ms, s, m, h, d). </td> </tr> @@ -577,53 +669,7 @@ set by the 'retries' parameter (2).</div> Example: / or /index.php or /index.html or /testmypage.cgi </td> </tr> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Port</td> - <td width="78%" class="vtable" colspan="2"> - <input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="30" maxlength="500"> - <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">External address</td> - <td width="78%" class="vtable"> - <select name="extaddr" class="formfld"> - <option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option> - <?php - if (is_array($config['virtualip']['vip'])): - foreach ($config['virtualip']['vip'] as $sn): - ?> - <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['extaddr']) echo "selected"; ?>> - <?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?> - </option> - <?php - endforeach; - endif; - ?> - <option value="any" <?php if($pconfig['extaddr'] == "any") echo "selected"; ?>>any</option> - </select> - <br /> - <span class="vexpl"> - If you want this rule to apply to another IP address than the IP address of the interface chosen above, - select it here (you need to define <a href="firewall_virtual_ip.php">Virtual IP</a> addresses on the first). - Also note that if you are trying to redirect connections on the LAN select the "any" option. - </span> - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Max connections</td> - <td width="78%" class="vtable" colspan="2"> - <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10"> - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Client timeout</td> - <td width="78%" class="vtable" colspan="2"> - <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10"> - <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div> - </td> - </tr> + <?php /* <tr> @@ -676,30 +722,12 @@ set by the 'retries' parameter (2).</div> </tr> */ ?> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Use 'forwardfor' option</td> - <td width="78%" class="vtable" colspan="2"> - <input id="forwardfor" name="forwardfor" type="checkbox" value="yes" <?php if ($pconfig['forwardfor']=='yes') echo "checked"; ?>> - <br/> - The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which - contains the client's IP address. This is useful to let the final web server - know what the client address was (eg for statistics on domains) - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Use 'httpclose' option</td> - <td width="78%" class="vtable" colspan="2"> - <input id="httpclose" name="httpclose" type="checkbox" value="yes" <?php if ($pconfig['httpclose']=='yes') echo "checked"; ?>> - <br/> - The 'httpclose' option removes any 'Connection' header both ways, and - adds a 'Connection: close' header in each direction. This makes it easier to - disable HTTP keep-alive than the previous 4-rules block. - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncell">Advanced pass thru</td> - <td width="78%" class="vtable" colspan="2"> - <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea> + <tr> + <td colspan="2" valign="top" class="listtopic">Advanced pass thru</td> + </tr> + <tr align="left" colspan="2" > + <td width="100%" class="vtable" colspan="2"> + <textarea name='advanced' rows="6" cols="90" id='advanced'><?php echo $pconfig['advanced']; ?></textarea> <br/> NOTE: paste text into this box that you would like to pass thru. </td> @@ -715,12 +743,14 @@ set by the 'retries' parameter (2).</div> </td> </tr> <tr> - <br/> <br/> + <td colspan='3'> <span class="vexpl"><b>NOTE:</b> You must add a firewall rule permitting access to this frontend!</span> </td> </tr> </table> + </div> + </td></tr></table> </form> <br> <script type="text/javascript"> diff --git a/config/haproxy-legacy/haproxy_global.php b/config/haproxy-legacy/haproxy_global.php index b0486fb8..f47ada8b 100755 --- a/config/haproxy-legacy/haproxy_global.php +++ b/config/haproxy-legacy/haproxy_global.php @@ -3,6 +3,7 @@ /* haproxy_global.php part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 Marcello Coutinho Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -28,7 +29,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require("globals.inc"); require("guiconfig.inc"); require_once("haproxy.inc"); @@ -61,22 +62,10 @@ if ($_POST) { if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) $input_errors[] = "The maximum number of connections should be numeric."; - if($_POST['synchost1'] && !is_ipaddr($_POST['synchost1'])) - $input_errors[] = "Synchost1 needs to be an IPAddress."; - if($_POST['synchost2'] && !is_ipaddr($_POST['synchost2'])) - $input_errors[] = "Synchost2 needs to be an IPAddress."; - if($_POST['synchost3'] && !is_ipaddr($_POST['synchost3'])) - $input_errors[] = "Synchost3 needs to be an IPAddress."; - if (!$input_errors) { $config['installedpackages']['haproxy']['enable'] = $_POST['enable'] ? true : false; $config['installedpackages']['haproxy']['maxconn'] = $_POST['maxconn'] ? $_POST['maxconn'] : false; - $config['installedpackages']['haproxy']['enablesync'] = $_POST['enablesync'] ? true : false; - $config['installedpackages']['haproxy']['synchost1'] = $_POST['synchost1'] ? $_POST['synchost1'] : false; - $config['installedpackages']['haproxy']['synchost2'] = $_POST['synchost2'] ? $_POST['synchost2'] : false; - $config['installedpackages']['haproxy']['synchost3'] = $_POST['synchost3'] ? $_POST['synchost3'] : false; $config['installedpackages']['haproxy']['remotesyslog'] = $_POST['remotesyslog'] ? $_POST['remotesyslog'] : false; - $config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false; $config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false; $config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false; touch($d_haproxyconfdirty_path); @@ -88,11 +77,6 @@ if ($_POST) { $pconfig['enable'] = isset($config['installedpackages']['haproxy']['enable']); $pconfig['maxconn'] = $config['installedpackages']['haproxy']['maxconn']; -$pconfig['enablesync'] = isset($config['installedpackages']['haproxy']['enablesync']); -$pconfig['syncpassword'] = $config['installedpackages']['haproxy']['syncpassword']; -$pconfig['synchost1'] = $config['installedpackages']['haproxy']['synchost1']; -$pconfig['synchost2'] = $config['installedpackages']['haproxy']['synchost2']; -$pconfig['synchost3'] = $config['installedpackages']['haproxy']['synchost3']; $pconfig['remotesyslog'] = $config['installedpackages']['haproxy']['remotesyslog']; $pconfig['advanced'] = base64_decode($config['installedpackages']['haproxy']['advanced']); $pconfig['nbproc'] = $config['installedpackages']['haproxy']['nbproc']; @@ -134,7 +118,8 @@ function enable_change(enable_change) { $tab_array = array(); $tab_array[] = array("Settings", true, "haproxy_global.php"); $tab_array[] = array("Frontends", false, "haproxy_frontends.php"); - $tab_array[] = array("Servers", false, "haproxy_servers.php"); + $tab_array[] = array("Servers", false, "haproxy_servers.php"); + $tab_array[] = array("Sync", false, "pkg_edit.php?xml=haproxy_sync.xml"); display_top_tabs($tab_array); ?> </td></tr> @@ -207,7 +192,7 @@ function enable_change(enable_change) { Number of processes to start </td> <td class="vtable"> - <input name="nbproc" type="text" class="formfld" id="nbproc" size="18" value="<?=htmlspecialchars($pconfig['nbproc']);?>"> + <input name="nbproc" type="text" class="formfld" id="nbproc" size="4" value="<?=htmlspecialchars($pconfig['nbproc']);?>"> <br/> Defaults to number of cores/processors installed if left blank (<?php echo trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); ?> detected). </td> @@ -229,58 +214,15 @@ function enable_change(enable_change) { <td colspan="2" valign="top" class="listtopic">Global Advanced pass thru</td> </tr> <tr> - <td width="22%" valign="top" class="vncell"> </td> - <td width="78%" class="vtable"> - <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea> + <td width="100%" class="vtable" colspan="2"> + <textarea name='advanced' rows="6" cols="90" id='advanced'><?php echo $pconfig['advanced']; ?></textarea> <br/> NOTE: paste text into this box that you would like to pass thru in the global settings area. </td> </tr> <tr> <td> - - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Configuration synchronization</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"> </td> - <td width="78%" class="vtable"> - <input name="enablesync" type="checkbox" value="yes" <?php if ($pconfig['enablesync']) echo "checked"; ?>> - <strong>Sync HAProxy configuration to backup CARP members via XMLRPC.</strong> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Synchronization password</td> - <td width="78%" class="vtable"> - <input name="syncpassword" type="password" value="<?=$pconfig['syncpassword'];?>"> - <br/> - <strong>Enter the password that will be used during configuration synchronization. This is generally the remote webConfigurator password.</strong> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Sync host #1</td> - <td width="78%" class="vtable"> - <input name="synchost1" value="<?=$pconfig['synchost1'];?>"> - <br/> - <strong>Synchronize settings to this hosts IP address.</strong> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Sync host #2</td> - <td width="78%" class="vtable"> - <input name="synchost2" value="<?=$pconfig['synchost2'];?>"> - <br/> - <strong>Synchronize settings to this hosts IP address.</strong> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Sync host #3</td> - <td width="78%" class="vtable"> - <input name="synchost3" value="<?=$pconfig['synchost3'];?>"> - <br/> - <strong>Synchronize settings to this hosts IP address.</strong> + </td> </tr> <tr> diff --git a/config/haproxy-legacy/haproxy_servers.php b/config/haproxy-legacy/haproxy_servers.php index cacf995a..b8f58b73 100755 --- a/config/haproxy-legacy/haproxy_servers.php +++ b/config/haproxy-legacy/haproxy_servers.php @@ -28,7 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require_once("guiconfig.inc"); require_once("haproxy.inc"); @@ -93,6 +93,7 @@ include("head.inc"); $tab_array[] = array("Settings", false, "haproxy_global.php"); $tab_array[] = array("Frontends", false, "haproxy_frontends.php"); $tab_array[] = array("Servers", true, "haproxy_servers.php"); + $tab_array[] = array("Sync", false, "pkg_edit.php?xml=haproxy_sync.xml"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/config/haproxy-legacy/haproxy_servers_edit.php b/config/haproxy-legacy/haproxy_servers_edit.php index a4360b04..4a8072b3 100755 --- a/config/haproxy-legacy/haproxy_servers_edit.php +++ b/config/haproxy-legacy/haproxy_servers_edit.php @@ -3,6 +3,7 @@ /* haproxy_servers_edit.php part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 Marcello Coutinho Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -28,7 +29,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "haproxy"; require("guiconfig.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; @@ -183,14 +184,29 @@ function clearcombo(){ <p class="pgtitle"><?=$pgtitle?></p> <?php endif; ?> <form action="haproxy_servers_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> + <?php + /* active tabs */ + $tab_array = array(); + $tab_array[] = array("Settings", false, "haproxy_global.php"); + $tab_array[] = array("Frontends", false, "haproxy_frontends.php"); + $tab_array[] = array("Servers", true, "haproxy_servers.php"); + $tab_array[] = array("Sync", false, "pkg_edit.php?xml=haproxy_sync.xml"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="2" valign="top" class="listtopic">Edit HAProxy server</td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncellreq">Name</td> <td width="78%" class="vtable" colspan="2"> - <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="16" maxlength="16"> + <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="16" maxlength="16"><br> </td> </tr> <tr align="left"> @@ -225,7 +241,7 @@ function clearcombo(){ <?=$backend['name'];?> </option> <?php } ?> - </select> + </select><br> </td> <td> <?php @@ -244,7 +260,7 @@ function clearcombo(){ </table> <a onclick="javascript:addRowTo('frontendtable'); return false;" href="#"> <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> - </a> + </a><br/> </td> </tr> <tr> @@ -253,8 +269,8 @@ function clearcombo(){ IP Address </div> </td> - <td width="78%" class="vtable"> - <input name="address" type="text" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" /> + <td width="78%" class="vtable" colspan="2"> + <input name="address" type="text" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" /><br/> </td> </tr> <tr align="left"> @@ -274,7 +290,7 @@ function clearcombo(){ <option value="disabled" <?php if($pconfig['status']=='disabled') echo "SELECTED";?>>disabled</option> <option value="inactive" <?php if($pconfig['status']=='inactive') echo "SELECTED";?>>inactive</option> </select> - </td> + <br>Select Server Status</td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Cookie</td> @@ -286,20 +302,20 @@ function clearcombo(){ sent to the client. There is nothing wrong in having several servers sharing the same cookie value, and it is in fact somewhat common between normal and backup servers. See also the "cookie" keyword in backend section. - + <br/> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Check inter</td> <td width="78%" class="vtable" colspan="2"> - <input name="checkinter" type="text" <?if(isset($pconfig['checkinter'])) echo "value=\"{$pconfig['checkinter']}\"";?>size="64"> + <input name="checkinter" type="text" <?if(isset($pconfig['checkinter'])) echo "value=\"{$pconfig['checkinter']}\"";?>size="10"> <br/>Defaults to 1000 if left blank. </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Weight</td> <td width="78%" class="vtable" colspan="2"> - <input name="weight" type="text" <?if(isset($pconfig['weight'])) echo "value=\"{$pconfig['weight']}\"";?>size="64"><br/> + <input name="weight" type="text" <?if(isset($pconfig['weight'])) echo "value=\"{$pconfig['weight']}\"";?>size="6"><br/> The default weight is 1, and the maximal value is 255.<br/> NOTE: If this parameter is used to distribute the load according to server's capacity, it @@ -327,6 +343,7 @@ function clearcombo(){ </td> </tr> </table> + </div></td></tr></table> </form> <br> <?php include("fend.inc"); ?> diff --git a/config/haproxy-legacy/haproxy_sync.xml b/config/haproxy-legacy/haproxy_sync.xml new file mode 100644 index 00000000..5c2b6ab7 --- /dev/null +++ b/config/haproxy-legacy/haproxy_sync.xml @@ -0,0 +1,146 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + haproxy_sync.xml + part of the Haproxy package for pfSense + Copyright (C) 2013 Marcello Coutinho + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>haproxysync</name> + <version>1.0</version> + <title>Services: Haproxy: Sync</title> + <include_file>/usr/local/pkg/haproxy.inc</include_file> +<tabs> + <tab> + <text>Settings</text> + <url>/haproxy_global.php</url> + </tab> + <tab> + <text>Frontends</text> + <url>/haproxy_frontends.php</url> + </tab> + <tab> + <text>Servers</text> + <url>haproxy_servers.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=haproxy_sync.xml</url> + <active/> + </tab> +</tabs> + <fields> + <field> + <name>Haproxy Sync</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Sync method</fielddescr> + <fieldname>synconchanges</fieldname> + <description>Automatically sync Haproxy configuration changes to remote/backup server.</description> + <type>select</type> + <required/> + <default_value>auto</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> + </field> + <field> + <fielddescr>Sync timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description>Select sync max wait time</description> + <type>select</type> + <required/> + <default_value>30</default_value> + <options> + <option><name>30 seconds(Default)</name><value>30</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>250 seconds</name><value>250</value></option> + </options> + </field> + <field> + <fielddescr><![CDATA[Remote Server(s)]]></fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <dontdisplayname/> + <usecolspan2/> + <rowhelper> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>enabless</fieldname> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Remote Server IP</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP Address of remote server</description> + <type>input</type> + <size>10</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Username</fielddescr> + <fieldname>username</fieldname> + <description>Username for remote server.</description> + <type>input</type> + <size>10</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>10</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>27</size> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_php_validation_command> + </custom_php_validation_command> + <custom_php_resync_config_command> + </custom_php_resync_config_command> +</packagegui> diff --git a/config/haproxy-legacy/pkg_haproxy.inc b/config/haproxy-legacy/pkg_haproxy.inc new file mode 100755 index 00000000..1e5c75c2 --- /dev/null +++ b/config/haproxy-legacy/pkg_haproxy.inc @@ -0,0 +1,11 @@ +<?php + +global $shortcuts; + +$shortcuts['haproxy'] = array(); +$shortcuts['haproxy']['main'] = "haproxy_global.php"; +$shortcuts['haproxy']['log'] = "diag_logs.php"; +$shortcuts['haproxy']['status'] = "status_services.php"; +$shortcuts['haproxy']['service'] = "HAProxy"; + +?> diff --git a/config/mailscanner/mailscanner.inc b/config/mailscanner/mailscanner.inc index 0b638166..f15f7c61 100644 --- a/config/mailscanner/mailscanner.inc +++ b/config/mailscanner/mailscanner.inc @@ -678,13 +678,13 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf $cconf=MAILSCANNER_LOCALBASE. "/sbin/mailscanner"; if (file_exists($cconf)){ #check perl's version - exec('find '.MAILSCANNER_LOCALBASE. '/lib/perl5/site_perl -name Df.pm',$find_out); - $perl_bin="perl"; - foreach($find_out as $perl_dir){ - if (preg_match ('@/usr\S+lib/perl5/site_perl/([.0-9]+)/mach/Filesys/Df.pm@',$perl_dir,$perl_match)) - $perl_bin.=$perl_match[1]; + $perl_bin="perl"; + $perl_version_file=MAILSCANNER_LOCALBASE . '/etc/perl5_version'; + if (file_exists($perl_version_file)) { + $perl_version = trim(`/usr/bin/grep 'PERL_VERSION=' $perl_version_file | /usr/bin/cut -f2 -d'='`); + $perl_bin .= $perl_version; } - + $cconf_file=file_get_contents($cconf); $pattern2[0]='@#!/usr\S+bin/perl.*I@'; $pattern2[1]='/\smy .current = config MIME::ToolUtils/'; diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index e6351686..4d6ded8f 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -170,7 +170,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $openvpnmanager, $advancedoptions = "") { +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $openvpnmanager, $advancedoptions = "") { global $config, $input_errors, $g; $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); @@ -209,6 +209,12 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys if (($expformat != "inlinedroid") && ($expformat != "inlineios")) $conf .= "resolv-retry infinite{$nl}"; $conf .= "$remotes{$nl}"; + + /* Use a random local port, otherwise two clients will conflict if they run at the same time. + May not be supported on older clients (Released before May 2010) */ + if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) + $conf .= "lport 0{$nl}"; + /* This line can cause problems with auth-only setups and also with Yealink/Snom phones since they are stuck on an older OpenVPN version that does not support this feature. */ if (!empty($servercn) && !$nokeys) { @@ -471,7 +477,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys } } -function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "2.1") { +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "2.1") { global $config, $g, $input_errors; $uname_p = trim(exec("uname -p")); @@ -523,7 +529,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri $pwdfle .= "{$proxy['password']}\r\n"; file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions); if (!$conf) { $input_errors[] = "Could not create a config to export."; return false; @@ -588,7 +594,7 @@ RunProgram="openvpn-postinstall.exe" return $outfile; } -function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions) { +function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions) { global $config, $g; $uname_p = trim(exec("uname -p")); @@ -623,7 +629,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions); if (!$conf) return false; diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 4c0518b2..0af838e9 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.2.2</version> + <version>1.2.4</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 44744832..8d002397 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -139,6 +139,7 @@ if (!empty($act)) { $openvpnmanager = $_GET['openvpnmanager']; $verifyservercn = $_GET['verifyservercn']; + $randomlocalport = $_GET['randomlocalport']; $usetoken = $_GET['usetoken']; if ($usetoken && (substr($act, 0, 10) == "confinline")) $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; @@ -213,17 +214,17 @@ if (!empty($act)) { $exp_name = urlencode($exp_name."-config.ovpn"); $expformat = "baseconf"; } - $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); + $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); } if($act == "visc") { $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); - $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); + $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); } if(substr($act, 0, 4) == "inst") { $exp_name = urlencode($exp_name."-install.exe"); - $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); } if (!$exp_path) { @@ -307,6 +308,9 @@ function download_begin(act, i, j) { var verifyservercn; verifyservercn = document.getElementById("verifyservercn").value; + var randomlocalport = 0; + if (document.getElementById("randomlocalport").checked) + randomlocalport = 1; var usetoken = 0; if (document.getElementById("usetoken").checked) usetoken = 1; @@ -381,6 +385,7 @@ function download_begin(act, i, j) { } dlurl += "&useaddr=" + escape(useaddr); dlurl += "&verifyservercn=" + escape(verifyservercn); + dlurl += "&randomlocalport=" + escape(randomlocalport); dlurl += "&openvpnmanager=" + escape(openvpnmanager); dlurl += "&usetoken=" + escape(usetoken); if (usepass) @@ -642,6 +647,27 @@ function useproxy_changed(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Use Random Local Port</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0" summary="random local port"> + <tr> + <td> + <input name="randomlocalport" id="randomlocalport" type="checkbox" value="yes" checked="CHECKED" /> + </td> + <td> + <span class="vexpl"> + Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently. + </span> + </td> + </tr> + <tr> + <td colspan="2"> + <span class="vexpl"><br/>NOTE: Not supported on older clients. Automatically disabled for Yealink and Snom configurations.</span> + </td> + </tr> + </table> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Certificate Export Options</td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0" summary="export options"> @@ -806,10 +832,14 @@ function useproxy_changed(obj) { This will change the generated .ovpn configuration to allow for usage of the management interface. And include the OpenVPNManager program in the "Windows Installers". With this OpenVPN can be used also by non-administrator users. This is also useful for Windows Vista/7/8 systems where elevated permissions are needed to add routes to the system. - <br/><br/>NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system. </span> </td> </tr> + <tr> + <td colspan="2"> + <span class="vexpl"><br/>NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.</span> + </td> + </tr> </table> </td> </tr> diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index cf7cd786..50979f38 100755 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -581,6 +581,34 @@ switch ($antispam['zombie_blocker']) $postfix_main.="soft_bounce = yes\n"; } + //check ips to listen on + $inet_protocols=($postfix_config['inet_protocol'] ? $postfix_config['inet_protocol'] : "ipv4"); + $inet_interfaces =array(); + if (preg_match("/All/",$postfix_config['enabled_interface'])){ + $inet_interfaces[]=""; + } + elseif ($postfix_config['enabled_interface'] == "lo0"){ + $inet_interfaces[]="loopback-only"; + } + else{ + $ifaces = ($postfix_config['enabled_interface'] ? $postfix_config['enabled_interface'] : 'wan'); + foreach (explode(',',$ifaces) as $listenon){ + if (is_ipaddrv6($listenon) && preg_match("/(ipv6|all)/i",$inet_protocols)) + $inet_interfaces[]= "{$listenon}"; + elseif (is_ipaddr($listenon) && preg_match("/(ipv4|all)/i",$inet_protocols)) + $inet_interfaces[]= "{$listenon}"; + else{ + $listenon=(pfSense_get_interface_addresses(convert_friendly_interface_to_real_interface_name($listenon))); + if (is_ipaddr($listenon['ipaddr']) && preg_match("/(ipv4|all)/i",$inet_protocols)) + $inet_interfaces []= "{$listenon['ipaddr']}"; + if(is_ipaddrv6($listenon['ipaddr6']) && preg_match("/(ipv6|all)/i",$inet_protocols)) + $inet_interfaces []= "{$listenon['ipaddr6']}"; + } + } + } + $postfix_main.= "inet_protocols = {$inet_protocols}\n"; + $postfix_main.= "inet_interfaces = ".implode(",",$inet_interfaces)."\n"; + if ($postscreen==1) #Postscreen enabled { if(preg_match("/(\d+),(\d+)(s|m|h|w)/",$antispam['greet_time'],$greet)){ @@ -611,16 +639,17 @@ switch ($antispam['zombie_blocker']) $postfix_main.="postscreen_blacklist_action= ".$antispam['zombie_blocker']."\n"; #postscreen interface loop - $ifaces = ($postfix_config['enabled_interface'] ? $postfix_config['enabled_interface'] : 'wan'); - $real_ifaces = array(); - $postfix_master=""; - foreach (explode(",", $ifaces) as $i => $iface) { - $real_ifaces[] = px_get_real_interface_address($iface); - if($real_ifaces[$i][0]) { - $postfix_master .=$real_ifaces[$i][0].":25 inet n - n - 1 postscreen\n\t-o user=postfix\n"; - $postfix_master .=($antispam['soft_bounce'] == "postscreen"?"\t-o soft_bounce=yes\n":""); - } - } + //$ifaces = ($postfix_config['enabled_interface'] ? $postfix_config['enabled_interface'] : 'wan'); + //$real_ifaces = array(); + //$postfix_master=""; + //foreach (explode(",", $ifaces) as $i => $iface) { + // $real_ifaces[] = px_get_real_interface_address($iface); + // if($real_ifaces[$i][0]) { + // $postfix_master .=$real_ifaces[$i][0].":25 inet n - n - 1 postscreen\n\t-o user=postfix\n"; + $postfix_master = "smtp inet n - n - 1 postscreen\n\t-o user=postfix\n"; + $postfix_master .=($antispam['soft_bounce'] == "postscreen"?"\t-o soft_bounce=yes\n":""); + // } + //} $postfix_master .= $postfix_inets.<<<MASTEREOF smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog @@ -647,7 +676,7 @@ MASTEREOF; } #interface loop - $postfix_inets=""; + /*$postfix_inets=""; $ifaces = ($postfix_config['enabled_interface'] ? $postfix_config['enabled_interface'] : 'loopback'); $real_ifaces = array(); $postfix_master=""; @@ -657,6 +686,8 @@ MASTEREOF; $postfix_master .=$real_ifaces[$i][0].":25 inet n - n - - smtpd\n"; } } + */ + $postfix_master ="25 inet n - n - - smtpd\n"; } $rbl2.=($rbl2 !=""?"\t\t\t\tpermit\n":"permit\n"); diff --git a/config/postfix/postfix.php b/config/postfix/postfix.php index a11af2dd..78eb551d 100644 --- a/config/postfix/postfix.php +++ b/config/postfix/postfix.php @@ -150,10 +150,13 @@ function grep_log(){ $m=date('M',strtotime($postfix_arg['time'],$curr_time)); $j=substr(" ".date('j',strtotime($postfix_arg['time'],$curr_time)),-3); # file grep loop + $maillog_filename = "/var/log/maillog"; foreach ($postfix_arg['grep'] as $hour){ - print "/usr/bin/grep '^".$m.$j." ".$hour.".*".$grep."' /var/log/maillog\n"; + if (!file_exists($maillog_filename) || !is_readable($maillog_filename)) + continue; + print "/usr/bin/grep '^".$m.$j." ".$hour.".*".$grep."' {$maillog_filename}\n"; $lists=array(); - exec("/usr/bin/grep " . escapeshellarg('^'.$m.$j." ".$hour.".*".$grep)." /var/log/maillog", $lists); + exec("/usr/bin/grep " . escapeshellarg('^'.$m.$j." ".$hour.".*".$grep)." {$maillog_filename}", $lists); foreach ($lists as $line){ #check where is first mail record if (preg_match("/ delay=(\d+)/",$line,$delay)){ @@ -294,7 +297,7 @@ function grep_log(){ } $config=parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']); - print count($config['installedpackages']); + //print count($config['installedpackages']); #start db replication if configured if ($config['installedpackages']['postfixsync']['config'][0]['rsync']) foreach ($config['installedpackages']['postfixsync']['config'] as $rs ) diff --git a/config/postfix/postfix.xml b/config/postfix/postfix.xml index c3b3664f..e9d2d953 100644 --- a/config/postfix/postfix.xml +++ b/config/postfix/postfix.xml @@ -207,13 +207,31 @@ <description></description> </field> <field> - <fielddescr>Listen interface(s)</fielddescr> + <fielddescr>Listen Protocol</fielddescr> + <fieldname>inet_protocol</fieldname> + <description><![CDATA[Specify what protocols Postfix will use when it makes or accepts network connections<br> + This option controls what DNS lookups Postfix will use when it makes network connections.<br><br> + <b>Restart postfix daemon after changing Listen protocol.</b>]]></description> + <type>select</type> + <options> + <option><name>ipv4 (DEFAULT: enable IPv4 only)</name><value>ipv4</value></option> + <option><name>all (enable IPv4, and IPv6 if supported)</name><value>all</value></option> + <option><name>ipv4, ipv6 (enable both IPv4 and IPv6)</name><value>ipv4,ipv6</value></option> + <option><name>ipv6 (enable IPv6 only</name><value>ipv6</value></option> + </options> + <required/> + </field> + <field> + <fielddescr>Listen on</fielddescr> <fieldname>enabled_interface</fieldname> <description><![CDATA[Interface(s) that daemon will bind to.<br>Do not listen on WAN without a good "antispam/close relay" configuration.<br> - If you need postfix on other ip then Interface address, choose localhost and then create a nat rule from external ip to localhost.]]></description> + If you need postfix on other ip then Interface address, choose localhost and then create a nat rule from external ip to localhost.<br><br> + <b>Restart postfix daemon after changing Listen on addresses/interfaces.</b>]]></description> <type>interfaces_selection</type> <required/> <default_value>loopback</default_value> + <showlistenall/> + <showvirtualips/> <multiple/> </field> <field> diff --git a/config/postfix/postfix_about.php b/config/postfix/postfix_about.php index 3f3e272a..56645646 100755 --- a/config/postfix/postfix_about.php +++ b/config/postfix/postfix_about.php @@ -2,7 +2,7 @@ /* postfix_about.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -27,7 +27,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "postfix"; require("guiconfig.inc"); $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); diff --git a/config/postfix/postfix_queue.php b/config/postfix/postfix_queue.php index 76bed31f..f60ac83e 100755 --- a/config/postfix/postfix_queue.php +++ b/config/postfix/postfix_queue.php @@ -27,7 +27,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "postfix"; require("guiconfig.inc"); $uname=posix_uname(); diff --git a/config/postfix/postfix_search.php b/config/postfix/postfix_search.php index a1cf6b3f..85648287 100755 --- a/config/postfix/postfix_search.php +++ b/config/postfix/postfix_search.php @@ -27,7 +27,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "postfix"; require("guiconfig.inc"); $uname=posix_uname(); diff --git a/config/postfix/postfix_view_config.php b/config/postfix/postfix_view_config.php index 5e1f6271..59deb11e 100644 --- a/config/postfix/postfix_view_config.php +++ b/config/postfix/postfix_view_config.php @@ -27,7 +27,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +$shortcut_section = "postfix"; require("guiconfig.inc"); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 983804c9..1895d214 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -65,8 +65,13 @@ function varnish_settings_post_validate($post, $input_errors) { } function varnish_lb_directors_post_validate($post, $input_errors) { - if (preg_match("/[^a-zA-Z0-9]/", $post['directorname'])) + if (preg_match("/[^a-zA-Z0-9]/", $post['directorname'])){ $input_errors[] = "The directorname name must only contain the characters a-Z or 0-9"; + } + else{ + if(empty($post['failover'])) + $_POST['failover'] = $post['directorname']; + } if(stristr($post['directorurl'], 'http')) $input_errors[] = "You do not need to include the http:// string in the director URL"; if($post['grace'] && ! preg_match("/^\d+(h|m|s)$/",$post['grace'])) diff --git a/config/varnish3/varnish_backends.xml b/config/varnish3/varnish_backends.xml index 28e7caca..58216279 100644 --- a/config/varnish3/varnish_backends.xml +++ b/config/varnish3/varnish_backends.xml @@ -155,7 +155,6 @@ <fields> <field> <fielddescr>BackendSettings</fielddescr> - <fieldname>BackendSettings</fieldname> <type>listtopic</type> <name>Backend settings</name> </field> @@ -189,7 +188,6 @@ </field> <field> <fielddescr>PerformanceMetrics</fielddescr> - <fieldname>PerformanceMetrics</fieldname> <type>listtopic</type> <name>Performance metrics</name> </field> @@ -207,7 +205,6 @@ </field> <field> <fielddescr>ProbeInfo</fielddescr> - <fieldname>ProbeInfo</fieldname> <type>listtopic</type> <name>Probe settings</name> </field> @@ -250,7 +247,6 @@ </field> <field> <fielddescr>Mappings</fielddescr> - <fieldname>Mappings</fieldname> <type>listtopic</type> <name>Backend Mappings</name> </field> diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml index b9d8cc24..99a945d5 100644 --- a/config/varnish3/varnish_lb_directors.xml +++ b/config/varnish3/varnish_lb_directors.xml @@ -137,7 +137,6 @@ <fields> <field> <fielddescr>DirectorSettings</fielddescr> - <fieldname>Director Settings</fieldname> <type>listtopic</type> <name>Director settings</name> </field> @@ -209,7 +208,6 @@ </field> <field> <fielddescr>Backendlist</fielddescr> - <fieldname>Backendlist</fieldname> <type>listtopic</type> <name>Backend Settings</name> </field> @@ -249,7 +247,6 @@ </field> <field> <fielddescr>FailoverSettings</fielddescr> - <fieldname>FailoverSettings</fieldname> <type>listtopic</type> <name>Failover Settings</name> </field> diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml index 38c68a03..bbb8d321 100644 --- a/config/varnish3/varnish_settings.xml +++ b/config/varnish3/varnish_settings.xml @@ -80,7 +80,6 @@ <fields> <field> <fielddescr>Listening</fielddescr> - <fieldname>Listening</fieldname> <type>listtopic</type> <name>Daemon options</name> </field> @@ -112,7 +111,6 @@ </field> <field> <fielddescr>StorageTypeLT</fielddescr> - <fieldname>StorageTypeLT</fieldname> <type>listtopic</type> <name>Storage type</name> </field> @@ -135,7 +133,6 @@ <field> <fielddescr>WorkerThreadLT</fielddescr> - <fieldname>WorkerThreadLT</fieldname> <type>listtopic</type> <name>Worker thread configuration</name> </field> @@ -159,7 +156,6 @@ </field> <field> <fielddescr>BasicVCLLT</fielddescr> - <fieldname>BasicVCLLT</fieldname> <type>listtopic</type> <name>General VCL Settings</name> </field> @@ -245,7 +241,6 @@ </field> <field> <fielddescr>ErrorVCLLT</fielddescr> - <fieldname>ErrorVCLLT</fieldname> <type>listtopic</type> <name>Error Settings</name> </field> diff --git a/config/varnish3/varnish_sync.xml b/config/varnish3/varnish_sync.xml index fd387fdb..d81851b1 100644 --- a/config/varnish3/varnish_sync.xml +++ b/config/varnish3/varnish_sync.xml @@ -80,7 +80,6 @@ <fields> <field> <type>listtopic</type> - <fieldname>temp</fieldname> <name>Enable Varnish configuration sync</name> </field> <field> |