From 53eb86fcb96be2cf952153f285f42e92820b0fc5 Mon Sep 17 00:00:00 2001 From: marcelloc Date: Fri, 22 Feb 2013 11:29:44 -0300 Subject: haproxy-devel - package version to haproxy 1.5 devel with ssl offloading --- config/haproxy-devel/haproxy.inc | 440 ++++++++++++++ config/haproxy-devel/haproxy.xml | 114 ++++ config/haproxy-devel/haproxy_frontend.xml | 225 +++++++ config/haproxy-devel/haproxy_frontends.php | 149 +++++ config/haproxy-devel/haproxy_frontends_edit.php | 768 ++++++++++++++++++++++++ config/haproxy-devel/haproxy_global.php | 328 ++++++++++ config/haproxy-devel/haproxy_servers.php | 169 ++++++ config/haproxy-devel/haproxy_servers_edit.php | 435 ++++++++++++++ pkg_config.8.xml | 18 + pkg_config.8.xml.amd64 | 18 + 10 files changed, 2664 insertions(+) create mode 100644 config/haproxy-devel/haproxy.inc create mode 100644 config/haproxy-devel/haproxy.xml create mode 100755 config/haproxy-devel/haproxy_frontend.xml create mode 100755 config/haproxy-devel/haproxy_frontends.php create mode 100755 config/haproxy-devel/haproxy_frontends_edit.php create mode 100755 config/haproxy-devel/haproxy_global.php create mode 100755 config/haproxy-devel/haproxy_servers.php create mode 100755 config/haproxy-devel/haproxy_servers_edit.php diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc new file mode 100644 index 00000000..9fbb606d --- /dev/null +++ b/config/haproxy-devel/haproxy.inc @@ -0,0 +1,440 @@ + + Copyright (C) 2008 Remco Hoef + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* include all configuration functions */ +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("notices.inc"); + +$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; + +function haproxy_custom_php_deinstall_command() { + exec("rm /usr/local/sbin/haproxy"); + exec("rm /usr/local/pkg/haproxy.inc"); + exec("rm /usr/local/www/haproxy*"); +} + +function haproxy_custom_php_install_command() { + global $g, $config; + conf_mount_rw(); + + $haproxy = << +ENDOFF +} + +haproxy_stop () { + echo "Stopping haproxy." + killall haproxy +} + +run_rc_command "\$1" + +EOD; + + $fd = fopen("/usr/local/etc/rc.d/haproxy.sh", "w"); + fwrite($fd, $haproxy); + fclose($fd); + exec("chmod a+rx /usr/local/etc/rc.d/haproxy.sh"); + + conf_mount_ro(); + + exec("/usr/local/etc/rc.d/haproxy.sh start"); +} + +function haproxy_configure() { + global $config, $g; + + $a_global = &$config['installedpackages']['haproxy']; + $a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $a_frontends = &$config['installedpackages']['haproxy']['ha_frontends']['item']; + $a_servers = &$config['installedpackages']['haproxy']['ha_servers']['item']; + + $fd = fopen("{$g['varetc_path']}/haproxy.cfg", "w"); + + if(is_array($a_global)) { + fwrite ($fd, "global\n"); + if($a_global['advanced']) + fwrite ($fd, "\t" . base64_decode($a_global['advanced']) . "\n"); + fwrite ($fd, "\tmaxconn\t\t\t".$a_global['maxconn']."\n"); + if($a_global['remotesyslog']) + fwrite ($fd, "\tlog\t\t\t{$a_global['remotesyslog']}\tlocal0\n"); + fwrite ($fd, "\tuid\t\t\t80\n"); + fwrite ($fd, "\tgid\t\t\t80\n"); + // Set numprocs if defined or use system default (#cores) + if($a_global['nbproc']) + $numprocs = $a_global['nbproc']; + else + $numprocs = trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); + fwrite ($fd, "\tnbproc\t\t\t$numprocs\n"); + fwrite ($fd, "\tchroot\t\t\t/var/empty\n"); + fwrite ($fd, "\tdaemon\n"); + fwrite ($fd, "\n"); + } + + // Construct and write out configuration file + if(is_array($a_backends)) { + foreach ($a_backends as $backend) { + //check ssl info + if ($backend['ssloffload']){ + //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem + $ssl_info="ssl crt /var/etc/{$backend['name']}.{$backend['port']}.crt {$backend['dcertadv']}"; + file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt",base64_decode($backend['dcert'])); + }else{ + $ssl_info=""; + unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt"); + } + // Define our backend name + $backendinfo = "listen {$backend['name']}\n"; + + // Prepare ports for processing by splitting + $portss = "{$backend['port']},"; + $ports = split(",", $portss); + + // Initialize variable + $listenip = ""; + + // Process and add bind directives for ports + foreach($ports as $port) { + if($port) { + if($backend['extaddr'] == "any") + $listenip .= "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info}\n"; + elseif($backend['extaddr']) + $listenip .= "\tbind\t\t\t{$backend['extaddr']}:{$port} {$ssl_info}\n"; + else + $listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info}\n"; + } + } + + fwrite ($fd, "{$backendinfo}"); + fwrite ($fd, "{$listenip}"); + + // Advanced pass thru + if($backend['advanced']) { + $advanced = base64_decode($backend['advanced']); + fwrite($fd, "\t" . $advanced . "\n"); + } + + // https is an alias for tcp for clarity purpouses + if(strtolower($backend['type']) == "https") { + $backend_type = "tcp"; + $httpchk = "ssl-hello-chk"; + } else { + $backend_type = $backend['type']; + $httpchk = "httpchk"; + } + + fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n"); + fwrite ($fd, "\tlog\t\t\tglobal\n"); + fwrite ($fd, "\toption\t\t\tdontlognull\n"); + + if($backend['httpclose']) + fwrite ($fd, "\toption\t\t\thttpclose\n"); + + if($backend['forwardfor']) + fwrite ($fd, "\toption\t\t\tforwardfor\n"); + + if($backend['max_connections']) + fwrite ($fd, "\tmaxconn\t\t\t" . $backend['max_connections'] . "\n"); + + if($backend['client_timeout']) + fwrite ($fd, "\tclitimeout\t\t" . $backend['client_timeout'] . "\n"); + + if($backend['balance']) + fwrite ($fd, "\tbalance\t\t\t" . $backend['balance'] . "\n"); + + if($backend['connection_timeout']) + fwrite ($fd, "\tcontimeout\t\t" . $backend['connection_timeout'] . "\n"); + + if($backend['server_timeout']) + fwrite ($fd, "\tsrvtimeout\t\t" . $backend['server_timeout'] . "\n"); + + if($backend['retries']) + fwrite ($fd, "\tretries\t\t\t" . $backend['retries'] . "\n"); + + if($backend['cookie_name']) + fwrite ($fd, "\tcookie\t\t\t" . $backend['cookie_name'] . " insert indirect\n"); + + if($backend['monitor_uri']) + fwrite ($fd, "\toption\t\t\t{$httpchk} HEAD " . $backend['monitor_uri'] . " HTTP/1.0\n"); + + if($backend['stats_enabled']=='yes') { + fwrite ($fd, "\tstats\t\t\tenable\n"); + if($backend['stats_uri']) + fwrite ($fd, "\tstats\t\t\turi ".$backend['stats_uri']."\n"); + if($backend['stats_realm']) + fwrite ($fd, "\tstats\t\t\trealm " . $backend['stats_realm'] . "\n"); + else + fwrite ($fd, "\tstats\t\t\trealm .\n"); + fwrite ($fd, "\tstats\t\t\tauth " . $backend['stats_username'].":". $backend['stats_password']."\n"); + if($backend['stats_node_enabled']=='yes') + fwrite ($fd, "\tstats\t\t\tshow-node " . $backend['stats_node'] . "\n"); + if($backend['stats_desc']) + fwrite ($fd, "\tstats\t\t\tshow-desc " . $backend['stats_desc'] . "\n"); + if($backend['stats_refresh']) + fwrite ($fd, "\tstats\t\t\trefresh " . $backend['stats_refresh'] . "\n"); + } + + $a_acl=&$frontend['ha_acls']['item']; + if(!is_array($a_acl)) + $a_acl=array(); + + foreach ($a_acl as $acl) + fwrite ($fd, "\tacl\t\t\t".$acl['name']."\t\t".$acl['expression']."\n"); + + $server['backend'] .= " "; + if(is_array($a_servers)) { + foreach ($a_servers as $server) { + $backends_to_process = split(" ", $server['backend']); + foreach($backends_to_process as $backends) { + if($backends == "") + continue; + if($backends == $backend['name']) { + $server_ports = array(); + if($server['status'] != 'inactive') { + if($server['cookie']) + $cookie = " cookie {$server['cookie']} "; + else + $cookie = ""; + if(!$server['port']) { + foreach($ports as $port) { + if($port) + $server_ports[] = $port; + } + } else { + $server_ports[] = $server['port']; + } + if($server['advanced']) { + $advanced = base64_decode($server['advanced']); + $advanced_txt = " " . $advanced; + } else { + $advanced_txt = ""; + } + if($server['status'] != 'active') { + $status = " " . $server['status']; + } else { + $status = ""; + } + if($server['checkinter']) + $checkinter = "check inter {$server['checkinter']}"; + else + $checkinter = "check inter 1000"; + foreach($server_ports as $pport) + fwrite ($fd, "\tserver\t\t\t" . $server['name'] . " " . $server['address'].":" . $pport . " $cookie " . " $checkinter weight " . $server['weight'] . $status . "{$advanced_txt}\n"); + } + } + } + } + } + fwrite ($fd, "\n"); + } + // Sync HAProxy configuration (if enabled) + if(isset($config['installedpackages']['haproxy']['enablesync'])) { + if($config['installedpackages']['haproxy']['synchost1']) { + haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost1'], + $config['installedpackages']['haproxy']['syncpassword']); + } + if($config['installedpackages']['haproxy']['synchost2']) { + haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost2'], + $config['installedpackages']['haproxy']['syncpassword']); + } + if($config['installedpackages']['haproxy']['synchost3']) { + haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost3'], + $config['installedpackages']['haproxy']['syncpassword']); + } + } + } + + // create config file + fclose($fd); + + $freebsd_version = substr(trim(`uname -r`), 0, 1); + if(!file_exists("/usr/bin/limits")) { + exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits"); + exec("chmod a+rx /usr/bin/limits"); + } + + exec("/usr/bin/limits -n 300014"); + + // reload haproxy + if(isset($a_global['enable'])) { + if(is_process_running('haproxy')) { + exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -st `cat /var/run/haproxy.pid`"); + } else { + exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D"); + } + return (0); + } else { + return (1); + } +} + +function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { + global $config, $g; + + if(!$password) + return; + + if(!$sync_to_ip) + return; + + // Do not allow syncing to self. + $donotsync = false; + $lanip = find_interface_ip($config['interfaces']['lan']['if']); + if($lanip == $sync_to_ip) + $donotsync = true; + $wanip = find_interface_ip($config['interfaces']['wan']['if']); + if($wanip == $sync_to_ip) + $donotsync = true; + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + $optip = find_interface_ip($config['interfaces']['opt' . $j]['if']); + if($optip == $sync_to_ip) + $donotsync = true; + } + if($donotsync) { + log_error("Disallowing sync loop for HAProxy sync."); + return; + } + + $xmlrpc_sync_neighbor = $sync_to_ip; + if($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $sync_to_ip; + + /* xml will hold the sections to sync */ + $xml = array(); + $xml['haproxy'] = $config['installedpackages']['haproxy']; + + // Prevent sync loops + unset($xml['haproxy']['synchost1']); + unset($xml['haproxy']['synchost2']); + unset($xml['haproxy']['synchost3']); + unset($xml['haproxy']['syncpassword']); + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + $url = $synchronizetoip; + log_error("Beginning HAProxy XMLRPC sync to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials('admin', $password); + if($g['debug']) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 250 seconds */ + $resp = $cli->send($msg, "250"); + if(!$resp) { + $error = "A communications error occurred while attempting HAProxy XMLRPC sync with {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "HAProxy Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, "250"); + $error = "An error code was received while attempting HAProxy XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "HAProxy Settings Sync", ""); + } else { + log_error("HAProxy XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* tell haproxy to reload our settings on the destionation sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/haproxy.inc');\n"; + $execcmd .= "haproxy_configure();\n"; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("HAProxy XMLRPC reload data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials('admin', $password); + $resp = $cli->send($msg, "250"); + if(!$resp) { + $error = "A communications error occurred while attempting HAProxy XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "HAProxy Settings Reload", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, "250"); + $error = "An error code was received while attempting HAProxy XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "HAProxy Settings Sync", ""); + } else { + log_error("HAProxy XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + } +} + +?> diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml new file mode 100644 index 00000000..a7166d6f --- /dev/null +++ b/config/haproxy-devel/haproxy.xml @@ -0,0 +1,114 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + haproxy + 1.0 + HAProxy + /pkg_edit.php?xml=haproxy_servers.php + /usr/local/pkg/haproxy.inc + + HAProxy + +
Services
+ /haproxy_global.php +
+ + HAProxy + haproxy.sh + haproxy + The Reliable, High Performance TCP/HTTP Load Balancer + + installedpackages->haproxy->config + + /usr/local/pkg/ + 077 + http://www.pfsense.com/packages/config/haproxy-devel/haproxy.inc + + + /usr/local/www/ + 077 + http://www.pfsense.com/packages/config/haproxy-devel/haproxy_frontends.php + + + /usr/local/www/ + 077 + http://www.pfsense.com/packages/config/haproxy-devel/haproxy_frontends_edit.php + + + /usr/local/www/ + 077 + http://www.pfsense.com/packages/config/haproxy-devel/haproxy_global.php + + + /usr/local/www/ + 077 + http://www.pfsense.com/packages/config/haproxy-devel/haproxy_servers.php + + + /usr/local/www/ + 077 + http://www.pfsense.com/packages/config/haproxy-devel/haproxy_servers_edit.php + + + + + + + + + /* + included in package install + $freebsdv=trim(`uname -r | cut -d'.' -f1`); + conf_mount_rw(); + `fetch -q -o /usr/local/sbin/ http://www.pfsense.org/packages/config/haproxy-devel/binaries{$freebsdv}/haproxy`; + exec("chmod a+rx /usr/local/sbin/haproxy"); + */ + haproxy_custom_php_install_command(); + + + haproxy_custom_php_deinstall_command(); + + + +
\ No newline at end of file diff --git a/config/haproxy-devel/haproxy_frontend.xml b/config/haproxy-devel/haproxy_frontend.xml new file mode 100755 index 00000000..fc31306e --- /dev/null +++ b/config/haproxy-devel/haproxy_frontend.xml @@ -0,0 +1,225 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + haproxyfrontend + 1.0 + Services: HaProxy - Frontend Lists + /usr/local/pkg/haproxy.inc + + + Settings + /haproxy_global.php + + + General + /pkg.php?xml=haproxy_frontend.xml + + + Servers + /haproxy_servers.php + + + + + Name + name + + + Description + description + + + Stats URI + uri + + + Type + type + + on + + + + Site Access Lists + listtopic + + + Name + name + + input + 25 + + + description + description + input + 80 + + + Banned + listtopic + + + Enable + bannedsite_enabled + checkbox + + + + Include + banned_includes + + select_source + + descr + file + + 6 + + + Config + banned_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Grey + listtopic + + + Enable + greysite_enabled + checkbox + + + + Config + grey_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Exception + listtopic + + + Enable + exceptionsite_enabled + checkbox + + + + Include + exception_includes + + select_source + + descr + file + + 5 + + + Config + exception_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + File + exceptionfile_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Log + listtopic + + + Enable + logsite_enabled + checkbox + + + + Config + log_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/haproxy-devel/haproxy_frontends.php b/config/haproxy-devel/haproxy_frontends.php new file mode 100755 index 00000000..11a1e8c6 --- /dev/null +++ b/config/haproxy-devel/haproxy_frontends.php @@ -0,0 +1,149 @@ + + Copyright (C) 2008 Remco Hoef + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); + +$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; + +require_once("haproxy.inc"); + +if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { + $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); +} +$a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item']; + +if ($_POST) { + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + config_lock(); + $retval = haproxy_configure(); + config_unlock(); + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } +} + +if ($_GET['act'] == "del") { + if ($a_backend[$_GET['id']]) { + if (!$input_errors) { + unset($a_backend[$_GET['id']]); + write_config(); + touch($d_haproxyconfdirty_path); + header("Location: haproxy_frontends.php"); + exit; + } + } +} + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "Services: HAProxy: Frontend"; +include("head.inc"); + +?> + + +
+ +

+ + + +

+You must apply the changes in order for them to take effect.");?>
+ + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + +
NameDescriptionStats URIType
+ + + + + + + + + + + + + +
+
+ + + + +
+
+
+
+

+ + + diff --git a/config/haproxy-devel/haproxy_frontends_edit.php b/config/haproxy-devel/haproxy_frontends_edit.php new file mode 100755 index 00000000..c0c634b0 --- /dev/null +++ b/config/haproxy-devel/haproxy_frontends_edit.php @@ -0,0 +1,768 @@ + + Copyright (C) 2008 Remco Hoef + Copyright (C) 2013 Marcello Coutinho + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; + +if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { + $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); +} + +$a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item']; + +if (isset($_POST['id'])) + $id = $_POST['id']; +else + $id = $_GET['id']; + +if (isset($id) && $a_backend[$id]) { + $pconfig['name'] = $a_backend[$id]['name']; + $pconfig['desc'] = $a_backend[$id]['desc']; + $pconfig['connection_timeout'] = $a_backend[$id]['connection_timeout']; + $pconfig['server_timeout'] = $a_backend[$id]['server_timeout']; + $pconfig['retries'] = $a_backend[$id]['retries']; + + $pconfig['type'] = $a_backend[$id]['type']; + $pconfig['balance'] = $a_backend[$id]['balance']; + $pconfig['monitor_uri'] = $a_backend[$id]['monitor_uri']; + + $pconfig['forwardfor'] = $a_backend[$id]['forwardfor']; + $pconfig['httpclose'] = $a_backend[$id]['httpclose']; + + $pconfig['stats_enabled'] = $a_backend[$id]['stats_enabled']; + $pconfig['stats_username'] = $a_backend[$id]['stats_username']; + $pconfig['stats_password'] = $a_backend[$id]['stats_password']; + $pconfig['stats_uri'] = $a_backend[$id]['stats_uri']; + $pconfig['stats_realm'] = $a_backend[$id]['stats_realm']; + $pconfig['stats_node_enabled'] = $a_backend[$id]['stats_node_enabled']; + $pconfig['stats_node'] = $a_backend[$id]['stats_node']; + $pconfig['stats_desc'] = $a_backend[$id]['stats_desc']; + $pconfig['stats_refresh'] = $a_backend[$id]['stats_refresh']; + + $pconfig['type'] = $a_backend[$id]['type']; + $pconfig['extaddr'] = $a_backend[$id]['extaddr']; + $pconfig['max_connections'] = $a_backend[$id]['max_connections']; + $pconfig['client_timeout'] = $a_backend[$id]['client_timeout']; + $pconfig['port'] = $a_backend[$id]['port']; + $pconfig['a_acl']=&$a_backend[$id]['ha_acls']['item']; + $pconfig['advanced'] = base64_decode($a_backend[$id]['advanced']); + $pconfig['dcert'] = base64_decode($a_backend[$id]['dcert']); + $pconfig['dcertadv'] = $a_backend[$id]['dcertadv']; + $pconfig['ssloffload'] = $a_backend[$id]['ssloffload']; +} + +$changedesc = "Services: HAProxy: Frontend"; +$changecount = 0; + +if ($_POST) { + $changecount++; + + unset($input_errors); + $pconfig = $_POST; + + if ($_POST['stats_enabled']) { + $reqdfields = explode(" ", "name connection_timeout server_timeout stats_username stats_password stats_uri stats_realm"); + $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout,Stats Username,Stats Password,Stats Uri,Stats Realm"); + } else { + $reqdfields = explode(" ", "name connection_timeout server_timeout"); + $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout"); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $reqdfields = explode(" ", "name type port max_connections client_timeout"); + $reqdfieldsn = explode(",", "Name,Type,Port,Max connections,Client timeout"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) + $input_errors[] = "The field 'Name' contains invalid characters."; + + if (!is_numeric($_POST['connection_timeout'])) + $input_errors[] = "The field 'Connection timeout' value is not a number."; + + if (!is_numeric($_POST['server_timeout'])) + $input_errors[] = "The field 'Server timeout' value is not a number."; + + if (!$_POST['retries'] && is_numeric($_POST['retries'])) + $input_errors[] = "The field 'Retries' value is not a number."; + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) + $input_errors[] = "The field 'Stats Username' contains invalid characters."; + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password'])) + $input_errors[] = "The field 'Stats Password' contains invalid characters."; + + if (!is_numeric($_POST['max_connections'])) + $input_errors[] = "The field 'Max connections' value is not a number."; + + $ports = split(",", $_POST['port'] . ","); + foreach($ports as $port) + if ($port && !is_numeric($port)) + $input_errors[] = "The field 'Port' value is not a number."; + + if (!is_numeric($_POST['client_timeout'])) + $input_errors[] = "The field 'Client timeout' value is not a number."; + + /* Ensure that our pool names are unique */ + for ($i=0; isset($config['installedpackages']['haproxy']['ha_backends']['item'][$i]); $i++) + if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_backends']['item'][$i]['name']) && ($i != $id)) + $input_errors[] = "This backend name has already been used. Frontend names must be unique."; + + $a_acl=array(); + $acl_names=array(); + for($x=0; $x<99; $x++) { + $acl_name=$_POST['acl_name'.$x]; + $acl_expression=$_POST['acl_expression'.$x]; + + if ($acl_name) { + // check for duplicates + if (in_array($acl_name, $acl_names)) { + $input_errors[] = "The name '$acl_name' is duplicate."; + } + + $acl_names[]=$acl_name; + + $acl=array(); + $acl['name']=$acl_name; + $acl['expression']=$acl_expression; + $a_acl[]=$acl; + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $acl_name)) + $input_errors[] = "The field 'Name' contains invalid characters."; + + if (!preg_match("/.{2,}/", $acl_expression)) + $input_errors[] = "The field 'Expression' is required."; + + if (!preg_match("/.{2,}/", $acl_name)) + $input_errors[] = "The field 'Name' is required."; + + } + } + + $pconfig['a_acl']=$a_acl; + + if (!$input_errors) { + $backend = array(); + if(isset($id) && $a_backend[$id]) + $backend = $a_backend[$id]; + + if($backend['name'] != "") + $changedesc .= " modified '{$backend['name']}' pool:"; + + if ($backend['name']!=$_POST['name']) { + // name changed: + // * update servers + // * update frontend (default backend and acl) + if (!is_array($config['installedpackages']['haproxy']['ha_servers']['item'])) { + $config['installedpackages']['haproxy']['ha_servers']['item'] = array(); + } + $a_server = &$config['installedpackages']['haproxy']['ha_servers']['item']; + + for ( $i = 0; $i < count($a_server); $i++) { + if ($a_server[$i]['backend']==$backend['name']) { + $a_server[$i]['backend']=$_POST['name']; + } + } + + if (!is_array($config['installedpackages']['haproxy']['ha_frontends']['item'])) { + $config['installedpackages']['haproxy']['ha_frontends']['item'] = array(); + } + $a_frontend = &$config['installedpackages']['haproxy']['ha_frontends']['item']; + + for ( $i = 0; $i < count($a_frontend); $i++) { + if ($a_frontend[$i]['backend']==$backend['name']) { + $a_frontend[$i]['backend']=$_POST['name']; + } + + if (!is_array($a_frontend[$i]['ha_acls']['item'])) { + $a_frontend[$i]['ha_acls']['item'] = array(); + } + + $a_acl = &$a_frontend[$i]['ha_acls']['item']; + for ( $j = 0; $j < count($a_acl); $j++) { + if ($a_acl[$j]['backend']==$backend['name']) { + $a_acl[$j]['backend']=$_POST['name']; + } + } + } + } + + update_if_changed("name", $backend['name'], $_POST['name']); + update_if_changed("description", $backend['desc'], $_POST['desc']); + update_if_changed("connection_timeout", $backend['connection_timeout'], $_POST['connection_timeout']); + update_if_changed("server_timeout", $backend['server_timeout'], $_POST['server_timeout']); + update_if_changed("retries", $backend['retries'], $_POST['retries']); + update_if_changed("type", $backend['type'], $_POST['type']); + update_if_changed("balance", $backend['balance'], $_POST['balance']); + update_if_changed("cookie_name", $backend['cookie_name'], $_POST['cookie_name']); + update_if_changed("monitor_uri", $backend['monitor_uri'], $_POST['monitor_uri']); + update_if_changed("forwardfor", $backend['forwardfor'], $_POST['forwardfor']); + update_if_changed("httpclose", $backend['httpclose'], $_POST['httpclose']); + update_if_changed("stats_enabled", $backend['stats_enabled'], $_POST['stats_enabled']); + update_if_changed("stats_username", $backend['stats_username'], $_POST['stats_username']); + update_if_changed("stats_password", $backend['stats_password'], $_POST['stats_password']); + update_if_changed("stats_uri", $backend['stats_uri'], $_POST['stats_uri']); + update_if_changed("stats_realm", $backend['stats_realm'], $_POST['stats_realm']); + update_if_changed("stats_node_enabled", $backend['stats_node_enabled'], $_POST['stats_node_enabled']); + update_if_changed("stats_node", $backend['stats_node'], $_POST['stats_node']); + update_if_changed("stats_desc", $backend['stats_desc'], $_POST['stats_desc']); + update_if_changed("stats_desc", $backend['stats_refresh'], $_POST['stats_refresh']); + update_if_changed("type", $backend['type'], $_POST['type']); + update_if_changed("port", $backend['port'], $_POST['port']); + update_if_changed("extaddr", $backend['extaddr'], $_POST['extaddr']); + update_if_changed("max_connections", $backend['max_connections'], $_POST['max_connections']); + update_if_changed("client_timeout", $backend['client_timeout'], $_POST['client_timeout']); + update_if_changed("advanced", $backend['advanced'], base64_encode($_POST['advanced'])); + update_if_changed("dcert", $backend['dcert'], base64_encode($_POST['dcert'])); + update_if_changed("dcertadv", $backend['dcertadv'], $_POST['dcertadv']); + update_if_changed("ssloffload", $backend['ssloffload'], $_POST['ssloffload']); + $backend['ha_acls']['item'] = $a_acl; + + if (isset($id) && $a_backend[$id]) { + $a_backend[$id] = $backend; + } else { + $a_backend[] = $backend; + } + + if ($changecount > 0) { + touch($d_haproxyconfdirty_path); + write_config($changedesc); + } + + header("Location: haproxy_frontends.php"); + exit; + } +} + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "HAProxy: Frontend: Edit"; +include("head.inc"); + +?> + + + + + + +

+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + > + + + + > + + + + > + + + + + > + + + + > + + + + > + + + + > + + + + > + + + + + + + + + + + + + + + + + + + + + + + + + + + + +*/ +?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
 
+ + +
Edit haproxy backend
Name + size="25" maxlength="25"> +
Description + size="64"> +
Connection timeout + size="64"> +
the time (in milliseconds) we give up if the connection does not complete within (30000).
+
Server timeout + size="64"> +
the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).
+
Retries + size="64"> +
After a connection failure to a server, it is possible to retry, potentially +on another server. This is useful if health-checks are too rare and you don't +want the clients to see the failures. The number of attempts to reconnect is +set by the 'retries' parameter (2).
+
Type + +
Balance + + + + + + + + + + + + + + + +
+ >Round robin + + Each server is used in turns, according to their weights. + This is the smoothest and fairest algorithm when the server's + processing time remains equally distributed. This algorithm + is dynamic, which means that server weights may be adjusted + on the fly for slow starts for instance. +
+ >Static Round Robin + + Each server is used in turns, according to their weights. + This algorithm is as similar to roundrobin except that it is + static, which means that changing a server's weight on the + fly will have no effect. On the other hand, it has no design + limitation on the number of servers, and when a server goes + up, it is always immediately reintroduced into the farm, once + the full map is recomputed. It also uses slightly less CPU to + run (around -1%). +
+ >Least Connections + + The server with the lowest number of connections receives the + connection. Round-robin is performed within groups of servers + of the same load to ensure that all servers will be used. Use + of this algorithm is recommended where very long sessions are + expected, such as LDAP, SQL, TSE, etc... but is not very well + suited for protocols using short sessions such as HTTP. This + algorithm is dynamic, which means that server weights may be + adjusted on the fly for slow starts for instance. +
>Source + The source IP address is hashed and divided by the total + weight of the running servers to designate which server will + receive the request. This ensures that the same client IP + address will always reach the same server as long as no + server goes down or up. If the hash result changes due to the + number of running servers changing, many clients will be + directed to a different server. This algorithm is generally + used in TCP mode where no cookie may be inserted. It may also + be used on the Internet to provide a best-effort stickyness + to clients which refuse session cookies. This algorithm is + static, which means that changing a server's weight on the + fly will have no effect. +
+
Stats Enabled + onclick='toggle_stats();'>
+ EXAMPLE: haproxystats +
Stats Realm + size="64"> +
Stats Uri + size="64">
+ EXAMPLE: /haproxy?stats +
Stats Username + size="64"> +
Stats Password + size="64"> +
+
Stats Enable Node Name + > +
+
Stats Node + size="64">
+ The node name is displayed in the stats and helps to differentiate which server in a cluster is actually serving clients.
+ Leave blank to use the system name. +
Stats Description + size="64">
+
Stats Refresh + size="10" maxlength="30">
+ Specify the refresh rate of the stats page in seconds, or specified time unit (us, ms, s, m, h, d). +
Monitor Uri + size="50" maxlength="50"> +
+ Example: / or /index.php or /index.html or /testmypage.cgi +
Port + size="30" maxlength="500"> +
The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443
+
External address + +
+ + If you want this rule to apply to another IP address than the IP address of the interface chosen above, + select it here (you need to define Virtual IP addresses on the first). + Also note that if you are trying to redirect connections on the LAN select the "any" option. + +
Max connections + size="10" maxlength="10"> +
Client timeout + size="10" maxlength="10"> +
the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).
+
Access Control lists + + + + + + + + + + + + + + + +
NameExpressionBackend
+ +
+ + +
+ Fore more information about ACL's please see HAProxy Documentation Section 7 - Using ACL's +
Use 'forwardfor' option + > +
+ The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which + contains the client's IP address. This is useful to let the final web server + know what the client address was (eg for statistics on domains) +
Use 'httpclose' option + > +
+ The 'httpclose' option removes any 'Connection' header both ways, and + adds a 'Connection: close' header in each direction. This makes it easier to + disable HTTP keep-alive than the previous 4-rules block. +
Advanced pass thru + +
+ NOTE: paste text into this box that you would like to pass thru. +
SSL Offloading
Use Offloading + > +
+ The SSL Offloading will reduce web servers load by encrypt data to users on internet and send it without encrytion to internal servers. +
cert + +
+ NOTE: paste cert and rsa key to use on this frontend. +
Advanced ssl options + size="10" maxlength="64"> +
+ NOTE: Paste additional ssl options(without commas) to include on ssl listening options.
+ some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets +
  + + + + + +
+ NOTE: You must add a firewall rule permitting access to this frontend! +
+
+
+ + + + diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php new file mode 100755 index 00000000..b0486fb8 --- /dev/null +++ b/config/haproxy-devel/haproxy_global.php @@ -0,0 +1,328 @@ + + Copyright (C) 2008 Remco Hoef + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("globals.inc"); +require("guiconfig.inc"); +require_once("haproxy.inc"); + +$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; + +if (!is_array($config['installedpackages']['haproxy'])) + $config['installedpackages']['haproxy'] = array(); + + +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + config_lock(); + $retval = haproxy_configure(); + config_unlock(); + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } else { + if ($_POST['enable']) { + $reqdfields = explode(" ", "maxconn"); + $reqdfieldsn = explode(",", "Maximum connections"); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) + $input_errors[] = "The maximum number of connections should be numeric."; + + if($_POST['synchost1'] && !is_ipaddr($_POST['synchost1'])) + $input_errors[] = "Synchost1 needs to be an IPAddress."; + if($_POST['synchost2'] && !is_ipaddr($_POST['synchost2'])) + $input_errors[] = "Synchost2 needs to be an IPAddress."; + if($_POST['synchost3'] && !is_ipaddr($_POST['synchost3'])) + $input_errors[] = "Synchost3 needs to be an IPAddress."; + + if (!$input_errors) { + $config['installedpackages']['haproxy']['enable'] = $_POST['enable'] ? true : false; + $config['installedpackages']['haproxy']['maxconn'] = $_POST['maxconn'] ? $_POST['maxconn'] : false; + $config['installedpackages']['haproxy']['enablesync'] = $_POST['enablesync'] ? true : false; + $config['installedpackages']['haproxy']['synchost1'] = $_POST['synchost1'] ? $_POST['synchost1'] : false; + $config['installedpackages']['haproxy']['synchost2'] = $_POST['synchost2'] ? $_POST['synchost2'] : false; + $config['installedpackages']['haproxy']['synchost3'] = $_POST['synchost3'] ? $_POST['synchost3'] : false; + $config['installedpackages']['haproxy']['remotesyslog'] = $_POST['remotesyslog'] ? $_POST['remotesyslog'] : false; + $config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false; + $config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false; + $config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false; + touch($d_haproxyconfdirty_path); + write_config(); + } + } + +} + +$pconfig['enable'] = isset($config['installedpackages']['haproxy']['enable']); +$pconfig['maxconn'] = $config['installedpackages']['haproxy']['maxconn']; +$pconfig['enablesync'] = isset($config['installedpackages']['haproxy']['enablesync']); +$pconfig['syncpassword'] = $config['installedpackages']['haproxy']['syncpassword']; +$pconfig['synchost1'] = $config['installedpackages']['haproxy']['synchost1']; +$pconfig['synchost2'] = $config['installedpackages']['haproxy']['synchost2']; +$pconfig['synchost3'] = $config['installedpackages']['haproxy']['synchost3']; +$pconfig['remotesyslog'] = $config['installedpackages']['haproxy']['remotesyslog']; +$pconfig['advanced'] = base64_decode($config['installedpackages']['haproxy']['advanced']); +$pconfig['nbproc'] = $config['installedpackages']['haproxy']['nbproc']; + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "Services: HAProxy: Settings"; +include("head.inc"); + +?> + + + + + + +

+ +
+ + +

+You must apply the changes in order for them to take effect.");?>
+ + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
General settings
  + onClick="enable_change(false)"> + Enable HAProxy
+ Maximum connections + +
+ + + + +
+ value=""> per Backend. +
+ Sets the maximum per-process number of concurrent connections to X.
+ NOTE: setting this value too high will result in HAProxy not being able to allocate enough memory.
+ Current memory usage {$hascpu}.

"; + ?> +
+ + + + + + + + + + + + + + + + + + + + + + + + +
ConnectionsMemory usage
+
+
9991888K
999998032K
99999950016K
9999999467M
+
+
+ Number of processes to start + + +
+ Defaults to number of cores/processors installed if left blank ( detected). +
+ Remote syslog host + + +
+   +
Global Advanced pass thru
  + +
+ NOTE: paste text into this box that you would like to pass thru in the global settings area. +
+   +
Configuration synchronization
  + > + Sync HAProxy configuration to backup CARP members via XMLRPC. +
Synchronization password + +
+ Enter the password that will be used during configuration synchronization. This is generally the remote webConfigurator password. +
Sync host #1 + +
+ Synchronize settings to this hosts IP address. +
Sync host #2 + +
+ Synchronize settings to this hosts IP address. +
Sync host #3 + +
+ Synchronize settings to this hosts IP address. +
+   +
  + +
+
+
+ + +

+

+
+ Show automatically generated configuration. +
+ + +
+ + + + diff --git a/config/haproxy-devel/haproxy_servers.php b/config/haproxy-devel/haproxy_servers.php new file mode 100755 index 00000000..cacf995a --- /dev/null +++ b/config/haproxy-devel/haproxy_servers.php @@ -0,0 +1,169 @@ + + Copyright (C) 2008 Remco Hoef + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("haproxy.inc"); + +$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; + +if (!is_array($config['installedpackages']['haproxy']['ha_servers']['item'])) { + $config['installedpackages']['haproxy']['ha_servers']['item'] = array(); +} + +$a_server = &$config['installedpackages']['haproxy']['ha_servers']['item']; +$a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item']; + +if ($_POST) { + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + config_lock(); + $retval = haproxy_configure(); + config_unlock(); + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } +} + +if ($_GET['act'] == "del") { + if ($a_server[$_GET['id']]) { + if (!$input_errors) { + unset($a_server[$_GET['id']]); + write_config(); + touch($d_haproxyconfdirty_path); + header("Location: haproxy_servers.php"); + exit; + } + } +} + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "Services: HAProxy: Servers"; +include("head.inc"); + +?> + + + +

+ +
+ + +

+You must apply the changes in order for them to take effect.");?>
+ + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
NameServerStatusFrontendCookieWeight
+ + + + + + + + + + + + + + + + + + +
+
+ + + + +
+
+
+
+

+ + + diff --git a/config/haproxy-devel/haproxy_servers_edit.php b/config/haproxy-devel/haproxy_servers_edit.php new file mode 100755 index 00000000..a4360b04 --- /dev/null +++ b/config/haproxy-devel/haproxy_servers_edit.php @@ -0,0 +1,435 @@ + + Copyright (C) 2008 Remco Hoef + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; +$a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item']; + +if (!is_array($config['installedpackages']['haproxy']['ha_servers']['item'])) { + $config['installedpackages']['haproxy']['ha_servers']['item'] = array(); +} + +$a_server = &$config['installedpackages']['haproxy']['ha_servers']['item']; + +if (isset($_POST['id'])) + $id = $_POST['id']; +else + $id = $_GET['id']; + +if (isset($id) && $a_server[$id]) { + $pconfig['name'] = $a_server[$id]['name']; + $pconfig['address'] = $a_server[$id]['address']; + $pconfig['port'] = $a_server[$id]['port']; + $pconfig['backend'] = $a_server[$id]['backend']; + $pconfig['weight'] = $a_server[$id]['weight']; + $pconfig['checkinter'] = $a_server[$id]['checkinter']; + $pconfig['cookie'] = $a_server[$id]['cookie']; + $pconfig['status'] = $a_server[$id]['status']; + $pconfig['advanced'] = base64_decode($a_server[$id]['advanced']); +} + +$changedesc = "Services: HAProxy: Servers: "; +$changecount = 0; + +if ($_POST) { + $changecount++; + + unset($input_errors); + $pconfig = $_POST; + + $reqdfields = explode(" ", "name address weight"); + $reqdfieldsn = explode(",", "Name,Address,Weight"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) + $input_errors[] = "The field 'Name' contains invalid characters."; + + if (preg_match("/[^a-zA-Z0-9\.]/", $_POST['address'])) + $input_errors[] = "The field 'Address' contains invalid characters."; + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['cookie'])) + $input_errors[] = "The field 'Cookie' contains invalid characters."; + + if ($_POST['port'] && !is_numeric($_POST['port'])) + $input_errors[] = "The field 'Port' value is not a number."; + else { + if ($_POST['port']) + if (!($_POST['port']>=1 && $_POST['port']<=65535)) + $input_errors[] = "The field 'Port' value must be between 1 and 65535."; + } + + if (!is_numeric($_POST['weight'])) + $input_errors[] = "The field 'Weight' value is not a number."; + else { + if (!($_POST['weight']>=1 && $_POST['weight']<=256)) + $input_errors[] = "The field 'Weight' value must be between 1 and 256."; + } + + /* Ensure that our pool names are unique */ + for ($i=0; isset($config['installedpackages']['haproxy']['ha_servers']['item'][$i]); $i++) + if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_servers']['item'][$i]['name']) && ($i != $id)) + $input_errors[] = "This server name has already been used. Server names must be unique."; + + $backend = ""; + for($x=0; $x<299; $x++) { + $comd = "\$backends = \$_POST['backend" . $x . "'];"; + eval($comd); + if($backends) + $backend .= "$backends "; + } + $backend = trim($backend); + + if (!$input_errors) { + $server = array(); + if(isset($id) && $a_server[$id]) + $server = $a_server[$id]; + + if($server['name'] != "") + $changedesc .= " modified '{$server['name']}' pool:"; + + update_if_changed("name", $server['name'], $_POST['name']); + update_if_changed("port", $server['port'], $_POST['port']); + update_if_changed("backend", $server['backend'], $backend); + update_if_changed("cookie", $server['cookie'], $_POST['cookie']); + update_if_changed("weight", $server['weight'], $_POST['weight']); + update_if_changed("status", $server['status'], $_POST['status']); + update_if_changed("address", $server['address'], $_POST['address']); + update_if_changed("advanced", $server['advanced'], base64_encode($_POST['advanced'])); + update_if_changed("checkinter", $server['checkinter'], $_POST['checkinter']); + + if (isset($id) && $a_server[$id]) { + $a_server[$id] = $server; + } else { + $a_server[] = $server; + } + + if ($changecount > 0) { + touch($d_haproxyconfdirty_path); + write_config($changedesc); + /* + echo "
";
+			print_r($config);
+			echo "
"; + */ + } + + header("Location: haproxy_servers.php"); + exit; + } +} + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "HAProxy: Server: Edit"; +include("head.inc"); + +row_helper(); + +?> + + + + + + + + + + + +

+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Edit HAProxy server
Name + size="16" maxlength="16"> +
Frontend(s) + + + + + + 0) + $tracker = $counter + 1; + ?> + + + + + + + + +
+ + + 0) + echo ""; + ?> +
+ + + +
+
+ IP Address +
+
+ +
Port + size="5"> +
+ NOTE: Leave blank to use Frontend port selection. +
Status + +
Cookie + size="64">
+ This value will be checked in incoming requests, and the first + operational server possessing the same value will be selected. In return, in + cookie insertion or rewrite modes, this value will be assigned to the cookie + sent to the client. There is nothing wrong in having several servers sharing + the same cookie value, and it is in fact somewhat common between normal and + backup servers. See also the "cookie" keyword in backend section. + +
Check inter + size="64"> +
Defaults to 1000 if left blank. +
Weight + size="64">
+ The default weight is 1, and the maximal value is 255.
+ NOTE: If this + parameter is used to distribute the load according to server's capacity, it + is recommended to start with values which can both grow and shrink, for + instance between 10 and 100 to leave enough room above and below for later + adjustments. +
Advanced pass thru + +
+ NOTE: paste text into this box that you would like to pass thru. +
  + + + + + +
+
+
+ + + + + +"; + $options .= $backend['name']; + $options .= ""; + } + } + + echo << +// Global Variables +var rowname = new Array(99); +var rowtype = new Array(99); +var newrow = new Array(99); +var rowsize = new Array(99); + +for (i = 0; i < 99; i++) { + rowname[i] = ''; + rowtype[i] = ''; + newrow[i] = ''; + rowsize[i] = '25'; +} + +var field_counter_js = 0; +var loaded = 0; +var is_streaming_progress_bar = 0; +var temp_streaming_text = ""; + +var addRowTo = (function() { + return (function (tableId) { + var d, tbody, tr, td, bgc, i, ii, j; + d = document; + tbody = d.getElementById(tableId).getElementsByTagName("tbody").item(0); + tr = d.createElement("tr"); + totalrows++; + for (i = 0; i < field_counter_js; i++) { + td = d.createElement("td"); + if(rowtype[i] == 'textbox') { + td.innerHTML=" "; + } else if(rowtype[i] == 'select') { + td.innerHTML=" "; + } else { + td.innerHTML=" "; + } + tr.appendChild(td); + } + td = d.createElement("td"); + td.rowSpan = "1"; + + td.innerHTML = ''; + tr.appendChild(td); + tbody.appendChild(tr); + }); +})(); + +function removeRow(el) { + var cel; + while (el && el.nodeName.toLowerCase() != "tr") + el = el.parentNode; + + if (el && el.parentNode) { + cel = el.getElementsByTagName("td").item(0); + el.parentNode.removeChild(el); + } +} + +function find_unique_field_name(field_name) { + // loop through field_name and strip off -NUMBER + var last_found_dash = 0; + for (var i = 0; i < field_name.length; i++) { + // is this a dash, if so, update + // last_found_dash + if (field_name.substr(i,1) == "-" ) + last_found_dash = i; + } + if (last_found_dash < 1) + return field_name; + return(field_name.substr(0,last_found_dash)); +} + + +EOF; + +} + +?> \ No newline at end of file diff --git a/pkg_config.8.xml b/pkg_config.8.xml index f2ee5d1b..470d7a18 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -176,6 +176,24 @@ haproxy-1.4.21.tbz haproxy-1.4.22_2-i386.pbi + + haproxy-devel + http://doc.pfsense.org/index.php/haproxy_package + + This package implements both TCP and HTTP balance features from Haproxy.]]> + http://haproxy.1wt.eu/ + Services + 1.5-dev17 pkg v 1.0 + Release + 2.0 + http://www.pfsense.com/packages/config/haproxy-devel/haproxy.xml + haproxy.xml + http://files.pfsense.org/packages/8/All/ + haproxy-1.5.4.21.tbz + haproxy-1.5.4.21-i386.pbi + /usr/ports/net/haproxy-devel + OPTIONS_UNSET=PCRE DPCRE;OPTIONS_SET=OPENSSL SPCRE + Apache with mod_security-dev http://doc.pfsense.org/index.php/ProxyServerModSecurity_package diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 7e75266b..c68ee573 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -163,6 +163,24 @@ haproxy-1.4.21.tbz haproxy-1.4.22_2-amd64.pbi + + haproxy-devel + http://doc.pfsense.org/index.php/haproxy_package + + This package implements both TCP and HTTP balance features from Haproxy.]]> + http://haproxy.1wt.eu/ + Services + 1.5-dev17 pkg v 1.0 + Release + 2.0 + http://www.pfsense.com/packages/config/haproxy-devel/haproxy.xml + haproxy.xml + http://files.pfsense.org/packages/amd64/8/All/ + haproxy-1.5.4.21.tbz + haproxy-1.5.4.21-amd64.pbi + /usr/ports/net/haproxy-devel + OPTIONS_UNSET=PCRE DPCRE;OPTIONS_SET=OPENSSL SPCRE + Apache with mod_security-dev http://doc.pfsense.org/index.php/ProxyServerModSecurity_package -- cgit v1.2.3