From 826b152e5d25978f8b9306f90450197ce4f4827b Mon Sep 17 00:00:00 2001 From: PiBa-NL Date: Sat, 16 Mar 2013 21:19:40 +0100 Subject: haproxy-devel -allow advanced configuration like a cookie per backend-server -show if ACLs have been used in the overview -fixed global advanced option saving -show all certificates, as filtering server certs didn't work properly.. --- config/haproxy-devel/haproxy.inc | 70 +++++++++++++++++++------ config/haproxy-devel/haproxy_global.php | 13 ++--- config/haproxy-devel/haproxy_listeners.php | 18 ++++--- config/haproxy-devel/haproxy_listeners_edit.php | 16 +++--- config/haproxy-devel/haproxy_pool_edit.php | 53 ++++++++++--------- config/haproxy-devel/haproxy_pools.php | 9 ++-- 6 files changed, 114 insertions(+), 65 deletions(-) (limited to 'config/haproxy-devel') diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index a03bf219..a8fc1497 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -32,7 +32,6 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("notices.inc"); - global $haproxy_sni_ssloffloading; $haproxy_sni_ssloffloading=true;// can only be used with recent 1.5-dev17 builds. @@ -439,7 +438,7 @@ function write_backend($fd, $name, $pool, $frontend) { $isbackup = ""; } $ssl = ($backend_type == "http" && $be['ssl'] == 'yes') ? ' ssl' : ""; - fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter $isbackup weight " . $be['weight'] . "{$advanced_txt}\n"); + fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter $isbackup weight " . $be['weight'] . "{$advanced_txt} {$be['advanced']}\n"); } } fwrite ($fd, "\n"); @@ -451,12 +450,20 @@ function haproxy_configure() { return haproxy_check_run(1); } -function haproxy_check_writtenconfig_error() { - $configcheckoutput = shell_exec("haproxy -c -V -f /var/etc/haproxy.cfg 2>&1"); - if (!strstr($configcheckoutput, "Configuration file is valid")) - return str_replace("\n","
\n", $configcheckoutput); - else - return false; +function haproxy_check_writtenconfig_error(&$messages) { + $retval = exec("haproxy -c -V -f /var/etc/haproxy.cfg 2>&1", $output, $err); + $messages = ""; + if ($err > 1) + $messages = "

FATAL ERROR CODE: $err while starting haproxy

"; + elseif ($err == 1) + $messages = "Errors found while starting haproxy"; + + if ((count($output) > 1) && $output[0] != "Configuration file is valid") + { + foreach($output as $line) + $messages .= "
" . htmlspecialchars($line) . "\n"; + } + return (strstr($retval, "Configuration file is valid")); } function haproxy_writeconf() { @@ -540,6 +547,7 @@ function haproxy_writeconf() { $b['max_connections'] = $backend['max_connections']; $b['client_timeout'] = $backend['client_timeout']; $b['advanced'] = $backend['advanced']; + $b['ssloffload'] = $backend['ssloffload']; } if ($ssl_crt != "") { @@ -594,7 +602,7 @@ function haproxy_writeconf() { } // https is an alias for tcp for clarity purpouses - if(strtolower($bind['type']) == "https") { + if($bind['type'] == "https") { $backend_type = "tcp"; } else { $backend_type = $bind['type']; @@ -604,12 +612,18 @@ function haproxy_writeconf() { fwrite ($fd, "\tlog\t\t\tglobal\n"); fwrite ($fd, "\toption\t\t\tdontlognull\n"); - if($bind['httpclose']) - fwrite ($fd, "\toption\t\t\thttpclose\n"); + if ($backend_type == 'http') + { + if($bind['httpclose']) + fwrite ($fd, "\toption\t\t\thttpclose\n"); - if($bind['forwardfor']) { - fwrite ($fd, "\toption\t\t\tforwardfor\n"); - fwrite ($fd, "\treqadd X-Forwarded-Proto:\ https\tif { ssl_fc }\n"); + if($bind['forwardfor']) { + fwrite ($fd, "\toption\t\t\tforwardfor\n"); + if($bind['ssloffload'] == "yes") + fwrite ($fd, "\treqadd X-Forwarded-Proto:\ https\n"); + else + fwrite ($fd, "\treqadd X-Forwarded-Proto:\ http\n"); + } } if($bind['max_connections']) @@ -678,7 +692,6 @@ function haproxy_writeconf() { $advancedextra[$acl['syntax']] = $acl['advancedoptions']."\n"; $i++; } - } foreach($advancedextra as $extra) fwrite ($fd, "\t".$extra."\n"); @@ -717,7 +730,10 @@ function haproxy_writeconf() { fclose($fd); if ($input_errors) + { + require_once("guiconfig.inc"); print_input_errors($input_errors); + } if (isset($a_global['carpdev'])) haproxy_install_cron(true); @@ -964,6 +980,30 @@ function get_haproxy_frontends($excludeitem="") { return $result; } +function get_frontent_acls($frontend) { + $result = array(); + $a_acl = &$frontend['ha_acls']['item']; + if (is_array($a_acl)) + { + foreach ($a_acl as $entry) { + $acl = haproxy_find_acl($entry['expression']); + if (!$acl) + continue; + + // Filter out acls for different modes + if ($acl['mode'] != '' && $acl['mode'] != strtolower($frontend['type'])) + continue; + + $acl_item = array(); + $acl_item['descr'] = $acl['descr'] . " " . $entry['value']; + $acl_item['ref'] = $entry; + + $result[] = $acl_item; + } + } + return $result; +} + function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) { $offset = str_repeat(' ',$nestID); $itemName = "item$nestID"; diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index 61c654cf..8e2949fd 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -49,13 +49,10 @@ if ($_POST) { $retval = haproxy_configure(); config_unlock(); - $result = haproxy_check_writtenconfig_error(); + $result = haproxy_check_writtenconfig_error($messages); + $savemsg = $messages; if ($result) - $savemsg = gettext($result); - else { - $savemsg = get_std_save_message($retval); unlink_if_exists($d_haproxyconfdirty_path); - } } else { if ($_POST['enable']) { $reqdfields = explode(" ", "maxconn"); @@ -89,7 +86,7 @@ if ($_POST) { $config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false; $config['installedpackages']['haproxy']['carpdev'] = $_POST['carpdev'] ? $_POST['carpdev'] : false; $config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false; - $config['installedpackages']['haproxy']['advanced'] = base64_encode($_POST['advanced']) ? $_POST['advanced'] : false; + $config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false; $config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false; touch($d_haproxyconfdirty_path); write_config(); @@ -146,7 +143,7 @@ function enable_change(enable_change) {

-You must apply the changes in order for them to take effect.");?>
+You must apply the changes in order for them to take effect.");?>
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index 7b4cf3da..6f8e5142 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -50,13 +50,10 @@ if ($_POST) { $retval = haproxy_configure(); config_unlock(); - $result = haproxy_check_writtenconfig_error(); + $result = haproxy_check_writtenconfig_error($messages); + $savemsg = $messages; if ($result) - $savemsg = gettext($result); - else { - $savemsg = get_std_save_message($retval); unlink_if_exists($d_haproxyconfdirty_path); - } } } else { $result = haproxy_check_config($retval); @@ -96,7 +93,7 @@ include("head.inc");

-You must apply the changes in order for them to take effect.");?>
+You must apply the changes in order for them to take effect.");?>

@@ -344,7 +341,7 @@ function enable_change(enable_change) {
Synchronization password - +
Enter the password that will be used during configuration synchronization. This is generally the remote webConfigurator password.
@@ -679,7 +683,7 @@ include("head.inc");
the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (default 30000).
- + - +
@@ -161,6 +158,15 @@ include("head.inc"); $cert = lookup_cert($backend['ssloffloadcert']);?> SSL offloading + "; + ?> diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index 0826010c..afd424c7 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -76,8 +76,8 @@ function get_certificates_server($get_includeWebCert=false) { continue; $purpose = cert_get_purpose($cert['crt']); - if ($purpose['server'] != 'Yes') - continue; + //$certserverpurpose = $purpose['server'] == 'Yes' ? " [Server certificate]" : ""; + $certserverpurpose = ""; $selected = ""; $caname = ""; @@ -101,7 +101,7 @@ function get_certificates_server($get_includeWebCert=false) { if ($usagestr != "") $usagestr = " (".trim($usagestr).")"; - $certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $inuse . $revoked . $usagestr; + $certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $certserverpurpose . $inuse . $revoked . $usagestr; } return $certificates; } @@ -607,7 +607,11 @@ include("head.inc"); - +
+ + This defines the processing type of HAProxy, and will determine the availabe options for acl checks and also several other options.
+ Please note that for https encryption/decryption on HAProxy with a certificate the processing type needs to be set to 'http'. +
Use 'forwardfor' option > @@ -693,7 +697,7 @@ include("head.inc"); it is important to ensure that option httpclose is set when using this option.
Use 'httpclose' option > diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index 2ee880a2..446c8e35 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -110,23 +110,24 @@ if ($_POST) { $a_servers=array(); for($x=0; $x<99; $x++) { - $server_name=$_POST['server_name'.$x]; - $server_address=$_POST['server_address'.$x]; - $server_port=$_POST['server_port'.$x]; - $server_ssl=$_POST['server_ssl'.$x]; - $server_weight=$_POST['server_weight'.$x]; - $server_status=$_POST['server_status'.$x]; + $server_name = $_POST['server_name'.$x]; + $server_address = $_POST['server_address'.$x]; + $server_port = $_POST['server_port'.$x]; + $server_ssl = $_POST['server_ssl'.$x]; + $server_weight = $_POST['server_weight'.$x]; + $server_status = $_POST['server_status'.$x]; + $server_advanced = $_POST['server_advanced'.$x]; if ($server_address) { - - $server=array(); - $server['name']=$server_name; - $server['address']=$server_address; - $server['port']=$server_port; - $server['ssl']=$server_ssl; - $server['weight']=$server_weight; - $server['status']=$server_status; - $a_servers[]=$server; + $server = array(); + $server['name'] = $server_name; + $server['address'] = $server_address; + $server['port'] = $server_port; + $server['ssl'] = $server_ssl; + $server['weight'] = $server_weight; + $server['status'] = $server_status; + $server['advanced'] = $server_advanced; + $a_servers[] = $server; if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name)) $input_errors[] = "The field 'Name' contains invalid characters."; @@ -134,10 +135,10 @@ if ($_POST) { $input_errors[] = "The field 'Address' contains invalid characters."; if (!preg_match("/.{2,}/", $server_name)) - $input_errors[] = "The field 'Name' is required."; + $input_errors[] = "The field 'Name' is required (and must be at least 2 characters)."; if (!preg_match("/.{2,}/", $server_address)) - $input_errors[] = "The field 'Address' is required."; + $input_errors[] = "The field 'Address' is required (and must be at least 2 characters)."; if (!is_numeric($server_weight)) @@ -167,7 +168,7 @@ if ($_POST) { } if($pool['name'] != "") - $changedesc .= " modified '{$pool['name']}' pool:"; + $changedesc .= " modified pool: '{$pool['name']}'"; $pool['ha_servers']['item']=$a_servers; @@ -304,12 +305,13 @@ row_helper(); - - - + + + + - + +
NameAddressPortNameAddressPort SSL Weight BackupAdvanced
+ +
@@ -346,7 +349,7 @@ row_helper(); - @@ -355,12 +358,14 @@ row_helper(); +
diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php index 07e7d106..57b056b3 100644 --- a/config/haproxy-devel/haproxy_pools.php +++ b/config/haproxy-devel/haproxy_pools.php @@ -53,13 +53,10 @@ if ($_POST) { $retval = haproxy_configure(); config_unlock(); - $result = haproxy_check_writtenconfig_error(); + $result = haproxy_check_writtenconfig_error($messages); + $savemsg = $messages; if ($result) - $savemsg = gettext($result); - else { - $savemsg = get_std_save_message($retval); unlink_if_exists($d_haproxyconfdirty_path); - } } } @@ -90,7 +87,7 @@ include("head.inc");

-You must apply the changes in order for them to take effect.");?>
+You must apply the changes in order for them to take effect.");?>
-- cgit v1.2.3