From ba815dbdf7d2acfcd9a6ba4d0c30ac744af6ef36 Mon Sep 17 00:00:00 2001 From: PiBa-NL Date: Sun, 8 Mar 2015 16:19:14 +0100 Subject: haproxy-1_5, create 'release' package from haproxy-devel base, to have a 'production' stable version --- config/haproxy1_5/www/haproxy_global.php | 500 +++++++++++++++++++++++++++++++ 1 file changed, 500 insertions(+) create mode 100644 config/haproxy1_5/www/haproxy_global.php (limited to 'config/haproxy1_5/www/haproxy_global.php') diff --git a/config/haproxy1_5/www/haproxy_global.php b/config/haproxy1_5/www/haproxy_global.php new file mode 100644 index 00000000..978d778d --- /dev/null +++ b/config/haproxy1_5/www/haproxy_global.php @@ -0,0 +1,500 @@ + + Copyright (C) 2008 Remco Hoef + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +$shortcut_section = "haproxy"; +require_once("guiconfig.inc"); +require_once("haproxy.inc"); +require_once("haproxy_utils.inc"); +require_once("globals.inc"); +require_once("pkg_haproxy_tabs.inc"); + +$simplefields = array('localstats_refreshtime','localstats_sticktable_refreshtime','log-send-hostname','ssldefaultdhparam'); + +if (!is_array($config['installedpackages']['haproxy'])) + $config['installedpackages']['haproxy'] = array(); + + +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + if ($_POST['calculate_certificate_chain']) { + $changed = haproxy_recalculate_certifcate_chain(); + if ($changed > 0) + touch($d_haproxyconfdirty_path); + } else + if ($_POST['apply']) { + $result = haproxy_check_and_run($savemsg, true); + if ($result) + unlink_if_exists($d_haproxyconfdirty_path); + } else { + //if ($_POST['enable']) { + // $reqdfields = explode(" ", "maxconn"); + // $reqdfieldsn = explode(",", "Maximum connections"); + //} + + if ($_POST['carpdev'] == "disabled") + unset($_POST['carpdev']); + + //do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) + $input_errors[] = "The maximum number of connections should be numeric."; + + if ($_POST['localstatsport'] && (!is_numeric($_POST['localstatsport']))) + $input_errors[] = "The local stats port should be numeric or empty."; + + if ($_POST['localstats_refreshtime'] && (!is_numeric($_POST['localstats_refreshtime']))) + $input_errors[] = "The local stats refresh time should be numeric or empty."; + + if ($_POST['localstats_sticktable_refreshtime'] && (!is_numeric($_POST['localstats_sticktable_refreshtime']))) + $input_errors[] = "The local stats sticktable refresh time should be numeric or empty."; + + /*if($_POST['synchost1'] && !is_ipaddr($_POST['synchost1'])) + $input_errors[] = "Synchost1 needs to be an IPAddress."; + if($_POST['synchost2'] && !is_ipaddr($_POST['synchost2'])) + $input_errors[] = "Synchost2 needs to be an IPAddress."; + if($_POST['synchost3'] && !is_ipaddr($_POST['synchost3'])) + $input_errors[] = "Synchost3 needs to be an IPAddress.";*/ + + if (!$input_errors) { + $config['installedpackages']['haproxy']['enable'] = $_POST['enable'] ? true : false; + $config['installedpackages']['haproxy']['terminate_on_reload'] = $_POST['terminate_on_reload'] ? true : false; + $config['installedpackages']['haproxy']['maxconn'] = $_POST['maxconn'] ? $_POST['maxconn'] : false; + $config['installedpackages']['haproxy']['enablesync'] = $_POST['enablesync'] ? true : false; + //$config['installedpackages']['haproxy']['synchost1'] = $_POST['synchost1'] ? $_POST['synchost1'] : false; + //$config['installedpackages']['haproxy']['synchost2'] = $_POST['synchost2'] ? $_POST['synchost2'] : false; + //$config['installedpackages']['haproxy']['synchost2'] = $_POST['synchost3'] ? $_POST['synchost3'] : false; + $config['installedpackages']['haproxy']['remotesyslog'] = $_POST['remotesyslog'] ? $_POST['remotesyslog'] : false; + $config['installedpackages']['haproxy']['logfacility'] = $_POST['logfacility'] ? $_POST['logfacility'] : false; + $config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false; + $config['installedpackages']['haproxy']['carpdev'] = $_POST['carpdev'] ? $_POST['carpdev'] : false; + //$config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false; + $config['installedpackages']['haproxy']['localstatsport'] = $_POST['localstatsport'] ? $_POST['localstatsport'] : false; + $config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false; + $config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false; + foreach($simplefields as $stat) + $config['installedpackages']['haproxy'][$stat] = $_POST[$stat]; + touch($d_haproxyconfdirty_path); + write_config(); + } + } +} + +$pconfig['enable'] = isset($config['installedpackages']['haproxy']['enable']); +$pconfig['terminate_on_reload'] = isset($config['installedpackages']['haproxy']['terminate_on_reload']); +$pconfig['maxconn'] = $config['installedpackages']['haproxy']['maxconn']; +$pconfig['enablesync'] = isset($config['installedpackages']['haproxy']['enablesync']); +//$pconfig['syncpassword'] = $config['installedpackages']['haproxy']['syncpassword']; +//$pconfig['synchost1'] = $config['installedpackages']['haproxy']['synchost1']; +//$pconfig['synchost2'] = $config['installedpackages']['haproxy']['synchost2']; +//$pconfig['synchost3'] = $config['installedpackages']['haproxy']['synchost3']; +$pconfig['remotesyslog'] = $config['installedpackages']['haproxy']['remotesyslog']; +$pconfig['logfacility'] = $config['installedpackages']['haproxy']['logfacility']; +$pconfig['loglevel'] = $config['installedpackages']['haproxy']['loglevel']; +$pconfig['carpdev'] = $config['installedpackages']['haproxy']['carpdev']; +$pconfig['localstatsport'] = $config['installedpackages']['haproxy']['localstatsport']; +$pconfig['advanced'] = base64_decode($config['installedpackages']['haproxy']['advanced']); +$pconfig['nbproc'] = $config['installedpackages']['haproxy']['nbproc']; +foreach($simplefields as $stat) + $pconfig[$stat] = $config['installedpackages']['haproxy'][$stat]; + +// defaults +if (!$pconfig['logfacility']) + $pconfig['logfacility'] = 'local0'; +if (!$pconfig['loglevel']) + $pconfig['loglevel'] = 'info'; + +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) + $one_two = true; + +$pgtitle = "Services: HAProxy: Settings"; +include("head.inc"); + +?> + + + + + + +

+ +
+ + + +You must apply the changes in order for them to take effect.");?>
+ + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
General settings
  + onClick="enable_change(false)" /> + Enable HAProxy
+ Maximum connections + +
+ + + + +
+ value="" /> per process. +
+ Sets the maximum per-process number of concurrent connections to X.
+ NOTE: setting this value too high will result in HAProxy not being able to allocate enough memory.
+

+ {$memusage} kB.
"; + ?> + Current 'System Tunables' settings.
+   'kern.maxfiles':
+   'kern.maxfilesperproc':
+

+ Full memory usage will only show after all connections have actually been used. +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
ConnectionsMemory usage
+
+
150 kB
1.00048 MB
10.000488 MB
100.0004,8 GB
Calculated for plain HTTP connections,
using ssl offloading will increase this.
+
+ When setting a high amount of allowed simultaneous connections you will need to add and or increase the following two 'System Tunables' kern.maxfiles and kern.maxfilesperproc. + For HAProxy alone set these to at least the number of allowed connections * 2 + 31. So for 100.000 connections these need to be 200.031 or more to avoid trouble, take into account that handles are also used by other processes when setting kern.maxfiles. +
+
+ Number of processes to start + + +
+ Defaults to 1 if left blank ( CPU core(s) detected).
+ Note : Consider leaving this value empty or 1 because in multi-process mode (nbproc > 1) memory is not shared between the processes, which could result in random behaviours for several options like ACL's, sticky connections, stats pages, admin maintenance options and some others.
+ For more information about the "nbproc" option please see HAProxy Documentation +
Reload behaviour + /> + Force immediate stop of old process on reload. (closes existing connections)

Note: when this option is selected connections will be closed when haproxy is restarted. + Otherwise the existing connections will be served by the old haproxy process untill they are closed. + Checking this option will interupt existing connections on a restart. (which happens when the configuration is applied, + but possibly also when pfSense detects an interface comming up or changing its ip-address)
+ Carp monitor + + '', 'name' => 'Disabled'); + $vipinterfaces += haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="carp"); + echo_html_select('carpdev',$vipinterfaces, $pconfig['carpdev'],"No carp interfaces pressent"); + ?> +
+ Monitor carp interface and only run haproxy on the firewall which is MASTER. +
+   +
Stats tab, 'internal' stats port
Internal stats port + size="10" maxlength="5" /> EXAMPLE: 2200
+ Sets the internal port to be used for the stats tab. + This is bound to 127.0.0.1 so will not be directly exposed on any LAN/WAN/other interface. It is used to internally pass through the stats page. + Leave this setting empty to remove the "HAProxyLocalStats" item from the stats page and save a little on recources. +
Internal stats refresh rate + size="10" maxlength="5" /> Seconds, Leave this setting empty to not refresh the page automatically. EXAMPLE: 10 +
Sticktable page refresh rate + size="10" maxlength="5" /> Seconds, Leave this setting empty to not refresh the page automatically. EXAMPLE: 10 +
Logging
+ Remote syslog host + +
+ To log to the local pfSense systemlog fill the host with the value /var/run/log, however if a lot of messages are generated logging is likely to be incomplete. (Also currently no informational logging gets shown in the systemlog.) +
+ Syslog facility + + +
+ Syslog level + + +
Log hostname + size="18" maxlength="50" /> EXAMPLE: HaproxyMasterNode
Sets the hostname field in the syslog header. If empty defaults to the system hostname. +
Tuning
Max SSL Diffie-Hellman size + size="10" maxlength="5" /> EXAMPLE: 2048
Sets the maximum size of the Diffie-Hellman parameters used for generating +the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. +Minimum and default value is: 1024, bigger values might increase CPU usage.
+ For more information about the "tune.ssl.default-dh-param" option please see HAProxy Documentation
+ NOTE: HAProxy will emit a warning when starting when this setting is used but not configured. +
Global Advanced pass thru
  + + +
+ NOTE: paste text into this box that you would like to pass thru in the global settings area. +
+   +
Recalculate certificate chain.
  + + (Other changes on this page will be lost) +
+ This can be required after certificates have been created or imported. As pfSense 2.1.0 currently does not + always keep track of these dependencies which might be required to create a proper certificate chain when using SSLoffloading. +
Configuration synchronization
HAProxy Sync + /> + Sync HAProxy configuration to backup CARP members via XMLRPC.
+ Note: remember to also turn on HAProxy Sync on the backup nodes.
+ The synchronisation host and password are those configured in pfSense main "System: High Availability Sync" settings. +
+   +
  + +
+
+
+ + + +
+ Show automatically generated configuration. +
+ + +
+ + + + -- cgit v1.2.3