From 2dc85fc7519fe17550841919a6a1447495561e4c Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Mon, 24 Nov 2014 20:43:57 -0200 Subject: varnish - fixes for pfsense 2.2 and widget improvements --- config/varnish3/varnish.inc | 29 ++++++++++---- config/varnish3/varnish.widget.php | 73 +++++++++++++++++++++++------------- config/varnish3/varnish_settings.xml | 11 +++++- 3 files changed, 79 insertions(+), 34 deletions(-) (limited to 'config') diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 813d61cf..bca02203 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -34,12 +34,15 @@ /* ========================================================================== */ $shortcut_section = "varnish"; -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) - define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")); -else - define('VARNISH_LOCALBASE','/usr/local'); - +$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); +if (is_dir('/usr/pbi/varnish-' . php_uname("m"))) { + if ($pfs_version == 2.2) + define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")."/local"); + else + define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")); +} else { + define('VARNISH_LOCALBASE','/usr/local'); +} function varnish_settings_post_validate($post, &$input_errors) { if( !is_numeric($post['storagesize'])) @@ -463,7 +466,18 @@ function sync_package_varnish() { $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-For = req.http.X-Forwarded-For + \",\" + client.ip;\n\n"; break; case 'create': - $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-Varnish = client.ip;\n\n"; + $vcl_acls="acl SslOffloadServers {\n\t\"localhost\";"; + $sslservers= split (" ",$vcl['ssloffload']); + foreach ($sslservers as $sslserver){ + if (preg_match("/(\S+)\/(d+)/",$sslserver,$sslm)) + $vcl_acls.="\n\t\"{$sslm[1]}\"/{$sslm[2]};"; + else + $vcl_acls.="\n\t\"{$sslserver}\";"; + } + $vcl_acls.="}\n"; + $vcl_recv_set_basic .= "\tif (req.http.X-Forwarded-For && client.ip ~ SslOffloadServers){\n\t\t"; + $vcl_recv_set_basic .= "set req.http.X-Forwarded-Varnish = req.http.X-Forwarded-For;\n\t}"; + $vcl_recv_set_basic .= "else{\n\t\tset req.http.X-Forwarded-Varnish = client.ip;\n\n\t}"; break; case 'unset': $vcl_recv_set_basic .= "\tunset req.http.X-Forwarded-For;\n\n"; @@ -578,6 +592,7 @@ sub vcl_error { {$backends} {$vcl_hash} +{$vcl_acls} sub vcl_recv { {$vcl_recv_early} {$vcl_recv_set_basic} diff --git a/config/varnish3/varnish.widget.php b/config/varnish3/varnish.widget.php index b675f416..c6fdfe78 100755 --- a/config/varnish3/varnish.widget.php +++ b/config/varnish3/varnish.widget.php @@ -48,35 +48,56 @@ $img['Healthy']="
"; - print "Cache hits"; - print "Cache hits pass"; - print "Cache Missed"; +print "
";
+print "Cache hits";
+print "Cache hits pass";
+print "Cache Missed";
+$backends=exec("varnishstat -1",$debug);
+foreach ($debug as $line){
+        if (preg_match("/(\S+)\s+(\d+)/",$line,$matches))
+                $vs[$matches[1]]=$matches[2];
+        }
+print "".number_format($vs['cache_hit']) ."";
+print "".number_format($vs['cache_hitpass']) ."";
+print "".number_format($vs['cache_miss'])."";
+close_table();
 
-	$backends=exec("varnishadm -T " . escapeshellarg($mgm) . " stats",$debug);
-	foreach ($debug as $line){
-		if (preg_match("/(\d+)\s+Cache\s+(hits.for|hits|misses)/",$line,$matches))
-				$cache[preg_replace("/\s+/","",$matches[2])]=$matches[1];
-		if (preg_match("/(\d+)\s+Client\s+(\w+)/",$line,$matches))
-				$client[$matches[2]]=$matches[1];
-		}
-	print "".$cache['hits'] ."";
-	print "".$cache['hitsfor'] ."";
-	print "".$cache['misses']."";
- 	close_table();
+open_table();
+print "Conn. Accepted";
+print "Req. received";
+print "Uptime";
+print "".number_format($vs['client_conn']) ."";
+print "".number_format($vs['client_req']) ."";
+print "".(int)($vs['uptime'] / 86400) . "+ ". gmdate("H:i:s",($vs['uptime'] % 86400))."";
+close_table();
 
- 	open_table();
-	print "Conn. Accepted";
-	print "Req. received";
-	print "Uptime";
-	print "".$client['connections'] ."";
-	print "".$client['requests'] ."";
-	print "".$client['uptime']."";
- 	close_table();
+open_table();
+print "Host";
+print "Header(Rx)";
+print "Header(Tx)";
+unset($debug);
+$backends=exec("varnishtop -I '^Host:' -1",$debug);
+foreach ($debug as $line){
+        if (preg_match("/(\S+)\s+(\w+)Header.Host: (\S+)/",$line,$lm))
+           $varnish_hosts[$lm[3]][$lm[2]]=$lm[1];
+}
+if (is_array($varnish_hosts)){
+	foreach ($varnish_hosts as $v_key=>$v_value){
+        print "". $v_key ."";
+        print "". number_format($v_value['Rx']) ."";
+        print "".number_format($v_value['Tx'])."";
+	}
+}
+else{
+	print "No traffic";
+}
 
+close_table();
+
+
+if ($config['installedpackages']['varnishsettings']['config'][0])
+        $mgm=$config['installedpackages']['varnishsettings']['config'][0]['managment'];
+if ($mgm != ""){
  	open_table();
 	print "Backend";
 	print "LB applied";
diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml
index d957714d..99e29663 100644
--- a/config/varnish3/varnish_settings.xml
+++ b/config/varnish3/varnish_settings.xml
@@ -223,7 +223,7 @@
 		
 			Foward client IP
 			xforward
-			Select how to forward clients real IP.
+			
 			select
 			
 				
@@ -232,6 +232,15 @@
 				
 			
 		
+		
+			SSL Offload server ACL
+			ssloffload
+			x-forwarded-for var instead of client.ip to set X-Forwarded-Varnish on Forward
+ SSL offload servers must be configured to forward client info. if not set you can get a blank var forwarded to backend.
+ use space to specify more then one host or network.]]>
+ input + 30 +
Fetch Grace grace -- cgit v1.2.3