From 4bb1138178fc526192024cb6ef4fc12a26b140b7 Mon Sep 17 00:00:00 2001 From: PiBa-NL Date: Mon, 29 Dec 2014 23:04:40 +0100 Subject: haproxy-devel, fix saving errorfiles from errorfiles tab, fix write 'tcp-request content' before 'use_backend', fix hint text for a backend without servers, stats now give better description if disabled/unavailable, moved templates to their own tab --- config/haproxy-devel/haproxy.inc | 24 ++-- config/haproxy-devel/haproxy.xml | 5 + config/haproxy-devel/haproxy_listeners.php | 3 +- config/haproxy-devel/haproxy_stats.php | 71 ++-------- config/haproxy-devel/haproxy_templates.php | 220 +++++++++++++++++++++++++++++ config/haproxy-devel/pkg_haproxy_tabs.inc | 1 + 6 files changed, 251 insertions(+), 73 deletions(-) create mode 100644 config/haproxy-devel/haproxy_templates.php (limited to 'config') diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index fd086cfc..950d5f5b 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -630,7 +630,7 @@ function haproxy_find_acl($name) { function write_backend($configpath, $fd, $name, $pool, $frontend) { if(!is_array($pool['ha_servers']['item']) && !$pool['stats_enabled']=='yes') return; - global $a_checktypes, $a_cookiemode, $a_files, $a_error; + global $a_checktypes, $a_cookiemode, $a_files_cache, $a_error; $a_servers = &$pool['ha_servers']['item']; $frontendtype = $frontend['type']; @@ -696,13 +696,13 @@ function write_backend($configpath, $fd, $name, $pool, $frontend) { if (is_arrayset($pool,'errorfiles','item')) { foreach($pool['errorfiles']['item'] as $errorfile) { - if (!is_array($a_files))// load only once - $a_files = haproxy_get_fileslist(); + if (!is_array($a_files_cache))// load only once + $a_files_cache = haproxy_get_fileslist(); $file = $errorfile['errorfile']; $errorcodes = explode(",",$errorfile['errorcode']); foreach($errorcodes as $errorcode) { $filename = "$configpath/errorfile_{$name}_{$errorcode}_{$file}"; - $content = base64_decode($a_files[$file]['content']); + $content = base64_decode($a_files_cache[$file]['content']); $content = str_replace('{errormsg}', $a_error[$errorcode]['descr'], $content); $content = str_replace('{errorcode}', $errorcode, $content); file_put_contents($filename, $content); @@ -1285,6 +1285,7 @@ function haproxy_writeconf($configpath) { $a_acl_combine[$name][] = $entry['ref']; } + $config_usebackend = ""; foreach ($a_acl_combine as $a_usebackend) { $aclnames = ""; foreach ($a_usebackend as $entry) { @@ -1308,7 +1309,7 @@ function haproxy_writeconf($configpath) { $aclname = $i . "_" . $entry['name']; $aclnames .= $aclname." "; - fwrite ($fd, "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n"); + $config_usebackend .= "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n"; if ($acl['inspect-delay'] != '') $inspectdelay = $acl['inspect-delay']; @@ -1317,16 +1318,19 @@ function haproxy_writeconf($configpath) { $advancedextra[$acl['syntax']] = $acl['advancedoptions']."\n"; $i++; } - fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n"); + $config_usebackend .= "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n"; } } - if ($default_backend) - fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n"); - if ($inspectdelay > 0) fwrite ($fd, "\ttcp-request inspect-delay\t" . $inspectdelay . "\n"); foreach($advancedextra as $extra) fwrite ($fd, "\t".$extra."\n"); + + fwrite ($fd, $config_usebackend); + + if ($default_backend) + fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n"); + fwrite ($fd, "\n"); } } @@ -1755,7 +1759,7 @@ function haproxy_check_config() { foreach($ipports as $ipport) { $id = "{$ipport['addr']}:{$ipport['port']}"; if (isset($activefrontends[$id])) - $issues['P_'.$id] = "Multiple primary frontends with IP:Port \"$id\""; + $issues['P_'.$id] = "Multiple primary frontends with IP:Port \"$id\", use Shared-Frontends instead."; else $activefrontends[$id] = true; } diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml index 6156c174..da2b4648 100644 --- a/config/haproxy-devel/haproxy.xml +++ b/config/haproxy-devel/haproxy.xml @@ -107,6 +107,11 @@ 077 https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_stats.php + + /usr/local/www/ + 077 + https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_templates.php + /usr/local/pkg/ 077 diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index 8105345e..301dd253 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -184,8 +184,9 @@ include("head.inc"); if ($isadvset) echo ""; + $backend_serverpool_hint = ""; $backend_serverpool = $frontend['backend_serverpool']; - $backend = get_backend($backend_serverpool ); + $backend = get_backend($backend_serverpool); if ($backend && is_array($backend['ha_servers']) && is_array($backend['ha_servers']['item'])){ $servers = $backend['ha_servers']['item']; $backend_serverpool_hint = gettext("Servers in pool:"); diff --git a/config/haproxy-devel/haproxy_stats.php b/config/haproxy-devel/haproxy_stats.php index 10dd136a..302793b6 100644 --- a/config/haproxy-devel/haproxy_stats.php +++ b/config/haproxy-devel/haproxy_stats.php @@ -32,6 +32,10 @@ require_once("haproxy_socketinfo.inc"); $pconfig = $config['installedpackages']['haproxy']; if (isset($_GET['haproxystats']) || isset($_GET['scope']) || (isset($_POST) && isset($_POST['action']))){ + if (!(isset($pconfig['enable']) && $pconfig['localstatsport'] && is_numeric($pconfig['localstatsport']))){ + print 'In the "Settings" configure a internal stats port and enable haproxy for this to be functional. Also make sure the service is running.'; + return; + } $fail = false; try{ $request = ""; @@ -79,48 +83,6 @@ if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { } $a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; -function haproxy_add_stats_example() { - global $config, $d_haproxyconfdirty_path; - $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; - $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item']; - $webcert = haproxy_find_create_certificate("HAProxy stats default"); - - $backend = array(); - $backend["name"] = "HAProxy_stats_ssl_backend"; - $backend["stats_enabled"] = "yes"; - $backend["stats_uri"] = "/"; - $backend["stats_refresh"] = "10"; - $a_backends[] = $backend; - $changecount++; - - $frontend = array(); - $frontend["name"] = "HAProxy_stats_ssl_frontend"; - $frontend["status"] = "active"; - $frontend["type"] = "http"; - $frontend["port"] = "444"; - $frontend["extaddr"] = "lan_ipv4"; - $frontend["ssloffload"] = "yes"; - $frontend["ssloffloadcert"] = $webcert['refid']; - $frontend["backend_serverpool"] = $backend["name"]; - $a_frontends[] = $frontend; - $changecount++; - $changedesc = "add new HAProxy stats example"; - - if ($changecount > 0) { - echo "touching: $d_haproxyconfdirty_path"; - touch($d_haproxyconfdirty_path); - write_config($changedesc); - } -} - -if (isset($_GET['add_stats_example'])) { - haproxy_add_stats_example(); - write_config(); - touch($d_haproxyconfdirty_path); - header("Location: haproxy_listeners.php"); - exit; -} - if ($_POST) { if ($_POST['apply']) { $result = haproxy_check_and_run($savemsg, true); @@ -177,30 +139,15 @@ echo "";
As the page is forwarded through the pfSense gui, this might cause some functionality to not work.
Though the normal haproxy stats page can be tweaked more, and doesn't use a user/pass from pfSense itself.
- Some examples are configurable automatic page refresh,
- only showing certain servers, not providing admin options, and can be accessed from wherever the associated frontend is accessible.(as long as rules permit access)
- To use this or for simply an example how to use SSL-offloading configure stats on either a real backend while utilizing the 'stats uri'. - Or create a backend specifically for serving stats, for that you can start with the 'stats example' template below.
+ Some examples are configurable automatic page refresh, only showing certain servers, not providing admin options,
+ and can be accessed from wherever the associated frontend is accessible.(as long as rules permit access)
+ To use this or for simply an example how to use SSL-offloading configure stats on either a real backend while utilizing the 'stats uri'.
+ Or create a backend specifically for serving stats, for that you can start with the 'stats example' from the template tab.
  - - Stats example template - - - Example - - As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.
- TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl
-
- After applying the changes made by the template use this link to visit the stats page: :444">https://pfSense-LAN-ip:444/ - - - -   - HAProxy stick-tables @@ -241,7 +188,7 @@ echo "";
- In the "Settings" configure a internal stats port and enable haproxy for this to be functional.
+ In the "Settings" configure a internal stats port and enable haproxy for this to be functional. Also make sure the service is running.

diff --git a/config/haproxy-devel/haproxy_templates.php b/config/haproxy-devel/haproxy_templates.php new file mode 100644 index 00000000..478c83a3 --- /dev/null +++ b/config/haproxy-devel/haproxy_templates.php @@ -0,0 +1,220 @@ + 0) { + header("Location: haproxy_listeners.php"); + echo "touching: $d_haproxyconfdirty_path"; + touch($d_haproxyconfdirty_path); + write_config($changedesc); + exit; + } +} + +function template_errorfile() { + global $config, $d_haproxyconfdirty_path, $savemsg; + + $a_files = &$config['installedpackages']['haproxy']['files']['item']; + if (!is_array($a_files)) $a_files = array(); + + $a_files_cache = haproxy_get_fileslist(); + if (!isset($a_files_cache["ExampleErrorfile"])) { + $errorfile = << + + Sorry the webserver you are trying to contact is currently not available. + + +
+

Sorry the webserver you are trying to contact is currently not available.

+
+The error returned is [{errorcode} {errormsg}] please try again later. + + +EOD; + $newfile = array(); + $newfile['name'] = "ExampleErrorfile"; + $newfile['content'] = base64_encode($errorfile); + $a_files[] = $newfile; + $changecount++; + $changedesc = "Errorfile added from template"; + } else { + $savemsg = "File 'ExampleErrorfile' is already configured on the Files tab."; + } + + if ($changecount > 0) { + header("Location: haproxy_files.php"); + echo "touching: $d_haproxyconfdirty_path"; + touch($d_haproxyconfdirty_path); + write_config($changedesc); + exit; + } +} + +if (isset($_GET['add_stats_example'])) { + $templateid = $_GET['add_stats_example']; + switch ($templateid) { + case "1": + haproxy_add_stats_example(); + break; + case "2": + template_errorfile(); + break; + } +} + +if ($_POST) { + if ($_POST['apply']) { + $result = haproxy_check_and_run($savemsg, true); + if ($result) + unlink_if_exists($d_haproxyconfdirty_path); + } +} + +$pgtitle = "Services: HAProxy: Templates"; +include("head.inc"); + +?> + + +
+ +

+ + + + +You must apply the changes in order for them to take effect.");?>
+ +
+ + + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Templates
This page contains some templates that can be added into the haproxy configuration to possible ways to configure haproxy using this the webgui from this package.
 
Stats SSL frontent+backend
+ Create configuration + + As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.
+ TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl
+
+ After applying the changes made by the template use this link to visit the stats page: :444">https://pfSense-LAN-ip:444/ +
 
Errorfile
+ Create configuration + + As an basic example of an errorfile with name 'ExampleErrorfile' will be added if it does not exist. + This file can then be used in the 'Error files' in the backend settings. +
 
+
+
+ + + diff --git a/config/haproxy-devel/pkg_haproxy_tabs.inc b/config/haproxy-devel/pkg_haproxy_tabs.inc index f49d2b67..a74ee20a 100644 --- a/config/haproxy-devel/pkg_haproxy_tabs.inc +++ b/config/haproxy-devel/pkg_haproxy_tabs.inc @@ -15,6 +15,7 @@ $haproxy_tab_array['haproxy']['backend'] = Array(name => "Backend", url => "hapr $haproxy_tab_array['haproxy']['files'] = Array(name => "Files", url => "haproxy_files.php"); $haproxy_tab_array['haproxy']['stats'] = Array(name => "Stats", url => "haproxy_stats.php"); $haproxy_tab_array['haproxy']['statsfs'] = Array(name => "Stats FS", url => "haproxy_stats.php?haproxystats=1"); +$haproxy_tab_array['haproxy']['templates'] = Array(name => "Templates", url => "haproxy_templates.php"); function haproxy_display_top_tabs_active($top_tabs, $activetab) { $tab_array = array(); -- cgit v1.2.3