From 013b19b7ab96847cffc6fdb9c6adb29f4da47323 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Mon, 1 Dec 2014 00:27:45 -0200 Subject: varnish3 - Add force ssl option to LB Directors, config check before reload and improve stats gui --- config/varnish3/varnish.inc | 69 ++++++++++++++++++++++---------- config/varnish3/varnish_backends.xml | 1 + config/varnish3/varnish_custom_vcl.xml | 3 ++ config/varnish3/varnish_lb_directors.xml | 12 ++++++ config/varnish3/varnish_settings.xml | 4 ++ config/varnish3/varnish_sync.xml | 1 + config/varnish3/varnish_view_config.php | 9 +++-- config/varnish3/varnishstat.php | 47 +++++++++++++++++++--- 8 files changed, 115 insertions(+), 31 deletions(-) (limited to 'config') diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index bca02203..587d01bc 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -36,9 +36,6 @@ $shortcut_section = "varnish"; $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); if (is_dir('/usr/pbi/varnish-' . php_uname("m"))) { - if ($pfs_version == 2.2) - define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")."/local"); - else define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")); } else { define('VARNISH_LOCALBASE','/usr/local'); @@ -122,11 +119,25 @@ function varnish_deinstall() { function text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); } + +function varnish_check_config(){ + global $savemsg; + exec(VARNISH_LOCALBASE."/bin/varnishd -C -f /var/etc/default.vcl 2>&1",$output,$return); + if ($return >0){ + $savemsg.= implode("
",$output); + $savemsg.= "
Daemon will not be restarted."; + return 1; + } + return 0; +} + + function varnish_start() { global $g, $config; if ($config['installedpackages']['varnishsettings']['config'][0]['enablevarnish']){ exec("chmod +x /usr/local/etc/rc.d/varnish.sh"); - mwexec("/usr/local/etc/rc.d/varnish.sh");} + if (varnish_check_config() == 0) + mwexec("/usr/local/etc/rc.d/varnish.sh");} else{ exec("chmod -x /usr/local/etc/rc.d/varnish.sh"); mwexec("/usr/bin/killall varnishd");} @@ -165,6 +176,13 @@ function varnish_get_url_mappings_txt() { $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'"'." && req.url $fieldtype ".'"^'.$url['directorurl2'].'") {'."\n"; $urlbackend = "\t\t\tset req.backend = ".$url['directorname'].";"; + // check force ssl option + if ($url['forcessl']){ + $urlmappings .="\t\t#Force ssl for this host/director\n"; + $urlmappings .="\t\tif((req.http.X-Forwarded-Proto !~ \"(?i)https\" ) && !(client.ip ~ SslOffloadServers)){\n"; + $urlmappings .="\t\t\tset req.http.x-redir-url = \"https://\" + req.http.host + req.url;\n"; + $urlmappings .="\t\t\terror 750 req.http.x-redir-url;\n\t\t\t}\n"; + } // check rewrite options if ($url['rewritehost']) $urlmappings .= "\t\t\tset req.http.host = regsub(req.http.host, ".'"'.$url['directorurl'].'",'.'"'.$url['rewritehost'].'")'.";\n"; @@ -425,11 +443,23 @@ function sync_package_varnish() { $vcl_pipe_late = text_area_decode($vcl['vcl_pipe_late']); } } - $vcl_recv_set_basic='#BASIC VCL RULES SETTING'."\n"; - $vcl_recv_action_basic='#BASIC VCL RULES ACTIONS'."\n"; - #$plataform=posix_uname(); - if (is_array($config['installedpackages']['varnishsettings']['config'])) - foreach($config['installedpackages']['varnishsettings']['config'] as $vcl) { + + $vcl_recv_set_basic='#BASIC VCL RULES SETTING'."\n"; + $vcl_recv_action_basic='#BASIC VCL RULES ACTIONS'."\n"; + #$plataform=posix_uname(); + if (is_array($config['installedpackages']['varnishsettings']['config'])) + foreach($config['installedpackages']['varnishsettings']['config'] as $vcl) { + if ($vcl['ssloffload']){ + $vcl_acls="acl SslOffloadServers {\n\t\"localhost\";"; + $sslservers= split (" ",$vcl['ssloffload']); + foreach ($sslservers as $sslserver){ + if (preg_match("/(\S+)\/(d+)/",$sslserver,$sslm)) + $vcl_acls.="\n\t\"{$sslm[1]}\"/{$sslm[2]};"; + else + $vcl_acls.="\n\t\"{$sslserver}\";"; + } + $vcl_acls.="\n\t}\n"; + } if ($vcl['streaming']) $vcl_fetch_stream="set beresp.do_stream = true;\n"; if ($vcl['fixgzip']) { @@ -466,15 +496,6 @@ function sync_package_varnish() { $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-For = req.http.X-Forwarded-For + \",\" + client.ip;\n\n"; break; case 'create': - $vcl_acls="acl SslOffloadServers {\n\t\"localhost\";"; - $sslservers= split (" ",$vcl['ssloffload']); - foreach ($sslservers as $sslserver){ - if (preg_match("/(\S+)\/(d+)/",$sslserver,$sslm)) - $vcl_acls.="\n\t\"{$sslm[1]}\"/{$sslm[2]};"; - else - $vcl_acls.="\n\t\"{$sslserver}\";"; - } - $vcl_acls.="}\n"; $vcl_recv_set_basic .= "\tif (req.http.X-Forwarded-For && client.ip ~ SslOffloadServers){\n\t\t"; $vcl_recv_set_basic .= "set req.http.X-Forwarded-Varnish = req.http.X-Forwarded-For;\n\t}"; $vcl_recv_set_basic .= "else{\n\t\tset req.http.X-Forwarded-Varnish = client.ip;\n\n\t}"; @@ -577,10 +598,16 @@ $varnish_config_file = << + varnish_check_config(); sync_package_varnish(); diff --git a/config/varnish3/varnish_custom_vcl.xml b/config/varnish3/varnish_custom_vcl.xml index 7c940f40..d0d9ff21 100644 --- a/config/varnish3/varnish_custom_vcl.xml +++ b/config/varnish3/varnish_custom_vcl.xml @@ -169,6 +169,9 @@ base64 + + varnish_check_config(); + diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml index e3cd8c04..313bf0d6 100644 --- a/config/varnish3/varnish_lb_directors.xml +++ b/config/varnish3/varnish_lb_directors.xml @@ -129,6 +129,10 @@ Grace grace + + SSL + forcessl + Failover failover @@ -197,6 +201,13 @@ input 5 + + Force SSL + forcessl + + checkbox + 5 + Additions options customapping @@ -261,6 +272,7 @@ + varnish_check_config(); sync_package_varnish(); diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml index 99e29663..b80b7fcf 100644 --- a/config/varnish3/varnish_settings.xml +++ b/config/varnish3/varnish_settings.xml @@ -283,6 +283,10 @@ base64 + + varnish_check_config(); + + sync_package_varnish(); create_varnish_rcd_file(); diff --git a/config/varnish3/varnish_sync.xml b/config/varnish3/varnish_sync.xml index eb908afe..c5b4b69c 100644 --- a/config/varnish3/varnish_sync.xml +++ b/config/varnish3/varnish_sync.xml @@ -136,5 +136,6 @@ unset($_POST['temp']); + varnish_check_config(); \ No newline at end of file diff --git a/config/varnish3/varnish_view_config.php b/config/varnish3/varnish_view_config.php index b02e5c88..30765756 100644 --- a/config/varnish3/varnish_view_config.php +++ b/config/varnish3/varnish_view_config.php @@ -28,7 +28,7 @@ */ require("guiconfig.inc"); - +require("varnish.inc"); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version < 2.0) $one_two = true; @@ -44,7 +44,7 @@ include("head.inc");

- +
@@ -71,8 +71,9 @@ include("head.inc"); diff --git a/config/varnish3/varnishstat.php b/config/varnish3/varnishstat.php index 9e4e2f3d..aa6827a8 100644 --- a/config/varnish3/varnishstat.php +++ b/config/varnish3/varnishstat.php @@ -1,8 +1,9 @@ + Copyright (C) 2014 Marcello Coutinho All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,11 +29,45 @@ */ require("guiconfig.inc"); - +require("varnish.inc"); +function open_table(){ + echo ""; + echo" "; +} +function close_table(){ + echo" "; + echo"
"; + echo "
"; +} if($_REQUEST['getactivity']) { - $varnishstatlogs = `varnishstat -1`; + //$varnishstatlogs = `varnishstat -1`; + $backends=exec("varnishstat -1",$debug); echo "

VarnishSTAT Server logs as of " . date("D M j G:i:s T Y") . "

"; - echo $varnishstatlogs; + open_table(); + print "Description"; + print "Count"; + print ""; + print ""; + foreach ($debug as $line){ + if (!preg_match("/^VBE/",$line,$lm) && + preg_match("/(\S+)\s+(\S+)\s+(\S+)\s+(.*)/",$line,$lm)) + $varnish_stats[]=$lm; + } + unset($debug); + if (is_array($varnish_stats)){ + foreach ($varnish_stats as $v){ + print " $v[4] ($v[1])"; + print "". @number_format($v[2]) .""; + print "$v[3]"; + print "  "; + } + } + else{ + print "No traffic"; + } + +close_table(); + //echo $varnishstatlogs; exit; } @@ -70,7 +105,7 @@ include("head.inc");

- +
@@ -93,7 +128,7 @@ include("head.inc");
- +
One moment please, loading VarnishSTAT...
-- cgit v1.2.3 From 6c1d59e718e33421df1ffa4b84be20c1321a67cc Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 1 Dec 2014 15:14:30 -0500 Subject: Update OpenVPN Client Export with OpenVPN 2.3.6 installers. --- config/openvpn-client-export/openvpn-client-export.inc | 7 +++++-- config/openvpn-client-export/openvpn-client-export.xml | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'config') diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 44604a90..f635bbd0 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -39,12 +39,13 @@ require_once("util.inc"); require_once("pfsense-utils.inc"); global $current_openvpn_version, $current_openvpn_version_rev; -$current_openvpn_version = "2.3.5"; +$current_openvpn_version = "2.3.6"; $current_openvpn_version_rev = "01"; function openvpn_client_export_install() { + global $current_openvpn_version; conf_mount_rw(); - $tarpath = "/usr/local/pkg/openvpn-client-export.tgz"; + $tarpath = "/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz"; $phpfile = "vpn_openvpn_export.php"; $ovpndir = "/usr/local/share/openvpn"; $workdir = "{$ovpndir}/client-export"; @@ -57,6 +58,7 @@ function openvpn_client_export_install() { } function openvpn_client_export_deinstall() { + global $current_openvpn_version; conf_mount_rw(); $phpfile = "vpn_openvpn_export.php"; $phpfile2 = "vpn_openvpn_export_shared.php"; @@ -65,6 +67,7 @@ function openvpn_client_export_deinstall() { unlink_if_exists("/usr/local/www/{$phpfile}"); unlink_if_exists("/usr/local/www/{$phpfile2}"); + unlink_if_exists("/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz"); exec("/bin/rm -r {$workdir}"); conf_mount_ro(); } diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index f96336b3..15986428 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ OpenVPN Client Export - 1.2.14 + 1.2.15 OpenVPN Client Export /usr/local/pkg/openvpn-client-export.inc @@ -27,7 +27,7 @@ /usr/local/pkg/ 077 - https://files.pfsense.org/packages/openvpn-client-export/openvpn-client-export.tgz + https://files.pfsense.org/packages/openvpn-client-export/openvpn-client-export-2.3.6.tgz /usr/local/www/ -- cgit v1.2.3 From f9f0b2f31097db308a5b7affd8fc64738a246acd Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Mon, 1 Dec 2014 19:05:27 -0200 Subject: Check if varnish is enabled before test config Submitted by: Marcello Coutinho --- config/varnish3/varnish.inc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'config') diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 587d01bc..82b1cbca 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -122,6 +122,10 @@ function text_area_decode($text){ function varnish_check_config(){ global $savemsg; + + if (!isset($config['installedpackages']['varnishsettings']['config'][0]['enablevarnish'])) + return; + exec(VARNISH_LOCALBASE."/bin/varnishd -C -f /var/etc/default.vcl 2>&1",$output,$return); if ($return >0){ $savemsg.= implode("
",$output); -- cgit v1.2.3 From ab0a79e736a2dce9b93a7a9232f56d45f5bc1b83 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Mon, 1 Dec 2014 19:23:07 -0200 Subject: Some libraries are not being found by wrapper, symlink them to PBI_DIR/local/lib --- config/varnish3/varnish.inc | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'config') diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 82b1cbca..f14e514e 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -110,6 +110,17 @@ function varnish_backends_post_validate($post, &$input_errors) { function varnish_install() { create_varnish_rcd_file(); + + if (file_exists(VARNISH_LOCALBASE . '/local/lib/varnish/libvarnish.so')) { + @symlink(VARNISH_LOCALBASE . '/local/lib/varnish/libvarnish.so', + VARNISH_LOCALBASE . '/local/lib/libvarnish.so'); + @symlink(VARNISH_LOCALBASE . '/local/lib/varnish/libvarnishcompat.so', + VARNISH_LOCALBASE . '/local/lib/libvarnishcompat.so'); + @symlink(VARNISH_LOCALBASE . '/local/lib/varnish/libvcl.so', + VARNISH_LOCALBASE . '/local/lib/libvcl.so'); + @symlink(VARNISH_LOCALBASE . '/local/lib/varnish/libvgz.so', + VARNISH_LOCALBASE . '/local/lib/libvgz.so'); + } } function varnish_deinstall() { -- cgit v1.2.3 From 4cbafb8f6f14e41bf9d90d4778a0ff5bcce3e584 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Tue, 2 Dec 2014 03:57:28 -0200 Subject: varnish3 - Add apply changes button to package gui --- config/varnish3/varnish.inc | 58 +++++++++++++++++++++++--------- config/varnish3/varnish_backends.xml | 4 --- config/varnish3/varnish_custom_vcl.xml | 2 -- config/varnish3/varnish_lb_directors.xml | 4 --- config/varnish3/varnish_settings.xml | 1 - 5 files changed, 43 insertions(+), 26 deletions(-) (limited to 'config') diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index f14e514e..730bf5ab 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -41,6 +41,9 @@ if (is_dir('/usr/pbi/varnish-' . php_uname("m"))) { define('VARNISH_LOCALBASE','/usr/local'); } +define('VARNISH_DIRTYPATH',"{$g['varrun_path']}/varnish.conf.dirty"); +define('VARNISH_CONFFILE','/var/etc/default.vcl'); + function varnish_settings_post_validate($post, &$input_errors) { if( !is_numeric($post['storagesize'])) $input_errors[] = "A valid number is required for the field 'Storage size'"; @@ -132,13 +135,22 @@ function text_area_decode($text){ } function varnish_check_config(){ - global $savemsg; + global $savemsg,$config; if (!isset($config['installedpackages']['varnishsettings']['config'][0]['enablevarnish'])) return; - exec(VARNISH_LOCALBASE."/bin/varnishd -C -f /var/etc/default.vcl 2>&1",$output,$return); - if ($return >0){ + exec(VARNISH_LOCALBASE."/bin/varnishd -C -f ".VARNISH_CONFFILE." 2>&1",$output,$return); + if ($return == 0){ + if (isset($_REQUEST['apply'])){ + varnish_start(true); + return; + } + + if (file_exists(VARNISH_DIRTYPATH)) + $savemsg="Varnish configuration has been changed.
You must apply in order to take effect.
"; + } + else{ $savemsg.= implode("
",$output); $savemsg.= "
Daemon will not be restarted."; return 1; @@ -147,13 +159,22 @@ function varnish_check_config(){ } -function varnish_start() { +function varnish_start($force_start=false) { global $g, $config; + + if ($force_start){ + mwexec("/usr/local/etc/rc.d/varnish.sh"); + unlink_if_exists(VARNISH_DIRTYPATH); + return; + } + if ($config['installedpackages']['varnishsettings']['config'][0]['enablevarnish']){ exec("chmod +x /usr/local/etc/rc.d/varnish.sh"); - if (varnish_check_config() == 0) - mwexec("/usr/local/etc/rc.d/varnish.sh");} - else{ + if (varnish_check_config() == 0 || $force_start){ + unlink_if_exists(VARNISH_DIRTYPATH); + mwexec("/usr/local/etc/rc.d/varnish.sh"); + } + }else{ exec("chmod -x /usr/local/etc/rc.d/varnish.sh"); mwexec("/usr/bin/killall varnishd");} } @@ -287,6 +308,7 @@ function create_varnish_rcd_file() { } } $fd = fopen("/usr/local/etc/rc.d/varnish.sh", "w"); + $conf_file=VARNISH_CONFFILE; $rc_file = << ENDOFF /usr/local/sbin/varnishd \ {$listeningport} \ - -f /var/etc/default.vcl \ + -f {$conf_file} \ {$storage_type} \ -w {$minworkers},{$maxworkers},{$timeoutworkers} \ {$advancedstartup} @@ -442,6 +464,12 @@ EOFA; function sync_package_varnish() { global $config, $g; + + if (isset($_POST["apply"])){ + varnish_start(); + unlink_if_exists(VARNISH_DIRTYPATH); + return; + } if (is_array($config['installedpackages']['varnishcustomvcl']['config'])) { foreach($config['installedpackages']['varnishcustomvcl']['config'] as $vcl) { if ($vcl['vcl_recv_early']) @@ -610,7 +638,7 @@ $varnish_config_file = << sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start(); sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start(); varnish_backends_post_validate($_POST, $input_errors); diff --git a/config/varnish3/varnish_custom_vcl.xml b/config/varnish3/varnish_custom_vcl.xml index d0d9ff21..4950c6ed 100644 --- a/config/varnish3/varnish_custom_vcl.xml +++ b/config/varnish3/varnish_custom_vcl.xml @@ -176,7 +176,5 @@ sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start();
\ No newline at end of file diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml index 313bf0d6..c8868ec4 100644 --- a/config/varnish3/varnish_lb_directors.xml +++ b/config/varnish3/varnish_lb_directors.xml @@ -276,13 +276,9 @@ sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start(); sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start(); varnish_lb_directors_post_validate($_POST, $input_errors); diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml index b80b7fcf..accfaae8 100644 --- a/config/varnish3/varnish_settings.xml +++ b/config/varnish3/varnish_settings.xml @@ -290,7 +290,6 @@ sync_package_varnish(); create_varnish_rcd_file(); - varnish_start(); varnish_settings_post_validate($_POST, $input_errors); -- cgit v1.2.3 From 00ad4092959492c667261b1d54d6cc0b059cbdf9 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 2 Dec 2014 09:48:51 -0200 Subject: Set PATH to make possible for varnish binaries to find cc, also, avoid cc to be symlinked to pbiopt file. Bump package version --- config/varnish3/varnish.inc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'config') diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 730bf5ab..50b37990 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -140,7 +140,8 @@ function varnish_check_config(){ if (!isset($config['installedpackages']['varnishsettings']['config'][0]['enablevarnish'])) return; - exec(VARNISH_LOCALBASE."/bin/varnishd -C -f ".VARNISH_CONFFILE." 2>&1",$output,$return); + $path = '/usr/bin/env PATH=' . VARNISH_LOCALBASE . '/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin'; + exec($path . " " . VARNISH_LOCALBASE."/bin/varnishd -C -f ".VARNISH_CONFFILE." 2>&1",$output,$return); if ($return == 0){ if (isset($_REQUEST['apply'])){ varnish_start(true); @@ -309,6 +310,7 @@ function create_varnish_rcd_file() { } $fd = fopen("/usr/local/etc/rc.d/varnish.sh", "w"); $conf_file=VARNISH_CONFFILE; + $bin_path=VARNISH_LOCALBASE . '/bin'; $rc_file = << Date: Tue, 2 Dec 2014 21:13:16 -0600 Subject: fix imspector to use pbi paths. Breaks 2.0.x in process, don't care. --- config/imspector/imspector.inc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'config') diff --git a/config/imspector/imspector.inc b/config/imspector/imspector.inc index 2d672e87..89fbda2b 100644 --- a/config/imspector/imspector.inc +++ b/config/imspector/imspector.inc @@ -35,9 +35,8 @@ require_once("service-utils.inc"); /* IMSpector */ - define('IMSPECTOR_RCFILE', '/usr/local/etc/rc.d/imspector.sh'); - define('IMSPECTOR_ETC', '/usr/local/etc/imspector'); + define('IMSPECTOR_ETC', "/usr/pbi/imspector-" . php_uname("m") . "/local/etc/imspector"); define('IMSPECTOR_CONFIG', IMSPECTOR_ETC . '/imspector.conf'); function imspector_warn ($msg) { syslog(LOG_WARNING, "imspector: {$msg}"); } @@ -543,4 +542,4 @@ function imspector_do_xmlrpc_sync($sync_to_ip, $password) { } } -?> +?> \ No newline at end of file -- cgit v1.2.3