Copyright (C) 2008 Remco Hoef Copyright (C) 2013 Marcello Coutinho All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ require("guiconfig.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); } $a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item']; if (isset($_POST['id'])) $id = $_POST['id']; else $id = $_GET['id']; if (isset($id) && $a_backend[$id]) { $pconfig['name'] = $a_backend[$id]['name']; $pconfig['desc'] = $a_backend[$id]['desc']; $pconfig['connection_timeout'] = $a_backend[$id]['connection_timeout']; $pconfig['server_timeout'] = $a_backend[$id]['server_timeout']; $pconfig['retries'] = $a_backend[$id]['retries']; $pconfig['type'] = $a_backend[$id]['type']; $pconfig['balance'] = $a_backend[$id]['balance']; $pconfig['monitor_uri'] = $a_backend[$id]['monitor_uri']; $pconfig['forwardfor'] = $a_backend[$id]['forwardfor']; $pconfig['httpclose'] = $a_backend[$id]['httpclose']; $pconfig['stats_enabled'] = $a_backend[$id]['stats_enabled']; $pconfig['stats_username'] = $a_backend[$id]['stats_username']; $pconfig['stats_password'] = $a_backend[$id]['stats_password']; $pconfig['stats_uri'] = $a_backend[$id]['stats_uri']; $pconfig['stats_realm'] = $a_backend[$id]['stats_realm']; $pconfig['stats_node_enabled'] = $a_backend[$id]['stats_node_enabled']; $pconfig['stats_node'] = $a_backend[$id]['stats_node']; $pconfig['stats_desc'] = $a_backend[$id]['stats_desc']; $pconfig['stats_refresh'] = $a_backend[$id]['stats_refresh']; $pconfig['type'] = $a_backend[$id]['type']; $pconfig['extaddr'] = $a_backend[$id]['extaddr']; $pconfig['max_connections'] = $a_backend[$id]['max_connections']; $pconfig['client_timeout'] = $a_backend[$id]['client_timeout']; $pconfig['port'] = $a_backend[$id]['port']; $pconfig['a_acl']=&$a_backend[$id]['ha_acls']['item']; $pconfig['advanced'] = base64_decode($a_backend[$id]['advanced']); $pconfig['dcert'] = base64_decode($a_backend[$id]['dcert']); $pconfig['dcertadv'] = $a_backend[$id]['dcertadv']; $pconfig['ssloffload'] = $a_backend[$id]['ssloffload']; } $changedesc = "Services: HAProxy: Frontend"; $changecount = 0; if ($_POST) { $changecount++; unset($input_errors); $pconfig = $_POST; if ($_POST['stats_enabled']) { $reqdfields = explode(" ", "name connection_timeout server_timeout stats_username stats_password stats_uri stats_realm"); $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout,Stats Username,Stats Password,Stats Uri,Stats Realm"); } else { $reqdfields = explode(" ", "name connection_timeout server_timeout"); $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout"); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); $reqdfields = explode(" ", "name type port max_connections client_timeout"); $reqdfieldsn = explode(",", "Name,Type,Port,Max connections,Client timeout"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; if (!is_numeric($_POST['connection_timeout'])) $input_errors[] = "The field 'Connection timeout' value is not a number."; if (!is_numeric($_POST['server_timeout'])) $input_errors[] = "The field 'Server timeout' value is not a number."; if (!$_POST['retries'] && is_numeric($_POST['retries'])) $input_errors[] = "The field 'Retries' value is not a number."; if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) $input_errors[] = "The field 'Stats Username' contains invalid characters."; if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password'])) $input_errors[] = "The field 'Stats Password' contains invalid characters."; if (!is_numeric($_POST['max_connections'])) $input_errors[] = "The field 'Max connections' value is not a number."; $ports = split(",", $_POST['port'] . ","); foreach($ports as $port) if ($port && !is_numeric($port)) $input_errors[] = "The field 'Port' value is not a number."; if (!is_numeric($_POST['client_timeout'])) $input_errors[] = "The field 'Client timeout' value is not a number."; /* Ensure that our pool names are unique */ for ($i=0; isset($config['installedpackages']['haproxy']['ha_backends']['item'][$i]); $i++) if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_backends']['item'][$i]['name']) && ($i != $id)) $input_errors[] = "This backend name has already been used. Frontend names must be unique."; $a_acl=array(); $acl_names=array(); for($x=0; $x<99; $x++) { $acl_name=$_POST['acl_name'.$x]; $acl_expression=$_POST['acl_expression'.$x]; if ($acl_name) { // check for duplicates if (in_array($acl_name, $acl_names)) { $input_errors[] = "The name '$acl_name' is duplicate."; } $acl_names[]=$acl_name; $acl=array(); $acl['name']=$acl_name; $acl['expression']=$acl_expression; $a_acl[]=$acl; if (preg_match("/[^a-zA-Z0-9\.\-_]/", $acl_name)) $input_errors[] = "The field 'Name' contains invalid characters."; if (!preg_match("/.{2,}/", $acl_expression)) $input_errors[] = "The field 'Expression' is required."; if (!preg_match("/.{2,}/", $acl_name)) $input_errors[] = "The field 'Name' is required."; } } $pconfig['a_acl']=$a_acl; if (!$input_errors) { $backend = array(); if(isset($id) && $a_backend[$id]) $backend = $a_backend[$id]; if($backend['name'] != "") $changedesc .= " modified '{$backend['name']}' pool:"; if ($backend['name']!=$_POST['name']) { // name changed: // * update servers // * update frontend (default backend and acl) if (!is_array($config['installedpackages']['haproxy']['ha_servers']['item'])) { $config['installedpackages']['haproxy']['ha_servers']['item'] = array(); } $a_server = &$config['installedpackages']['haproxy']['ha_servers']['item']; for ( $i = 0; $i < count($a_server); $i++) { if ($a_server[$i]['backend']==$backend['name']) { $a_server[$i]['backend']=$_POST['name']; } } if (!is_array($config['installedpackages']['haproxy']['ha_frontends']['item'])) { $config['installedpackages']['haproxy']['ha_frontends']['item'] = array(); } $a_frontend = &$config['installedpackages']['haproxy']['ha_frontends']['item']; for ( $i = 0; $i < count($a_frontend); $i++) { if ($a_frontend[$i]['backend']==$backend['name']) { $a_frontend[$i]['backend']=$_POST['name']; } if (!is_array($a_frontend[$i]['ha_acls']['item'])) { $a_frontend[$i]['ha_acls']['item'] = array(); } $a_acl = &$a_frontend[$i]['ha_acls']['item']; for ( $j = 0; $j < count($a_acl); $j++) { if ($a_acl[$j]['backend']==$backend['name']) { $a_acl[$j]['backend']=$_POST['name']; } } } } update_if_changed("name", $backend['name'], $_POST['name']); update_if_changed("description", $backend['desc'], $_POST['desc']); update_if_changed("connection_timeout", $backend['connection_timeout'], $_POST['connection_timeout']); update_if_changed("server_timeout", $backend['server_timeout'], $_POST['server_timeout']); update_if_changed("retries", $backend['retries'], $_POST['retries']); update_if_changed("type", $backend['type'], $_POST['type']); update_if_changed("balance", $backend['balance'], $_POST['balance']); update_if_changed("cookie_name", $backend['cookie_name'], $_POST['cookie_name']); update_if_changed("monitor_uri", $backend['monitor_uri'], $_POST['monitor_uri']); update_if_changed("forwardfor", $backend['forwardfor'], $_POST['forwardfor']); update_if_changed("httpclose", $backend['httpclose'], $_POST['httpclose']); update_if_changed("stats_enabled", $backend['stats_enabled'], $_POST['stats_enabled']); update_if_changed("stats_username", $backend['stats_username'], $_POST['stats_username']); update_if_changed("stats_password", $backend['stats_password'], $_POST['stats_password']); update_if_changed("stats_uri", $backend['stats_uri'], $_POST['stats_uri']); update_if_changed("stats_realm", $backend['stats_realm'], $_POST['stats_realm']); update_if_changed("stats_node_enabled", $backend['stats_node_enabled'], $_POST['stats_node_enabled']); update_if_changed("stats_node", $backend['stats_node'], $_POST['stats_node']); update_if_changed("stats_desc", $backend['stats_desc'], $_POST['stats_desc']); update_if_changed("stats_desc", $backend['stats_refresh'], $_POST['stats_refresh']); update_if_changed("type", $backend['type'], $_POST['type']); update_if_changed("port", $backend['port'], $_POST['port']); update_if_changed("extaddr", $backend['extaddr'], $_POST['extaddr']); update_if_changed("max_connections", $backend['max_connections'], $_POST['max_connections']); update_if_changed("client_timeout", $backend['client_timeout'], $_POST['client_timeout']); update_if_changed("advanced", $backend['advanced'], base64_encode($_POST['advanced'])); update_if_changed("dcert", $backend['dcert'], base64_encode($_POST['dcert'])); update_if_changed("dcertadv", $backend['dcertadv'], $_POST['dcertadv']); update_if_changed("ssloffload", $backend['ssloffload'], $_POST['ssloffload']); $backend['ha_acls']['item'] = $a_acl; if (isset($id) && $a_backend[$id]) { $a_backend[$id] = $backend; } else { $a_backend[] = $backend; } if ($changecount > 0) { touch($d_haproxyconfdirty_path); write_config($changedesc); } header("Location: haproxy_frontends.php"); exit; } } $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; $pgtitle = "HAProxy: Frontend: Edit"; include("head.inc"); ?>

> > > > > > > > */ ?>
 
Edit haproxy backend
Name size="25" maxlength="25">
Description size="64">
Connection timeout size="64">
the time (in milliseconds) we give up if the connection does not complete within (30000).
Server timeout size="64">
the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).
Retries size="64">
After a connection failure to a server, it is possible to retry, potentially on another server. This is useful if health-checks are too rare and you don't want the clients to see the failures. The number of attempts to reconnect is set by the 'retries' parameter (2).
Type
Balance
>Round robin Each server is used in turns, according to their weights. This is the smoothest and fairest algorithm when the server's processing time remains equally distributed. This algorithm is dynamic, which means that server weights may be adjusted on the fly for slow starts for instance.
>Static Round Robin Each server is used in turns, according to their weights. This algorithm is as similar to roundrobin except that it is static, which means that changing a server's weight on the fly will have no effect. On the other hand, it has no design limitation on the number of servers, and when a server goes up, it is always immediately reintroduced into the farm, once the full map is recomputed. It also uses slightly less CPU to run (around -1%).
>Least Connections The server with the lowest number of connections receives the connection. Round-robin is performed within groups of servers of the same load to ensure that all servers will be used. Use of this algorithm is recommended where very long sessions are expected, such as LDAP, SQL, TSE, etc... but is not very well suited for protocols using short sessions such as HTTP. This algorithm is dynamic, which means that server weights may be adjusted on the fly for slow starts for instance.
>Source The source IP address is hashed and divided by the total weight of the running servers to designate which server will receive the request. This ensures that the same client IP address will always reach the same server as long as no server goes down or up. If the hash result changes due to the number of running servers changing, many clients will be directed to a different server. This algorithm is generally used in TCP mode where no cookie may be inserted. It may also be used on the Internet to provide a best-effort stickyness to clients which refuse session cookies. This algorithm is static, which means that changing a server's weight on the fly will have no effect.
Stats Enabled onclick='toggle_stats();'>
EXAMPLE: haproxystats
Stats Realm size="64">
Stats Uri size="64">
EXAMPLE: /haproxy?stats
Stats Username size="64">
Stats Password size="64">
Stats Enable Node Name >
Stats Node size="64">
The node name is displayed in the stats and helps to differentiate which server in a cluster is actually serving clients.
Leave blank to use the system name.
Stats Description size="64">
Stats Refresh size="10" maxlength="30">
Specify the refresh rate of the stats page in seconds, or specified time unit (us, ms, s, m, h, d).
Monitor Uri size="50" maxlength="50">
Example: / or /index.php or /index.html or /testmypage.cgi
Port size="30" maxlength="500">
The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443
External address
If you want this rule to apply to another IP address than the IP address of the interface chosen above, select it here (you need to define Virtual IP addresses on the first). Also note that if you are trying to redirect connections on the LAN select the "any" option.
Max connections size="10" maxlength="10">
Client timeout size="10" maxlength="10">
the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).
Access Control lists
Name Expression Backend

Fore more information about ACL's please see HAProxy Documentation Section 7 - Using ACL's
Use 'forwardfor' option >
The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which contains the client's IP address. This is useful to let the final web server know what the client address was (eg for statistics on domains)
Use 'httpclose' option >
The 'httpclose' option removes any 'Connection' header both ways, and adds a 'Connection: close' header in each direction. This makes it easier to disable HTTP keep-alive than the previous 4-rules block.
Advanced pass thru
NOTE: paste text into this box that you would like to pass thru.
SSL Offloading
Use Offloading >
The SSL Offloading will reduce web servers load by encrypt data to users on internet and send it without encrytion to internal servers.
cert
NOTE: paste cert and rsa key to use on this frontend.
Advanced ssl options size="10" maxlength="64">
NOTE: Paste additional ssl options(without commas) to include on ssl listening options.
some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
 
NOTE: You must add a firewall rule permitting access to this frontend!