forked from pool/haproxy
Accepting request 343758 from server:http
- fix link to tarball - update to 1.6.2 - BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0 - DOC: fix a typo for a "deviceatlas" keyword - FIX: small typo in an example using the "Referer" header - BUG/MEDIUM: config: count memory limits on 64 bits, not 32 - BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop - BUG/MINOR: dns: unable to parse CNAMEs response - BUG/MINOR: examples/haproxy.init: missing brace in quiet_check() - DOC: deviceatlas: more example use cases. - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin. - BUG/MAJOR: http: don't requeue an idle connection that is already queued - DOC: typo on capture.res.hdr and capture.req.hdr - BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing - CLEANUP: use direction names in place of numeric values - BUG/MEDIUM: lua: sample fetches based on response doesn't work - drop haproxy-1.6.0-ssl-098.patch: included upstream - update to 1.6.1 - DOC: specify that stats socket doc (section 9.2) is in management - BUILD: install only relevant and existing documentation - CLEANUP: don't ignore debian/ directory if present OBS-URL: https://build.opensuse.org/request/show/343758 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=34
This commit is contained in:
commit
b392088efb
@ -1,64 +0,0 @@
|
||||
From df0a5960987b3cb663dcfa93d29c21acc13cd3e3 Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Thu, 9 Jul 2015 11:20:00 +0200
|
||||
Subject: [PATCH 01/11] BUG/MINOR: log: missing some ARGC_* entries in
|
||||
fmt_directives()
|
||||
|
||||
ARGC_CAP was not added to fmt_directives() which is used to format
|
||||
error messages when failing to parse log format expressions. The
|
||||
whole switch/case has been reorganized to match the declaration
|
||||
order making it easier to spot missing values. The default is not
|
||||
the "log" directive anymore but "undefined" asking to report the
|
||||
bug.
|
||||
|
||||
Backport to 1.5 is not strictly needed but is desirable at least
|
||||
for code sanity.
|
||||
(cherry picked from commit 53e1a6d31743b1bef6063ff30b812521391ae3c3)
|
||||
---
|
||||
src/log.c | 24 ++++++++++++++----------
|
||||
1 file changed, 14 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/src/log.c b/src/log.c
|
||||
index 1a5ad25..f0a3072 100644
|
||||
--- a/src/log.c
|
||||
+++ b/src/log.c
|
||||
@@ -167,22 +167,26 @@ struct logformat_var_args var_args_list[] = {
|
||||
static inline const char *fmt_directive(const struct proxy *curproxy)
|
||||
{
|
||||
switch (curproxy->conf.args.ctx) {
|
||||
- case ARGC_UIF:
|
||||
- return "unique-id-format";
|
||||
+ case ARGC_ACL:
|
||||
+ return "acl";
|
||||
+ case ARGC_STK:
|
||||
+ return "stick";
|
||||
+ case ARGC_TRK:
|
||||
+ return "track-sc";
|
||||
+ case ARGC_LOG:
|
||||
+ return "log-format";
|
||||
case ARGC_HRQ:
|
||||
return "http-request";
|
||||
case ARGC_HRS:
|
||||
return "http-response";
|
||||
- case ARGC_STK:
|
||||
- return "stick";
|
||||
- case ARGC_TRK:
|
||||
- return "track-sc"; break;
|
||||
+ case ARGC_UIF:
|
||||
+ return "unique-id-format";
|
||||
case ARGC_RDR:
|
||||
- return "redirect"; break;
|
||||
- case ARGC_ACL:
|
||||
- return "acl"; break;
|
||||
+ return "redirect";
|
||||
+ case ARGC_CAP:
|
||||
+ return "capture";
|
||||
default:
|
||||
- return "log-format";
|
||||
+ return "undefined(please report this bug)"; /* must never happen */
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,27 +0,0 @@
|
||||
From ea31f225c2c93a25b8bef7a9241a89cecfd9d350 Mon Sep 17 00:00:00 2001
|
||||
From: Baptiste Assmann <bedis9@gmail.com>
|
||||
Date: Fri, 17 Jul 2015 21:59:42 +0200
|
||||
Subject: [PATCH 02/11] DOC: usesrc root privileges requirements
|
||||
|
||||
The "usesrc" parameter of the source statement requires root privileges.
|
||||
(cherry picked from commit 91bd337d90cb347feda34b01402f3471c8a4833c)
|
||||
---
|
||||
doc/configuration.txt | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/doc/configuration.txt b/doc/configuration.txt
|
||||
index 6714afb..64697a4 100644
|
||||
--- a/doc/configuration.txt
|
||||
+++ b/doc/configuration.txt
|
||||
@@ -6117,6 +6117,8 @@ source <addr>[:<port>] [interface <name>]
|
||||
is possible at the server level using the "source" server option. Refer to
|
||||
section 5 for more information.
|
||||
|
||||
+ In order to work, "usesrc" requires root privileges.
|
||||
+
|
||||
Examples :
|
||||
backend private
|
||||
# Connect to the servers using our 192.168.1.200 source address
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,52 +0,0 @@
|
||||
From eee374c28ea8ea22834ff14515b5584bc3e0c7b5 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= <jca@wxcvbn.org>
|
||||
Date: Sat, 25 Jul 2015 16:50:52 -0600
|
||||
Subject: [PATCH 03/11] BUILD: ssl: Allow building against libssl without
|
||||
SSLv3.
|
||||
|
||||
If SSLv3 is explicitely requested but not available, warn the user and
|
||||
bail out.
|
||||
(cherry picked from commit 17c3f6284cf605e47f6525c077bc644c45272849)
|
||||
---
|
||||
src/ssl_sock.c | 16 ++++++++++++++--
|
||||
1 file changed, 14 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||
index 7d77d36..2ae45ec 100644
|
||||
--- a/src/ssl_sock.c
|
||||
+++ b/src/ssl_sock.c
|
||||
@@ -1405,8 +1405,14 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
|
||||
ssloptions |= SSL_OP_NO_TLSv1_2;
|
||||
if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
|
||||
ssloptions |= SSL_OP_NO_TICKET;
|
||||
- if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3)
|
||||
+ if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) {
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
|
||||
+#else
|
||||
+ Alert("SSLv3 support requested but unavailable.\n");
|
||||
+ cfgerr++;
|
||||
+#endif
|
||||
+ }
|
||||
if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10)
|
||||
SSL_CTX_set_ssl_version(ctx, TLSv1_server_method());
|
||||
#if SSL_OP_NO_TLSv1_1
|
||||
@@ -1750,8 +1756,14 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
|
||||
options |= SSL_OP_NO_TLSv1_2;
|
||||
if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
|
||||
options |= SSL_OP_NO_TICKET;
|
||||
- if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3)
|
||||
+ if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) {
|
||||
+#ifndef OPENSSL_NO_SSL3
|
||||
SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
|
||||
+#else
|
||||
+ Alert("SSLv3 support requested but unavailable.");
|
||||
+ cfgerr++;
|
||||
+#endif
|
||||
+ }
|
||||
if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10)
|
||||
SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method());
|
||||
#if SSL_OP_NO_TLSv1_1
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,26 +0,0 @@
|
||||
From e4766ba031e1fea8f2ca139316dc4e8209e960c2 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Jakots <vigdis@chown.me>
|
||||
Date: Wed, 29 Jul 2015 08:03:08 +0200
|
||||
Subject: [PATCH 04/11] DOC/MINOR: fix OpenBSD versions where haproxy works
|
||||
|
||||
(cherry picked from commit 17d228be14762b282e5262262c45ecee4c265552)
|
||||
---
|
||||
README | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/README b/README
|
||||
index add7f06..e267730 100644
|
||||
--- a/README
|
||||
+++ b/README
|
||||
@@ -39,7 +39,7 @@ and assign it to the TARGET variable :
|
||||
- solaris for Solaris 8 or 10 (others untested)
|
||||
- freebsd for FreeBSD 5 to 10 (others untested)
|
||||
- osx for Mac OS/X
|
||||
- - openbsd for OpenBSD 3.1 to 5.2 (others untested)
|
||||
+ - openbsd for OpenBSD 3.1 and above
|
||||
- aix51 for AIX 5.1
|
||||
- aix52 for AIX 5.2
|
||||
- cygwin for Cygwin
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,33 +0,0 @@
|
||||
From 955587271031d66e9b7a768e3bb18dae00b60cc6 Mon Sep 17 00:00:00 2001
|
||||
From: Thierry FOURNIER <tfournier@arpalert.org>
|
||||
Date: Wed, 8 Jul 2015 00:15:20 +0200
|
||||
Subject: [PATCH 05/11] BUG/MINOR: http/sample: gmtime/localtime can fail
|
||||
|
||||
The man said that gmtime() and localtime() can return a NULL value.
|
||||
This is not tested. It appears that all the values of a 32 bit integer
|
||||
are valid, but it is better to check the return of these functions.
|
||||
|
||||
However, if the integer move from 32 bits to 64 bits, some 64 values
|
||||
can be unsupported.
|
||||
(cherry picked from commit fac9ccfb705702f211f99e67d5f5d5129002086a)
|
||||
[wt: we only have sample_conv_date() in 1.5]
|
||||
---
|
||||
src/proto_http.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/proto_http.c b/src/proto_http.c
|
||||
index 5db64b5..02dc42b 100644
|
||||
--- a/src/proto_http.c
|
||||
+++ b/src/proto_http.c
|
||||
@@ -11249,6 +11249,8 @@ static int sample_conv_http_date(const struct arg *args, struct sample *smp)
|
||||
curr_date += args[0].data.sint;
|
||||
|
||||
tm = gmtime(&curr_date);
|
||||
+ if (!tm)
|
||||
+ return 0;
|
||||
|
||||
temp = get_trash_chunk();
|
||||
temp->len = snprintf(temp->str, temp->size - temp->len,
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,27 +0,0 @@
|
||||
From 6c7351bdd0778bc171a2b54faed058eadc8c9d0d Mon Sep 17 00:00:00 2001
|
||||
From: Baptiste Assmann <bedis9@gmail.com>
|
||||
Date: Mon, 3 Aug 2015 11:42:50 +0200
|
||||
Subject: [PATCH 06/11] DOC: typo in 'redirect', 302 code meaning
|
||||
|
||||
302 means a temprary move, not a permanent one
|
||||
(cherry picked from commit ea849c0cca63b1b56c9c36f9c3504caa5e826816)
|
||||
---
|
||||
doc/configuration.txt | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/doc/configuration.txt b/doc/configuration.txt
|
||||
index 64697a4..e8d8b2a 100644
|
||||
--- a/doc/configuration.txt
|
||||
+++ b/doc/configuration.txt
|
||||
@@ -5443,7 +5443,7 @@ redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>]
|
||||
is desired. Only codes 301, 302, 303, 307 and 308 are supported,
|
||||
with 302 used by default if no code is specified. 301 means
|
||||
"Moved permanently", and a browser may cache the Location. 302
|
||||
- means "Moved permanently" and means that the browser should not
|
||||
+ means "Moved temporarily" and means that the browser should not
|
||||
cache the redirection. 303 is equivalent to 302 except that the
|
||||
browser will fetch the location with a GET method. 307 is just
|
||||
like 302 but makes it clear that the same method must be reused.
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,27 +0,0 @@
|
||||
From c3453d53f2862b22d8c8e7d2399dfc38ec966aa4 Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Sun, 9 Aug 2015 10:56:35 +0200
|
||||
Subject: [PATCH 07/11] DOC: mention that %ms is left-padded with zeroes.
|
||||
|
||||
That's important to emit logs.
|
||||
(cherry picked from commit 812c88ec126e8fc4fc0f7853f265594d03c63956)
|
||||
---
|
||||
doc/configuration.txt | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/doc/configuration.txt b/doc/configuration.txt
|
||||
index e8d8b2a..1d95b5b 100644
|
||||
--- a/doc/configuration.txt
|
||||
+++ b/doc/configuration.txt
|
||||
@@ -12381,7 +12381,7 @@ Please refer to the table below for currently defined variables :
|
||||
| | %hrl | captured_request_headers CLF style | string list |
|
||||
| | %hs | captured_response_headers default style | string |
|
||||
| | %hsl | captured_response_headers CLF style | string list |
|
||||
- | | %ms | accept date milliseconds | numeric |
|
||||
+ | | %ms | accept date milliseconds (left-padded with 0) | numeric |
|
||||
| | %pid | PID | numeric |
|
||||
| H | %r | http_request | string |
|
||||
| | %rc | retries | numeric |
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,50 +0,0 @@
|
||||
From 1104336c0ba5f474fce8fe7c0125511b59f4dd3d Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Tue, 11 Aug 2015 11:20:45 +0200
|
||||
Subject: [PATCH 08/11] CLEANUP: .gitignore: ignore more test files
|
||||
|
||||
Exclude from "git status" many of the files that often result from
|
||||
development tests and bug reports reproducers.
|
||||
(cherry picked from commit de365a320ead43168e78facfa337130759783515)
|
||||
---
|
||||
.gitignore | 27 +++++++++++++++++++++++++++
|
||||
1 file changed, 27 insertions(+)
|
||||
|
||||
diff --git a/.gitignore b/.gitignore
|
||||
index 762f5ad..f6ccd0e 100644
|
||||
--- a/.gitignore
|
||||
+++ b/.gitignore
|
||||
@@ -18,3 +18,30 @@ make-*
|
||||
dlmalloc.c
|
||||
00*.patch
|
||||
*.service
|
||||
+*.bak
|
||||
+contrib/base64/base64rev
|
||||
+contrib/halog/halog
|
||||
+contrib/ip6range/ip6range
|
||||
+contrib/iprange/iprange
|
||||
+tests/test_hashes
|
||||
+/*.cfg
|
||||
+/*.conf
|
||||
+/*.diff
|
||||
+/*.patch
|
||||
+/*.c
|
||||
+/*.o
|
||||
+/*.so
|
||||
+/*.txt
|
||||
+/*.TXT
|
||||
+/*.txt.*
|
||||
+/*.prof
|
||||
+/*.gprof
|
||||
+/*.prof.*
|
||||
+/*.gprof.*
|
||||
+/*.tar
|
||||
+/*.tar.gz
|
||||
+/*.tgz
|
||||
+/*.mbox
|
||||
+/*.sh
|
||||
+/bug*
|
||||
+/TAGS
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,44 +0,0 @@
|
||||
From 5e077624951a65e6aae381c7213fc54984768dd4 Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Tue, 11 Aug 2015 11:21:47 +0200
|
||||
Subject: [PATCH 09/11] CLEANUP: .gitignore: finally ignore everything but what
|
||||
is known.
|
||||
|
||||
Still too many files remain, it's easier to block everything but
|
||||
what we know.
|
||||
(cherry picked from commit d71f1766bdbb041f80394662b0d293f033f93005)
|
||||
---
|
||||
.gitignore | 20 ++++++++++++++++++++
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/.gitignore b/.gitignore
|
||||
index f6ccd0e..1953ba3 100644
|
||||
--- a/.gitignore
|
||||
+++ b/.gitignore
|
||||
@@ -45,3 +45,23 @@ tests/test_hashes
|
||||
/*.sh
|
||||
/bug*
|
||||
/TAGS
|
||||
+# Below we forbid everything and only allow what we know, that's much easier
|
||||
+# than blocking about 500 different test files and bug report outputs.
|
||||
+/.*
|
||||
+/*
|
||||
+!/.gitignore
|
||||
+!/CHANGELOG
|
||||
+!/LICENSE
|
||||
+!/Makefile
|
||||
+!/README
|
||||
+!/ROADMAP
|
||||
+!/SUBVERS
|
||||
+!/VERDATE
|
||||
+!/VERSION
|
||||
+!/contrib
|
||||
+!/doc
|
||||
+!/ebtree
|
||||
+!/examples
|
||||
+!/include
|
||||
+!/src
|
||||
+!/tests
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,46 +0,0 @@
|
||||
From c7c1e55f09839727ba7defd37347fc500dabb202 Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Tue, 11 Aug 2015 11:36:45 +0200
|
||||
Subject: [PATCH 10/11] MEDIUM: config: emit a warning on a frontend without
|
||||
listener
|
||||
|
||||
Commit c6678e2 ("MEDIUM: config: authorize frontend and listen without bind")
|
||||
completely removed the test for bind lines in frontends in order to make it
|
||||
easier for automated tools to generate configs (eg: replacing a bind with
|
||||
another one passing via a temporary config without any bind line). The
|
||||
problem is that some common mistakes are totally hidden now. For example,
|
||||
this apparently valid entry is silently ignored :
|
||||
|
||||
listen 1.2.3.4:8000
|
||||
server s1 127.0.0.1:8000
|
||||
|
||||
Hint: 1.2.3.4:8000 is mistakenly the proxy name here.
|
||||
|
||||
Thus instead we now emit a warning to indicate that a frontend was found
|
||||
with no listener. This should be backported to 1.5 to help spot abnormal
|
||||
configurations.
|
||||
(cherry picked from commit f82d1ca2d7ec83804d6b54e61a35747ad2f85188)
|
||||
---
|
||||
src/cfgparse.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/cfgparse.c b/src/cfgparse.c
|
||||
index 2a5f178..d67edc5 100644
|
||||
--- a/src/cfgparse.c
|
||||
+++ b/src/cfgparse.c
|
||||
@@ -6193,6 +6193,12 @@ int check_config_validity()
|
||||
break;
|
||||
}
|
||||
|
||||
+ if ((curproxy->cap & PR_CAP_FE) && LIST_ISEMPTY(&curproxy->conf.listeners)) {
|
||||
+ Warning("config : %s '%s' has no 'bind' directive. Please declare it as a backend if this was intended.\n",
|
||||
+ proxy_type_str(curproxy), curproxy->id);
|
||||
+ err_code |= ERR_WARN;
|
||||
+ }
|
||||
+
|
||||
if ((curproxy->cap & PR_CAP_BE) && (curproxy->mode != PR_MODE_HEALTH)) {
|
||||
if (curproxy->lbprm.algo & BE_LB_KIND) {
|
||||
if (curproxy->options & PR_O_TRANSP) {
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,93 +0,0 @@
|
||||
From ee12145d38a7dee81a20cf232c724ccb7a46ad8b Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Tue, 18 Aug 2015 17:15:20 +0200
|
||||
Subject: [PATCH 11/11] BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0
|
||||
creates a missing entry
|
||||
|
||||
During 1.5-dev20 there was some code refactoring to make the src_* fetch
|
||||
function use the same code as sc_*. Unfortunately this introduced a
|
||||
regression where src_* doesn't create an entry anymore if it does not
|
||||
exist in the table. The reason is that smp_fetch_sc_stkctr() only calls
|
||||
stktable_lookup_key() while src_inc_*/src_clr_* used to make use of
|
||||
stktable_update_key() which additionally create the entry if it does
|
||||
not exist.
|
||||
|
||||
There's no point modifying the common function for these two exceptions,
|
||||
so instead we now have a function dedicated to the creation of this entry
|
||||
for src_* only. It is called when the entry didn't exist, so that requires
|
||||
minimal modifications to existing code.
|
||||
|
||||
Thanks to Thierry Fournier for helping diagnose the issue.
|
||||
|
||||
This fix must be backported to 1.5.
|
||||
(cherry picked from commit 0f4eadd4830279f5ee83aa545728fb750f5c8185)
|
||||
|
||||
[Note: the backport to 1.5 significantly differs from the version in 1.6
|
||||
since we need to use the table's type and to retrieve the source address
|
||||
directly from the connection. At least it matches the way other src_*
|
||||
fetch functions work, and it's been verified to work fine]
|
||||
---
|
||||
src/session.c | 33 +++++++++++++++++++++++++++++++++
|
||||
1 file changed, 33 insertions(+)
|
||||
|
||||
diff --git a/src/session.c b/src/session.c
|
||||
index 5b9e407..6d62e36 100644
|
||||
--- a/src/session.c
|
||||
+++ b/src/session.c
|
||||
@@ -2806,6 +2806,33 @@ smp_fetch_sc_stkctr(struct session *l4, const struct arg *args, const char *kw)
|
||||
return &l4->stkctr[num];
|
||||
}
|
||||
|
||||
+/* same as smp_fetch_sc_stkctr() but dedicated to src_* and can create
|
||||
+ * the entry if it doesn't exist yet. This is needed for a few fetch
|
||||
+ * functions which need to create an entry, such as src_inc_gpc* and
|
||||
+ * src_clr_gpc*.
|
||||
+ */
|
||||
+struct stkctr *
|
||||
+smp_create_src_stkctr(struct session *sess, const struct arg *args, const char *kw)
|
||||
+{
|
||||
+ static struct stkctr stkctr;
|
||||
+ struct stktable_key *key;
|
||||
+ struct connection *conn = objt_conn(sess->si[0].end);
|
||||
+
|
||||
+ if (strncmp(kw, "src_", 4) != 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ if (!conn)
|
||||
+ return NULL;
|
||||
+
|
||||
+ key = addr_to_stktable_key(&conn->addr.from, args->data.prx->table.type);
|
||||
+ if (!key)
|
||||
+ return NULL;
|
||||
+
|
||||
+ stkctr.table = &args->data.prx->table;
|
||||
+ stkctr_set_entry(&stkctr, stktable_update_key(stkctr.table, key));
|
||||
+ return &stkctr;
|
||||
+}
|
||||
+
|
||||
/* set return a boolean indicating if the requested session counter is
|
||||
* currently being tracked or not.
|
||||
* Supports being called as "sc[0-9]_tracked" only.
|
||||
@@ -2887,6 +2914,9 @@ smp_fetch_sc_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i
|
||||
if (!stkctr)
|
||||
return 0;
|
||||
|
||||
+ if (stkctr_entry(stkctr) == NULL)
|
||||
+ stkctr = smp_create_src_stkctr(l4, args, kw);
|
||||
+
|
||||
smp->flags = SMP_F_VOL_TEST;
|
||||
smp->type = SMP_T_UINT;
|
||||
smp->data.uint = 0;
|
||||
@@ -2924,6 +2954,9 @@ smp_fetch_sc_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i
|
||||
if (!stkctr)
|
||||
return 0;
|
||||
|
||||
+ if (stkctr_entry(stkctr) == NULL)
|
||||
+ stkctr = smp_create_src_stkctr(l4, args, kw);
|
||||
+
|
||||
smp->flags = SMP_F_VOL_TEST;
|
||||
smp->type = SMP_T_UINT;
|
||||
smp->data.uint = 0;
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,27 +0,0 @@
|
||||
From 2272b4ffde38c836adfd9a9b43ff5c019ef4190a Mon Sep 17 00:00:00 2001
|
||||
From: Thierry FOURNIER <tfournier@arpalert.org>
|
||||
Date: Wed, 26 Aug 2015 08:21:26 +0200
|
||||
Subject: [PATCH 12/13] DOC: ssl: missing LF
|
||||
|
||||
An error message miss LF
|
||||
(cherry picked from commit bc965348d7ccc0a306504232ab85dc240fd31fbf)
|
||||
---
|
||||
src/ssl_sock.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||
index 2ae45ec..8f698c0 100644
|
||||
--- a/src/ssl_sock.c
|
||||
+++ b/src/ssl_sock.c
|
||||
@@ -1760,7 +1760,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
|
||||
#else
|
||||
- Alert("SSLv3 support requested but unavailable.");
|
||||
+ Alert("SSLv3 support requested but unavailable.\n");
|
||||
cfgerr++;
|
||||
#endif
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,30 +0,0 @@
|
||||
From d3a93a932430bc1a4cd5d1350820c2bec706e26d Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Thu, 27 Aug 2015 17:15:05 +0200
|
||||
Subject: [PATCH 13/13] DOC: fix example of http-request using
|
||||
ssl_fc_session_id
|
||||
|
||||
It was missing the ",hex" resulting in raw binary data being dumped in
|
||||
the header or the logs. Now we know where these crazy logs originated
|
||||
from!
|
||||
(cherry picked from commit fca4261dacab51db960d30120f4bb4201f7e4a51)
|
||||
---
|
||||
doc/configuration.txt | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/doc/configuration.txt b/doc/configuration.txt
|
||||
index 1d95b5b..67d273b 100644
|
||||
--- a/doc/configuration.txt
|
||||
+++ b/doc/configuration.txt
|
||||
@@ -3135,7 +3135,7 @@ http-request { allow | deny | tarpit | auth [realm <realm>] | redirect <rule> |
|
||||
Example:
|
||||
http-request set-header X-Haproxy-Current-Date %T
|
||||
http-request set-header X-SSL %[ssl_fc]
|
||||
- http-request set-header X-SSL-Session_ID %[ssl_fc_session_id]
|
||||
+ http-request set-header X-SSL-Session_ID %[ssl_fc_session_id,hex]
|
||||
http-request set-header X-SSL-Client-Verify %[ssl_c_verify]
|
||||
http-request set-header X-SSL-Client-DN %{+Q}[ssl_c_s_dn]
|
||||
http-request set-header X-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,78 +0,0 @@
|
||||
From bcd033699c5a4904967652de4980e4f35f17ee34 Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Thu, 3 Sep 2015 17:15:21 +0200
|
||||
Subject: [PATCH 14/15] BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
|
||||
|
||||
When converting the "method" fetch to a string, we used to get an empty
|
||||
string if the first character was not an upper case. This was caused by
|
||||
the lookup function which returns HTTP_METH_NONE when a lookup is not
|
||||
possible, and this method being mapped to an empty string in the array.
|
||||
|
||||
This is a totally stupid mechanism, there's no reason for having the
|
||||
result depend on the first char. In fact the message parser already
|
||||
checks that the syntax matches an HTTP token so we can only land there
|
||||
with a valid token, hence only HTTP_METH_OTHER should be returned.
|
||||
|
||||
This fix should be backported to all actively supported branches.
|
||||
(cherry picked from commit b7ce424be2bc9df73a3b971fa9dd6daea0332bf1)
|
||||
---
|
||||
include/types/proto_http.h | 1 -
|
||||
src/proto_http.c | 11 ++++-------
|
||||
2 files changed, 4 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/include/types/proto_http.h b/include/types/proto_http.h
|
||||
index a5a5d31..dbce972 100644
|
||||
--- a/include/types/proto_http.h
|
||||
+++ b/include/types/proto_http.h
|
||||
@@ -219,7 +219,6 @@ enum {
|
||||
|
||||
/* Known HTTP methods */
|
||||
enum http_meth_t {
|
||||
- HTTP_METH_NONE = 0,
|
||||
HTTP_METH_OPTIONS,
|
||||
HTTP_METH_GET,
|
||||
HTTP_METH_HEAD,
|
||||
diff --git a/src/proto_http.c b/src/proto_http.c
|
||||
index 02dc42b..46694cb 100644
|
||||
--- a/src/proto_http.c
|
||||
+++ b/src/proto_http.c
|
||||
@@ -361,12 +361,11 @@ const struct http_method_desc http_methods[26][3] = {
|
||||
[0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
|
||||
},
|
||||
/* rest is empty like this :
|
||||
- * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
|
||||
+ * [0] = { .meth = HTTP_METH_OTHER , .len=0, .text="" },
|
||||
*/
|
||||
};
|
||||
|
||||
const struct http_method_name http_known_methods[HTTP_METH_OTHER] = {
|
||||
- [HTTP_METH_NONE] = { "", 0 },
|
||||
[HTTP_METH_OPTIONS] = { "OPTIONS", 7 },
|
||||
[HTTP_METH_GET] = { "GET", 3 },
|
||||
[HTTP_METH_HEAD] = { "HEAD", 4 },
|
||||
@@ -793,8 +792,8 @@ struct chunk *http_error_message(struct session *s, int msgnum)
|
||||
}
|
||||
|
||||
/*
|
||||
- * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
|
||||
- * string), HTTP_METH_OTHER for unknown methods, or the identified method.
|
||||
+ * returns a known method among HTTP_METH_* or HTTP_METH_OTHER for all unknown
|
||||
+ * ones.
|
||||
*/
|
||||
enum http_meth_t find_http_meth(const char *str, const int len)
|
||||
{
|
||||
@@ -810,10 +809,8 @@ enum http_meth_t find_http_meth(const char *str, const int len)
|
||||
if (likely(memcmp(str, h->text, h->len) == 0))
|
||||
return h->meth;
|
||||
};
|
||||
- return HTTP_METH_OTHER;
|
||||
}
|
||||
- return HTTP_METH_NONE;
|
||||
-
|
||||
+ return HTTP_METH_OTHER;
|
||||
}
|
||||
|
||||
/* Parse the URI from the given transaction (which is assumed to be in request
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,49 +0,0 @@
|
||||
From 3f34b5539e7ba31e44055d853b9ba496e73e0bae Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Mon, 7 Sep 2015 19:32:33 +0200
|
||||
Subject: [PATCH 15/15] BUG/MAJOR: http: don't call http_send_name_header()
|
||||
after an error
|
||||
|
||||
A crash was reported when using the "famous" http-send-name-header
|
||||
directive. This time it's a bit tricky, it requires a certain number of
|
||||
conditions to be met including maxconn on a server, queuing, timeout in
|
||||
the queue and cookie-based persistence.
|
||||
|
||||
The problem is that in stream.c, before calling http_send_name_header(),
|
||||
we check a number of conditions to know if we have to replace the header
|
||||
name. But prior to reaching this place, it's possible for
|
||||
sess_update_stream_int() to fail and change the stream-int's state to
|
||||
SI_ST_CLO, send an error 503 to the client, and flush all buffers. But
|
||||
http_send_name_header() can only be called with valid buffer contents
|
||||
matching the http_msg's description. So when it rewinds the stream to
|
||||
modify the header, buf->o becomes negative by the size of the incoming
|
||||
request and is used as the argument to memmove() which basically
|
||||
displaces 4GB of memory off a few bytes to write the new name, resulting
|
||||
in a core and a core file that's really not fun to play with.
|
||||
|
||||
The solution obviously consists in refraining from calling this nasty
|
||||
function when the stream interface is already closed.
|
||||
|
||||
This bug also affects 1.5 and possibly 1.4, so the fix must be backported
|
||||
there.
|
||||
(cherry picked from commit 9c03b33329cb4924716edc1c851913a18b0670dc)
|
||||
---
|
||||
src/session.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/session.c b/src/session.c
|
||||
index 6d62e36..7520a85 100644
|
||||
--- a/src/session.c
|
||||
+++ b/src/session.c
|
||||
@@ -2293,7 +2293,7 @@ struct task *process_session(struct task *t)
|
||||
|
||||
/* Now we can add the server name to a header (if requested) */
|
||||
/* check for HTTP mode and proxy server_name_hdr_name != NULL */
|
||||
- if ((s->si[1].state >= SI_ST_CON) &&
|
||||
+ if ((s->si[1].state >= SI_ST_CON) && (s->si[1].state < SI_ST_CLO) &&
|
||||
(s->be->server_id_hdr_name != NULL) &&
|
||||
(s->be->mode == PR_MODE_HTTP) &&
|
||||
objt_server(s->target)) {
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,32 +0,0 @@
|
||||
Index: examples/examples.cfg
|
||||
===================================================================
|
||||
--- examples/examples.cfg.orig
|
||||
+++ examples/examples.cfg
|
||||
@@ -3,8 +3,8 @@
|
||||
# log 127.0.0.1 local1
|
||||
maxconn 4000
|
||||
ulimit-n 8000
|
||||
- uid 0
|
||||
- gid 0
|
||||
+ user haproxy
|
||||
+ group haproxy
|
||||
# chroot /tmp
|
||||
# nbproc 2
|
||||
# daemon
|
||||
Index: examples/haproxy.cfg
|
||||
===================================================================
|
||||
--- examples/haproxy.cfg.orig
|
||||
+++ examples/haproxy.cfg
|
||||
@@ -5,9 +5,9 @@
|
||||
log 127.0.0.1 local1 notice
|
||||
#log loghost local0 info
|
||||
maxconn 4096
|
||||
- chroot /usr/share/haproxy
|
||||
- uid 99
|
||||
- gid 99
|
||||
+ chroot /var/lib/haproxy
|
||||
+ user haproxy
|
||||
+ group haproxy
|
||||
daemon
|
||||
#debug
|
||||
#quiet
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9565dd38649064d0350a2883fa81ccfe92eb17dcda457ebdc01535e1ab0c8f99
|
||||
size 1345345
|
@ -1,76 +0,0 @@
|
||||
diff -Ndur haproxy-1.5.8/examples/build.cfg haproxy-1.5.8-fix-bashisms/examples/build.cfg
|
||||
--- haproxy-1.5.8/examples/build.cfg 2014-10-31 11:06:53.000000000 +0200
|
||||
+++ haproxy-1.5.8-fix-bashisms/examples/build.cfg 2014-11-17 04:09:42.408078486 +0200
|
||||
@@ -5,12 +5,12 @@
|
||||
PATCH_LIST=
|
||||
FILE_LIST=
|
||||
|
||||
-function do_compile_only {
|
||||
+do_compile_only() {
|
||||
$FLXMAKE CPU_OPTS="-march=$arch -mcpu=$cpu -Os -mpreferred-stack-boundary=2 -momit-leaf-frame-pointer -malign-jumps=0" \
|
||||
TARGET=linux24
|
||||
}
|
||||
|
||||
-function do_prepack {
|
||||
+do_prepack() {
|
||||
mkdir -p $ROOTDIR/sbin/init.d ; cp examples/init.haproxy.flx0 $ROOTDIR/sbin/init.d/haproxy
|
||||
mkdir -p $ROOTDIR/usr/sbin ; cp haproxy $ROOTDIR/usr/sbin
|
||||
mkdir -p $ROOTDIR/usr/share/examples/$PKGRADIX/$PKGRADIX-$PKGVER/etc/haproxy/
|
||||
diff -Ndur haproxy-1.5.8/examples/haproxy-1.1.21-flx.1.pkg haproxy-1.5.8-fix-bashisms/examples/haproxy-1.1.21-flx.1.pkg
|
||||
--- haproxy-1.5.8/examples/haproxy-1.1.21-flx.1.pkg 2014-10-31 11:06:53.000000000 +0200
|
||||
+++ haproxy-1.5.8-fix-bashisms/examples/haproxy-1.1.21-flx.1.pkg 2014-11-17 04:09:28.396079434 +0200
|
||||
@@ -1,10 +1,10 @@
|
||||
#!/bin/sh
|
||||
|
||||
-function do_compile {
|
||||
+do_compile() {
|
||||
$FLXMAKE COPTS="-march=$arch -mcpu=$cpu -Os -mpreferred-stack-boundary=2 -momit-leaf-frame-pointer -malign-jumps=0 -DNETFILTER -DTRANSPARENT"
|
||||
}
|
||||
|
||||
-function do_prepack {
|
||||
+do_prepack() {
|
||||
mkdir -p $ROOTDIR/sbin/init.d ; cp init.d/haproxy $ROOTDIR/sbin/init.d
|
||||
mkdir -p $ROOTDIR/usr/sbin ; cp haproxy $ROOTDIR/usr/sbin
|
||||
mkdir -p $ROOTDIR/usr/share/examples/$PKGRADIX/$PKGRADIX-$PKGVER/etc
|
||||
diff -Ndur haproxy-1.5.8/examples/haproxy.init haproxy-1.5.8-fix-bashisms/examples/haproxy.init
|
||||
--- haproxy-1.5.8/examples/haproxy.init 2014-10-31 11:06:53.000000000 +0200
|
||||
+++ haproxy-1.5.8-fix-bashisms/examples/haproxy.init 2014-11-17 04:10:05.127076949 +0200
|
||||
@@ -116,7 +116,7 @@
|
||||
check
|
||||
;;
|
||||
*)
|
||||
- echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
|
||||
+ echo "Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
|
||||
exit 1
|
||||
esac
|
||||
|
||||
diff -Ndur haproxy-1.5.8/examples/init.haproxy haproxy-1.5.8-fix-bashisms/examples/init.haproxy
|
||||
--- haproxy-1.5.8/examples/init.haproxy 2014-10-31 11:06:53.000000000 +0200
|
||||
+++ haproxy-1.5.8-fix-bashisms/examples/init.haproxy 2014-11-17 04:10:58.897073312 +0200
|
||||
@@ -19,7 +19,7 @@
|
||||
maintfd=0
|
||||
fi
|
||||
|
||||
-maxfd=$[$maxconn*2 + $maintfd]
|
||||
+maxfd=$(($maxconn * 2 + $maintfd))
|
||||
if [ $maxfd -lt 100 ]; then
|
||||
maxfd=100;
|
||||
fi
|
||||
@@ -31,7 +31,7 @@
|
||||
# ulimit -c unlimited
|
||||
|
||||
# soft stop
|
||||
-function do_stop {
|
||||
+do_stop() {
|
||||
pids=`pidof -o $$ -- $PNAME`
|
||||
if [ ! -z "$pids" ]; then
|
||||
echo "Asking $PNAME to terminate gracefully..."
|
||||
@@ -41,7 +41,7 @@
|
||||
}
|
||||
|
||||
# dump status
|
||||
-function do_status {
|
||||
+do_status() {
|
||||
pids=`pidof -o $$ -- $PNAME`
|
||||
if [ ! -z "$pids" ]; then
|
||||
echo "Dumping $PNAME status in logs."
|
@ -2,7 +2,7 @@ Index: Makefile
|
||||
===================================================================
|
||||
--- Makefile.orig
|
||||
+++ Makefile
|
||||
@@ -567,7 +567,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US
|
||||
@@ -644,7 +644,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US
|
||||
PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local)
|
||||
ifneq ($(PCREDIR),)
|
||||
PCRE_INC := $(PCREDIR)/include
|
@ -1,8 +1,8 @@
|
||||
Index: Makefile
|
||||
===================================================================
|
||||
--- Makefile.orig 2014-06-05 19:23:53.559663353 +0200
|
||||
+++ Makefile 2014-06-05 19:29:01.679662808 +0200
|
||||
@@ -594,6 +594,35 @@ OPTIONS_CFLAGS += -DUSE_TFO
|
||||
--- Makefile.orig
|
||||
+++ Makefile
|
||||
@@ -671,6 +671,35 @@ OPTIONS_CFLAGS += -DUSE_TFO
|
||||
BUILD_OPTIONS += $(call ignore_implicit,USE_TFO)
|
||||
endif
|
||||
|
95
haproxy-1.6.0_config_haproxy_user.patch
Normal file
95
haproxy-1.6.0_config_haproxy_user.patch
Normal file
@ -0,0 +1,95 @@
|
||||
Index: haproxy-1.6.0/examples/acl-content-sw.cfg
|
||||
===================================================================
|
||||
--- haproxy-1.6.0.orig/examples/acl-content-sw.cfg
|
||||
+++ haproxy-1.6.0/examples/acl-content-sw.cfg
|
||||
@@ -5,9 +5,9 @@ global
|
||||
log loghost local0
|
||||
log localhost local0 err
|
||||
maxconn 250
|
||||
- uid 71
|
||||
- gid 71
|
||||
- chroot /var/empty
|
||||
+ user haproxy
|
||||
+ group haproxy
|
||||
+ chroot /var/lib/haproxy
|
||||
pidfile /var/run/haproxy.pid
|
||||
daemon
|
||||
quiet
|
||||
Index: haproxy-1.6.0/examples/auth.cfg
|
||||
===================================================================
|
||||
--- haproxy-1.6.0.orig/examples/auth.cfg
|
||||
+++ haproxy-1.6.0/examples/auth.cfg
|
||||
@@ -1,7 +1,7 @@
|
||||
global
|
||||
-# chroot /var/empty/
|
||||
-# uid 451
|
||||
-# gid 451
|
||||
+ user haproxy
|
||||
+ group haproxy
|
||||
+ chroot /var/lib/haproxy
|
||||
log 192.168.131.214:8514 local4 debug
|
||||
maxconn 8192
|
||||
|
||||
Index: haproxy-1.6.0/examples/content-sw-sample.cfg
|
||||
===================================================================
|
||||
--- haproxy-1.6.0.orig/examples/content-sw-sample.cfg
|
||||
+++ haproxy-1.6.0/examples/content-sw-sample.cfg
|
||||
@@ -11,9 +11,9 @@ global
|
||||
maxconn 10000
|
||||
stats socket /var/run/haproxy.stat mode 600 level admin
|
||||
log 127.0.0.1 local0
|
||||
- uid 200
|
||||
- gid 200
|
||||
- chroot /var/empty
|
||||
+ user haproxy
|
||||
+ group haproxy
|
||||
+ chroot /var/lib/haproxy
|
||||
daemon
|
||||
|
||||
# The public 'www' address in the DMZ
|
||||
Index: haproxy-1.6.0/examples/option-http_proxy.cfg
|
||||
===================================================================
|
||||
--- haproxy-1.6.0.orig/examples/option-http_proxy.cfg
|
||||
+++ haproxy-1.6.0/examples/option-http_proxy.cfg
|
||||
@@ -6,9 +6,9 @@ global
|
||||
maxconn 20000
|
||||
ulimit-n 16384
|
||||
log 127.0.0.1 local0
|
||||
- uid 200
|
||||
- gid 200
|
||||
- chroot /var/empty
|
||||
+ chroot /var/lib/haproxy
|
||||
+ user haproxy
|
||||
+ group haproxy
|
||||
nbproc 4
|
||||
daemon
|
||||
|
||||
Index: haproxy-1.6.0/examples/ssl.cfg
|
||||
===================================================================
|
||||
--- haproxy-1.6.0.orig/examples/ssl.cfg
|
||||
+++ haproxy-1.6.0/examples/ssl.cfg
|
||||
@@ -4,6 +4,9 @@
|
||||
|
||||
global
|
||||
maxconn 100
|
||||
+ chroot /var/lib/haproxy
|
||||
+ user haproxy
|
||||
+ group haproxy
|
||||
|
||||
defaults
|
||||
mode http
|
||||
Index: haproxy-1.6.0/examples/transparent_proxy.cfg
|
||||
===================================================================
|
||||
--- haproxy-1.6.0.orig/examples/transparent_proxy.cfg
|
||||
+++ haproxy-1.6.0/examples/transparent_proxy.cfg
|
||||
@@ -6,6 +6,10 @@
|
||||
#
|
||||
|
||||
global
|
||||
+ chroot /var/lib/haproxy
|
||||
+ user haproxy
|
||||
+ group haproxy
|
||||
+
|
||||
defaults
|
||||
timeout client 30s
|
||||
timeout server 30s
|
3
haproxy-1.6.2.tar.gz
Normal file
3
haproxy-1.6.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:bd4a7eee79e1bfd25af59d956bb60e82acbb6f146f3fb3b30636036f4c9548d3
|
||||
size 1538976
|
35
haproxy.cfg
Normal file
35
haproxy.cfg
Normal file
@ -0,0 +1,35 @@
|
||||
global
|
||||
log /dev/log daemon
|
||||
maxconn 32768
|
||||
chroot /var/lib/haproxy
|
||||
user haproxy
|
||||
group haproxy
|
||||
daemon
|
||||
stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
|
||||
tune.bufsize 32768
|
||||
tune.ssl.default-dh-param 2048
|
||||
ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
|
||||
defaults
|
||||
log global
|
||||
mode http
|
||||
option log-health-checks
|
||||
option log-separate-errors
|
||||
option dontlog-normal
|
||||
option dontlognull
|
||||
option httplog
|
||||
option socket-stats
|
||||
retries 3
|
||||
option redispatch
|
||||
maxconn 10000
|
||||
timeout connect 5s
|
||||
timeout client 50s
|
||||
timeout server 450s
|
||||
|
||||
listen stats
|
||||
bind 0.0.0.0:80
|
||||
bind :::80 v6only
|
||||
stats enable
|
||||
stats uri /
|
||||
stats refresh 5s
|
||||
rspadd Server:\ haproxy/1.6
|
120
haproxy.changes
120
haproxy.changes
@ -1,3 +1,123 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 10 14:50:26 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
- fix link to tarball
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 3 12:02:19 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
- update to 1.6.2
|
||||
- BUILD: ssl: fix build error introduced in commit 7969a3 with
|
||||
OpenSSL < 1.0.0
|
||||
- DOC: fix a typo for a "deviceatlas" keyword
|
||||
- FIX: small typo in an example using the "Referer" header
|
||||
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
|
||||
- BUG/MAJOR: dns: first DNS response packet not matching queried
|
||||
hostname may lead to a loop
|
||||
- BUG/MINOR: dns: unable to parse CNAMEs response
|
||||
- BUG/MINOR: examples/haproxy.init: missing brace in
|
||||
quiet_check()
|
||||
- DOC: deviceatlas: more example use cases.
|
||||
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
|
||||
install-bin.
|
||||
- BUG/MAJOR: http: don't requeue an idle connection that is
|
||||
already queued
|
||||
- DOC: typo on capture.res.hdr and capture.req.hdr
|
||||
- BUG/MINOR: dns: check for duplicate nameserver id in a
|
||||
resolvers section was missing
|
||||
- CLEANUP: use direction names in place of numeric values
|
||||
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
|
||||
- drop haproxy-1.6.0-ssl-098.patch: included upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 22 10:21:00 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
- update to 1.6.1
|
||||
- DOC: specify that stats socket doc (section 9.2) is in
|
||||
management
|
||||
- BUILD: install only relevant and existing documentation
|
||||
- CLEANUP: don't ignore debian/ directory if present
|
||||
- BUG/MINOR: dns: parsing error of some DNS response
|
||||
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
|
||||
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
|
||||
disabled
|
||||
- MEDIUM: dns: Don't use the ANY query type
|
||||
- drop haproxy-1.6.0-ssl.crash.patch included in update
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 19 16:15:57 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
- add haproxy-1.6.0-ssl-098.patch:
|
||||
fix building on openssl 0.9.8
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 16 17:16:40 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
- added haproxy-1.6.0-ssl.crash.patch: fix SNI related crash
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 15 23:19:33 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
- only use network namespace support on distros newer than 13.2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 13 19:39:12 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
- update to 1.6.0
|
||||
The most user-visible changes, we can cite the simpler handling
|
||||
of multiple configuration files, the support for quotes and
|
||||
environment variables in the configuration, a significant
|
||||
reduction of the memory usage thanks to a new dynamic buffer
|
||||
allocator, notifications over e-mail, server state keeping across
|
||||
reloads, dynamic DNS-based server address resolution, new
|
||||
scripting capabilities thanks to the embedded Lua interpreter,
|
||||
use of variables in the configuration to manipulate samples,
|
||||
request body buffering and analysis, support for two third-party
|
||||
device identification products (DeviceAtlas and 51Degrees), a lot
|
||||
of new sample converters including arithmetic operators and table
|
||||
lookups, TLS ticket secret sharing between nodes, TLS SNI to the
|
||||
server, full tables replication between peers, ability to
|
||||
instruct the kernel to quickly kill dead connections, support for
|
||||
Linux namespaces, and a number of other less visible goodies. The
|
||||
performance has also been improved a lot with support for server
|
||||
connection multiplexing, much faster and cheaper HTTP compression
|
||||
via libslz, and the addition of a pattern cache to speed up
|
||||
certain expensive ACLs. The great flexibility offered by this
|
||||
version will allow many users to significantly simplify their
|
||||
configurations. Some users will notice a huge performance boost
|
||||
after they enable the features designed for them.
|
||||
|
||||
for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
||||
- drop patches we pulled from upstream git:
|
||||
0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
|
||||
0002-DOC-usesrc-root-privileges-requirements.patch
|
||||
0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
|
||||
0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
|
||||
0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
|
||||
0006-DOC-typo-in-redirect-302-code-meaning.patch
|
||||
0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
|
||||
0008-CLEANUP-.gitignore-ignore-more-test-files.patch
|
||||
0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
|
||||
0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
|
||||
0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
|
||||
0012-DOC-ssl-missing-LF.patch
|
||||
0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
|
||||
0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
|
||||
0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
|
||||
- refresh/redo patches to apply cleanly again:
|
||||
old: haproxy-1.2.16_config_haproxy_user.patch
|
||||
new: haproxy-1.6.0_config_haproxy_user.patch
|
||||
old: haproxy-makefile_lib.patch
|
||||
new: haproxy-1.6.0-makefile_lib.patch
|
||||
old: sec-options.patch
|
||||
new: haproxy-1.6.0-sec-options.patch
|
||||
- added new haproxy.cfg to have a minimal config we can actually
|
||||
launch!
|
||||
- drop patch haproxy-1.5.8-fix-bashisms.patch: patched files no
|
||||
longer exist
|
||||
- drop haproxy.vim: we will use the copy which ships with the
|
||||
upstream tarball now.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 23 19:26:54 UTC 2015 - dmueller@suse.com
|
||||
|
||||
|
124
haproxy.spec
124
haproxy.spec
@ -19,6 +19,14 @@
|
||||
%bcond_with tcp_fast_open
|
||||
%endif
|
||||
|
||||
%if 0%{?suse_version} > 1320
|
||||
%bcond_without lua
|
||||
%bcond_without network_namespace
|
||||
%else
|
||||
%bcond_with lua
|
||||
%bcond_with network_namespace
|
||||
%endif
|
||||
|
||||
%if 0%{?suse_version} >= 1310
|
||||
%bcond_without systemd
|
||||
%else
|
||||
@ -33,12 +41,15 @@
|
||||
%bcond_without apparmor
|
||||
|
||||
Name: haproxy
|
||||
Version: 1.5.14
|
||||
Version: 1.6.2
|
||||
Release: 0
|
||||
#
|
||||
#
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: libgcrypt-devel
|
||||
%if %{with lua}
|
||||
BuildRequires: lua-devel >= 5.3
|
||||
%endif
|
||||
BuildRequires: pcre-devel
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: openssl-devel
|
||||
@ -52,46 +63,14 @@ BuildRequires: vim
|
||||
%define pkg_home /var/lib/%{pkg_name}
|
||||
#
|
||||
Url: http://www.haproxy.org/
|
||||
Source: http://www.haproxy.org/download/1.5/src/haproxy-%{version}.tar.gz
|
||||
Source: http://www.haproxy.org/download/1.6/src/haproxy-%{version}.tar.gz
|
||||
Source1: %{pkg_name}.init
|
||||
Source2: http://www.haproxy.org/download/contrib/haproxy.vim
|
||||
Source3: usr.sbin.haproxy.apparmor
|
||||
Source4: local.usr.sbin.haproxy.apparmor
|
||||
Patch1: haproxy-1.2.16_config_haproxy_user.patch
|
||||
Patch2: haproxy-makefile_lib.patch
|
||||
Patch3: sec-options.patch
|
||||
Patch4: haproxy-1.5.8-fix-bashisms.patch
|
||||
# BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
|
||||
Patch5: 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
|
||||
# DOC: usesrc root privileges requirements
|
||||
Patch6: 0002-DOC-usesrc-root-privileges-requirements.patch
|
||||
# BUILD: ssl: Allow building against libssl without SSLv3.
|
||||
Patch7: 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
|
||||
# DOC/MINOR: fix OpenBSD versions where haproxy works
|
||||
Patch8: 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
|
||||
# BUG/MINOR: http/sample: gmtime/localtime can fail
|
||||
Patch9: 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
|
||||
# DOC: typo in 'redirect', 302 code meaning
|
||||
Patch10: 0006-DOC-typo-in-redirect-302-code-meaning.patch
|
||||
# DOC: mention that %ms is left-padded with zeroes.
|
||||
Patch11: 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
|
||||
# CLEANUP: .gitignore: ignore more test files
|
||||
Patch12: 0008-CLEANUP-.gitignore-ignore-more-test-files.patch
|
||||
# CLEANUP: .gitignore: finally ignore everything but what is known.
|
||||
Patch13: 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
|
||||
# MEDIUM: config: emit a warning on a frontend without listener
|
||||
Patch14: 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
|
||||
# BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry
|
||||
Patch15: 0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
|
||||
# DOC: ssl: missing LF
|
||||
Patch16: 0012-DOC-ssl-missing-LF.patch
|
||||
# DOC: fix example of http-request using ssl_fc_session_id
|
||||
Patch17: 0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
|
||||
# BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
|
||||
Patch18: 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
|
||||
# BUG/MAJOR: http: don't call http_send_name_header() after an error
|
||||
Patch19: 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
|
||||
|
||||
Source2: usr.sbin.haproxy.apparmor
|
||||
Source3: local.usr.sbin.haproxy.apparmor
|
||||
Source4: haproxy.cfg
|
||||
Patch1: haproxy-1.6.0_config_haproxy_user.patch
|
||||
Patch2: haproxy-1.6.0-makefile_lib.patch
|
||||
Patch3: haproxy-1.6.0-sec-options.patch
|
||||
#
|
||||
Source99: haproxy-rpmlintrc
|
||||
#
|
||||
@ -122,25 +101,9 @@ the most work done from every CPU cycle.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1
|
||||
%patch1 -p1
|
||||
%patch2
|
||||
%patch3
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
|
||||
%build
|
||||
%{__make} \
|
||||
@ -157,6 +120,10 @@ the most work done from every CPU cycle.
|
||||
%ifarch %ix86
|
||||
USE_REGPARM=1 \
|
||||
%endif
|
||||
USE_PTHREAD_PSHARED=1 \
|
||||
%if %{with lua}
|
||||
USE_LUA=1 \
|
||||
%endif
|
||||
USE_TPROXY=1 \
|
||||
USE_LINUX_TPROXY=1 \
|
||||
USE_LINUX_SPLICE=1 \
|
||||
@ -167,9 +134,12 @@ the most work done from every CPU cycle.
|
||||
USE_PIE=1 \
|
||||
USE_STACKPROTECTOR=1 \
|
||||
USE_RELRO_NOW=1 \
|
||||
%if %{with tcp_fast_open}
|
||||
%if %{with tcp_fast_open}
|
||||
USE_TFO=1 \
|
||||
%endif
|
||||
%endif
|
||||
%if %{with network_namespace}
|
||||
USE_NS=1 \
|
||||
%endif
|
||||
LIB="%{_lib}" \
|
||||
PREFIX="%{_prefix}" \
|
||||
DEBUG_CFLAGS="%{optflags}"
|
||||
@ -178,28 +148,30 @@ make -C contrib/halog PREFIX="%{_prefix}" \
|
||||
DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"
|
||||
|
||||
%install
|
||||
%{__install} -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name}
|
||||
%{__install} -D -m 0644 examples/%{pkg_name}.cfg %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
|
||||
install -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name}
|
||||
install -d -m 0750 %{buildroot}%{_sysconfdir}/%{pkg_name}/
|
||||
install -m 0640 %{S:4} %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
|
||||
|
||||
install -D -m 0755 contrib/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
|
||||
|
||||
%{__install} -D -m 0755 contrib/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
|
||||
%if %{with systemd}
|
||||
%{__install} -D -m 0755 haproxy-systemd-wrapper %{buildroot}%{_sbindir}/haproxy-systemd-wrapper
|
||||
%{__install} -D -m 0644 contrib/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service
|
||||
install -D -m 0755 haproxy-systemd-wrapper %{buildroot}%{_sbindir}/haproxy-systemd-wrapper
|
||||
install -D -m 0644 contrib/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service
|
||||
ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
|
||||
%else
|
||||
%{__install} -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
|
||||
%{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
|
||||
install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
|
||||
%{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
|
||||
%endif
|
||||
|
||||
%{__install} -d -m 0755 %{buildroot}%{pkg_home}
|
||||
%{__install} -D -m 0644 %{S:2} %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
|
||||
%{__install} -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1
|
||||
install -d -m 0755 %{buildroot}%{pkg_home}
|
||||
install -D -m 0644 examples/haproxy.vim %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
|
||||
install -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1
|
||||
%if %{with apparmor}
|
||||
%{__install} -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
|
||||
%{__install} -D -m 0644 %{S:4} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
|
||||
install -D -m 0644 %{S:2} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
|
||||
install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
|
||||
%endif
|
||||
|
||||
%{__rm} examples/haproxy.spec
|
||||
rm examples/haproxy.spec examples/*init* examples/haproxy.vim
|
||||
|
||||
%if 0%{?suse_version} < 1230
|
||||
%clean
|
||||
@ -241,18 +213,14 @@ ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
|
||||
%doc CHANGELOG README LICENSE
|
||||
%doc ROADMAP doc/* examples/
|
||||
%doc contrib/netsnmp-perl/ contrib/selinux/
|
||||
%dir %{_sysconfdir}/%{pkg_name}
|
||||
%config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
|
||||
%dir %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
|
||||
%config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/*
|
||||
%if %{with systemd}
|
||||
%{_unitdir}/%{pkg_name}.service
|
||||
%{_sbindir}/haproxy-systemd-wrapper
|
||||
|
||||
%else
|
||||
|
||||
%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
|
||||
|
||||
%endif
|
||||
|
||||
%{_sbindir}/haproxy
|
||||
%{_sbindir}/haproxy-halog
|
||||
%{_sbindir}/rchaproxy
|
||||
|
164
haproxy.vim
164
haproxy.vim
@ -1,164 +0,0 @@
|
||||
" Vim syntax file
|
||||
" Language: HAproxy
|
||||
" Maintainer: Bruno Michel <brmichel@free.fr>
|
||||
" Last Change: Mar 30, 2007
|
||||
" Version: 0.3
|
||||
" URL: http://haproxy.1wt.eu/
|
||||
" URL: http://vim.sourceforge.net/scripts/script.php?script_id=1845
|
||||
|
||||
" It is suggested to add the following line to $HOME/.vimrc :
|
||||
" au BufRead,BufNewFile haproxy* set ft=haproxy
|
||||
|
||||
" For version 5.x: Clear all syntax items
|
||||
" For version 6.x: Quit when a syntax file was already loaded
|
||||
if version < 600
|
||||
syntax clear
|
||||
elseif exists("b:current_syntax")
|
||||
finish
|
||||
endif
|
||||
|
||||
if version >= 600
|
||||
setlocal iskeyword=_,-,a-z,A-Z,48-57
|
||||
else
|
||||
set iskeyword=_,-,a-z,A-Z,48-57
|
||||
endif
|
||||
|
||||
|
||||
" Escaped chars
|
||||
syn match hapEscape +\\\(\\\| \|n\|r\|t\|#\|x\x\x\)+
|
||||
|
||||
" Comments
|
||||
syn match hapComment /#.*$/ contains=hapTodo
|
||||
syn keyword hapTodo contained TODO FIXME XXX
|
||||
syn case ignore
|
||||
|
||||
" Sections
|
||||
syn match hapSection /^\s*\(global\|defaults\)/
|
||||
syn match hapSection /^\s*\(listen\|frontend\|backend\|ruleset\)/ skipwhite nextgroup=hapSectLabel
|
||||
syn match hapSectLabel /\S\+/ skipwhite nextgroup=hapIp1 contained
|
||||
syn match hapIp1 /\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/ nextgroup=hapIp2 contained
|
||||
syn match hapIp2 /,\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/hs=s+1 nextgroup=hapIp2 contained
|
||||
|
||||
" Parameters
|
||||
syn keyword hapParam chroot cliexp clitimeout contimeout
|
||||
syn keyword hapParam daemon debug disabled
|
||||
syn keyword hapParam enabled
|
||||
syn keyword hapParam fullconn
|
||||
syn keyword hapParam gid grace
|
||||
syn keyword hapParam maxconn monitor-uri
|
||||
syn keyword hapParam nbproc noepoll nopoll
|
||||
syn keyword hapParam pidfile
|
||||
syn keyword hapParam quiet
|
||||
syn keyword hapParam redispatch retries
|
||||
syn keyword hapParam reqallow reqdel reqdeny reqpass reqtarpit skipwhite nextgroup=hapRegexp
|
||||
syn keyword hapParam reqiallow reqidel reqideny reqipass reqitarpit skipwhite nextgroup=hapRegexp
|
||||
syn keyword hapParam rspdel rspdeny skipwhite nextgroup=hapRegexp
|
||||
syn keyword hapParam rspidel rspideny skipwhite nextgroup=hapRegexp
|
||||
syn keyword hapParam reqsetbe reqisetbe skipwhite nextgroup=hapRegexp2
|
||||
syn keyword hapParam reqadd reqiadd rspadd rspiadd
|
||||
syn keyword hapParam server source srvexp srvtimeout
|
||||
syn keyword hapParam uid ulimit-n
|
||||
syn keyword hapParam reqrep reqirep rsprep rspirep skipwhite nextgroup=hapRegexp
|
||||
syn keyword hapParam errorloc errorloc302 errorloc303 skipwhite nextgroup=hapStatus
|
||||
syn keyword hapParam default_backend skipwhite nextgroup=hapSectLabel
|
||||
syn keyword hapParam appsession skipwhite nextgroup=hapAppSess
|
||||
syn keyword hapParam bind skipwhite nextgroup=hapIp1
|
||||
syn keyword hapParam balance skipwhite nextgroup=hapBalance
|
||||
syn keyword hapParam cookie skipwhite nextgroup=hapCookieNam
|
||||
syn keyword hapParam capture skipwhite nextgroup=hapCapture
|
||||
syn keyword hapParam dispatch skipwhite nextgroup=hapIpPort
|
||||
syn keyword hapParam source skipwhite nextgroup=hapIpPort
|
||||
syn keyword hapParam mode skipwhite nextgroup=hapMode
|
||||
syn keyword hapParam monitor-net skipwhite nextgroup=hapIPv4Mask
|
||||
syn keyword hapParam option skipwhite nextgroup=hapOption
|
||||
syn keyword hapParam stats skipwhite nextgroup=hapStats
|
||||
syn keyword hapParam server skipwhite nextgroup=hapServerN
|
||||
syn keyword hapParam source skipwhite nextgroup=hapServerEOL
|
||||
syn keyword hapParam log skipwhite nextgroup=hapGLog,hapLogIp
|
||||
|
||||
" Options and additional parameters
|
||||
syn keyword hapAppSess contained len timeout
|
||||
syn keyword hapBalance contained roundrobin source
|
||||
syn keyword hapLen contained len
|
||||
syn keyword hapGLog contained global
|
||||
syn keyword hapMode contained http tcp health
|
||||
syn keyword hapOption contained abortonclose allbackups checkcache clitcpka dontlognull forceclose forwardfor
|
||||
syn keyword hapOption contained httpchk httpclose httplog keepalive logasap persist srvtcpka ssl-hello-chk
|
||||
syn keyword hapOption contained tcplog tcpka tcpsplice
|
||||
syn keyword hapOption contained except skipwhite nextgroup=hapIPv4Mask
|
||||
syn keyword hapStats contained uri realm auth scope enable
|
||||
syn keyword hapLogFac contained kern user mail daemon auth syslog lpr news nextgroup=hapLogLvl skipwhite
|
||||
syn keyword hapLogFac contained uucp cron auth2 ftp ntp audit alert cron2 nextgroup=hapLogLvl skipwhite
|
||||
syn keyword hapLogFac contained local0 local1 local2 local3 local4 local5 local6 local7 nextgroup=hapLogLvl skipwhite
|
||||
syn keyword hapLogLvl contained emerg alert crit err warning notice info debug
|
||||
syn keyword hapCookieKey contained rewrite insert nocache postonly indirect prefix nextgroup=hapCookieKey skipwhite
|
||||
syn keyword hapCapture contained cookie nextgroup=hapNameLen skipwhite
|
||||
syn keyword hapCapture contained request response nextgroup=hapHeader skipwhite
|
||||
syn keyword hapHeader contained header nextgroup=hapNameLen skipwhite
|
||||
syn keyword hapSrvKey contained backup cookie check inter rise fall port source minconn maxconn weight usesrc
|
||||
syn match hapStatus contained /\d\{3}/
|
||||
syn match hapIPv4Mask contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\(\/\d\{1,2}\)\?/
|
||||
syn match hapLogIp contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}/ nextgroup=hapLogFac skipwhite
|
||||
syn match hapIpPort contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}:\d\{1,5}/
|
||||
syn match hapServerAd contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\(:[+-]\?\d\{1,5}\)\?/ nextgroup=hapSrvEOL skipwhite
|
||||
syn match hapNameLen contained /\S\+/ nextgroup=hapLen skipwhite
|
||||
syn match hapCookieNam contained /\S\+/ nextgroup=hapCookieKey skipwhite
|
||||
syn match hapServerN contained /\S\+/ nextgroup=hapServerAd skipwhite
|
||||
syn region hapSrvEOL contained start=/\S/ end=/$/ contains=hapSrvKey
|
||||
syn region hapRegexp contained start=/\S/ end=/\(\s\|$\)/ skip=/\\ / nextgroup=hapRegRepl skipwhite
|
||||
syn region hapRegRepl contained start=/\S/ end=/$/ contains=hapComment,hapEscape,hapBackRef
|
||||
syn region hapRegexp2 contained start=/\S/ end=/\(\s\|$\)/ skip=/\\ / nextgroup=hapSectLabel skipwhite
|
||||
syn match hapBackref contained /\\\d/
|
||||
|
||||
|
||||
" Transparent is a Vim keyword, so we need a regexp to match it
|
||||
syn match hapParam +transparent+
|
||||
syn match hapOption +transparent+ contained
|
||||
|
||||
|
||||
" Define the default highlighting.
|
||||
" For version 5.7 and earlier: only when not done already
|
||||
" For version 5.8 and later: only when an item doesn't have highlighting yet
|
||||
if version < 508
|
||||
command -nargs=+ HiLink hi link <args>
|
||||
else
|
||||
command -nargs=+ HiLink hi def link <args>
|
||||
endif
|
||||
|
||||
HiLink hapEscape SpecialChar
|
||||
HiLink hapBackRef Special
|
||||
HiLink hapComment Comment
|
||||
HiLink hapTodo Todo
|
||||
HiLink hapSection Constant
|
||||
HiLink hapSectLabel Identifier
|
||||
HiLink hapParam Keyword
|
||||
|
||||
HiLink hapRegexp String
|
||||
HiLink hapRegexp2 hapRegexp
|
||||
HiLink hapIp1 Number
|
||||
HiLink hapIp2 hapIp1
|
||||
HiLink hapLogIp hapIp1
|
||||
HiLink hapIpPort hapIp1
|
||||
HiLink hapIPv4Mask hapIp1
|
||||
HiLink hapServerAd hapIp1
|
||||
HiLink hapStatus Number
|
||||
|
||||
HiLink hapOption Operator
|
||||
HiLink hapAppSess hapOption
|
||||
HiLink hapBalance hapOption
|
||||
HiLink hapCapture hapOption
|
||||
HiLink hapCookieKey hapOption
|
||||
HiLink hapHeader hapOption
|
||||
HiLink hapGLog hapOption
|
||||
HiLink hapLogFac hapOption
|
||||
HiLink hapLogLvl hapOption
|
||||
HiLink hapMode hapOption
|
||||
HiLink hapStats hapOption
|
||||
HiLink hapLen hapOption
|
||||
HiLink hapSrvKey hapOption
|
||||
|
||||
|
||||
delcommand HiLink
|
||||
|
||||
let b:current_syntax = "haproxy"
|
||||
" vim: ts=8
|
Loading…
Reference in New Issue
Block a user