* released 1.2.1 (1.1.28)

* added the '-V' command line option to verbosely report errors even though the -q or 'quiet' options are specified. This is useful with '-c'. * added a Red Hat init script and a .spec from Simon Matter <simon.matter@invoca.ch> * added 'rspdeny' and 'rspideny' to block certain responses to avoid sensible information leak from servers. * more examples added into the configuration
2026-02-04 15:53:43 +02:00 · 2005-12-18 00:57:06 +01:00
parent 97f58576eb
commit 982249e9e7
8 changed files with 583 additions and 86 deletions
--- a/examples/haproxy.cfg
+++ b/examples/haproxy.cfg
@@ -1,13 +1,13 @@
-# this config needs haproxy-1.1.23
+# this config needs haproxy-1.1.28 or haproxy-1.2.1

 global
 	log 127.0.0.1	local0
 	log 127.0.0.1	local1 notice
 	#log loghost	local0 info
 	maxconn 4096
-	chroot /tmp
-	uid 11
-	gid 2
+	chroot /usr/share/haproxy
+	uid 99
+	gid 99
 	daemon
 	#debug
 	#quiet
@@ -40,10 +40,7 @@ listen	appli2-insert 0.0.0.0:10002
 	server	inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
 	capture cookie vgnvisitor= len 32

-	reqidel ^Connection:		# disable keep-alive
-	reqadd  Connection:\ close
-	rspidel ^Connection:
-	rspadd  Connection:\ close
+	option	httpclose		# disable keep-alive
 	rspidel ^Set-cookie:\ IP=	# do not let this cookie tell our internal IP address
 	
 listen	appli3-relais 0.0.0.0:10003
@@ -66,10 +63,9 @@ listen	appli5-backup 0.0.0.0:10005
 	capture cookie ASPSESSION len 32
 	srvtimeout	20000

-	reqidel ^Connection:		# disable keep-alive
-	reqadd  Connection:\ close
-	rspidel ^Connection:
-	rspadd  Connection:\ close
+	option	httpclose		# disable keep-alive
+	option  checkcache		# block response if set-cookie & cacheable
+
 	rspidel ^Set-cookie:\ IP=	# do not let this cookie tell our internal IP address
 	
 	errorloc	502	http://192.168.114.58/error502.html
--- a/examples/haproxy.init
+++ b/examples/haproxy.init
@@ -0,0 +1,114 @@
+#!/bin/sh
+#
+# chkconfig: - 85 15
+# description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \
+#              for high availability environments.
+# processname: haproxy
+# config: /etc/haproxy/haproxy.cfg
+# pidfile: /var/run/haproxy.pid
+
+# Script Author: Simon Matter <simon.matter@invoca.ch>
+# Version: 2004060600
+
+# Source function library.
+if [ -f /etc/init.d/functions ]; then
+  . /etc/init.d/functions
+elif [ -f /etc/rc.d/init.d/functions ] ; then
+  . /etc/rc.d/init.d/functions
+else
+  exit 0
+fi
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ ${NETWORKING} = "no" ] && exit 0
+
+# This is our service name
+BASENAME=`basename $0`
+if [ -L $0 ]; then
+  BASENAME=`find $0 -name $BASENAME -printf %l`
+  BASENAME=`basename $BASENAME`
+fi
+
+[ -f /etc/$BASENAME/$BASENAME.cfg ] || exit 1
+
+RETVAL=0
+
+start() {
+  /usr/sbin/$BASENAME -c -q -f /etc/$BASENAME/$BASENAME.cfg
+  if [ $? -ne 0 ]; then
+    echo "Errors found in configuration file, check it with '$BASENAME check'."
+    return 1
+  fi
+
+  echo -n "Starting $BASENAME: "
+  daemon /usr/sbin/$BASENAME -D -f /etc/$BASENAME/$BASENAME.cfg -p /var/run/$BASENAME.pid
+  RETVAL=$?
+  echo
+  [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$BASENAME
+  return $RETVAL
+}
+
+stop() {
+  echo -n "Shutting down $BASENAME: "
+  killproc $BASENAME -USR1
+  RETVAL=$?
+  echo
+  [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$BASENAME
+  [ $RETVAL -eq 0 ] && rm -f /var/run/$BASENAME.pid
+  return $RETVAL
+}
+
+restart() {
+  /usr/sbin/$BASENAME -c -q -f /etc/$BASENAME/$BASENAME.cfg
+  if [ $? -ne 0 ]; then
+    echo "Errors found in configuration file, check it with '$BASENAME check'."
+    return 1
+  fi
+  stop
+  start
+}
+
+check() {
+  /usr/sbin/$BASENAME -c -q -V -f /etc/$BASENAME/$BASENAME.cfg
+}
+
+rhstatus() {
+  status $BASENAME
+}
+
+condrestart() {
+  [ -e /var/lock/subsys/$BASENAME ] && restart || :
+}
+
+# See how we were called.
+case "$1" in
+  start)
+    start
+    ;;
+  stop)
+    stop
+    ;;
+  restart)
+    restart
+    ;;
+  reload)
+    restart
+    ;;
+  condrestart)
+    condrestart
+    ;;
+  status)
+    rhstatus
+    ;;
+  check)
+    check
+    ;;
+  *)
+    echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
+    RETVAL=1
+esac
+ 
+exit $RETVAL
--- a/examples/haproxy.spec
+++ b/examples/haproxy.spec
@@ -0,0 +1,92 @@
+Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments
+Name: haproxy
+Version: 1.2.1
+Release: 1
+License: GPL
+Group: System Environment/Daemons
+URL: http://w.ods.org/tools/%{name}/
+Packager: Simon Matter <simon.matter@invoca.ch>
+Vendor: Invoca Systems
+Distribution: Invoca Linux Server
+Source0: http://w.ods.org/tools/%{name}/%{name}-%{version}.tar.gz
+Source1: %{name}.cfg
+Source2: %{name}.init
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
+BuildRequires: pcre-devel
+Prereq: /sbin/chkconfig
+
+%description
+HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high
+availability environments. Indeed, it can:
+- route HTTP requests depending on statically assigned cookies
+- spread the load among several servers while assuring server persistence
+  through the use of HTTP cookies
+- switch to backup servers in the event a main one fails
+- accept connections to special ports dedicated to service monitoring
+- stop accepting connections without breaking existing ones
+- add/modify/delete HTTP headers both ways
+- block requests matching a particular pattern
+
+It needs very little resource. Its event-driven architecture allows it to easily
+handle thousands of simultaneous connections on hundreds of instances without
+risking the system's stability.
+
+%prep
+%setup -q
+
+%build
+%{__make} REGEX=pcre DEBUG=""
+
+%install
+[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
+ 
+%{__install} -d %{buildroot}%{_sbindir}
+%{__install} -d %{buildroot}%{_sysconfdir}/rc.d/init.d
+%{__install} -d %{buildroot}%{_sysconfdir}/logrotate.d
+%{__install} -d %{buildroot}%{_sysconfdir}/%{name}
+%{__install} -d %{buildroot}%{_datadir}/%{name}
+
+%{__install} -s %{name} %{buildroot}%{_sbindir}/
+%{__install} -c -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/
+%{__install} -c -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/%{name}
+ 
+%clean
+[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
+ 
+%post
+/sbin/chkconfig --add %{name}
+
+%preun
+if [ $1 = 0 ]; then
+  /sbin/service %{name} stop >/dev/null 2>&1 || :
+  /sbin/chkconfig --del %{name}
+fi
+
+%postun
+if [ "$1" -ge "1" ]; then
+  /sbin/service %{name} condrestart >/dev/null 2>&1 || :
+fi
+
+%files
+%defattr(-,root,root)
+%doc CHANGELOG TODO examples
+%attr(0755,root,root) %{_sbindir}/%{name}
+%dir %{_sysconfdir}/%{name}
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.cfg
+%attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/%{name}
+%dir %{_datadir}/%{name}
+
+%changelog
+* Sun Jun  6 2004 Willy Tarreau <willy@w.ods.org>
+- updated to 1.1.28
+- added config check support to the init script
+
+* Tue Oct 28 2003 Simon Matter <simon.matter@invoca.ch>
+- updated to 1.1.27
+- added pid support to the init script
+
+* Wed Oct 22 2003 Simon Matter <simon.matter@invoca.ch>
+- updated to 1.1.26
+
+* Thu Oct 16 2003 Simon Matter <simon.matter@invoca.ch>
+- initial build
--- a/examples/init.haproxy.flx0
+++ b/examples/init.haproxy.flx0
@@ -7,7 +7,7 @@ option	bin		reserved_option	/usr/sbin/haproxy
 option	cmdline		reserved_option	'$bin -f ${opt_config} -p ${pidfile} -D -q'

 function do_help {
-    echo "Usage: ${0##*/} <status|start|stop|help>"
+    echo "Usage: ${0##*/} <status|start|stop|help|conf>"
    echo "List of config.rc options (name, type, default value, current value) :"
    echo
    echo "   - config ; def=/etc/haproxy/haproxy.cfg ; cur=$opt_confdir"
@@ -15,6 +15,11 @@ function do_help {
    exit 1 
 }

+# reads the configuration file and checks its syntax.
+function do_conf {
+    $bin -c -V -q -f ${opt_config}
+}
+
 # assign default values to options and variables before parsing the cfg file
 function fct_begin_section {
    pidfile="/var/run/haproxy${2:+-$2}.pid"