diff --git a/.gear/rules b/.gear/rules index d7355bb87..31c8dfe34 100644 --- a/.gear/rules +++ b/.gear/rules @@ -1,2 +1,5 @@ tar: v@version@:. #diff: v@version@:. patches/alt-fix:. +copy: *.cfg +copy: *.init +copy: *.logrotate diff --git a/.gear/tags/003268c0d13dd17f33eace631385ae584740bd75 b/.gear/tags/003268c0d13dd17f33eace631385ae584740bd75 new file mode 100644 index 000000000..1d380a71f --- /dev/null +++ b/.gear/tags/003268c0d13dd17f33eace631385ae584740bd75 @@ -0,0 +1,23 @@ +object 16f863fbc9fbd6535971eb1f55d33f0efc2ac5e1 +type commit +tag v1.5.14 +tagger Willy Tarreau 1435937711 +0200 + +HAProxy 1.5.14 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) + +iQIcBAABAgAGBQJVlquvAAoJEE44bZycYXAvq8YP/iLzZgxq02PRzFpqghHmWN2d +E3DYuFpyumEoKKO7sGipESC6BzEJnKcoTicQ0FhMYj0/X1Cx0ZlYIBs8N+6QJ5rv +aRJBAJeAPEHZlyYgA2KOwbMB7a7y94wK0bUdqCgvD2PT0nKMjb/DpgTclSaI/xIS +K4WeBZs/ryV1lHadTDP8EK2wxl7tAHanjq8KF4eIR8AK3MNvyhA4eFSU8a4RNwoQ +f8uy+hqT2UHUmhQqCTdmeS06SmJnLrhB+lFuVVQXd1HG1Gqdf/jIRJfjMvZ9guA+ +xcqBDt5Yr87qcrT1iKLMKLWkoGHXSy6/X7m+D70rF0rGM8RLqL2nAU3w5OJ6bs+P +PZqw+9vpPSkEhRml+boWHxU/goX6BawoZ3HyD92bWBgmKOUnDeC7ewlT+teHDwXl +uu/5oN5QiOqoZlJxucgKkrhg5Xp4t9oX3OL13Fl0W6WvtF67AmkdyIZSCr4UqM5o +b52zdgLSpCBQFu8JZ3k11W9BQO/FGND9r8/4DEEUvl6ztdewznYRInPuBzHW+8VQ +Hx7dEJ0J/zYNJrpoAKYogZe9nP+aDPghXAPYjNCPBp5yJMeHkzUL9CTdZ48Y4M7A +tJgO/qgFnv2HBwe6KvR84l4F3U2OrfVGWN725834ntHkTzfi165Iti1yPGxSdb3C +40JlHWTZPdsq5oGJuSEj +=8rxa +-----END PGP SIGNATURE----- diff --git a/.gear/tags/list b/.gear/tags/list new file mode 100644 index 000000000..a3dc10521 --- /dev/null +++ b/.gear/tags/list @@ -0,0 +1 @@ +003268c0d13dd17f33eace631385ae584740bd75 v1.5.14 diff --git a/haproxy.cfg b/haproxy.cfg index 2e9758a8e..8416e0f0f 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -1,79 +1,86 @@ -# this config needs haproxy-1.1.23 +#--------------------------------------------------------------------- +# Example configuration for a possible web application. See the +# full configuration options online. +# +# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt +# +#--------------------------------------------------------------------- +#--------------------------------------------------------------------- +# Global settings +#--------------------------------------------------------------------- global - log 127.0.0.1 local0 - log 127.0.0.1 local1 notice - #log loghost local0 info - maxconn 4096 - chroot /usr/share/haproxy - uid 99 - gid 99 - daemon - #debug - #quiet + # to have these messages end up in /var/log/haproxy.log you will + # need to: + # + # 1) configure syslog to accept network log events. This is done + # by adding the '-r' option to the SYSLOGD_OPTIONS in + # /etc/sysconfig/syslog + # + # 2) configure local2 events to go to the /var/log/haproxy.log + # file. A line like the following can be added to + # /etc/sysconfig/syslog + # + # local2.* /var/log/haproxy.log + # + log 127.0.0.1 local2 + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user _haproxy + group _haproxy + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- defaults - log global - mode http - option httplog - option dontlognull - retries 3 - redispatch - maxconn 2000 - contimeout 5000 - clitimeout 50000 - srvtimeout 50000 + mode http + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 -listen appli1-rewrite 0.0.0.0:10001 - cookie SERVERID rewrite - balance roundrobin - server app1_1 192.168.34.23:8080 cookie app1inst1 check inter 2000 rise 2 fall 5 - server app1_2 192.168.34.32:8080 cookie app1inst2 check inter 2000 rise 2 fall 5 - server app1_3 192.168.34.27:8080 cookie app1inst3 check inter 2000 rise 2 fall 5 - server app1_4 192.168.34.42:8080 cookie app1inst4 check inter 2000 rise 2 fall 5 +#--------------------------------------------------------------------- +# main frontend which proxys to the backends +#--------------------------------------------------------------------- +frontend main *:5000 + acl url_static path_beg -i /static /images /javascript /stylesheets + acl url_static path_end -i .jpg .gif .png .css .js -listen appli2-insert 0.0.0.0:10002 - option httpchk - balance roundrobin - cookie SERVERID insert indirect nocache - server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3 - server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3 - capture cookie vgnvisitor= len 32 + use_backend static if url_static + default_backend app - option httpclose # disable keep-alive - rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address - -listen appli3-relais 0.0.0.0:10003 - dispatch 192.168.135.17:80 +#--------------------------------------------------------------------- +# static backend for serving up images, stylesheets and such +#--------------------------------------------------------------------- +backend static + balance roundrobin + server static 127.0.0.1:4331 check -listen appli4-backup 0.0.0.0:10004 - option httpchk /index.html - option persist - balance roundrobin - server inst1 192.168.114.56:80 check inter 2000 fall 3 - server inst2 192.168.114.56:81 check inter 2000 fall 3 backup - -listen ssl-relay 0.0.0.0:8443 - option ssl-hello-chk - balance source - server inst1 192.168.110.56:443 check inter 2000 fall 3 - server inst2 192.168.110.57:443 check inter 2000 fall 3 - server back1 192.168.120.58:443 backup - -listen appli5-backup 0.0.0.0:10005 - option httpchk * - balance roundrobin - cookie SERVERID insert indirect nocache - server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3 - server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3 - server inst3 192.168.114.57:80 backup check inter 2000 fall 3 - capture cookie ASPSESSION len 32 - srvtimeout 20000 - - option httpclose # disable keep-alive - option checkcache # block response if set-cookie & cacheable - - rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address - - errorloc 502 http://192.168.114.58/error502.html +#--------------------------------------------------------------------- +# round robin balancing between the various backends +#--------------------------------------------------------------------- +backend app + balance roundrobin + server app1 127.0.0.1:5001 check + server app2 127.0.0.1:5002 check + server app3 127.0.0.1:5003 check + server app4 127.0.0.1:5004 check diff --git a/haproxy.init b/haproxy.init index d6dc39336..8a9fd1cf5 100644 --- a/haproxy.init +++ b/haproxy.init @@ -31,17 +31,18 @@ LOCKFILE=/var/lock/subsys/${NAME} BINARY=/usr/sbin/${NAME} RETVAL=0 -# Source networking configuration. -. /etc/sysconfig/network - -# Check that networking is up. -[ ${NETWORKING} = "no" ] && exit 0 - -[ -f $CONFIG ] || exit 1 +check() +{ + action "Checking configuration sanity for $name: " \ + $BINARY -c -q -f ${CONFIG} + RETVAL=$? + return $RETVAL +} start() { - start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user nobody -- $BINARY \ + check || exit + start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user _haproxy -- $BINARY \ -D -f ${CONFIG} -p ${PIDFILE} RETVAL=$? return $RETVAL @@ -49,19 +50,21 @@ start() stop() { - stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user nobody -- $BINARY + stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user _haproxy -- $BINARY RETVAL=$? return $RETVAL } restart() { + check || exit stop start } reload() { + check || exit msg_reloading $NAME $BINARY -p "$PIDFILE" -f $CONFIG -sf `cat $PIDFILE` RETVAL=$? @@ -97,12 +100,15 @@ case "$1" in reload fi ;; + check) + check + ;; status) - status --pidfile "$PIDFILE" --expect-user nobody -- haproxy + status --pidfile "$PIDFILE" --expect-user _haproxy -- haproxy RETVAL=$? ;; *) - msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" + msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status|check}" RETVAL=1 esac diff --git a/haproxy.logrotate b/haproxy.logrotate new file mode 100644 index 000000000..d9aa2a9e4 --- /dev/null +++ b/haproxy.logrotate @@ -0,0 +1,8 @@ +/var/log/haproxy.log { + daily + rotate 10 + missingok + notifempty + compress + sharedscripts +} diff --git a/haproxy.spec b/haproxy.spec index 8230117ad..05877aeef 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -1,18 +1,24 @@ +%define haproxy_user _haproxy +%define haproxy_group %haproxy_user +%define haproxy_home %_localstatedir/haproxy +%define haproxy_confdir %_sysconfdir/haproxy +%define haproxy_datadir %_datadir/haproxy + Name: haproxy -Version: 1.4.20 +Version: 1.5.14 Release: alt1 Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments License: GPLv2+ Group: System/Servers -URL: http://haproxy.1wt.eu/ -Source0: http://haproxy.1wt.eu/download/1.4/src/%name-%version.tar.gz -Source1: haproxy.cfg -Source2: haproxy.init +URL: http://www.haproxy.org/ +Source: %name-%version.tar +Source1: %name.cfg +Source2: %name.init +Source3: %name.logrotate -# Automatically added by buildreq on Wed Mar 23 2011 -BuildRequires: libpcre-devel +BuildRequires: libpcre-devel zlib-devel libssl-devel %description HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high @@ -40,33 +46,41 @@ regparm_opts= regparm_opts="USE_REGPARM=1" %endif -%make TARGET=linux26 USE_PCRE=1 USE_LINUX_TPROXY=1 USE_LINUX_SPLICE=1 \ - ${regparm_opts} "ADDINC=$(pcre-config --cflags)" "CFLAGS=%optflags" - -# Build the contrib halog program. Build correct version (halog or halog64) -# and make sure it always installed as halog. -halog="halog" -%if "%_lib" == "lib64" -halog="halog64" -%endif +%make_build CPU="generic" TARGET="linux2628" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 \ + "${regparm_opts}" PREFIX="%_prefix" ADDINC="$(pcre-config --cflags)" CFLAGS="%optflags" pushd contrib/halog -%make $halog -%if "%_lib" == "lib64" -mv $halog halog -%endif +%make halog OPTIMIZE="%optflags" +popd + +pushd contrib/iprange +%make iprange OPTIMIZE="%optflags" +popd + +pushd contrib/systemd +%make haproxy.service PREFIX="%_prefix" popd %install -%make_install install DESTDIR=%buildroot PREFIX=/usr +%make_install install-bin DESTDIR=%buildroot PREFIX="%_prefix" +%make_install install-man DESTDIR=%buildroot PREFIX="%_prefix" -install -d -m0755 %buildroot%_datadir/haproxy/ -cp -p examples/errorfiles/* %buildroot%_datadir/haproxy/ +install -p -D -m 0644 %SOURCE1 %buildroot%haproxy_confdir/%name.cfg +install -D -m 0755 %SOURCE2 %buildroot%_initrddir/haproxy +install -p -D -m 0644 contrib/systemd/haproxy.service %buildroot%_unitdir/%name.service +install -p -D -m 0644 %SOURCE3 %buildroot%_logrotatedir/%name +install -d -m 0755 %buildroot%haproxy_home +install -d -m 0755 %buildroot%haproxy_datadir +install -d -m 0755 %buildroot%_bindir +install -p -m 0755 contrib/halog/halog %buildroot%_bindir/halog +install -p -m 0755 contrib/iprange/iprange %buildroot%_bindir/iprange +cp -p examples/errorfiles/* %buildroot%haproxy_datadir/ -install -D -m0644 %SOURCE1 %buildroot%_sysconfdir/haproxy/haproxy.cfg -install -D -m0755 %SOURCE2 %buildroot%_initrddir/haproxy -install -D -m0755 contrib/halog/halog %buildroot%_bindir/halog +%pre +%_sbindir/groupadd -r -f %haproxy_group >/dev/null 2>&1 ||: +%_sbindir/useradd -g %haproxy_group -c 'HA Proxy' \ + -d %haproxy_home -s /dev/null -r -l -M %haproxy_user >/dev/null 2>&1 ||: %post %post_service haproxy @@ -75,16 +89,29 @@ install -D -m0755 contrib/halog/halog %buildroot%_bindir/halog %preun_service haproxy %files -%doc CHANGELOG LICENSE doc/architecture.txt doc/configuration.txt -%config(noreplace) %_sysconfdir/haproxy/ -%config %_initrddir/haproxy -%_sbindir/haproxy -%_datadir/haproxy -%_bindir/halog +%doc CHANGELOG LICENSE README ROADMAP doc/architecture.txt doc/configuration.txt doc/proxy-protocol.txt examples/*.cfg +%dir %haproxy_confdir +%config(noreplace) %haproxy_confdir/%name.cfg +%dir %haproxy_datadir +%haproxy_datadir/* +%_logrotatedir/%name +%_initrddir/%name +%_unitdir/%name.service +%_sbindir/* +%_bindir/* %_man1dir/* -%exclude /usr/doc +%attr(-,%haproxy_user,%haproxy_group) %dir %haproxy_home %changelog +* Fri Aug 21 2015 Alexey Shabalin 1.5.14-alt1 +- 1.5.14 +- run demon as _haproxy user +- update default config +- update init script +- add systemd unit +- build with libssl support +- build with zlib support + * Fri Mar 16 2012 Victor Forsiuk 1.4.20-alt1 - 1.4.20