* released 1.2.1 (1.1.28)
* added the '-V' command line option to verbosely report errors even though
the -q or 'quiet' options are specified. This is useful with '-c'.
* added a Red Hat init script and a .spec from Simon Matter <simon.matter@invoca.ch>
* added 'rspdeny' and 'rspideny' to block certain responses to avoid sensible
information leak from servers.
* more examples added into the configuration
diff --git a/examples/haproxy.cfg b/examples/haproxy.cfg
index 705c93e..ae72150 100644
--- a/examples/haproxy.cfg
+++ b/examples/haproxy.cfg
@@ -1,13 +1,13 @@
-# this config needs haproxy-1.1.23
+# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
- chroot /tmp
- uid 11
- gid 2
+ chroot /usr/share/haproxy
+ uid 99
+ gid 99
daemon
#debug
#quiet
@@ -40,10 +40,7 @@
server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
capture cookie vgnvisitor= len 32
- reqidel ^Connection: # disable keep-alive
- reqadd Connection:\ close
- rspidel ^Connection:
- rspadd Connection:\ close
+ option httpclose # disable keep-alive
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
listen appli3-relais 0.0.0.0:10003
@@ -66,10 +63,9 @@
capture cookie ASPSESSION len 32
srvtimeout 20000
- reqidel ^Connection: # disable keep-alive
- reqadd Connection:\ close
- rspidel ^Connection:
- rspadd Connection:\ close
+ option httpclose # disable keep-alive
+ option checkcache # block response if set-cookie & cacheable
+
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
errorloc 502 http://192.168.114.58/error502.html
diff --git a/examples/haproxy.init b/examples/haproxy.init
new file mode 100644
index 0000000..55caa25
--- /dev/null
+++ b/examples/haproxy.init
@@ -0,0 +1,114 @@
+#!/bin/sh
+#
+# chkconfig: - 85 15
+# description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \
+# for high availability environments.
+# processname: haproxy
+# config: /etc/haproxy/haproxy.cfg
+# pidfile: /var/run/haproxy.pid
+
+# Script Author: Simon Matter <simon.matter@invoca.ch>
+# Version: 2004060600
+
+# Source function library.
+if [ -f /etc/init.d/functions ]; then
+ . /etc/init.d/functions
+elif [ -f /etc/rc.d/init.d/functions ] ; then
+ . /etc/rc.d/init.d/functions
+else
+ exit 0
+fi
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ ${NETWORKING} = "no" ] && exit 0
+
+# This is our service name
+BASENAME=`basename $0`
+if [ -L $0 ]; then
+ BASENAME=`find $0 -name $BASENAME -printf %l`
+ BASENAME=`basename $BASENAME`
+fi
+
+[ -f /etc/$BASENAME/$BASENAME.cfg ] || exit 1
+
+RETVAL=0
+
+start() {
+ /usr/sbin/$BASENAME -c -q -f /etc/$BASENAME/$BASENAME.cfg
+ if [ $? -ne 0 ]; then
+ echo "Errors found in configuration file, check it with '$BASENAME check'."
+ return 1
+ fi
+
+ echo -n "Starting $BASENAME: "
+ daemon /usr/sbin/$BASENAME -D -f /etc/$BASENAME/$BASENAME.cfg -p /var/run/$BASENAME.pid
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$BASENAME
+ return $RETVAL
+}
+
+stop() {
+ echo -n "Shutting down $BASENAME: "
+ killproc $BASENAME -USR1
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$BASENAME
+ [ $RETVAL -eq 0 ] && rm -f /var/run/$BASENAME.pid
+ return $RETVAL
+}
+
+restart() {
+ /usr/sbin/$BASENAME -c -q -f /etc/$BASENAME/$BASENAME.cfg
+ if [ $? -ne 0 ]; then
+ echo "Errors found in configuration file, check it with '$BASENAME check'."
+ return 1
+ fi
+ stop
+ start
+}
+
+check() {
+ /usr/sbin/$BASENAME -c -q -V -f /etc/$BASENAME/$BASENAME.cfg
+}
+
+rhstatus() {
+ status $BASENAME
+}
+
+condrestart() {
+ [ -e /var/lock/subsys/$BASENAME ] && restart || :
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ restart
+ ;;
+ reload)
+ restart
+ ;;
+ condrestart)
+ condrestart
+ ;;
+ status)
+ rhstatus
+ ;;
+ check)
+ check
+ ;;
+ *)
+ echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
+ RETVAL=1
+esac
+
+exit $RETVAL
diff --git a/examples/haproxy.spec b/examples/haproxy.spec
new file mode 100644
index 0000000..63ef708
--- /dev/null
+++ b/examples/haproxy.spec
@@ -0,0 +1,92 @@
+Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments
+Name: haproxy
+Version: 1.2.1
+Release: 1
+License: GPL
+Group: System Environment/Daemons
+URL: http://w.ods.org/tools/%{name}/
+Packager: Simon Matter <simon.matter@invoca.ch>
+Vendor: Invoca Systems
+Distribution: Invoca Linux Server
+Source0: http://w.ods.org/tools/%{name}/%{name}-%{version}.tar.gz
+Source1: %{name}.cfg
+Source2: %{name}.init
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
+BuildRequires: pcre-devel
+Prereq: /sbin/chkconfig
+
+%description
+HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high
+availability environments. Indeed, it can:
+- route HTTP requests depending on statically assigned cookies
+- spread the load among several servers while assuring server persistence
+ through the use of HTTP cookies
+- switch to backup servers in the event a main one fails
+- accept connections to special ports dedicated to service monitoring
+- stop accepting connections without breaking existing ones
+- add/modify/delete HTTP headers both ways
+- block requests matching a particular pattern
+
+It needs very little resource. Its event-driven architecture allows it to easily
+handle thousands of simultaneous connections on hundreds of instances without
+risking the system's stability.
+
+%prep
+%setup -q
+
+%build
+%{__make} REGEX=pcre DEBUG=""
+
+%install
+[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
+
+%{__install} -d %{buildroot}%{_sbindir}
+%{__install} -d %{buildroot}%{_sysconfdir}/rc.d/init.d
+%{__install} -d %{buildroot}%{_sysconfdir}/logrotate.d
+%{__install} -d %{buildroot}%{_sysconfdir}/%{name}
+%{__install} -d %{buildroot}%{_datadir}/%{name}
+
+%{__install} -s %{name} %{buildroot}%{_sbindir}/
+%{__install} -c -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/
+%{__install} -c -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/%{name}
+
+%clean
+[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
+
+%post
+/sbin/chkconfig --add %{name}
+
+%preun
+if [ $1 = 0 ]; then
+ /sbin/service %{name} stop >/dev/null 2>&1 || :
+ /sbin/chkconfig --del %{name}
+fi
+
+%postun
+if [ "$1" -ge "1" ]; then
+ /sbin/service %{name} condrestart >/dev/null 2>&1 || :
+fi
+
+%files
+%defattr(-,root,root)
+%doc CHANGELOG TODO examples
+%attr(0755,root,root) %{_sbindir}/%{name}
+%dir %{_sysconfdir}/%{name}
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.cfg
+%attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/%{name}
+%dir %{_datadir}/%{name}
+
+%changelog
+* Sun Jun 6 2004 Willy Tarreau <willy@w.ods.org>
+- updated to 1.1.28
+- added config check support to the init script
+
+* Tue Oct 28 2003 Simon Matter <simon.matter@invoca.ch>
+- updated to 1.1.27
+- added pid support to the init script
+
+* Wed Oct 22 2003 Simon Matter <simon.matter@invoca.ch>
+- updated to 1.1.26
+
+* Thu Oct 16 2003 Simon Matter <simon.matter@invoca.ch>
+- initial build
diff --git a/examples/init.haproxy.flx0 b/examples/init.haproxy.flx0
index 4b73bd8..a7edd9c 100644
--- a/examples/init.haproxy.flx0
+++ b/examples/init.haproxy.flx0
@@ -7,7 +7,7 @@
option cmdline reserved_option '$bin -f ${opt_config} -p ${pidfile} -D -q'
function do_help {
- echo "Usage: ${0##*/} <status|start|stop|help>"
+ echo "Usage: ${0##*/} <status|start|stop|help|conf>"
echo "List of config.rc options (name, type, default value, current value) :"
echo
echo " - config ; def=/etc/haproxy/haproxy.cfg ; cur=$opt_confdir"
@@ -15,6 +15,11 @@
exit 1
}
+# reads the configuration file and checks its syntax.
+function do_conf {
+ $bin -c -V -q -f ${opt_config}
+}
+
# assign default values to options and variables before parsing the cfg file
function fct_begin_section {
pidfile="/var/run/haproxy${2:+-$2}.pid"