haproxy: use Debian configuration, installation routine; #803

AOSC-Dev · Mar 20, 2021 · d7c176f · d7c176f
1 parent ee4a5db
commit d7c176f
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 60 deletions.
diff --git a/extra-network/haproxy/autobuild/beyond b/extra-network/haproxy/autobuild/beyond
@@ -1,17 +1,18 @@
-for contrib in halog iprange systemd; do
-    make -C contrib/$contrib SBINDIR=/usr/bin
+for contrib in halog systemd; do
+    abinfo "Bulding contrib component $i ..."
+    make -C "$SRCDIR"/contrib/$contrib SBINDIR=/usr/bin
 done
 
-for contrib in halog iprange; do
-    install -Dm755 contrib/$contrib/$contrib "$PKGDIR"/usr/bin/$contrib
+for contrib in halog; do
+    abinfo "Installing contrib component $i ..."
+    install -Dvm755 "$SRCDIR"/contrib/$contrib/$contrib \
+        "$PKGDIR"/usr/bin/$contrib
 done
 
-install -Dm644 contrib/systemd/haproxy.service \
+abinfo "Installing systemd unit files ..."
+install -Dvm644 "$SRCDIR"/contrib/systemd/haproxy.service \
     "$PKGDIR"/usr/lib/systemd/system/haproxy.service
 
-install -d "$PKGDIR"/usr/share/haproxy/examples/errorfiles
-install -m644 examples/*.cfg "$PKGDIR"/usr/share/haproxy/examples/
-install -m644 examples/errorfiles/*.http \
-    "$PKGDIR"/usr/share/haproxy/examples/errorfiles/
-
-rm "$PKGDIR"/usr/bin/iprange
+abinfo "Installing error templates ..."
+install -Dvm644 "$SRCDIR"/examples/errorfiles/*.http \
+    -t "$PKGDIR"/etc/haproxy/errors/
diff --git a/extra-network/haproxy/autobuild/conffiles b/extra-network/haproxy/autobuild/conffiles
diff --git a/extra-network/haproxy/autobuild/overrides/etc/default/haproxy b/extra-network/haproxy/autobuild/overrides/etc/default/haproxy
@@ -0,0 +1,10 @@
+# Defaults file for HAProxy
+#
+# This is sourced by both, the initscript and the systemd unit file, so do not
+# treat it as a shell script fragment.
+
+# Change the config file location if needed
+#CONFIG="/etc/haproxy/haproxy.cfg"
+
+# Add extra flags here, see haproxy(1) for a few options
+#EXTRAOPTS="-de -m 16"
diff --git a/extra-network/haproxy/autobuild/overrides/etc/haproxy/haproxy.cfg b/extra-network/haproxy/autobuild/overrides/etc/haproxy/haproxy.cfg
@@ -1,49 +1,34 @@
-#---------------------------------------------------------------------
-# Example configuration.  See the full configuration manual online.
-#
-#   http://www.haproxy.org/download/1.6/doc/configuration.txt
-#
-#---------------------------------------------------------------------
-
 global
-    maxconn     20000
-    log         127.0.0.1 local0
-    user        haproxy
-    chroot      /usr/share/haproxy
-    pidfile     /run/haproxy.pid
-    daemon
-
-frontend  main
-    bind :5000
-    mode                 http
-    log                  global
-    option               httplog
-    option               dontlognull
-    option               http_proxy
-    option forwardfor    except 127.0.0.0/8
-    maxconn              8000
-    timeout              client  30s
-
-    acl url_static       path_beg       -i /static /images /javascript /stylesheets
-    acl url_static       path_end       -i .jpg .gif .png .css .js
+	log /dev/log	local0
+	log /dev/log	local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
 
-    use_backend static          if url_static
-    default_backend             app
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
 
-backend static
-    mode        http
-    balance     roundrobin
-    timeout     connect 5s
-    timeout     server  5s
-    server      static 127.0.0.1:4331 check
+	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
+        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
 
-backend app
-    mode        http
-    balance     roundrobin
-    timeout     connect 5s
-    timeout     server  30s
-    timeout     queue   30s
-    server  app1 127.0.0.1:5001 check
-    server  app2 127.0.0.1:5002 check
-    server  app3 127.0.0.1:5003 check
-    server  app4 127.0.0.1:5004 check
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
diff --git a/extra-network/haproxy/spec b/extra-network/haproxy/spec
@@ -1,3 +1,3 @@
-VER=2.0.17
-SRCTBL="https://www.haproxy.org/download/${VER%.*}/src/haproxy-$VER.tar.gz"
-CHKSUM="sha256::e7e2d14a75cbe65f1ab8f7dad092b1ffae36a82436c55accd27530258fe4b194"
+VER=2.2.10
+SRCS="tbl::https://www.haproxy.org/download/${VER%.*}/src/haproxy-$VER.tar.gz"
+CHKSUMS="sha256::a027e9cd8f703ba48dc193f5ae34d9aa152221f67ab58a4e939c96b9f4edd3bc"