From d7c176f107d4676947bce403a1c24d7269f8cb6a Mon Sep 17 00:00:00 2001 From: Mingcong Bai Date: Tue, 16 Mar 2021 18:16:32 -0700 Subject: [PATCH] haproxy: use Debian configuration, installation routine; #803 --- extra-network/haproxy/autobuild/beyond | 23 +++--- extra-network/haproxy/autobuild/conffiles | 1 - .../autobuild/overrides/etc/default/haproxy | 10 +++ .../overrides/etc/haproxy/haproxy.cfg | 75 ++++++++----------- extra-network/haproxy/spec | 6 +- 5 files changed, 55 insertions(+), 60 deletions(-) delete mode 100644 extra-network/haproxy/autobuild/conffiles create mode 100644 extra-network/haproxy/autobuild/overrides/etc/default/haproxy diff --git a/extra-network/haproxy/autobuild/beyond b/extra-network/haproxy/autobuild/beyond index 40408787fce..5714e7d412a 100644 --- a/extra-network/haproxy/autobuild/beyond +++ b/extra-network/haproxy/autobuild/beyond @@ -1,17 +1,18 @@ -for contrib in halog iprange systemd; do - make -C contrib/$contrib SBINDIR=/usr/bin +for contrib in halog systemd; do + abinfo "Bulding contrib component $i ..." + make -C "$SRCDIR"/contrib/$contrib SBINDIR=/usr/bin done -for contrib in halog iprange; do - install -Dm755 contrib/$contrib/$contrib "$PKGDIR"/usr/bin/$contrib +for contrib in halog; do + abinfo "Installing contrib component $i ..." + install -Dvm755 "$SRCDIR"/contrib/$contrib/$contrib \ + "$PKGDIR"/usr/bin/$contrib done -install -Dm644 contrib/systemd/haproxy.service \ +abinfo "Installing systemd unit files ..." +install -Dvm644 "$SRCDIR"/contrib/systemd/haproxy.service \ "$PKGDIR"/usr/lib/systemd/system/haproxy.service -install -d "$PKGDIR"/usr/share/haproxy/examples/errorfiles -install -m644 examples/*.cfg "$PKGDIR"/usr/share/haproxy/examples/ -install -m644 examples/errorfiles/*.http \ - "$PKGDIR"/usr/share/haproxy/examples/errorfiles/ - -rm "$PKGDIR"/usr/bin/iprange +abinfo "Installing error templates ..." +install -Dvm644 "$SRCDIR"/examples/errorfiles/*.http \ + -t "$PKGDIR"/etc/haproxy/errors/ diff --git a/extra-network/haproxy/autobuild/conffiles b/extra-network/haproxy/autobuild/conffiles deleted file mode 100644 index 4516e18ac69..00000000000 --- a/extra-network/haproxy/autobuild/conffiles +++ /dev/null @@ -1 +0,0 @@ -/etc/haproxy/haproxy.cfg diff --git a/extra-network/haproxy/autobuild/overrides/etc/default/haproxy b/extra-network/haproxy/autobuild/overrides/etc/default/haproxy new file mode 100644 index 00000000000..e15c193abe7 --- /dev/null +++ b/extra-network/haproxy/autobuild/overrides/etc/default/haproxy @@ -0,0 +1,10 @@ +# Defaults file for HAProxy +# +# This is sourced by both, the initscript and the systemd unit file, so do not +# treat it as a shell script fragment. + +# Change the config file location if needed +#CONFIG="/etc/haproxy/haproxy.cfg" + +# Add extra flags here, see haproxy(1) for a few options +#EXTRAOPTS="-de -m 16" diff --git a/extra-network/haproxy/autobuild/overrides/etc/haproxy/haproxy.cfg b/extra-network/haproxy/autobuild/overrides/etc/haproxy/haproxy.cfg index 638dbba5203..a6f8a9cf758 100644 --- a/extra-network/haproxy/autobuild/overrides/etc/haproxy/haproxy.cfg +++ b/extra-network/haproxy/autobuild/overrides/etc/haproxy/haproxy.cfg @@ -1,49 +1,34 @@ -#--------------------------------------------------------------------- -# Example configuration. See the full configuration manual online. -# -# http://www.haproxy.org/download/1.6/doc/configuration.txt -# -#--------------------------------------------------------------------- - global - maxconn 20000 - log 127.0.0.1 local0 - user haproxy - chroot /usr/share/haproxy - pidfile /run/haproxy.pid - daemon - -frontend main - bind :5000 - mode http - log global - option httplog - option dontlognull - option http_proxy - option forwardfor except 127.0.0.0/8 - maxconn 8000 - timeout client 30s - - acl url_static path_beg -i /static /images /javascript /stylesheets - acl url_static path_end -i .jpg .gif .png .css .js + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners + stats timeout 30s + user haproxy + group haproxy + daemon - use_backend static if url_static - default_backend app + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private -backend static - mode http - balance roundrobin - timeout connect 5s - timeout server 5s - server static 127.0.0.1:4331 check + # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate + ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets -backend app - mode http - balance roundrobin - timeout connect 5s - timeout server 30s - timeout queue 30s - server app1 127.0.0.1:5001 check - server app2 127.0.0.1:5002 check - server app3 127.0.0.1:5003 check - server app4 127.0.0.1:5004 check +defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http diff --git a/extra-network/haproxy/spec b/extra-network/haproxy/spec index 78164db64bf..de3caac564a 100644 --- a/extra-network/haproxy/spec +++ b/extra-network/haproxy/spec @@ -1,3 +1,3 @@ -VER=2.0.17 -SRCTBL="https://www.haproxy.org/download/${VER%.*}/src/haproxy-$VER.tar.gz" -CHKSUM="sha256::e7e2d14a75cbe65f1ab8f7dad092b1ffae36a82436c55accd27530258fe4b194" +VER=2.2.10 +SRCS="tbl::https://www.haproxy.org/download/${VER%.*}/src/haproxy-$VER.tar.gz" +CHKSUMS="sha256::a027e9cd8f703ba48dc193f5ae34d9aa152221f67ab58a4e939c96b9f4edd3bc"