Making changes to haproxy package; how do I make them available to everyone?
-
We did try 1.4.16 but there was something about it that didn't work correctly with RPC/MAPI (we're load balancing Exchange 2010). Whatever it was, it worked when we used 1.4.18 without any changes to the config.
-
ok, I will build it from ports.
-
Okay, I've created the github repo:
https://github.com/briantist/pfSense-PackagesPlease let me know if I've done something wrong with it or whatever. What should I do next? I see a pull request option in my repo, but when I click it I don't really understand what it's asking.
-
Using the gui, browse https://github.com/bsdperimeter/pfsense-packages and find file you want to change, click edit this file.
After this, github will clone pfsense-package and allow you edit the file and pull file change request.
-
Using the gui, browse https://github.com/bsdperimeter/pfsense-packages and find file you want to change, click edit this file.
After this, github will clone pfsense-package and allow you edit the file and pull file change request.
When you say "the gui" do you just mean to browse that URL in a browser? When I go to one of the file that way, there is a button that says "fork and edit". Is that the one to click? Do I have to do this to every file individually?
Again, sorry for being so green. I really appreciate your patience.
-
yes, press fork and edit.
this way you get a clone from pfsense-packages.Then you choose between edit each file individually or apply via git on your clone and then pull all file changes in a single request.
-
Okay, I think I'm almost there:
https://github.com/briantist/pfsense-packages-1I used to git to put all the changes up to this repo at once. I started to do the pull request but I got scared when it said that I was asking bsdperimeter to pull in 333 commits, most of which looked like they were from other people, so I thought maybe I was doing something wrong.
-
try to edit each file and see what happens.
-
Should I be editing it on my fork, or in the main repo?
-
choose file on main repo. then fork and edit
-
Okay I did it all one file at a time. There should be 6 new pull requests. I can't add the i386 folder under the binaries7 folder, nor the i386 and amd64 folders underneath binaries8 but they will need to be there.
If there's anything else I need to do please let me know. Thanks so much!
-
test compiled version
i386
http://e-sac.siteseguro.ws/pfsense/8/All/haproxy-1.4.16.tbzamd64
http://e-sac.siteseguro.ws/pfsense/8/amd64/All/haproxy-1.4.16.tbz -
Version should be 1.4.18.. any reason why it can't be? As I said we tried 1.4.16 before, even tried it on a linux VM to see it was something platform specific.
-
This is the freebsd ports version. not so easy to compile and build a package without ports. :-\
did you tried package modifications with haproxy devel version 1.5?
-
I've changed ports info to compile 1.4.18
amd64
http://e-sac.siteseguro.ws/pfsense/8/amd64/All/haproxy-1.4.18.tbzi386
http://e-sac.siteseguro.ws/pfsense/8/All/haproxy-1.4.18.tbz -
I was going to say, I had no problem compiling 1.4.18, but you've already completed it. That's great. Is there anything else I need to do?
-
Install package 0.3 on a pfsense other then your production server and test it.
I'll check here too.
When all tests are done, I'll change version to 1.0 release.
-
We did try 1.4.16 but there was something about it that didn't work correctly with RPC/MAPI (we're load balancing Exchange 2010). Whatever it was, it worked when we used 1.4.18 without any changes to the config.
The RPC/MAPI you use with 1.4.18 is for owa or all exchange services? Can I replace Micro$oft NLB with haproxy?
It could be very usefull to me. Exchange NLB freaks out my network everytime I enable it.
-
All exchange services. We are using this for that on RPC/MAPI, OWA/EWS (both the HTTPS access and the HTTP listener which redirects to HTTPS), IMAP, POP3, SMTP (both internal and external).
I and a few co-workers have been eating our own dog food by running our own Outlook clients through our pfSense HAProxy setup for the better part of a month now and it's working great.
About 50% of our desktops are Mac and are running Outlook 2011, which uses EWS for all of its mail access, and in my limited testing so far it seems to work well that way too.
NLB is pretty crappy, so yeah we're definitely looking forward to replacing it. Once this package goes live, we're going to be doing some strict penetration testing since our pfSense cluster straddles our internal and DMZ (so that it can deal with external SMTP), and then we're going to get the rest of our group and department on it before rolling it out for the whole organization.
Once I get it all set I'll write up a post about it.
I'm doing some limited testing here at home of 0.3 version. Tomorrow when I get into work I will load it on there and try it out (it's not production yet, just the few people including myself who are using it live for ourselves) and I'll report back.
-
All exchange services. We are using this for that on RPC/MAPI, OWA/EWS
Great I`ll test too, any specific balance option to do this?
Once this package goes live, we're going to be doing some strict penetration testing since our pfSense cluster straddles our internal and DMZ (so that it can deal with external SMTP)
Try postfix forwarder package, it works really nice together with exchange. it keeps out more then 80% misconfigured/fake spam servers and protects your exchange servers from internet.
