Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    200$ - Update haproxy to 1.5-dev17

    Scheduled Pinned Locked Moved Bounties
    15 Posts 8 Posters 10.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhatz
      last edited by

      Apparently there is a FreeBSD port of -dev17:

      https://www.freshports.org/net/haproxy-devel/

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @dhatz:

        Apparently there is a FreeBSD port of -dev17:

        Yes, I've compiled it and I'm testing it and it's new options on pfsense.

        haproxy_15.png_thumb
        haproxy_15.png

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          service is up and running…

          Next step: test if it really works...

          [2.0.1-RELEASE]: haproxy -v
          HA-Proxy version 1.5-dev17 2012/12/28
          Copyright 2000-2012 Willy Tarreau w@1wt.eu[2.0.1-RELEASE]: ps ax | grep -i haproxy
          28894  ??  Ss     0:00.00 /usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D
          29008  ??  Ss     0:00.00 /usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D
          29045  ??  Ss     0:00.00 /usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D
          29138  ??  Ss     0:00.00 /usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D
          45745   0  S+     0:00.00 grep -i haproxy/w@1wt.eu

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • D
            dexcs
            last edited by

            Wow, that was fast!

            Please ping me on (mynick)@jabber.ccc.de any we will do the payment….

            One question: How can i install the package? Via package manager?

            Max

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              @dexcs:

              One question: How can i install the package? Via package manager?

              yes, just wainting package compilation by core team, the gui is already pushed

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • D
                dexcs
                last edited by

                This on is done. Thanks for the great work!

                1 Reply Last reply Reply Quote 0
                • M
                  macdabby
                  last edited by

                  Hi, I am also interested in running this version of ha proxy - are you going to share the instructions? i'm happy to donate :)

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    I'll send instructions for pfSense 2.0 via personal message.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • H
                      HarvUK
                      last edited by

                      I'm curious.. can you enter multiple one SSL cert for each listener?

                      This looks like it might solve our SNI issues.

                      Do you know if this will get pushed as an official package any time soon, or do I need to ask you very nicely and buy you a beer for the instructions ;)

                      Many thanks,

                      Harv

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        @HarvUK:

                        Do you know if this will get pushed as an official package any time soon, or do I need to ask you very nicely and buy you a beer for the instructions ;)

                        It will not be on 2.0 but in 2.1.

                        I can push here instructions and then you decide about donating.

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • P
                          PiBa
                          last edited by

                          Hey guys,

                          I am and have been for little more then a month been improving the haproxy-devel package for pfSense.

                          @ HarvUK
                          It is possible to create multiple frontends and configure them to be 'shared', and assign a certificate to each one of them. This will allow to have multiple https sites behind 1 IP. (You can either go for SNI, or SSLoffloading for that).

                          @ a n y o n e
                          Currently also 1.5-dev18 is online, and in progress to compile against OpenSSL 1.0.1 which is possible (but still trying to figure out how to put in the package.xml for the automatic builds..) to allow for using 'SPDY' though i wont add that to the GUI, it could then be configured in the 'advanced' option text fields..

                          For questions, other usefull improvements, or bugs, or just things that are 'illogical' send me a PM, or contact me PiBa-NL on IRC ##pfsense.

                          Also for pfSense2.0,
                          Its actually possible to install the package there if you 'must'.. But its unsupported in every way, and not available in the package manager.. And not 'allowed' into the main pfSense package tree. https://raw.github.com/PiBa-NL/pfsense-packages/3c1278fbdecdc07108124b17de943c55589075a6/config/haproxy-devel/haproxy-devel_install_on_pfs_2_0.php and requires you to place and call the php file 'manually'.. Also for latest release OpenSSL needs to be installed from the console. "pkg_add -r openssl"..  This because 2.0 is a 'release' version, and it is illogical to run a 'development' software/package on it while version 2.1 of pfSense is also nearing 'release' status and as such is also stable enough for people who wish to experiment..

                          greets PiBa-NL

                          1 Reply Last reply Reply Quote 0
                          • J
                            josh4trunks
                            last edited by

                            This is awesome, I'm currenly using HAProxy 1.5 in a jail on my PfSense box for SSL Termination, it works great!  But, I'll be even happier to get this in an easy to install pfsense package!

                            Here's some stuff I learned that might help others..

                            HAProxy

                            
                                    option forwardfor
                                    option http-server-close
                                    reqadd X-Forwarded-Proto:\ https
                            

                            The 'forwardfor' is because most backends don't yet support HAProxy's proxy protocol.
                            I use the 'X-Forwarded-Proto' header to see if requests are ssl in varnish / nginx.
                            The 'http-server-close' tells haproxy it needs to close the connection to the backend. this is so it resends the ip+protocol header for each request. This is better then closing the entire connection with 'httpclose' as the client may quickly request more stuff before the timeout and you won't have the overhead of stating a new connection.

                            Varnish

                            if ( !client.ip ~ haproxy )
                                            {set req.http.X-Forwarded-For = client.ip; set req.http.X-Forwarded-Proto = http;}
                            

                            This way clients can't spoof their IP, or that they are using https

                            NGINX

                            set_real_ip_from 192.168.1.1;
                            real_ip_header X-Forwarded-For;
                            http {
                                    map $http_x_forwarded_proto $server_https {
                                            default off;
                                            https on;
                            }
                            
                            ##fastcgi_params##
                            fastcgi_param HTTPS $server_https;
                            ####
                            
                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.