diff --git a/.haproxy.metadata b/.haproxy.metadata new file mode 100644 index 0000000..7789a6c --- /dev/null +++ b/.haproxy.metadata @@ -0,0 +1 @@ +0c5104d029d8d58d39b0d94179edd84c661306d1 SOURCES/haproxy-1.4.24.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/haproxy.cfg b/SOURCES/haproxy.cfg new file mode 100644 index 0000000..324ad5e --- /dev/null +++ b/SOURCES/haproxy.cfg @@ -0,0 +1,86 @@ +#--------------------------------------------------------------------- +# Example configuration for a possible web application. See the +# full configuration options online. +# +# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt +# +#--------------------------------------------------------------------- + +#--------------------------------------------------------------------- +# Global settings +#--------------------------------------------------------------------- +global + # to have these messages end up in /var/log/haproxy.log you will + # need to: + # + # 1) configure syslog to accept network log events. This is done + # by adding the '-r' option to the SYSLOGD_OPTIONS in + # /etc/sysconfig/syslog + # + # 2) configure local2 events to go to the /var/log/haproxy.log + # file. A line like the following can be added to + # /etc/sysconfig/syslog + # + # local2.* /var/log/haproxy.log + # + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user haproxy + group haproxy + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- +defaults + mode http + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +#--------------------------------------------------------------------- +# main frontend which proxys to the backends +#--------------------------------------------------------------------- +frontend main *:5000 + acl url_static path_beg -i /static /images /javascript /stylesheets + acl url_static path_end -i .jpg .gif .png .css .js + + use_backend static if url_static + default_backend app + +#--------------------------------------------------------------------- +# static backend for serving up images, stylesheets and such +#--------------------------------------------------------------------- +backend static + balance roundrobin + server static 127.0.0.1:4331 check + +#--------------------------------------------------------------------- +# round robin balancing between the various backends +#--------------------------------------------------------------------- +backend app + balance roundrobin + server app1 127.0.0.1:5001 check + server app2 127.0.0.1:5002 check + server app3 127.0.0.1:5003 check + server app4 127.0.0.1:5004 check + diff --git a/SOURCES/haproxy.logrotate b/SOURCES/haproxy.logrotate new file mode 100644 index 0000000..96544e0 --- /dev/null +++ b/SOURCES/haproxy.logrotate @@ -0,0 +1,12 @@ +/var/log/haproxy.log { + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true + /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true + endscript +} diff --git a/SOURCES/haproxy.service b/SOURCES/haproxy.service new file mode 100644 index 0000000..4414d77 --- /dev/null +++ b/SOURCES/haproxy.service @@ -0,0 +1,13 @@ +[Unit] +Description=HAProxy For TCP And HTTP Based Applications +After=syslog.target network.target + +[Service] +Type=forking +PIDFile=/run/haproxy.pid +ExecStartPre=/usr/sbin/haproxy -c -q -f /etc/haproxy/haproxy.cfg +ExecStart=/usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid +ExecReload=/bin/bash -c "exec /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -sf $MAINPID" + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec new file mode 100644 index 0000000..f9912a6 --- /dev/null +++ b/SPECS/haproxy.spec @@ -0,0 +1,297 @@ +%define haproxy_user haproxy +%define haproxy_group %{haproxy_user} +%define haproxy_home %{_localstatedir}/lib/haproxy +%define haproxy_confdir %{_sysconfdir}/haproxy +%define haproxy_datadir %{_datadir}/haproxy + +%global _hardened_build 1 + +Name: haproxy +Version: 1.4.24 +Release: 1%{?dist} +Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments + +Group: System Environment/Daemons +License: GPLv2+ + +URL: http://haproxy.1wt.eu/ +Source0: http://haproxy.1wt.eu/download/1.4/src/haproxy-%{version}.tar.gz +Source1: %{name}.service +Source2: %{name}.cfg +Source3: %{name}.logrotate + +BuildRequires: pcre-devel +BuildRequires: systemd-units + + +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high +availability environments. Indeed, it can: +- route HTTP requests depending on statically assigned cookies +- spread the load among several servers while assuring server persistence + through the use of HTTP cookies +- switch to backup servers in the event a main one fails +- accept connections to special ports dedicated to service monitoring +- stop accepting connections without breaking existing ones +- add/modify/delete HTTP headers both ways +- block requests matching a particular pattern + + +%prep +%setup -q + + +%build +# No configure script is present, it is all done via make flags +# Kernels of Fedora 11 and up and EL 6 and up are newer than 2.6.28, +# so using linux2628 as target. + +# Recommended optimization option for x86 builds +regparm_opts= +%ifarch %ix86 x86_64 +regparm_opts="USE_REGPARM=1" +%endif + +make %{?_smp_mflags} CPU="generic" TARGET="linux2628" USE_PCRE=1 ${regparm_opts} ADDINC="%{optflags}" USE_LINUX_TPROXY=1 ADDLIB="%{__global_ldflags}" + +# build the halog contrib program. +pushd contrib/halog +make ${halog} OPTIMIZE="%{optflags}" +popd + +%install +make install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} +make install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} + +%{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service +%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg +%{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +%{__install} -d -m 0755 %{buildroot}%{haproxy_home} +%{__install} -d -m 0755 %{buildroot}%{haproxy_datadir} +%{__install} -d -m 0755 %{buildroot}%{_bindir} +%{__install} -p -m 0755 ./contrib/halog/halog %{buildroot}%{_bindir}/halog + +for httpfile in $(find ./examples/errorfiles/ -type f) +do + %{__install} -p -m 0644 $httpfile %{buildroot}%{haproxy_datadir} +done + +# convert all text files to utf8 +for textfile in $(find ./ -type f -name '*.txt') +do + mv $textfile $textfile.old + iconv --from-code ISO8859-1 --to-code UTF-8 --output $textfile $textfile.old + rm -f $textfile.old +done + + +%pre +getent group %{haproxy_group} >/dev/null || groupadd -r %{haproxy_group} +getent passwd %{haproxy_user} >/dev/null || \ + useradd -r -g %{haproxy_user} -d %{haproxy_home} -s /sbin/nologin \ + -c "HAProxy user" %{haproxy_user} +exit 0 + + +%post +%systemd_post %{name}.service + +%preun +%systemd_preun %{name}.service + + +%postun +%systemd_postun_with_restart %{name}.service + + +%files +%doc doc/* +%doc examples/url-switching.cfg +%doc examples/acl-content-sw.cfg +%doc examples/content-sw-sample.cfg +%doc examples/cttproxy-src.cfg +%doc examples/haproxy.cfg +%doc examples/tarpit.cfg +%doc CHANGELOG LICENSE README +%dir %{haproxy_datadir} +%{haproxy_datadir}/* +%dir %{haproxy_confdir} +%config(noreplace) %{haproxy_confdir}/%{name}.cfg +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%{_unitdir}/%{name}.service +%{_sbindir}/%{name} +%{_bindir}/halog +%{_mandir}/man1/%{name}.1.gz +%attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home} + + +%changelog +* Mon Jun 17 2013 Ryan O'Hara - 1.4.24-1 +- Update to 1.4.24 (CVE-2013-2174, #975160) + +* Tue Apr 30 2013 Ryan O'Hara - 1.4.23-3 +- Build with PIE flags (#955182) + +* Mon Apr 22 2013 Ryan O'Hara - 1.4.23-2 +- Build with PIE flags (#955182) + +* Tue Apr 02 2013 Ryan O'Hara - 1.4.23-1 +- Update to 1.4.23 (CVE-2013-1912, #947697) +- Drop supplementary groups after setuid/setgid (#894626) + +* Thu Feb 14 2013 Fedora Release Engineering - 1.4.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Oct 12 2012 Robin Lee - 1.4.22-1 +- Update to 1.4.22 (CVE-2012-2942, #824544) +- Use linux2628 build target +- No separate x86_64 build target for halog +- halog build honors rpmbuild optflags +- Specfile cleanup + +* Mon Sep 17 2012 Václav Pavlín - 1.4.20-3 +- Scriptlets replaced with new systemd macros (#850143) + +* Thu Jul 19 2012 Fedora Release Engineering - 1.4.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Apr 03 2012 Jeremy Hinegardner - 1.4.20-1 +- Update to 1.4.20 + +* Sun Feb 19 2012 Jeremy Hinegardner - 1.4.19-4 +- fix haproxy.services file + +* Sun Feb 19 2012 Jeremy Hinegardner - 1.4.19-3 +- Update to use systemd fixing bug #770305 + +* Fri Feb 10 2012 Petr Pisar - 1.4.19-2 +- Rebuild against PCRE 8.30 + +* Sun Jan 29 2012 Jeremy Hinegardner - 1.4.19-1 +- Update to 1.4.19 + +* Fri Jan 13 2012 Fedora Release Engineering - 1.4.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Sep 22 2011 Jeremy Hinegardner - 1.4.18-1 +- Update to 1.4.18 + +* Tue Apr 26 2011 Jeremy Hinegardner - 1.4.15-1 +- Update to 1.4.15 + +* Sun Feb 27 2011 Jeremy Hinegardner - 1.4.11-1 +- update to 1.4.11 + +* Wed Feb 09 2011 Fedora Release Engineering - 1.4.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Dec 12 2010 Jeremy Hinegardner - 1.4.9-1 +- update to 1.4.9 + +* Sun Jun 20 2010 Jeremy Hinegardner - 1.4.8-1 +- update to 1.4.8 + +* Sun May 30 2010 Jeremy Hinegardner - 1.4.6-1 +- update to 1.4.6 + +* Thu Feb 18 2010 Jeremy Hinegardner - 1.3.23-1 +- update to 1.3.23 + +* Sat Oct 17 2009 Jeremy Hinegardner - 1.3.22-1 +- update to 1.3.22 +- added logrotate configuration + +* Mon Oct 12 2009 Jeremy Hinegardner - 1.3.21-1 +- update to 1.3.21 + +* Sun Oct 11 2009 Jeremy Hinegardner - 1.3.20-1 +- update to 1.3.20 + +* Sun Aug 02 2009 Jeremy Hinegardner - 1.3.19-1 +- update to 1.3.19 + +* Fri Jul 24 2009 Fedora Release Engineering - 1.3.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sun May 17 2009 Jeremy Hinegardner - 1.3.18-1 +- update to 1.3.18 + +* Sat Apr 11 2009 Jeremy Hinegardner - 1.3.17-1 +- Update to 1.3.17 + +* Tue Feb 24 2009 Fedora Release Engineering - 1.3.15.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Dec 30 2008 Jeremy Hinegardner - 1.3.15.7-1 +- update to 1.3.15.7 +- remove upstream patches, they are now part of source distribution + +* Sat Nov 22 2008 Jeremy Hinegardner - 1.3.15.6-2 +- apply upstream patches + +* Sat Nov 15 2008 Jeremy Hinegardner - 1.3.15.6-1 +- update to 1.3.15.6 +- use new build targets from upstream +- add in recommended build options for x86 from upstream + +* Sat Jun 28 2008 Jeremy Hinegardner - 1.3.14.6-1 +- update to 1.3.14.6 +- remove gcc 4.3 patch, it has been applied upstream +- remove MIT license as that code has been removed from upstream + +* Mon Apr 14 2008 Jeremy Hinegardner - 1.3.14.4-1 +- update to 1.3.14.4 + +* Sun Mar 16 2008 Jeremy Hinegardner - 1.3.14.3-1 +- update to 1.3.14.3 + +* Sat Mar 01 2008 Jeremy Hinegardner - 1.3.14.2-4 +- apply the gcc 4.3 patch to the build process + +* Sat Mar 01 2008 Jeremy Hinegardner - 1.3.14.2-3 +- fix gcc 4.3 bug [#434144] +- update init script to properly reload configuration + +* Tue Feb 19 2008 Fedora Release Engineering - 1.3.14.2-2 +- Autorebuild for GCC 4.3 + +* Sun Jan 20 2008 Jeremy Hinegardner - 1.3.14.2-1 +- update to 1.3.14.2 +- update make flags that changed with this upstream release +- added man page installation + +* Sun Dec 16 2007 Jeremy Hinegardner - 1.3.14-1 +- update to 1.3.14 + +* Mon Nov 05 2007 Jeremy Hinegardner - 1.3.12.4-1 +- update to 1.3.12.4 + +* Thu Nov 01 2007 Jeremy Hinegardner - 1.3.12.3-1 +- update to 1.3.12.3 + +* Fri Sep 21 2007 Jeremy Hinegardner - 1.3.12.2-3 +- fix init script 'reload' task + +* Thu Sep 20 2007 Jeremy Hinegardner - 1.3.12.2-2 +- update License field + +* Thu Sep 20 2007 Jeremy Hinegardner - 1.3.12.2-1 +- update to 1.3.12.2 +- remove the upstream patch + +* Tue Sep 18 2007 Jeremy Hinegardner - 1.3.12.1-1 +- switch to 1.3.12.1 branch +- add patch from upstream with O'Reilly licensing updates. +- convert ISO-8859-1 doc files to UTF-8 + +* Sat Mar 24 2007 Jeremy Hinegardner - 1.2.17-2 +- addition of haproxy user +- add license information + +* Fri Mar 23 2007 Jeremy Hinegardner - 1.2.17-1 +- initial packaging