From 5a7459707fd2e5eb703b32fd4715b1818f9ca49e Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Mon, 13 Jun 2016 18:40:07 +0200 Subject: [PATCH 1/2] net/haproxy: use a local syslog socket, closes #18 --- net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc b/net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc index 89ed9eb15..2fb7a60cc 100644 --- a/net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc +++ b/net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc @@ -35,7 +35,7 @@ function haproxy_syslog() { $syslogconf = array(); - $syslogconf['haproxy'] = array("facility" => array('haproxy'), "remote" => "haproxy"); + $syslogconf['haproxy'] = array("facility" => array('haproxy'), "local" => "/var/run/haproxy/var/run/log"); return $syslogconf; } From 553c627c6a8a684bdd8b38497d5e46631514310e Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Mon, 13 Jun 2016 18:40:37 +0200 Subject: [PATCH 2/2] net/haproxy: change default for "chroot" to enabled --- .../mvc/app/controllers/OPNsense/HAProxy/forms/main.xml | 2 +- .../src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml | 2 +- .../opnsense/service/templates/OPNsense/HAProxy/haproxy.conf | 4 ---- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml index efb2117e8..4cfb337e2 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml @@ -28,7 +28,7 @@ haproxy.general.tuning.chroot checkbox -
NOTE: Enabling chroot will deactivate logging to localhost, because the local syslogd is running in secure mode and does not accept network connections (and it's log socket is not accessible from the chroot directory). You'll need to log to a remote host when enabling the chroot feature.
]]> + haproxy.general.tuning.nbproc diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml index 7f2e10bd6..a0bfbc908 100644 --- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml +++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml @@ -15,7 +15,7 @@ Y - 0 + 1 Y diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf index 555e688f6..184b358f3 100644 --- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf +++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf @@ -447,8 +447,6 @@ global {% endif %} gid 80 {% if OPNsense.HAProxy.general.tuning.chroot == "1" %} - # NOTE: chroot prevents (most) local logging, you need to enable remote - # logging when using it (because syslogd is running in secure mode). chroot /var/run/haproxy {% endif %} daemon @@ -477,8 +475,6 @@ global {% if OPNsense.HAProxy.general.logging.host != '127.0.0.1' %} {% do logging.append(OPNsense.HAProxy.general.logging.host) %} {% else %} -{# # NOTE: syslogd is running is secure mode and thus does not accept network #} -{# # connections. That's why we need to use the log socket instead. #} {% do logging.append('/var/run/log') %} {% endif %} {% do logging.append('len ' ~ OPNsense.HAProxy.general.logging.length) if OPNsense.HAProxy.general.logging.length|default("") != "" %}