Add Debian packaging

This commit is contained in:
Tristan 2022-06-07 07:14:34 +01:00
parent b96c915703
commit 273565f77a
No known key found for this signature in database
GPG Key ID: BDDFC4A0651ACDE4
30 changed files with 3956 additions and 35 deletions

7
.gitignore vendored
View File

@ -1,3 +1,10 @@
**/dist
**/src
**/*.build
**/*.dsc
**/*.tar.gz
**/*.xz
# deb build artifacts
haproxy/haproxy_*~*
haproxy/haproxy-dbg*_*~*

View File

@ -159,3 +159,20 @@ pkg:haproxy:
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/$PKG_VER/haproxy.tar.gz"
variables:
GIT_STRATEGY: none
deb:haproxy:
<<: *build-job
stage: build
script:
- apt install -y --no-install-recommends -qq bzip2 devscripts debhelper git pkg-config
- mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz
- mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz
- mkdir deps/quictls/dist && tar -C deps/quictls/dist -xf deps/quictls/quictls-dist.tar.gz
- make -C haproxy
needs:
- job: lua
artifacts: true
- job: pcre2
artifacts: true
- job: quictls
artifacts: true

View File

@ -114,6 +114,15 @@ Then we want HAProxy to not use the system's OpenSSL but rather our QuicTLS
build, which
it will look for at the `/opt/quictls` prefix.
## About Debian packaging
The content of [haproxy/debian](haproxy/debian) is a slightly modified version
of the Debian HAProxy Team's work and essentially all credits wrt that is due to
them.
It is sourced
from [haproxy-team/haproxy:experimental-2.6](https://salsa.debian.org/haproxy-team/haproxy/-/tree/experimental-2.6)
## Notes
Since we're building our own binaries, we also increase MAX_SESS_STKCTR to 5

View File

@ -1,43 +1,44 @@
HAPROXY_VERSION = 2.6.0
HAPROXY_VERSION_TAG = v$(HAPROXY_VERSION)
HAPROXY_VERSION_MINOR = $(shell echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2)
HAPROXY_SOURCES = https://git.haproxy.org/?p=haproxy-$(HAPROXY_VERSION_MINOR).git;a=snapshot;h=$(HAPROXY_VERSION_TAG);sf=tgz
HAPROXY_SOURCES = https://www.haproxy.org/download/$(HAPROXY_VERSION_MINOR)/src/haproxy-$(HAPROXY_VERSION).tar.gz
HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION).tar.gz
HAPROXY_DEBORIG = haproxy_$(HAPROXY_VERSION).orig.tar.gz
HAPROXY_BUILDIR = src
HAPROXY_DESTDIR = dist
HAPROXY_DESTDIR_ABS = $(shell realpath $(HAPROXY_DESTDIR))
HAPROXY_ARCHIVE = haproxy-dist.tar.gz
DEP_ROOT_LUA = ../deps/lua
DEP_ROOT_PCRE2 = ../deps/pcre2
DEP_ROOT_QUICTLS = ../deps/quictls
DEP_DIST_ROOT_LUA = $(shell realpath ../deps/lua/dist)
DEP_DIST_ROOT_PCRE2 = $(shell realpath ../deps/pcre2/dist)
DEP_DIST_ROOT_QUICTLS = $(shell realpath ../deps/quictls/dist)
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
HAPROXY_MAKE_ARGS := DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
MAKEARGS = DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
DEFINE="-DMAX_SESS_STKCTR=5" \
IGNOREGIT=true \
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
TARGET="linux-glibc" \
EXTRAVERSION="+mangadex/$(BUILD_VERSION_REPOSHA)" \
VERDATE="$$(date -u -I'minutes')" \
VERDATE="$(shell date -u -I'minutes')" \
USE_DL=1 \
USE_GETADDRINFO=1 \
USE_LINUX_TPROXY=1 \
USE_LUA=1 \
LUA_INC="../$(DEP_ROOT_LUA)/dist/include" \
LUA_LIB="../$(DEP_ROOT_LUA)/dist/lib" \
LUA_INC="$(DEP_DIST_ROOT_LUA)/include" \
LUA_LIB="$(DEP_DIST_ROOT_LUA)/lib" \
LUA_LIB_NAME="lua" \
USE_OPENSSL=1 \
SSL_INC="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/include" \
SSL_LIB="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/lib" \
SSL_INC="$(DEP_DIST_ROOT_QUICTLS)/opt/quictls/include" \
SSL_LIB="$(DEP_DIST_ROOT_QUICTLS)/opt/quictls/lib" \
ADDINC="-lcrypt" \
USE_PCRE2=1 \
USE_PCRE2_JIT=1 \
USE_STATIC_PCRE2=1 \
PCRE2_INC="../$(DEP_ROOT_PCRE2)/dist/include" \
PCRE2_LIB="../$(DEP_ROOT_PCRE2)/dist/lib64" \
PCRE2_CONFIG="../$(DEP_ROOT_PCRE2)/dist/bin/pcre2-config" \
PCRE2_INC="$(DEP_DIST_ROOT_PCRE2)/include" \
PCRE2_LIB="$(DEP_DIST_ROOT_PCRE2)/lib64" \
PCRE2_CONFIG="$(DEP_DIST_ROOT_PCRE2)/bin/pcre2-config" \
USE_PROMEX=1 \
USE_QUIC=1 \
USE_SLZ=1 \
@ -47,6 +48,7 @@ HAPROXY_MAKE_ARGS := DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
all: dist-bin
dist-bin: build $(HAPROXY_DESTDIR) $(HAPROXY_ARCHIVE)
dist-deb: build-deb
$(HAPROXY_TARBALL):
curl -sfS -o "$(HAPROXY_TARBALL)" "$(HAPROXY_SOURCES)"
@ -56,8 +58,8 @@ $(HAPROXY_BUILDIR): $(HAPROXY_TARBALL)
tar -C "$(HAPROXY_BUILDIR)" --strip-components=1 -xf "$(HAPROXY_TARBALL)"
build: $(HAPROXY_BUILDIR)
$(MAKE) -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS) opts
$(MAKE) -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS)
$(MAKE) -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(MAKEARGS) opts
$(MAKE) -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(MAKEARGS)
$(HAPROXY_DESTDIR):
@if ! [ -d "$(HAPROXY_DESTDIR)" ]; then mkdir -v "$(HAPROXY_DESTDIR)"; fi
@ -66,10 +68,20 @@ $(HAPROXY_DESTDIR):
$(HAPROXY_ARCHIVE): $(HAPROXY_DESTDIR)
tar -C "$(HAPROXY_DESTDIR)" -cjf "$(HAPROXY_ARCHIVE)" "usr"
$(HAPROXY_DEBORIG): $(HAPROXY_TARBALL)
cp -fv "$(HAPROXY_TARBALL)" "$(HAPROXY_DEBORIG)"
build-deb: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR)
cp -rf debian $(HAPROXY_BUILDIR)/
cd $(HAPROXY_BUILDIR) && debuild -us -uc
clean:
rm -fv "$(HAPROXY_TARBALL)"
rm -rf "$(HAPROXY_DEBORIG)"
rm -rf "$(HAPROXY_BUILDIR)"
rm -rf "$(HAPROXY_DESTDIR)"
rm -fv "$(HAPROXY_ARCHIVE)"
rm -fv "haproxy_$(HAPROXY_VERSION)"*
rm -fv "haproxy-dbgsym_$(HAPROXY_VERSION)"*
.PHONY: clean build

35
haproxy/debian/NEWS Normal file
View File

@ -0,0 +1,35 @@
haproxy (1.8.0-1) experimental; urgency=medium
In order to upgrade to the HAProxy 1.8 new process model, a full service
restart will be performed automatically on upgrade from pre-1.8 versions
when running under systemd. This incurs (minimal) service downtime and
will only be performed once; future upgrades will reload haproxy seamlessly.
-- Apollon Oikonomopoulos <apoikos@debian.org> Tue, 28 Nov 2017 23:44:01 +0200
haproxy (1.4.23-1) unstable; urgency=low
As of 1.4.23-1, the Debian package ships an rsyslog snippet to allow logging
via /dev/log from chrooted HAProxy processes. If you are using rsyslog, you
should restart rsyslog after installing this package to enable HAProxy to log
via rsyslog. See /usr/share/doc/haproxy/README.Debian for more details.
Also note that as of 1.4.23-1, chrooting the HAProxy process is enabled in the
default Debian configuration.
-- Apollon Oikonomopoulos <apoikos@gmail.com> Thu, 25 Apr 2013 23:26:35 +0300
haproxy (1.4.13-1) unstable; urgency=low
Maintainer of this package has changed.
-- Christo Buschek <crito@30loops.net> Mon, 10 Mar 2011 22:07:10 +0100
haproxy (1.3.14.2-1) unstable; urgency=low
Configuration has moved to /etc/haproxy/haproxy.cfg. This allows to add the
configurable /etc/haproxy/errors directory.
The haproxy binary was also moved to /usr/sbin rather than /usr/bin, update
your init script or reinstall the one provided with the package.
-- Arnaud Cornet <acornet@debian.org> Mon, 21 Jan 2008 23:38:15 +0100

2355
haproxy/debian/changelog Normal file

File diff suppressed because it is too large Load Diff

25
haproxy/debian/control Normal file
View File

@ -0,0 +1,25 @@
Source: haproxy
Section: net
Priority: optional
Maintainer: MangaDex <opensource@mangadex.org>
Uploaders: Tristan <tristan@mangadex.org>
Standards-Version: 4.4.1
Build-Depends: debhelper-compat (= 12),
libsystemd-dev [linux-any],
pkg-config
Homepage: http://www.haproxy.org/
Vcs-Git: https://gitlab.com/mangadex-pub/haproxy.git
Vcs-Browser: https://gitlab.com/mangadex-pub/haproxy
Package: haproxy
Architecture: any
Depends: ${perl:Depends}, ${shlibs:Depends}, ${misc:Depends}, adduser, lsb-base (>= 3.0-6)
Pre-Depends: dpkg (>= 1.17.14), ${misc:Pre-Depends}
Description: fast and reliable load balancing reverse proxy
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. It features connection persistence through HTTP
cookies, load balancing, header addition, modification, deletion both ways. It
has request blocking capabilities and provides interface to display server
status.
This package specifically adds the QuicTLS fork of OpenSSL and enables QUIC
frontend support in HAProxy

941
haproxy/debian/copyright Normal file
View File

@ -0,0 +1,941 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: haproxy
Upstream-Contact: Willy Tarreau <w@1wt.eu>
Source: http://www.haproxy.org/
Files: *
Copyright: Copyright 2000-2021 Willy Tarreau <w@1wt.eu>.
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: .github/matrix.py
Copyright: 2020, Tim Duesterhus <tim@bastelstu.be>
2019, Ilya Shipitsin <chipitsine@gmail.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: addons/51degrees/dummy/*
Copyright: 51Degrees Mobile Experts Limited. / 2019, 51Degrees Mobile Experts Limited, 5 Charlotte Close
License: MPL-2.0
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: addons/ot/*
Copyright: 2017, 2020, HAProxy Technologies
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: addons/promex/service-prometheus.c
Copyright: 2018, 2019, Christopher Faulet <cfaulet@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: addons/wurfl/dummy/*
Copyright: ScientiaMobile, Inc.
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: addons/wurfl/dummy/Makefile
Copyright: Copyright 2000-2021 Willy Tarreau <w@1wt.eu>.
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: admin/halog/fgets2.c
Copyright: 2000-2012, Willy Tarreau <w@1wt.eu>
License: LGPL-2.1
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: admin/halog/halog.c
Copyright: 2000-2020, Willy Tarreau <w@1wt.eu>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: admin/iprange/*
Copyright: 2000-2021, Willy Tarreau <w@1wt.eu>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: admin/netsnmp-perl/*
Copyright: 2007-2010, Krzysztof Piotr Oledzki <ole@ans.pl>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: admin/release-estimator/release-estimator.py
Copyright: 2020, HAProxy Technologies, Daniel Corbett <dcorbett@haproxy.com>
License: GPL-3+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: admin/wireshark-dissectors/peers/packet-happp.c
Copyright: 2016, Frédéric Lécaille <flecaille@haproxy.com>
1998, Gerald Combs
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: debian/*
Copyright: Copyright (C) 2007-2011, Arnaud Cornet <acornet@debian.org>
Copyright (C) 2011, Christo Buschek <crito@30loops.net>
Copyright (C) 2013, Prach Pongpanich <prachpub@gmail.com>
Copyright (C) 2013-2016, Apollon Oikonomopoulos <apoikos@debian.org>
Copyright (C) 2013-2016, Vincent Bernat <bernat@debian.org>
License: GPL-2
Files: debian/dconv/*
Copyright: 2012, Cyril Bonté
License: Apache-2.0
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: debian/dconv/js/*
Copyright: 2013-2015, Twitter, Inc. and other contributors; Licensed MIT
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: debian/dconv/js/typeahead.bundle.js
Copyright: Copyright 2013-2015 Twitter, Inc. and other contributors
License: Expat
Files: dev/base64/*
Copyright: 2009, 2010, Krzysztof Piotr Oledzki <ole@ans.pl>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: dev/tcploop/tcploop.c
Copyright: 2012-2017, Willy Tarreau <w@1wt.eu>
License: Expat
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: include/*
Copyright: 2000-2020, Willy Tarreau - w@1wt.eu
License: LGPL-2.1
Files: include/haproxy/api-t.h
include/haproxy/api.h
include/haproxy/buf-t.h
include/haproxy/buf.h
include/haproxy/bug.h
include/haproxy/initcall.h
include/haproxy/istbuf.h
Copyright: 2000-2020, Willy Tarreau - w@1wt.eu
License: Expat
Files: include/haproxy/arg-t.h
include/haproxy/arg.h
include/haproxy/protobuf-t.h
include/haproxy/protobuf.h
Copyright: 2012, Willy Tarreau <w@1wt.eu>
License: LGPL-2.1
Files: include/haproxy/atomic.h
include/haproxy/thread-t.h
include/haproxy/thread.h
Copyright: 2020, Willy Tarreau - w@1wt.eu
2017, Christopher Faulet - cfaulet@haproxy.com
License: LGPL-2.1
Files: include/haproxy/auth-t.h
include/haproxy/auth.h
Copyright: 2009, 2010, Krzysztof Piotr Oledzki <ole@ans.pl>
License: GPL-2+
Files: include/haproxy/base64.h
include/haproxy/signal-t.h
include/haproxy/signal.h
include/haproxy/uri_auth-t.h
include/haproxy/uri_auth.h
Copyright: 2000-2020, Willy Tarreau <w@1wt.eu>
License: GPL-2+
Files: include/haproxy/check-t.h
Copyright: 2008, 2009, Krzysztof Piotr Oledzki <ole@ans.pl>
2000-2020, Willy Tarreau - w@1wt.eu
License: GPL-2+
Files: include/haproxy/compression-t.h
Copyright: 2012, Exceliance, David Du Colombier <dducolombier@exceliance.fr>
License: LGPL-2.1
Files: include/haproxy/compression.h
Copyright: 2012, (C) Exceliance, David Du Colombier <dducolombier@exceliance.fr>
License: LGPL-2.1
Files: include/haproxy/counters-t.h
Copyright: 2011-2014, Willy Tarreau <w@1wt.eu>
2008, 2009, Krzysztof Piotr Oledzki <ole@ans.pl>
License: LGPL-2.1
Files: include/haproxy/dgram-t.h
include/haproxy/dgram.h
include/haproxy/dns-t.h
include/haproxy/fix-t.h
include/haproxy/fix.h
include/haproxy/mqtt-t.h
include/haproxy/mqtt.h
include/haproxy/resolvers-t.h
include/haproxy/resolvers.h
Copyright: 2014, 2020, Baptiste Assmann <bedis9@gmail.com>
License: LGPL-2.1
Files: include/haproxy/dict-t.h
include/haproxy/dict.h
Copyright: 2019, Frédéric Lécaille <flecaille@haproxy.com>
License: Expat
Files: include/haproxy/dns.h
Copyright: 2020, HAProxy Technologies
License: LGPL-2.1
Files: include/haproxy/extcheck.h
Copyright: 2014, Horms Solutions Ltd, Simon Horman <horms@verge.net.au>
2000-2009, 2020, Willy Tarreau <w@1wt.eu>
License: LGPL-2.1
Files: include/haproxy/fcgi-app-t.h
include/haproxy/fcgi-app.h
include/haproxy/fcgi.h
include/haproxy/h1_htx.h
include/haproxy/http_htx-t.h
include/haproxy/http_htx.h
include/haproxy/htx-t.h
include/haproxy/htx.h
include/haproxy/spoe-t.h
include/haproxy/spoe.h
Copyright: 2017-2019, HAProxy Technologies, Christopher Faulet <cfaulet@haproxy.com>
License: LGPL-2.1
Files: include/haproxy/filters-t.h
include/haproxy/filters.h
include/haproxy/flt_http_comp.h
Copyright: 2015, Qualys Inc., Christopher Faulet <cfaulet@qualys.com>
License: LGPL-2.1
Files: include/haproxy/h2.h
Copyright: 2017, HAProxy Technologies
2000-2017, Willy Tarreau - w@1wt.eu
License: Expat
Files: include/haproxy/hlua-t.h
include/haproxy/hlua.h
include/haproxy/hlua_fcn.h
Copyright: 2015, 2016, Thierry Fournier <tfournier@arpalert.org>
License: LGPL-2.1
Files: include/haproxy/hpack-dec.h
include/haproxy/hpack-enc.h
include/haproxy/hpack-huff.h
include/haproxy/hpack-tbl-t.h
include/haproxy/hpack-tbl.h
include/haproxy/http-hdr-t.h
include/haproxy/http-hdr.h
Copyright: 2017, HAProxy Technologies
2014-2020, Willy Tarreau <willy@haproxy.org>
License: Expat
Files: include/haproxy/mailers-t.h
Copyright: 2015, Horms Solutions Ltd., Simon Horman <horms@verge.net.au>
2010, EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
License: LGPL-2.1
Files: include/haproxy/mailers.h
Copyright: 2020, Willy Tarreau <w@1wt.eu>
2015, Horms Solutions Ltd., Simon Horman <horms@verge.net.au>
2010, EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
License: LGPL-2.1
Files: include/haproxy/mworker-t.h
include/haproxy/mworker.h
Copyright: HAProxy Technologies 2019, - William Lallemand <wlallemand@haproxy.com>
License: GPL-2+
Files: include/haproxy/namespace-t.h
include/haproxy/namespace.h
Copyright: 2015-2020, Willy Tarreau
2014, Tamas Kovacs, Sarkozi Laszlo, Krisztian Kovacs
License: LGPL-2.1
Files: include/haproxy/net_helper.h
Copyright: 2017-2020, Willy Tarreau
2017, Olivier Houchard
License: Expat
Files: include/haproxy/openssl-compat.h
Copyright: Copyright 2000-2013 Willy Tarreau - w@1wt.eu
License: LGPL-2.1
Files: include/haproxy/peers-t.h
include/haproxy/peers.h
include/haproxy/ssl_sock-t.h
include/haproxy/ssl_sock.h
Copyright: 2010, 2012, EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
License: LGPL-2.1
Files: include/haproxy/proto_quic.h
include/haproxy/quic_sock.h
Copyright: 2020, Frédéric Lécaille <flecaille@haproxy.com>
License: LGPL-2.1
Files: include/haproxy/proto_sockpair.h
Copyright: HAProxy Technologies - William Lallemand <wlallemand@haproxy.com>
License: LGPL-2.1
Files: include/haproxy/proto_udp.h
include/haproxy/quic_cc-t.h
include/haproxy/quic_cc.h
include/haproxy/quic_frame-t.h
include/haproxy/quic_frame.h
include/haproxy/quic_loss-t.h
include/haproxy/quic_loss.h
include/haproxy/xprt_quic-t.h
include/haproxy/xprt_quic.h
Copyright: 2019, 2020, HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
License: LGPL-2.1
Files: include/haproxy/qpack-tbl-t.h
Copyright: 2020, HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
License: Expat
Files: include/haproxy/quic_tls-t.h
include/haproxy/quic_tls.h
Copyright: 2019, 2020, HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
License: GPL-2+
Files: include/haproxy/sample-t.h
include/haproxy/sample.h
include/haproxy/sample_data-t.h
include/haproxy/stick_table-t.h
include/haproxy/stick_table.h
Copyright: 2010, 2012, 2013, 2020, Willy Tarreau <w@1wt.eu>
2009, 2010, EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
License: LGPL-2.1
Files: include/haproxy/shctx-t.h
include/haproxy/shctx.h
Copyright: 2011, 2012, EXCELIANCE
License: GPL-2+
Files: include/haproxy/ssl_ckch-t.h
include/haproxy/ssl_ckch.h
include/haproxy/ssl_crtlist-t.h
include/haproxy/ssl_crtlist.h
Copyright: 2020, HAProxy Technologies, William Lallemand <wlallemand@haproxy.com>
License: LGPL-2.1
Files: include/haproxy/ssl_utils.h
Copyright: 2020, HAProxy Technologies, William Lallemand <wlallemand@haproxy.com>
2012, EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
License: LGPL-2.1
Files: include/haproxy/tcpcheck-t.h
Copyright: 2020, Gaetan Rivet <grive@u256.net>
2020, Christopher Faulet <cfaulet@haproxy.com>
2013, Baptiste Assmann <bedis9@gmail.com>
2007-2010, Krzysztof Piotr Oledzki <ole@ans.pl>
2000-2009, 2020, Willy Tarreau <w@1wt.eu>
License: GPL-2+
Files: include/haproxy/tcpcheck.h
Copyright: 2020, Gaetan Rivet <grive@u256.net>
2020, Christopher Faulet <cfaulet@haproxy.com>
2013, Baptiste Assmann <bedis9@gmail.com>
2007-2010, Krzysztof Piotr Oledzki <ole@ans.pl>
2000-2009, 2020, Willy Tarreau <w@1wt.eu>
License: LGPL-2.1
Files: include/haproxy/uri_normalizer-t.h
include/haproxy/uri_normalizer.h
Copyright: 2021, Tim Duesterhus <tim@bastelstu.be>
License: GPL-2+
Files: include/haproxy/vars-t.h
include/haproxy/vars.h
Copyright: 2015, Thierry FOURNIER <tfournier@arpalert.org>
License: LGPL-2.1
Files: include/haproxy/xref-t.h
include/haproxy/xref.h
Copyright: 2020, Willy Tarreau - w@1wt.eu
2017, Thierry Fournier <thierry.fournier@ozon.io>
License: Expat
Files: include/import/*
Copyright: 2002-2011, - Willy Tarreau <w@1wt.eu>
License: LGPL-2.1
Files: include/import/atomic-ops.h
Copyright: Copyright 2000-2013 Willy Tarreau - w@1wt.eu
License: LGPL-2.1
Files: include/import/eb32sctree.h
Copyright: 2002-2017, - Willy Tarreau <w@1wt.eu>
License: LGPL-2.1
Files: include/import/ist.h
Copyright: 2000-2020, Willy Tarreau - w@1wt.eu
License: Expat
Files: include/import/lru.h
include/import/plock.h
include/import/slz.h
Copyright: 2012-2017, Willy Tarreau <w@1wt.eu>
License: Expat
Files: include/import/mjson.h
Copyright: 2018-2020, Cesanta Software Limited
License: Expat
Files: include/import/sha1.h
Copyright: 2009-2015, Linus Torvalds and others.
License: LGPL-2.1
Files: include/import/xxhash.h
Copyright: 2012-2020, Yann Collet
License: BSD-2-clause
Files: src/*
Copyright: 2000-2020, Willy Tarreau <w@1wt.eu>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/action.c
src/fcgi-app.c
src/flt_spoe.c
src/h1_htx.c
src/http_ana.c
src/http_htx.c
src/htx.c
src/mux_fcgi.c
src/server_state.c
Copyright: 2016-2019, 2021, HAProxy Technologies, Christopher Faulet <cfaulet@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/auth.c
Copyright: 2009, 2010, Krzysztof Piotr Oledzki <ole@ans.pl>
License: GPL-2+
Files: src/base64.c
src/server.c
src/stats.c
Copyright: 2007-2010, Krzysztof Piotr Oledzki <ole@ans.pl>
2000-2012, Willy Tarreau <w@1wt.eu>
License: GPL-2+
Files: src/cache.c
Copyright: 2017, 2020, HAProxy Technologies
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/cfgparse-global.c
src/cfgparse-listen.c
src/dict.c
src/namespace.c
src/vars.c
src/version.c
Copyright: Copyright 2000-2015 Willy Tarreau <w@1wt.eu>.
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/cfgparse-ssl.c
src/ssl_sample.c
src/ssl_utils.c
Copyright: 2020, HAProxy Technologies, William Lallemand <wlallemand@haproxy.com>
2012, EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/check.c
src/cli.c
Copyright: 2007-2010, Krzysztof Piotr Oledzki <ole@ans.pl>
2000-2012, Willy Tarreau <w@1wt.eu>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/compression.c
Copyright: 2012, Exceliance, David Du Colombier <dducolombier@exceliance.fr>
License: GPL-2+
Files: src/debug.c
src/haproxy.c
src/wdt.c
Copyright: 2000-2021, Willy Tarreau <willy@haproxy.org>.
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/dgram.c
src/fix.c
src/mqtt.c
src/resolvers.c
Copyright: 2014, 2020, Baptiste Assmann <bedis9@gmail.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/dns.c
Copyright: 2017, 2020, HAProxy Technologies
License: GPL-2+
Files: src/eb32sctree.c
src/eb32tree.c
src/eb64tree.c
src/ebimtree.c
src/ebistree.c
src/ebmbtree.c
src/ebpttree.c
src/ebsttree.c
src/ebtree.c
Copyright: 2002-2011, - Willy Tarreau <w@1wt.eu>
License: LGPL-2.1
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/ev_evports.c
Copyright: 2018, Joyent, Inc.
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/extcheck.c
Copyright: 2014, Horms Solutions Ltd, Simon Horman <horms@verge.net.au>
2000-2009, 2020, Willy Tarreau <w@1wt.eu>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/fcgi.c
Copyright: 2019, HAProxy Technologies, Christopher Faulet <cfaulet@haproxy.com>
License: Expat
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/filters.c
src/flt_http_comp.c
src/flt_trace.c
Copyright: 2015, Qualys Inc., Christopher Faulet <cfaulet@qualys.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/h2.c
Copyright: 2017, Willy Tarreau <w@1wt.eu>
2017, HAProxy Technologies
License: Expat
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/hlua.c
src/hlua_fcn.c
Copyright: 2015, 2016, Thierry Fournier <tfournier@arpalert.org>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/hpack-dec.c
src/hpack-enc.c
src/hpack-huff.c
src/hpack-tbl.c
Copyright: 2017, HAProxy Technologies
2014-2020, Willy Tarreau <willy@haproxy.org>
License: Expat
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/lru.c
Copyright: 2012-2017, Willy Tarreau <w@1wt.eu>
License: Expat
Files: src/mailers.c
Copyright: 2020, Willy Tarreau <w@1wt.eu>
2015, Horms Solutions Ltd, Simon Horman <horms@verge.net.au>
License: GPL-2+
Files: src/mjson.c
Copyright: 2018-2020, Cesanta Software Limited
License: Expat
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/mux_h1.c
Copyright: 2018, 2019, Christopher Faulet <cfaulet@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/mworker-prog.c
src/proto_sockpair.c
Copyright: HAProxy Technologies - William Lallemand <wlallemand@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/mworker.c
Copyright: HAProxy Technologies 2019, - William Lallemand <wlallemand@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/peers.c
src/ssl_sock.c
Copyright: 2010, 2012, EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
License: GPL-2+
Files: src/proto_quic.c
Copyright: 2020, Frédéric Lécaille <flecaille@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/proto_udp.c
src/quic_frame.c
src/quic_sock.c
src/xprt_quic.c
Copyright: 2019, 2020, HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/proto_uxdg.c
Copyright: 2020, HAProxy Technologies, Emeric Brun <ebrun@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/qpack-tbl.c
Copyright: 2020, HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
License: Expat
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/quic_cc.c
src/quic_cc_newreno.c
Copyright: 2019, 2020, HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
License: LGPL-2.1
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/ring.c
src/sink.c
src/trace.c
Copyright: 2000-2020, Willy Tarreau - w@1wt.eu
License: LGPL-2.1
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/sample.c
src/stick_table.c
Copyright: 2010, 2012, Willy Tarreau <w@1wt.eu>
2009, 2010, EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
License: GPL-2+
Files: src/sha1.c
Copyright: 2009-2015, Linus Torvalds and others.
License: LGPL-2.1
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/shctx.c
Copyright: 2011, 2012, EXCELIANCE
License: GPL-2+
Files: src/slz.c
Copyright: 2012-2017, Willy Tarreau <w@1wt.eu>
License: Expat
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/ssl_ckch.c
src/ssl_crtlist.c
Copyright: 2020, HAProxy Technologies, William Lallemand <wlallemand@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/tcpcheck.c
Copyright: 2020, Gaetan Rivet <grive@u256.net>
2020, Christopher Faulet <cfaulet@haproxy.com>
2013, Baptiste Assmann <bedis9@gmail.com>
2007-2010, Krzysztof Piotr Oledzki <ole@ans.pl>
2000-2009, 2020, Willy Tarreau <w@1wt.eu>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/thread.c
Copyright: 2017, Christopher Fauet - cfaulet@haproxy.com
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/uri_normalizer.c
Copyright: 2021, Tim Duesterhus <tim@bastelstu.be>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: src/xprt_handshake.c
Copyright: 2019, HAProxy Technologies, Olivier Houchard <ohouchard@haproxy.com>
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
Files: tests/exp/filltab25.c
Copyright: 2007, willy tarreau.
License: GPL-2+
Comment:
An OpenSSL exception is present in the LICENSE file: "This program is
released under the GPL with the additional exemption that compiling,
linking, and/or using OpenSSL is allowed."
License: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian systems, the full text of the Apache License version 2.0 can be
found in the file `/usr/share/common-licenses/Apache-2.0'.
License: BSD-2-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
.
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: Expat
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
.
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
License: GPL-2
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2 as
published by the Free Software Foundation.
.
On Debian systems, the complete text of the GNU General Public License, version
2, can be found in /usr/share/common-licenses/GPL-2.
License: GPL-2+
This program is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later
version.
.
This program is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more
details.
.
You should have received a copy of the GNU General Public
License along with this package; if not, write to the Free
Software Foundation, Inc., 51 Franklin St, Fifth Floor,
Boston, MA 02110-1301 USA
.
On Debian systems, the full text of the GNU General Public
License version 2 can be found in the file
`/usr/share/common-licenses/GPL-2'.
License: GPL-3+
This software is Copyright (c) 2020 by X. Ample.
.
This is free software, licensed under:
.
The GNU General Public License, Version 3, June 2007
.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 3 dated June, 2007, or (at
your option) any later version.
On Debian systems, the complete text of version 3 of the GNU General
Public License can be found in '/usr/share/common-licenses/GPL-3'.
License: LGPL-2.1
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
.
On Debian systems, the complete text of the GNU Lesser General Public License,
version 2.1, can be found in /usr/share/common-licenses/LGPL-2.1.
License: MPL-2.0
This software is Copyright (c) 2020 by X. Ample.
.
This is free software, licensed under:
.
Mozilla Public License Version 2.0
.
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0.
On Debian systems, the complete text of Mozilla Public License v 2.0
can be found in '/usr/share/common-licenses/MPL-2.0'.

View File

@ -0,0 +1,29 @@
Syslog support
--------------
Upstream recommends using syslog over UDP to log from HAProxy processes, as
this allows seamless logging from chroot'ed processes without access to
/dev/log. However, many syslog implementations do not enable UDP syslog by
default.
The default HAProxy configuration in Debian uses /dev/log for logging and
ships an rsyslog snippet that creates /dev/log in HAProxy's chroot and logs all
HAProxy messages to /var/log/haproxy.log. To take advantage of this, you must
restart rsyslog after installing this package. For other syslog daemons you
will have to take manual measures to enable UDP logging or create /dev/log
under HAProxy's chroot:
a. For sysklogd, add SYSLOG="-a /var/lib/haproxy/dev/log" to
/etc/default/syslog.
b. For inetutils-syslogd, add SYSLOGD_OPTS="-a /var/lib/haproxy/dev/log" to
/etc/default/inetutils-syslogd.
Prometheus exporter
-------------------
HAProxy is shipped with a builtin Prometheus exporter. To enable it,
you need to configure the Prometheus endpoint:
frontend stats
bind *:8404
http-request use-service prometheus-exporter if { path /metrics }
stats enable
stats uri /stats
stats refresh 10s

View File

@ -0,0 +1,34 @@
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

View File

@ -0,0 +1,10 @@
# Defaults file for HAProxy
#
# This is sourced by both, the initscript and the systemd unit file, so do not
# treat it as a shell script fragment.
# Change the config file location if needed
#CONFIG="/etc/haproxy/haproxy.cfg"
# Add extra flags here, see haproxy(1) for a few options
#EXTRAOPTS="-de -m 16"

View File

@ -0,0 +1,4 @@
etc/haproxy
etc/haproxy/errors
var/lib/haproxy
var/lib/haproxy/dev

View File

@ -0,0 +1,9 @@
doc/architecture.txt
doc/configuration.txt
doc/intro.txt
doc/lua.txt
doc/management.txt
doc/network-namespaces.txt
doc/SPOE.txt
admin
README

View File

@ -0,0 +1 @@
examples/*.cfg

197
haproxy/debian/haproxy.init Normal file
View File

@ -0,0 +1,197 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: haproxy
# Required-Start: $local_fs $network $remote_fs $syslog $named
# Required-Stop: $local_fs $remote_fs $syslog $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: fast and reliable load balancing reverse proxy
# Description: This file should be used to start and stop haproxy.
### END INIT INFO
# Author: Arnaud Cornet <acornet@debian.org>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
BASENAME=haproxy
PIDFILE=/var/run/${BASENAME}.pid
CONFIG=/etc/${BASENAME}/${BASENAME}.cfg
HAPROXY=/usr/sbin/haproxy
RUNDIR=/run/${BASENAME}
EXTRAOPTS=
test -x $HAPROXY || exit 0
if [ -e /etc/default/${BASENAME} ]; then
. /etc/default/${BASENAME}
fi
test -f "$CONFIG" || exit 0
[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions
check_haproxy_config()
{
$HAPROXY -c -f "$CONFIG" $EXTRAOPTS >/dev/null
if [ $? -eq 1 ]; then
log_end_msg 1
exit 1
fi
}
haproxy_start()
{
[ -d "$RUNDIR" ] || mkdir "$RUNDIR"
chown haproxy:haproxy "$RUNDIR"
chmod 2775 "$RUNDIR"
check_haproxy_config
start-stop-daemon --quiet --oknodo --start --pidfile "$PIDFILE" \
--exec $HAPROXY -- -f "$CONFIG" -D -p "$PIDFILE" \
$EXTRAOPTS || return 2
return 0
}
haproxy_stop()
{
if [ ! -f $PIDFILE ] ; then
# This is a success according to LSB
return 0
fi
ret=0
tmppid="$(mktemp)"
# HAProxy's pidfile may contain multiple PIDs, if nbproc > 1, so loop
# over each PID. Note that start-stop-daemon has a --pid option, but it
# was introduced in dpkg 1.17.6, post wheezy, so we use a temporary
# pidfile instead to ease backports.
for pid in $(cat $PIDFILE); do
echo "$pid" > "$tmppid"
start-stop-daemon --quiet --oknodo --stop \
--retry 5 --pidfile "$tmppid" --exec $HAPROXY || ret=$?
done
rm -f "$tmppid"
[ $ret -eq 0 ] && rm -f $PIDFILE
return $ret
}
haproxy_reload()
{
check_haproxy_config
$HAPROXY -f "$CONFIG" -p $PIDFILE -sf $(cat $PIDFILE) -D $EXTRAOPTS \
|| return 2
return 0
}
haproxy_status()
{
if [ ! -f $PIDFILE ] ; then
# program not running
return 3
fi
for pid in $(cat $PIDFILE) ; do
if ! ps --no-headers p "$pid" | grep haproxy > /dev/null ; then
# program running, bogus pidfile
return 1
fi
done
return 0
}
case "$1" in
start)
log_daemon_msg "Starting haproxy" "${BASENAME}"
haproxy_start
ret=$?
case "$ret" in
0)
log_end_msg 0
;;
1)
log_end_msg 1
echo "pid file '$PIDFILE' found, ${BASENAME} not started."
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
stop)
log_daemon_msg "Stopping haproxy" "${BASENAME}"
haproxy_stop
ret=$?
case "$ret" in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
reload|force-reload)
log_daemon_msg "Reloading haproxy" "${BASENAME}"
haproxy_reload
ret=$?
case "$ret" in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
restart)
log_daemon_msg "Restarting haproxy" "${BASENAME}"
haproxy_stop
haproxy_start
ret=$?
case "$ret" in
0)
log_end_msg 0
;;
1)
log_end_msg 1
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
status)
haproxy_status
ret=$?
case "$ret" in
0)
echo "${BASENAME} is running."
;;
1)
echo "${BASENAME} dead, but $PIDFILE exists."
;;
*)
echo "${BASENAME} not running."
;;
esac
exit $ret
;;
*)
echo "Usage: /etc/init.d/${BASENAME} {start|stop|reload|restart|status}"
exit 2
;;
esac
:

View File

@ -0,0 +1,3 @@
debian/haproxy.cfg etc/haproxy
examples/errorfiles/*.http etc/haproxy/errors
admin/systemd/haproxy.service lib/systemd/system

View File

@ -0,0 +1 @@
mv_conffile /etc/rsyslog.d/haproxy.conf /etc/rsyslog.d/49-haproxy.conf 1.5.3-2~

View File

@ -0,0 +1 @@
doc/haproxy.1

View File

@ -0,0 +1,22 @@
#!/bin/sh
set -e
adduser --system --disabled-password --disabled-login --home /var/lib/haproxy \
--no-create-home --quiet --force-badname --group haproxy
#DEBHELPER#
if [ -n "$2" ]; then
if dpkg --compare-versions "$2" lt "1.8.0-1~" && [ -d /run/systemd/system ]; then
# Do a full restart when upgrading to 1.8 series on systemd, as
# the systemd wrapper is no longer there.
invoke-rc.d haproxy restart || true
elif dpkg --compare-versions "$2" gt "1.5~dev24-2~"; then
# Reload already running instances. Since 1.5~dev24-2 we do not stop
# haproxy in prerm during upgrades.
invoke-rc.d haproxy reload || true
fi
fi
exit 0

View File

@ -0,0 +1,16 @@
#!/bin/sh
set -e
#DEBHELPER#
case "$1" in
purge)
deluser --system haproxy || true
delgroup --system haproxy || true
;;
*)
;;
esac
exit 0

View File

@ -0,0 +1 @@
d /run/haproxy 2775 haproxy haproxy -

View File

@ -0,0 +1,11 @@
/var/log/haproxy.log {
daily
rotate 7
missingok
notifempty
compress
delaycompress
postrotate
[ ! -x /usr/lib/rsyslog/rsyslog-rotate ] || /usr/lib/rsyslog/rsyslog-rotate
endscript
}

View File

@ -0,0 +1,23 @@
From: Debian HAProxy Maintainers
<pkg-haproxy-maintainers@lists.alioth.debian.org>
Date: Sun, 25 Mar 2018 11:31:50 +0200
Subject: Add documentation field to the systemd unit
Forwarded: no
Last-Update: 2014-01-03
---
admin/systemd/haproxy.service.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/admin/systemd/haproxy.service.in b/admin/systemd/haproxy.service.in
index 243acf2..ac88c37 100644
--- a/admin/systemd/haproxy.service.in
+++ b/admin/systemd/haproxy.service.in
@@ -1,5 +1,7 @@
[Unit]
Description=HAProxy Load Balancer
+Documentation=man:haproxy(1)
+Documentation=file:/usr/share/doc/haproxy/configuration.txt.gz
After=network-online.target rsyslog.service
Wants=network-online.target

View File

@ -0,0 +1,21 @@
From: Vincent Bernat <bernat@debian.org>
Date: Thu, 25 Nov 2021 21:35:48 +0100
Subject: haproxy.service: make systemd bind /dev/log inside chroot
This enables logging to work without rsyslog being present.
---
admin/systemd/haproxy.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/admin/systemd/haproxy.service.in b/admin/systemd/haproxy.service.in
index 0288568..20824df 100644
--- a/admin/systemd/haproxy.service.in
+++ b/admin/systemd/haproxy.service.in
@@ -8,6 +8,7 @@ Wants=network-online.target
[Service]
EnvironmentFile=-/etc/default/haproxy
EnvironmentFile=-/etc/sysconfig/haproxy
+BindReadOnlyPaths=/dev/log:/var/lib/haproxy/dev/log
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c -q $EXTRAOPTS

View File

@ -0,0 +1,27 @@
From: Apollon Oikonomopoulos <apoikos@debian.org>
Date: Sun, 25 Mar 2018 11:31:50 +0200
Subject: Start after rsyslog.service
As HAProxy is running chrooted by default, we rely on an additional syslog
socket created by rsyslog inside the chroot for logging. As this socket cannot
trigger syslog activation, we explicitly order HAProxy after rsyslog.service.
Note that we are not using syslog.service here, since the additional socket is
rsyslog-specific.
Forwarded: no
Last-Update: 2017-12-01
---
admin/systemd/haproxy.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/admin/systemd/haproxy.service.in b/admin/systemd/haproxy.service.in
index 74e66e3..243acf2 100644
--- a/admin/systemd/haproxy.service.in
+++ b/admin/systemd/haproxy.service.in
@@ -1,6 +1,6 @@
[Unit]
Description=HAProxy Load Balancer
-After=network-online.target
+After=network-online.target rsyslog.service
Wants=network-online.target
[Service]

View File

@ -0,0 +1,13 @@
diff --git a/Makefile b/Makefile
index 566bdb26a3e7..8603dea25c21 100644
--- a/Makefile
+++ b/Makefile
@@ -975,7 +975,7 @@ src/haproxy.o: src/haproxy.c $(DEP)
-DBUILD_ARCH='"$(strip $(ARCH))"' \
-DBUILD_CPU='"$(strip $(CPU))"' \
-DBUILD_CC='"$(strip $(CC))"' \
- -DBUILD_CFLAGS='"$(strip $(VERBOSE_CFLAGS))"' \
+ -DBUILD_CFLAGS='"$(filter-out -ffile-prefix-map=%,$(strip $(VERBOSE_CFLAGS)))"' \
-DBUILD_OPTIONS='"$(strip $(BUILD_OPTIONS))"' \
-DBUILD_DEBUG='"$(strip $(DEBUG))"' \
-DBUILD_FEATURES='"$(strip $(BUILD_FEATURES))"' \

View File

@ -0,0 +1,4 @@
haproxy.service-start-after-syslog.patch
haproxy.service-add-documentation.patch
haproxy.service-make-systemd-bind-dev-log-inside-chroot.patch
reproducible.patch

View File

@ -0,0 +1,9 @@
# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Send HAProxy messages to a dedicated logfile
:programname, startswith, "haproxy" {
/var/log/haproxy.log
stop
}

83
haproxy/debian/rules Executable file
View File

@ -0,0 +1,83 @@
#!/usr/bin/make -f
DEP_DIST_ROOT_LUA = $(shell realpath ../../deps/lua/dist)
DEP_DIST_ROOT_PCRE2 = $(shell realpath ../../deps/pcre2/dist)
DEP_DIST_ROOT_QUICTLS = $(shell realpath ../../deps/quictls/dist)
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
MAKEARGS = DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
DEFINE="-DMAX_SESS_STKCTR=5" \
IGNOREGIT=true \
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
TARGET="linux-glibc" \
EXTRAVERSION="+mangadex/$(BUILD_VERSION_REPOSHA)" \
VERDATE="$(shell date -u -I'minutes')" \
USE_DL=1 \
USE_GETADDRINFO=1 \
USE_LINUX_TPROXY=1 \
USE_LUA=1 \
LUA_INC="$(DEP_DIST_ROOT_LUA)/include" \
LUA_LIB="$(DEP_DIST_ROOT_LUA)/lib" \
LUA_LIB_NAME="lua" \
USE_OPENSSL=1 \
SSL_INC="$(DEP_DIST_ROOT_QUICTLS)/opt/quictls/include" \
SSL_LIB="$(DEP_DIST_ROOT_QUICTLS)/opt/quictls/lib" \
ADDINC="-lcrypt" \
USE_PCRE2=1 \
USE_PCRE2_JIT=1 \
USE_STATIC_PCRE2=1 \
PCRE2_INC="$(DEP_DIST_ROOT_PCRE2)/include" \
PCRE2_LIB="$(DEP_DIST_ROOT_PCRE2)/lib64" \
PCRE2_CONFIG="$(DEP_DIST_ROOT_PCRE2)/bin/pcre2-config" \
USE_PROMEX=1 \
USE_QUIC=1 \
USE_SLZ=1 \
USE_TFO=1 \
USE_SYSTEMD=1
# Extra flags necessary for debian packaging
MAKEARGS += DESTDIR=debian/haproxy
MAKEARGS += PREFIX=/usr
MAKEARGS += IGNOREGIT=true
MAKEARGS += MANDIR=/usr/share/man
MAKEARGS += DOCDIR=/usr/share/doc/haproxy
%:
dh $@
override_dh_auto_configure:
override_dh_auto_build-arch:
$(MAKE) -j $(shell nproc) $(MAKEARGS)
$(MAKE) -j $(shell nproc) -C admin/systemd $(MAKEARGS)
override_dh_auto_clean:
$(MAKE) -j $(shell nproc) -C admin/systemd clean
dh_auto_clean
override_dh_auto_install-arch:
cp -rf $(DEP_DIST_ROOT_QUICTLS)/opt debian/haproxy/opt
$(MAKE) -j $(shell nproc) $(MAKEARGS) install
install -m 0644 -D debian/rsyslog.conf debian/haproxy/etc/rsyslog.d/49-haproxy.conf
install -m 0644 -D debian/logrotate.conf debian/haproxy/etc/logrotate.d/haproxy
override_dh_auto_install-indep:
override_dh_installdocs:
dh_installdocs -Xsystemd/
override_dh_installexamples:
dh_installexamples -X build.cfg
override_dh_installinit:
dh_installinit --no-restart-after-upgrade --no-stop-on-upgrade
override_dh_installsystemd:
dh_installsystemd --no-restart-after-upgrade --no-stop-on-upgrade
override_dh_strip:
dh_strip --dbgsym-migration="haproxy-dbg"
override_dh_dwz:
dh_dwz --exclude="openssl"

View File

@ -0,0 +1 @@
3.0 (quilt)