New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/haproxy: release 2.10 #960

Merged
merged 5 commits into from Nov 9, 2018

Conversation

Projects
None yet
2 participants
@fraenki
Member

fraenki commented Nov 5, 2018

New features

  • add support for multithreading (available as new option in Settings -> Global Parameters) (#1003)
  • add support for client certificate authentication (#426)
  • add support for HTTP Basic Auth to frontends/backends/ACLs (#300)
  • add basic user/group management functionality (supports Basic Auth as well as stats users)
  • add new CPU Affinity Rules feature (which is a combination of HAProxy's cpu-map, bind-process and process options) (see #1003 for a short explanation)

Bugfixes

  • function "http-request header-delete" generated a corrupted haproxy.conf (#882)

Enhancements

  • migrate all stats users from old (and cumbersome) username:password format to new user management feature
  • internal: use /tmp for autogenerated files (now they are automatically cleaned up on boot)
  • internal: change filename of cert lists from id.crtlist to id.certlist

@fraenki fraenki added the feature label Nov 5, 2018

@fraenki fraenki self-assigned this Nov 5, 2018

@fichtner

This comment has been minimized.

Member

fichtner commented Nov 6, 2018

Deadline for 18.7.7 inclusion is tomorrow at noon, but maybe you want to give this a spin on -devel anyway. Just FYI :)

fraenki added some commits Nov 9, 2018

net/haproxy: use /tmp for autogenerated files
As suggested by @fichtner this ensures that files are always cleaned up.
We will remove the old directory in a future release.
@fichtner

This comment has been minimized.

thanks. yet shouldn't we do more restrictive permissions (file mode, ownership) on the SSL dir?

This comment has been minimized.

Member

fraenki replied Nov 9, 2018

It's chown'ed to www:www and chmod'ed to 0750, but this could be changed to 0700, of course.

This comment has been minimized.

Member

fichtner replied Nov 9, 2018

it's ok, a potentially pwned www is able to read it in any case, but there's no real way out here because www needs the private keys in the first place.

@fichtner

FWIW, great work as usual, thanks! 👍

@fraenki fraenki changed the title from [WIP] net/haproxy: release 2.10 to net/haproxy: release 2.10 Nov 9, 2018

@fraenki fraenki merged commit a73e126 into opnsense:master Nov 9, 2018

@fraenki

This comment has been minimized.

Member

fraenki commented Nov 9, 2018

@fichtner Please merge for 18.7.8 :)

@fichtner

This comment has been minimized.

Member

fichtner commented Nov 9, 2018

will do :)

@fraenki

This comment has been minimized.

Member

fraenki commented Nov 11, 2018

#970 (WIP!) contains further additions for os-haproxy 2.10.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment