Fix for HA Clustering Froxlor
One of the requirements of clustering web servers is that the loadbalancers in front can count on the fact that all the content nodes are on the same sheet of music. Therefore, it is not a bad idea that all content and configurations are the same. This cannot happen when the web server configuration is locked to a single node (via IP address) and cannot be used on any other node.
Froxlor, no matter how cool I think it is, requires an IP address for all virtualhost entries. This requirement effectively forces you to have multiple installs of Froxlor on each cluster node. No thank you.
Our setup is a HA shared content storage backend which holds all content and server configurations (ie. apache 2.4, php, ProFTP, etc) which serves a HA Apache 2.4 cluster which in turn sits behind a HA Load balancer cluster. Froxlor is also installed on the storage share to ensure the same UI and control on each node. I wrote a corosync resource control script to ensure that the Froxlor Cron job executes on only 1 node in the cluster which in turn keeps all nodes updated with the same configuration.
The only sticking point is Froxlors requirement of an IP address when a wildcard is required. Thus the below patch (currently tested with version 0.9.34-1+jessie1):
--- admin_ipsandports.old.php 2015-10-12 08:51:04.000000000 +0200
+++ admin_ipsandports.php 2015-10-12 10:45:27.000000000 +0200
@@ -142,7 +142,7 @@
&& $_POST['send'] == 'send'
) {
- $ip = validate_ip($_POST['ip']);
+ $ip = validate_ip2($_POST['ip'], false, "invalidip", true, true, true);
$port = validate($_POST['port'], 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array('stringisempty', 'myport'));
$listen_statement = isset($_POST['listen_statement']) ? 1 : 0;
$namevirtualhost_statement = isset($_POST['namevirtualhost_statement']) ? 1 : 0;
@@ -282,7 +282,7 @@
&& $_POST['send'] == 'send'
) {
- $ip = validate_ip($_POST['ip']);
+ $ip = validate_ip2($_POST['ip'], false, "invalidip", true, true, true);
$port = validate($_POST['port'], 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array('stringisempty', 'myport'));
$listen_statement = isset($_POST['listen_statement']) ? 1 : 0;
$namevirtualhost_statement = isset($_POST['namevirtualhost_statement']) ? 1 : 0;
--- lib/functions/validate/function.validate_ip.old.php 2015-10-12 11:36:08.000000000 +0200
+++ lib/functions/validate/function.validate_ip.php 2015-10-12 09:53:33.000000000 +0200
@@ -49,10 +49,11 @@
* @param string $lng index for error-message (if $return_bool is false)
* @param bool $allow_localhost whether to allow 127.0.0.1
* @param bool $allow_priv whether to allow private network addresses
+ * @param_bool $allow_wildcard whether to allow wildcard network address
*
* @return string|bool ip address on success, false on failure
*/
-function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
+function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_wildcard = false) {
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
@@ -67,6 +68,10 @@
if ($allow_localhost && $ip == '127.0.0.1') {
return $ip;
}
+
+ if ($allow_wildcard && strlen($ip) == 1 && $ip == '*') {
+ return $ip;
+ }
if ($return_bool) {
return false;
Afterwards you can add a wildcard and Apache works as it should.
Enjoy!!