%define luaver 5.3 %define adminpassword %(apg -m 32 -n 1 -a 0 -M ncl) %define operatorpassword %(apg -m 32 -n 1 -a 0 -M ncl) Summary: Reliable High Performance TCP/HTTP Load Balancer Name: haproxy Version: 2.4.2 Release: %mkrel 5 License: GPLv2 and LGPLv2 Group: System/Servers URL: https://www.haproxy.org Source0: https://www.haproxy.org/download/2.4/src/%{name}-%{version}.tar.gz Source1: https://www.haproxy.org/download/2.4/src/%{name}-%{version}.tar.gz.sha256 Source2: https://www.haproxy.org/download/2.4/src/%{name}-%{version}.tar.gz.md5 Source3: %{name}.service Source4: %{name}.tmpfiles Source5: %{name}.logrotate Source6: %{name}.sysconfig Source7: %{name}.conf Patch0: haproxy-2.4.2-rapsys-key-private.patch %ifarch armv7hl aarch64 BuildRequires: libatomic-devel %endif BuildRequires: pcre2-devel BuildRequires: pkgconfig(libcrypt) BuildRequires: pkgconfig(lua) >= %{luaver} BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(zlib) BuildRequires: perl BuildRequires: apg Requires: lua%{luaver} >= %{luaver} %description HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. It is written in C and has a reputation for being fast and efficient. %package utils Summary: Utilities for working with HAProxy servers Group: Networking/Other %description utils HAProxy-utils contains a couple of command line utilities for working with haproxy servers. You should install haproxy-utils if you need to get information from HAProxy servers. %prep %setup -q -n %{name}-%{version} %autopatch -p1 %build # Build haproxy %make_build \ CPU="generic" \ TARGET="linux-glibc" \ USE_LUA="1" \ LUA_LIB="/usr/lib64/lua/5.3" \ LUA_INC="/usr/include/lua" \ USE_CRYPT_H="1" \ USE_DL="1" \ USE_GETADDRINFO="1" \ USE_LIBCRYPT="1" \ USE_NS="1" \ USE_OPENSSL="1" \ USE_PCRE2="1" \ USE_PCRE2_JIT="1" \ USE_PROMEX="1" \ USE_PTHREAD_PSHARED="1" \ USE_RT="1" \ USE_SYSTEMD="1" \ USE_TFO="1" \ USE_ZLIB="1" \ PREFIX=/usr \ MANDIR=%{_mandir} \ DOCDIR=%{_pkgdocdir} # Build utils %make_build \ admin/halog/halog \ admin/iprange/iprange \ dev/tcploop/tcploop \ dev/poll/poll \ dev/flags/flags \ dev/hpack/{decode,gen-enc,gen-rht} %install %make_install \ PREFIX=/usr \ MANDIR=%{_mandir} \ DOCDIR=%{_pkgdocdir} # Install sysconfdirs install -d 0755 %{buildroot}%{_sysconfdir} install -d 0755 %{buildroot}%{_sysconfdir}/%{name} install -d 0755 %{buildroot}%{_sysconfdir}/sysconfig # Install shared state dir install -d 0755 %{buildroot}%{_sharedstatedir}/%{name} # Install service install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}.service # Install tmpfiles install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/%{name}.conf # Install log rotation stuff install -D -p -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # Install sysconfig install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/%{name} # Install configuration #TODO: implement https://github.com/janeczku/haproxy-acme-validation-plugin/blob/master/acme-http01-webroot.lua ? install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf # Replace admin password perl -pne 's/ADMINPASSWORD/%{adminpassword}/' -i %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf # Replace operator password perl -pne 's/OPERATORPASSWORD/%{operatorpassword}/' -i %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf # Copy errors files cp -r examples/errorfiles %{buildroot}%{_pkgdocdir}/error # Install vim syntax install -D -p -m 0644 admin/syntax-highlight/%{name}.vim %{buildroot}%{_datadir}/vim/syntax/%{name}.vim # Install README.urpmi cat << EOF | perl -pe 'chomp if eof' > README.urpmi Haproxy is now installed. Configuration file is %{_sysconfdir}/%{name}/%{name}.conf The server listen on any:8080 and 8443 by default. Add to %{_sysconfdir}/shorewall/rules.haproxy these shorewall rules for a transparent proxy: # Redirect tcp traffic from net on port 80 to 8080 REDIRECT net 8080 tcp 80 # Redirect tcp traffic from net on port 443 to 8443 REDIRECT net 8443 tcp 443 Enable the service with: # systemctl enable haproxy.service Start the service with: # systemctl start haproxy.service EOF # Install log dir install -d -m 755 %{buildroot}%{_logdir}/%{name} # Install bin dir install -d 0755 %{buildroot}%{_bindir} # Install haproxy utils install -p -m 0755 admin/halog/halog %{buildroot}%{_bindir}/halog install -p -m 0755 admin/iprange/iprange %{buildroot}%{_bindir}/iprange install -p -m 0755 dev/flags/flags %{buildroot}%{_bindir}/flags install -p -m 0755 dev/poll/poll %{buildroot}%{_bindir}/poll install -p -m 0755 dev/tcploop/tcploop %{buildroot}%{_bindir}/tcploop install -p -m 0755 dev/hpack/gen-rht %{buildroot}%{_bindir}/gen-rht install -p -m 0755 dev/hpack/gen-enc %{buildroot}%{_bindir}/gen-enc install -p -m 0755 dev/hpack/decode %{buildroot}%{_bindir}/hadecode %pre %_pre_useradd %{name} %{_sharedstatedir}/%{name} /bin/false %_pre_groupadd %{name} %{name} %preun %_preun_service %{name} %post %_tmpfilescreate %{name} %_post_service %{name} %_create_ssl_certificate %{name} %postun %_postun_userdel %{name} %_postun_groupdel %{name} %files %dir %{_logdir}/%{name} %dir %{_sysconfdir}/%{name} %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %{_sbindir}/%{name} %{_pkgdocdir}/*.txt %{_pkgdocdir}/error/* %{_mandir}/man1/* %{_tmpfilesdir}/%{name}.conf %{_unitdir}/%{name}.service %{_datadir}/vim/syntax/%{name}.vim %attr(0750, %{name}, %{name}) %{_sharedstatedir}/%{name} %files utils %{_bindir}/flags %{_bindir}/gen-enc %{_bindir}/gen-rht %{_bindir}/hadecode %{_bindir}/halog %{_bindir}/iprange %{_bindir}/poll %{_bindir}/tcploop