From 71c47ddfc75fe10b7d6dad25c975100c196e3540 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Sun, 15 Sep 2019 19:37:30 +0200 Subject: [PATCH 1/5] net/haproxy: update URLs to HAProxy 2.0 documentation, refs #1089 --- .../OPNsense/HAProxy/forms/dialogAction.xml | 10 +++++----- .../OPNsense/HAProxy/forms/dialogBackend.xml | 10 +++++----- .../OPNsense/HAProxy/forms/dialogFrontend.xml | 6 +++--- .../OPNsense/HAProxy/forms/dialogMapfile.xml | 2 +- .../opnsense/mvc/app/views/OPNsense/HAProxy/index.volt | 8 ++++---- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml index 56f12a5cd..5a7881def 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml @@ -89,7 +89,7 @@ action.http_request_redirect text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> @@ -128,7 +128,7 @@ action.http_request_add_header_content text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> @@ -145,7 +145,7 @@ action.http_request_set_header_content text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> @@ -229,7 +229,7 @@ action.http_response_add_header_content text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> @@ -246,7 +246,7 @@ action.http_response_set_header_content text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml index 3cd8b81bb..155592a74 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml @@ -28,14 +28,14 @@ backend.algorithm dropdown - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> Choose a load balancing algorithm. backend.proxyProtocol dropdown - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> true @@ -124,7 +124,7 @@ backend.persistence_cookiemode dropdown - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> backend.persistence_cookiename @@ -146,14 +146,14 @@ backend.stickiness_pattern dropdown - HAProxy documentation for a full description.
NOTE: Consider not using this feature in multi-process mode, it can result in random behaviours.
]]> + HAProxy documentation for a full description.
NOTE: Consider not using this feature in multi-process mode, it can result in random behaviours.
]]> Choose a persistence type. backend.stickiness_dataTypes select_multiple - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> backend.stickiness_expire diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml index 04ee8183e..b51afbd32 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml @@ -289,14 +289,14 @@ frontend.stickiness_pattern dropdown - HAProxy documentation for further information.]]> + HAProxy documentation for further information.]]> Choose a stick-table type. frontend.stickiness_dataTypes select_multiple - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> frontend.stickiness_expire @@ -323,7 +323,7 @@ frontend.stickiness_counter_key text - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> true diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml index fa9c45c6d..49888d4e9 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml @@ -15,6 +15,6 @@ mapfile.content textbox - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt index c806d2edc..5471daace 100644 --- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt +++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt @@ -548,7 +548,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._('Lastly, enable HAProxy using the %sService Settings%s.') | format('', '') }}

    • {{ lang._('Please be aware that you need to %smanually%s add the required firewall rules for all configured services.') | format('', '') }}

    -

    {{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('', '', '', '', '', '') }}

    +

    {{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('', '', '', '', '', '') }}


    @@ -590,7 +590,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in multiple Rules.') | format('', '') }}
  • {{ lang._('%sRules:%s Perform a large set of actions if one or more %sConditions%s match. These Rules may be used in %sBackend Pools%s as well as %sPublic Services%s.') | format('', '', '', '', '', '', '', '') }}
    • -

    {{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('', '', '', '') }}

    +

    {{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('', '', '', '') }}

    {{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('', '') }}


    @@ -605,7 +605,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._('%sGroup:%s A optional list containing one or more users. Groups usually make it easier to manage permissions for a large number of users') | format('', '') }}

    • {{ lang._('Note that users and groups must be selected from the Backend Pool or Public Service configuration in order to be used for authentication. In addition to this users and groups may also be used in Rules/Conditions.') }}

    -

    {{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('', '', '', '') }}

    +

    {{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('', '', '', '') }}


    @@ -620,7 +620,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._("%sMap Files:%s A map allows to map a data in input to an other one on output. For example, this makes it possible to map a large number of domains to backend pools without using the GUI. Map files need to be used in %sRules%s, otherwise they are ignored.") | format('', '', '', '') }}
  • {{ lang._("%sCPU Affinity Rules:%s This feature makes it possible to bind HAProxy's processes/threads to a specific CPU (or a CPU set). Furthermore it is possible to select CPU Affinity Rules in %sPublic Services%s to restrict them to a certain set of processes/threads/CPUs.") | format('', '', '', '') }}
    • -

    {{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s.") | format('', '', '', '', '', '' ,'', '' ,'', '' ,'', '') }}

    +

    {{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s.") | format('', '', '', '', '', '' ,'', '' ,'', '' ,'', '') }}


    From b1104aa032aba015890e8bcc66af289156564a02 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Sun, 15 Sep 2019 20:01:53 +0200 Subject: [PATCH 2/5] net/haproxy: move HTTP/2 option to HTTP settings --- .../OPNsense/HAProxy/forms/dialogFrontend.xml | 12 ++--- .../app/models/OPNsense/HAProxy/HAProxy.xml | 6 +-- .../OPNsense/HAProxy/Migrations/M2_8_0.php | 45 +++++++++++++++++++ 3 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_8_0.php diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml index b51afbd32..336c7938e 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml @@ -104,12 +104,6 @@ text - - frontend.ssl_http2Enabled - - checkbox - - frontend.ssl_hstsEnabled @@ -275,6 +269,12 @@ header + + frontend.ssl_http2Enabled + + checkbox + + frontend.forwardFor diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml index fc8ec2f4b..eebc03b2f 100644 --- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml +++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml @@ -1,6 +1,6 @@ //OPNsense/HAProxy - 2.7.0 + 2.8.0 the HAProxy load balancer @@ -443,10 +443,10 @@ ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 N - + 0 N - + 1 Y diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_8_0.php b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_8_0.php new file mode 100644 index 000000000..c5d364cb8 --- /dev/null +++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_8_0.php @@ -0,0 +1,45 @@ +getNodeByReference('frontends.frontend')->iterateItems() as $frontend) { + if (isset($frontend->ssl_http2Enabled)) { + $frontend->http2Enabled = '1'; + $frontend->ssl_http2Enabled = null; + } + } + } +} From 13b5fc08651024cfd1f0299125a75df9e552ab68 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Sun, 15 Sep 2019 22:21:18 +0200 Subject: [PATCH 3/5] net/haproxy: refactoring for full HTTP/2 support, refs #1047 #1089 --- .../OPNsense/HAProxy/forms/dialogBackend.xml | 26 ++++++++++++ .../OPNsense/HAProxy/forms/dialogFrontend.xml | 17 +++++++- .../app/models/OPNsense/HAProxy/HAProxy.xml | 42 +++++++++++++++++-- .../mvc/app/views/OPNsense/HAProxy/index.volt | 7 ++++ .../templates/OPNsense/HAProxy/haproxy.conf | 32 ++++++++++---- 5 files changed, 110 insertions(+), 14 deletions(-) diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml index 155592a74..0af01e120 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml @@ -105,6 +105,32 @@ true + + + header + + + + backend.http2Enabled + + checkbox + + + + backend.http2Enabled_nontls + + checkbox + + + + backend.ba_advertised_protocols + + select_multiple + + true + true + + header diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml index 336c7938e..3aa40fb28 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml @@ -270,11 +270,26 @@ - frontend.ssl_http2Enabled + frontend.http2Enabled checkbox + + frontend.http2Enabled_nontls + + checkbox + + + + frontend.advertised_protocols + + select_multiple + + true + true + + frontend.forwardFor diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml index eebc03b2f..bb080b736 100644 --- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml +++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml @@ -443,10 +443,6 @@ ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 N - - 0 - N - 1 Y @@ -667,6 +663,25 @@ Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us". N + + 0 + N + + + 0 + N + + + N + http2,http11 + Y + Y + + HTTP/2 + HTTP/1.1 + HTTP/1.0 + + 0 Y @@ -817,6 +832,25 @@ Please specify a value between 1 and 100. N + + 0 + N + + + 0 + N + + + N + http2,http11 + Y + Y + + HTTP/2 + HTTP/1.1 + HTTP/1.0 + + N sticktable diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt index 5471daace..6cc446097 100644 --- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt +++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt @@ -222,6 +222,13 @@ POSSIBILITY OF SUCH DAMAGE. // hook into on-show event for dialog to extend layout. $('#DialogBackend').on('shown.bs.modal', function (e) { + $("#backend\\.mode").change(function(){ + var service_id = 'table_' + $(this).val(); + $(".mode_table").hide(); + $("."+service_id).show(); + }); + $("#backend\\.mode").change(); + $("#backend\\.healthCheckEnabled").change(function(){ var service_id = 'table_healthcheck_' + $(this).is(':checked'); $(".healthcheck_table").hide(); diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf index 0bd3cef3e..b6401e74d 100644 --- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf +++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf @@ -985,6 +985,7 @@ userlist stats_auth frontend {{frontend.name}} {% set ssl_certs = [] %} {% set ssl_options = [] %} +{% set adv_options = [] %} {% if frontend.ssl_enabled == '1' %} {# # check if ssl certs are configured #} {% if frontend.ssl_certificates|default("") != "" or frontend.ssl_default_certificate|default("") != "" %} @@ -1006,8 +1007,10 @@ frontend {{frontend.name}} {% do ssl_options.append('ciphers ' ~ frontend.ssl_cipherList) %} {% endif %} {# # HTTP/2 #} -{% if frontend.ssl_http2Enabled|default("") == '1' and frontend.mode == 'http' %} -{% do ssl_options.append('alpn h2,http/1.1') %} +{% if frontend.http2Enabled|default("") == '1' and frontend.advertised_protocols|default("") != "" %} +{# # convert protocols to HAProxy-compatible format #} +{% set alpn_options = frontend.advertised_protocols|replace('http10', 'http/1.0')|replace('http11', 'http/1.1') %} +{% do ssl_options.append('alpn ' ~ alpn_options) %} {% endif %} {# # HSTS #} {% if frontend.ssl_hstsEnabled|default("") == '1' and frontend.mode == 'http' %} @@ -1039,10 +1042,12 @@ frontend {{frontend.name}} {% endif %} {% endif %} {% endif %} +{# # HTTP/2 without TLS #} +{% elif frontend.http2Enabled|default("") == '1' and frontend.http2Enabled_nontls|default("") == '1' %} +{% do adv_options.append('proto h2') %} {% endif %} {# # CPU affinity configuration #} {% set bind_process = [] %} -{% set process_thread = [] %} {% if frontend.linkedCpuAffinityRules|default('') != '' %} {% for cpu_map in frontend.linkedCpuAffinityRules.split(',') %} {% set cpu_map_data = helpers.getUUID(cpu_map) %} @@ -1050,7 +1055,7 @@ frontend {{frontend.name}} {# # Limit visibility to a certain set of processes #} {% do bind_process.append(cpu_map_data.process_id|replace('x', '')) %} {# # Restrict the list of processes/threads on which this listener is allowed to run #} -{% do process_thread.append('process ' ~ cpu_map_data.process_id|replace('x', '') ~ '/' ~ cpu_map_data.thread_id|replace('x', '')) %} +{% do adv_options.append('process ' ~ cpu_map_data.process_id|replace('x', '') ~ '/' ~ cpu_map_data.thread_id|replace('x', '')) %} {% endif %} {% endfor %} {% if bind_process|length > 0 %} @@ -1060,7 +1065,7 @@ frontend {{frontend.name}} {# # bind/listen configuration #} {% if frontend.bind|default("") != "" %} {% for bind in frontend.bind.split(",") %} - bind {{bind}} name {{bind}} {% if frontend.bindOptions|default("") != "" %}{{ frontend.bindOptions }} {% endif %}{% if frontend.ssl_enabled == '1' and ssl_certs|default("") != "" %}ssl {{ ssl_options|join(' ') }} {{ ssl_certs|join(' ') }} {% endif %}{% if process_thread|length > 0 %} {{ process_thread|join(' ') }} {% endif %} + bind {{bind}} name {{bind}} {% if frontend.bindOptions|default("") != "" %}{{ frontend.bindOptions }} {% endif %}{% if frontend.ssl_enabled == '1' and ssl_certs|default("") != "" %}ssl {{ ssl_options|join(' ') }} {{ ssl_certs|join(' ') }} {% endif %}{% if adv_options|length > 0 %} {{ adv_options|join(' ') }} {% endif %} {% endfor %} {% endif %} @@ -1259,10 +1264,10 @@ backend {{backend.name}} # health checking is DISABLED {% set healthcheck_enabled = '0' %} {% endif %} -{# # XXX: Usually the frontend and the backend are in the same mode, #} -{# # but we have no way to know what frontend uses this backend. #} -{# # Hence we can't automatically set the mode and thus need a #} -{# # (redundant) GUI option for this. #} +{# # NOTE: Usually the frontend and the backend are in the same mode, #} +{# # but we have no way to know what frontend uses this backend. #} +{# # Hence we can't automatically set the mode and thus need a #} +{# # (redundant) GUI option for this. #} mode {{backend.mode}} balance {{backend.algorithm}} {# # call macro to evaluate stickiness config #} @@ -1400,6 +1405,15 @@ backend {{backend.name}} {% else %} {% do server_options.append('verify none') %} {% endif %} +{# # HTTP/2 #} +{% if backend.http2Enabled|default("") == '1' and backend.ba_advertised_protocols|default("") != "" %} +{# # convert protocols to HAProxy-compatible format #} +{% set alpn_options = backend.ba_advertised_protocols|replace('http10', 'http/1.0')|replace('http11', 'http/1.1') %} +{% do server_options.append('alpn ' ~ alpn_options) %} +{% endif %} +{# # HTTP/2 without TLS #} +{% elif backend.http2Enabled|default("") == '1' and backend.http2Enabled_nontls|default("") == '1' %} +{% do server_options.append('proto h2') %} {% endif %} {# # source address #} {% if backend.source|default("") != "" %} From b51249531dec4ddb197464d484f50e1a9e3f7f81 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Sun, 15 Sep 2019 22:27:35 +0200 Subject: [PATCH 4/5] net/haproxy: change order of frontend options --- .../OPNsense/HAProxy/forms/dialogFrontend.xml | 64 +++++++++---------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml index 3aa40fb28..32e200eb9 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml @@ -161,6 +161,38 @@ To import additional CRLs, go to CRL Manager.]]> Type CRL name or choose from list. + + + header + + + + frontend.http2Enabled + + checkbox + + + + frontend.http2Enabled_nontls + + checkbox + + + + frontend.advertised_protocols + + select_multiple + + true + true + + + + frontend.forwardFor + + checkbox + + header @@ -264,38 +296,6 @@ true - - - header - - - - frontend.http2Enabled - - checkbox - - - - frontend.http2Enabled_nontls - - checkbox - - - - frontend.advertised_protocols - - select_multiple - - true - true - - - - frontend.forwardFor - - checkbox - - header From 1603f9a21b2b39ba0ca9495eaa500fb7431fb7f7 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Sun, 15 Sep 2019 22:43:48 +0200 Subject: [PATCH 5/5] net/haproxy: add support for the random balancing algorithm --- .../controllers/OPNsense/HAProxy/forms/dialogBackend.xml | 7 +++++++ .../opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml | 8 ++++++++ .../service/templates/OPNsense/HAProxy/haproxy.conf | 5 +++++ 3 files changed, 20 insertions(+) diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml index 0af01e120..380bcd365 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml @@ -31,6 +31,13 @@ HAProxy documentation for a full description.]]> Choose a load balancing algorithm. + + backend.random_draws + + text + + true + backend.proxyProtocol diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml index bb080b736..97ccc299f 100644 --- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml +++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml @@ -763,8 +763,16 @@ Static Round Robin Least Connections URI Hash (only HTTP mode) + Random Algorithm + + Y + 2 + 2 + 1000 + Please specify a value between 2 and 1000. + N diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf index b6401e74d..e503234d0 100644 --- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf +++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf @@ -1269,7 +1269,12 @@ backend {{backend.name}} {# # Hence we can't automatically set the mode and thus need a #} {# # (redundant) GUI option for this. #} mode {{backend.mode}} +{# # balancing algorithm #} +{% if backend.algorithm|default("") == 'random' %} + balance {{backend.algorithm}}({{backend.random_draws}}) +{% else %} balance {{backend.algorithm}} +{% endif %} {# # call macro to evaluate stickiness config #} {{ StickTableConfig(backend,true) }} # tuning options