From ca805ea20df7869276327277f83ab9a373579638 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Wed, 13 Oct 2021 23:03:44 +0200
Subject: [PATCH 1/2] net/haproxy: add hard-stop-after to ensure proper service
 restart/shutdown

---
 net/haproxy/pkg-descr                                     | 2 ++
 .../OPNsense/HAProxy/forms/generalSettings.xml            | 6 ++++++
 .../opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml  | 8 +++++++-
 .../service/templates/OPNsense/HAProxy/haproxy.conf       | 3 +++
 4 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr
index 0b23647bf..aa184412f 100644
--- a/net/haproxy/pkg-descr
+++ b/net/haproxy/pkg-descr
@@ -10,12 +10,14 @@ Plugin Changelog
 
 Added:
 * add support for advanced resolver properties (#2330)
+* add graceful stop timeout to service settings
 
 Fixed:
 * no haproxy.conf after restoring a config backup (#2474)
 
 Changed:
 * deploy haproxy.conf if it does not exist (#2474)
+* add new timeout (60s) which will terminate open connections when using graceful stop
 
 3.5
 
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalSettings.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalSettings.xml
index d0efde12b..aa3f791ff 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalSettings.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalSettings.xml
@@ -15,6 +15,12 @@
         <type>checkbox</type>
         <help><![CDATA[Enable HAProxy's graceful stop mode. In this mode HAProxy will continue to process existing connections until they close. Note that this may severely slow down HAProxy's shutdown, depending on the configured timeout values. If graceful stop mode is not enabled, HAProxy will use the hard stop mode where it immediately quits and all established connections are closed. Hard stop mode is recommended.]]></help>
     </field>
+    <field>
+        <id>haproxy.general.hardStopAfter</id>
+        <label>Graceful stop timeout</label>
+        <type>text</type>
+        <help><![CDATA[Set the maximum time allowed to perform a clean graceful stop. HAProxy will terminate all open connections when the timeout is reached. This may be used to ensure that the instance will quit even if connections remain opened. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
+    </field>
     <field>
         <id>haproxy.general.seamlessReload</id>
         <label>Seamless reload</label>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index 15b3ce18e..b6c025d91 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/HAProxy</mount>
-    <version>3.1.0</version>
+    <version>3.2.0</version>
     <description>the HAProxy load balancer</description>
     <items>
         <general>
@@ -12,6 +12,12 @@
                 <default>0</default>
                 <Required>Y</Required>
             </gracefulStop>
+            <hardStopAfter type="TextField">
+                <default>60s</default>
+                <mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
+                <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
+                <Required>N</Required>
+            </hardStopAfter>
             <seamlessReload type="BooleanField">
                 <default>0</default>
                 <Required>Y</Required>
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index 7b40fbd6a..71c439df1 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -859,6 +859,9 @@ global
 {%     endif %}
 {%   endfor %}
 {% endif %}
+{% if OPNsense.HAProxy.general.hardStopAfter|default('') != '' %}
+    hard-stop-after             {{OPNsense.HAProxy.general.hardStopAfter}}
+{% endif %}
 {% if helpers.exists('OPNsense.HAProxy.general.tuning.maxConnections') %}
     maxconn                     {{OPNsense.HAProxy.general.tuning.maxConnections}}
 {% endif %}

From d483eeba702e52c2687a7d3464a02159194a176f Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Wed, 13 Oct 2021 23:57:38 +0200
Subject: [PATCH 2/2] net/haproxy: support "monitor-uri" and "monitor fail" in
 rules, closes #2387

---
 net/haproxy/pkg-descr                                 |  1 +
 .../OPNsense/HAProxy/forms/dialogAction.xml           | 11 +++++++++++
 .../mvc/app/models/OPNsense/HAProxy/HAProxy.xml       |  5 +++++
 .../service/templates/OPNsense/HAProxy/haproxy.conf   |  8 ++++++++
 4 files changed, 25 insertions(+)

diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr
index aa184412f..3b578b24b 100644
--- a/net/haproxy/pkg-descr
+++ b/net/haproxy/pkg-descr
@@ -11,6 +11,7 @@ Plugin Changelog
 Added:
 * add support for advanced resolver properties (#2330)
 * add graceful stop timeout to service settings
+* support "monitor-uri" and "monitor fail" in rules (#2387)
 
 Fixed:
 * no haproxy.conf after restoring a config backup (#2474)
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
index 1e8683637..f0d17e77e 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
@@ -354,6 +354,17 @@
         <type>text</type>
         <help><![CDATA[A standard HAProxy expression formed by a sample-fetch followed by some converters.]]></help>
     </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_monitor_fail</style>
+    </field>
+    <field>
+        <id>action.monitor_fail_uri</id>
+        <label>Monitoring URI</label>
+        <type>text</type>
+        <help><![CDATA[Specifies a URI which will be intercepted to return HAProxy's health status instead of forwarding the request. When a HTTP request is received, HAProxy will return either "HTTP/1.0 200 OK" or "HTTP/1.0 503 Service unavailable", depending on the fined failure conditions.]]></help>
+    </field>
     <field>
         <label>Parameters</label>
         <type>header</type>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index b6c025d91..8521443fe 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -2068,6 +2068,7 @@
                         <http-response_replace-value>http-response header replace value</http-response_replace-value>
                         <http-response_set-status>http-response set-status</http-response_set-status>
                         <http-response_set-var>http-response set-var</http-response_set-var>
+                        <monitor_fail>monitor fail: report failure to a monitor request</monitor_fail>
                         <tcp-request_connection_accept>tcp-request connection accept</tcp-request_connection_accept>
                         <tcp-request_connection_reject>tcp-request connection reject</tcp-request_connection_reject>
                         <tcp-request_content_accept>tcp-request content accept</tcp-request_content_accept>
@@ -2252,6 +2253,10 @@
                     <mask>/^.{1,4096}$/u</mask>
                     <Required>N</Required>
                 </http_response_set_var_expr>
+                <monitor_fail_uri type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </monitor_fail_uri>
                 <tcp_request_content_lua type="TextField">
                     <mask>/^.{1,4096}$/u</mask>
                     <Required>N</Required>
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index 71c439df1..15dc3f76e 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -522,6 +522,14 @@
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
+{%         elif action_data.type == 'monitor_fail' %}
+{%           if action_data.monitor_fail_uri|default("") != "" %}
+{%             do action_options.append('monitor-uri ' ~ action_data.monitor_fail_uri ~ '\n   ') %}
+{%             do action_options.append('monitor fail') %}
+{%           else %}
+{%             set action_enabled = '0' %}
+    # ERROR: missing parameters
+{%           endif %}
 {%         elif action_data.type == 'tcp-request_connection_accept' %}
 {%           do action_options.append('tcp-request connection accept') %}
 {%         elif action_data.type == 'tcp-request_connection_reject' %}