mirror of
https://github.com/opnsense/plugins.git
synced 2026-05-28 04:34:15 -04:00
net/haproxy: add support for FastCGI applications, closes #2769
This commit is contained in:
Frank Wall
parent
3806468af6
commit
542958352b
11 changed files with 369 additions and 4 deletions
|
|
@ -11,6 +11,8 @@ Plugin Changelog
|
|||
Added:
|
||||
* add support for req.ssl_hello_type (#2311)
|
||||
* add support for Prometheus exporter (#2764)
|
||||
* add support for FastCGI applications (#2769)
|
||||
* add server option to override the multiplexer protocol
|
||||
|
||||
Fixed:
|
||||
* fix unix sockets in chrooted environment (#3093)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2016-2021 Frank Wall
|
||||
* Copyright (C) 2016-2022 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
*
|
||||
* All rights reserved.
|
||||
|
|
@ -241,6 +241,31 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
return $this->searchBase('luas.lua', array('enabled', 'name', 'description'), 'name');
|
||||
}
|
||||
|
||||
public function getFcgiAction($uuid = null)
|
||||
{
|
||||
return $this->getBase('fcgi', 'fcgis.fcgi', $uuid);
|
||||
}
|
||||
|
||||
public function setFcgiAction($uuid)
|
||||
{
|
||||
return $this->setBase('fcgi', 'fcgis.fcgi', $uuid);
|
||||
}
|
||||
|
||||
public function addFcgiAction()
|
||||
{
|
||||
return $this->addBase('fcgi', 'fcgis.fcgi');
|
||||
}
|
||||
|
||||
public function delFcgiAction($uuid)
|
||||
{
|
||||
return $this->delBase('fcgis.fcgi', $uuid);
|
||||
}
|
||||
|
||||
public function searchFcgisAction()
|
||||
{
|
||||
return $this->searchBase('fcgis.fcgi', array('name', 'description'), 'name');
|
||||
}
|
||||
|
||||
public function getErrorfileAction($uuid = null)
|
||||
{
|
||||
return $this->getBase('errorfile', 'errorfiles.errorfile', $uuid);
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2016 Frank Wall
|
||||
* Copyright (C) 2016-2022 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -49,6 +49,7 @@ class IndexController extends \OPNsense\Base\IndexController
|
|||
$this->view->formDialogBackend = $this->getForm("dialogBackend");
|
||||
$this->view->formDialogCpu = $this->getForm("dialogCpu");
|
||||
$this->view->formDialogErrorfile = $this->getForm("dialogErrorfile");
|
||||
$this->view->formDialogFcgi = $this->getForm("dialogFcgi");
|
||||
$this->view->formDialogFrontend = $this->getForm("dialogFrontend");
|
||||
$this->view->formDialogGroup = $this->getForm("dialogGroup");
|
||||
$this->view->formDialogHealthcheck = $this->getForm("dialogHealthcheck");
|
||||
|
|
|
|||
|
|
@ -448,4 +448,26 @@
|
|||
<type>dropdown</type>
|
||||
<help><![CDATA[HAProxy will use this backend pool if no match is found in the map file.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Parameters</label>
|
||||
<type>header</type>
|
||||
<style>type_table table_fcgi_pass_header</style>
|
||||
</field>
|
||||
<field>
|
||||
<id>action.fcgi_pass_header</id>
|
||||
<label>Header Name</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[Specify the name of a request header which will be passed to the FastCGI application. Most request headers are already available to the FastCGI application, prefixed with "HTTP_". Thus, this directive is only required to pass headers that are purposefully omitted. Currently, the headers "Authorization", "Proxy-Authorization" and hop-by-hop headers are omitted.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Parameters</label>
|
||||
<type>header</type>
|
||||
<style>type_table table_fcgi_set_param</style>
|
||||
</field>
|
||||
<field>
|
||||
<id>action.fcgi_set_param</id>
|
||||
<label>Parameter</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[Set a FastCGI parameter that should be passed to the application. Its value must follow HAProxy's <a href="http://docs.haproxy.org/2.4/configuration.html#8.2.4">Custom Log format rules</a>. With this directive, it is possible to overwrite the value of default FastCGI parameters.]]></help>
|
||||
</field>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -54,6 +54,12 @@
|
|||
<help><![CDATA[Add servers to this backend. Use TAB key to complete typing.]]></help>
|
||||
<hint>Type server name or choose from list.</hint>
|
||||
</field>
|
||||
<field>
|
||||
<id>backend.linkedFcgi</id>
|
||||
<label>FastCGI Application</label>
|
||||
<type>dropdown</type>
|
||||
<help><![CDATA[Select the FastCGI application that should be used for all servers in this backend.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>backend.linkedResolver</id>
|
||||
<label>Resolver</label>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,77 @@
|
|||
<form>
|
||||
<field>
|
||||
<id>fcgi.enabled</id>
|
||||
<label>Enabled</label>
|
||||
<type>checkbox</type>
|
||||
<help>Enable this FastCGI application.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.name</id>
|
||||
<label>Name</label>
|
||||
<type>text</type>
|
||||
<help>Name to identify this FastCGI application.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.description</id>
|
||||
<label>Description</label>
|
||||
<type>text</type>
|
||||
<help>Description for this FastCGI application.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.docroot</id>
|
||||
<label>Docroot</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[Define the document root on the remote host. It will be used to build the default value of FastCGI parameters SCRIPT_FILENAME and PATH_TRANSLATED. It is a mandatory setting.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.index</id>
|
||||
<label>Index</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[Define the script name that will be appended after an URI that ends with a slash ("/") to set the default value of the FastCGI parameter SCRIPT_NAME. It is an optional setting.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.path_info</id>
|
||||
<label>Path Info</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[Define a regular expression to extract the script-name and the path-info from the URL-decoded path, see <a href="http://docs.haproxy.org/2.4/configuration.html#10.1.1-path-info">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.log_stderr</id>
|
||||
<label>STDERR Logging</label>
|
||||
<type>checkbox</type>
|
||||
<help><![CDATA[Enable logging of STDERR messages reported by the FastCGI application. It is an optional setting. By default STDERR messages are ignored.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.keep_conn</id>
|
||||
<label>Keep Connection Open</label>
|
||||
<type>checkbox</type>
|
||||
<help><![CDATA[Instruct the FastCGI application to keep the connection open after sending a response. If disabled, the FastCGI application closes the connection after responding to a request.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.get_values</id>
|
||||
<label>Connection Management</label>
|
||||
<type>checkbox</type>
|
||||
<help><![CDATA[Enable the retrieval of variables about connection management from the FastCGI application by sending the record FCGI_GET_VALUES on connection establishment. Some FastCGI applications do not support this feature and others close the connection immediately after sending their response. As a result, this option is disabled by default.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.mpxs_conns</id>
|
||||
<label>Connection Multiplexing</label>
|
||||
<type>checkbox</type>
|
||||
<help><![CDATA[Enable the support for connection multiplexing. This option may be overwritten if the variable FCGI_MPXS_CONNS is retrieved during connection establishment.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.max_reqs</id>
|
||||
<label>Maximum Concurrent Requests</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[Define the maximum number of concurrent requests this application will accept. This option may be overwritten if the variable FCGI_MAX_REQS is retrieved during connection establishment. Furthermore, if the application does not support connection multiplexing, this option will be ignored.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>fcgi.linkedActions</id>
|
||||
<label>Select Rules</label>
|
||||
<type>select_multiple</type>
|
||||
<style>tokenize</style>
|
||||
<sortable>true</sortable>
|
||||
<help><![CDATA[Choose rules to be included in this FastCGI application. Only FastCGI rules are supported.]]></help>
|
||||
<hint>Choose rules.</hint>
|
||||
</field>
|
||||
</form>
|
||||
|
|
@ -95,6 +95,13 @@
|
|||
<type>dropdown</type>
|
||||
<help><![CDATA[Sets the operation mode to use for this server.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>server.multiplexer_protocol</id>
|
||||
<label>Multiplexer Protocol</label>
|
||||
<type>dropdown</type>
|
||||
<help><![CDATA[Forces the multiplexer's protocol to use for the outgoing connections to this server. It must be compatible with the mode of the backend (TCP or HTTP). It must also be usable on the backend side. Idea behind this option is to bypass the selection of the best multiplexer's protocol for all connections established to this server. Use only when strictly necessary.]]></help>
|
||||
<advanced>true</advanced>
|
||||
</field>
|
||||
<field>
|
||||
<id>server.resolvePrefer</id>
|
||||
<label>Prefer IP Family</label>
|
||||
|
|
|
|||
|
|
@ -911,6 +911,18 @@
|
|||
<Multiple>Y</Multiple>
|
||||
<Required>N</Required>
|
||||
</linkedServers>
|
||||
<linkedFcgi type="ModelRelationField">
|
||||
<Model>
|
||||
<template>
|
||||
<source>OPNsense.HAProxy.HAProxy</source>
|
||||
<items>fcgis.fcgi</items>
|
||||
<display>name</display>
|
||||
</template>
|
||||
</Model>
|
||||
<ValidationMessage>Related fcgi item not found</ValidationMessage>
|
||||
<Multiple>N</Multiple>
|
||||
<Required>N</Required>
|
||||
</linkedFcgi>
|
||||
<linkedResolver type="ModelRelationField">
|
||||
<Model>
|
||||
<template>
|
||||
|
|
@ -1282,6 +1294,16 @@
|
|||
<disabled>disabled</disabled>
|
||||
</OptionValues>
|
||||
</mode>
|
||||
<multiplexer_protocol type="OptionField">
|
||||
<Required>N</Required>
|
||||
<default>unspecified</default>
|
||||
<OptionValues>
|
||||
<unspecified>auto-selection [recommended]</unspecified>
|
||||
<fcgi>FastCGI</fcgi>
|
||||
<h2>HTTP/2</h2>
|
||||
<h1>HTTP/1.1</h1>
|
||||
</OptionValues>
|
||||
</multiplexer_protocol>
|
||||
<type type="OptionField">
|
||||
<Required>Y</Required>
|
||||
<default>static</default>
|
||||
|
|
@ -2138,6 +2160,8 @@
|
|||
<use_backend>Use specified Backend Pool</use_backend>
|
||||
<use_server>Override server in Backend Pool</use_server>
|
||||
<map_use_backend>Map domains to backend pools using a map file</map_use_backend>
|
||||
<fcgi_pass_header>FastCGI pass-header</fcgi_pass_header>
|
||||
<fcgi_set_param>FastCGI set-param</fcgi_set_param>
|
||||
<http-request_allow>http-request allow</http-request_allow>
|
||||
<http-request_deny>http-request deny</http-request_deny>
|
||||
<http-request_tarpit>http-request tarpit</http-request_tarpit>
|
||||
|
|
@ -2202,6 +2226,16 @@
|
|||
<Multiple>N</Multiple>
|
||||
<Required>N</Required>
|
||||
</use_server>
|
||||
<fcgi_pass_header type="TextField">
|
||||
<mask>/^.{1,1024}$/u</mask>
|
||||
<ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
|
||||
<Required>N</Required>
|
||||
</fcgi_pass_header>
|
||||
<fcgi_set_param type="TextField">
|
||||
<mask>/^.{1,1024}$/u</mask>
|
||||
<ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
|
||||
<Required>N</Required>
|
||||
</fcgi_set_param>
|
||||
<http_request_auth type="TextField">
|
||||
<mask>/^.{1,4096}$/u</mask>
|
||||
<Required>N</Required>
|
||||
|
|
@ -2471,6 +2505,80 @@
|
|||
</content>
|
||||
</lua>
|
||||
</luas>
|
||||
<fcgis>
|
||||
<fcgi type="ArrayField">
|
||||
<id type="UniqueIdField">
|
||||
<Required>Y</Required>
|
||||
</id>
|
||||
<enabled type="BooleanField">
|
||||
<default>1</default>
|
||||
<Required>Y</Required>
|
||||
</enabled>
|
||||
<name type="TextField">
|
||||
<mask>/^[^\t^,^;^\.^\[^\]^\{^\}]{1,255}$/u</mask>
|
||||
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
|
||||
<Required>Y</Required>
|
||||
</name>
|
||||
<description type="TextField">
|
||||
<mask>/^.{1,255}$/u</mask>
|
||||
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
|
||||
<Required>N</Required>
|
||||
</description>
|
||||
<docroot type="TextField">
|
||||
<mask>/^.{1,4096}$/u</mask>
|
||||
<ValidationMessage>Should be a string between 1 and 4096 characters.</ValidationMessage>
|
||||
<Required>Y</Required>
|
||||
</docroot>
|
||||
<index type="TextField">
|
||||
<mask>/^.{1,4096}$/u</mask>
|
||||
<ValidationMessage>Should be a string between 1 and 4096 characters.</ValidationMessage>
|
||||
<Required>N</Required>
|
||||
</index>
|
||||
<path_info type="TextField">
|
||||
<mask>/^.{1,4096}$/u</mask>
|
||||
<ValidationMessage>Should be a string between 1 and 4096 characters.</ValidationMessage>
|
||||
<Required>N</Required>
|
||||
</path_info>
|
||||
<log_stderr type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>N</Required>
|
||||
</log_stderr>
|
||||
<keep_conn type="BooleanField">
|
||||
<default>1</default>
|
||||
<Required>N</Required>
|
||||
</keep_conn>
|
||||
<get_values type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>N</Required>
|
||||
</get_values>
|
||||
<mpxs_conns type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>N</Required>
|
||||
</mpxs_conns>
|
||||
<max_reqs type="IntegerField">
|
||||
<MinimumValue>1</MinimumValue>
|
||||
<MaximumValue>100000</MaximumValue>
|
||||
<ValidationMessage>Please specify a value between 1 and 100000.</ValidationMessage>
|
||||
<Required>N</Required>
|
||||
</max_reqs>
|
||||
<linkedActions type="ModelRelationField">
|
||||
<Model>
|
||||
<template>
|
||||
<source>OPNsense.HAProxy.HAProxy</source>
|
||||
<items>actions.action</items>
|
||||
<display>name</display>
|
||||
<filters>
|
||||
<type>/fcgi/</type>
|
||||
</filters>
|
||||
</template>
|
||||
</Model>
|
||||
<ValidationMessage>Related action item not found</ValidationMessage>
|
||||
<Sorted>Y</Sorted>
|
||||
<multiple>Y</multiple>
|
||||
<Required>N</Required>
|
||||
</linkedActions>
|
||||
</fcgi>
|
||||
</fcgis>
|
||||
<errorfiles>
|
||||
<errorfile type="ArrayField">
|
||||
<id type="UniqueIdField">
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
<Users VisibleName="Users" url="/ui/haproxy#users"/>
|
||||
<Groups VisibleName="Groups" url="/ui/haproxy#groups"/>
|
||||
<Luas VisibleName="Lua Scripts" url="/ui/haproxy#luas"/>
|
||||
<Fcgis VisibleName="FastCGI Applications" url="/ui/haproxy#fcgis"/>
|
||||
<Errorfiles VisibleName="Error Files" url="/ui/haproxy#errorfiles"/>
|
||||
<Mapfiles VisibleName="Map Files" url="/ui/haproxy#mapfiles"/>
|
||||
<Resolvers VisibleName="Resolvers" url="/ui/haproxy#resolvers"/>
|
||||
|
|
|
|||
|
|
@ -162,6 +162,18 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
}
|
||||
);
|
||||
|
||||
$("#grid-fcgis").UIBootgrid(
|
||||
{ search:'/api/haproxy/settings/searchFcgis',
|
||||
get:'/api/haproxy/settings/getFcgi/',
|
||||
set:'/api/haproxy/settings/setFcgi/',
|
||||
add:'/api/haproxy/settings/addFcgi/',
|
||||
del:'/api/haproxy/settings/delFcgi/',
|
||||
options: {
|
||||
rowCount:[10,25,50,100,500,1000]
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
$("#grid-errorfiles").UIBootgrid(
|
||||
{ search:'/api/haproxy/settings/searchErrorfiles',
|
||||
get:'/api/haproxy/settings/getErrorfile/',
|
||||
|
|
@ -676,6 +688,7 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
<li><a data-toggle="tab" id="advanced-introduction" href="#subtab_haproxy-advanced-introduction">{{ lang._('Introduction') }}</a></li>
|
||||
{% endif %}
|
||||
<li><a data-toggle="tab" id="errorfiles-tab" href="#errorfiles">{{ lang._('Error Messages') }}</a></li>
|
||||
<li><a data-toggle="tab" href="#fcgis">{{ lang._('FastCGI Applications') }}</a></li>
|
||||
<li><a data-toggle="tab" href="#luas">{{ lang._('Lua Scripts') }}</a></li>
|
||||
<li><a data-toggle="tab" href="#mapfiles">{{ lang._('Map Files') }}</a></li>
|
||||
<li><a data-toggle="tab" href="#cpus">{{ lang._('CPU Affinity Rules') }}</a></li>
|
||||
|
|
@ -784,6 +797,7 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
<p>{{ lang._("Most of the time these features are not required, but in certain situations they will be handy:") }}</p>
|
||||
<ul>
|
||||
<li>{{ lang._("%sError Messages:%s Return a custom message instead of errors generated by HAProxy. Useful to overwrite HAProxy's internal error messages. The message must represent the full HTTP response and include required HTTP headers.") | format('<b>', '</b>') }}</li>
|
||||
<li>{{ lang._("%sFastCGI Applications:%s HAProxy can be configured to send requests to FastCGI applications. After configuring a FastCGI application, it needs to be enabled in a %sBackend Pool%s.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
|
||||
<li>{{ lang._("%sLua scripts:%s Include your own Lua code/scripts to extend HAProxy's functionality. The Lua code can be used in certain %sRules%s, for example.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
|
||||
<li>{{ lang._("%sMap Files:%s A map allows to map a data in input to an other one on output. For example, this makes it possible to map a large number of domains to backend pools without using the GUI. Map files need to be used in %sRules%s, otherwise they are ignored.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
|
||||
<li>{{ lang._("%sCPU Affinity Rules:%s This feature makes it possible to bind HAProxy's processes/threads to a specific CPU (or a CPU set). Furthermore it is possible to select CPU Affinity Rules in %sPublic Services%s to restrict them to a certain set of processes/threads/CPUs.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
|
||||
|
|
@ -1029,6 +1043,31 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
</table>
|
||||
</div>
|
||||
|
||||
<div id="fcgis" class="tab-pane fade">
|
||||
<table id="grid-fcgis" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogFcgi" data-editAlert="haproxyChangeMessage">
|
||||
<thead>
|
||||
<tr>
|
||||
<th data-column-id="fcgiid" data-type="number" data-visible="false">{{ lang._('FastCGI ID') }}</th>
|
||||
<th data-column-id="name" data-type="string">{{ lang._('FastCGI Application Name') }}</th>
|
||||
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
|
||||
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
|
||||
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
</tbody>
|
||||
<tfoot>
|
||||
<tr>
|
||||
<td></td>
|
||||
<td>
|
||||
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
|
||||
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
|
||||
</td>
|
||||
</tr>
|
||||
</tfoot>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<div id="errorfiles" class="tab-pane fade">
|
||||
<table id="grid-errorfiles" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogErrorfile" data-editAlert="haproxyChangeMessage">
|
||||
<thead>
|
||||
|
|
@ -1264,6 +1303,7 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
{{ partial("layout_partials/base_dialog",['fields':formDialogGroup,'id':'DialogGroup','label':lang._('Edit Group')])}}
|
||||
{{ partial("layout_partials/base_dialog",['fields':formDialogLua,'id':'DialogLua','label':lang._('Edit Lua Script')])}}
|
||||
{{ partial("layout_partials/base_dialog",['fields':formDialogErrorfile,'id':'DialogErrorfile','label':lang._('Edit Error Message')])}}
|
||||
{{ partial("layout_partials/base_dialog",['fields':formDialogFcgi,'id':'DialogFcgi','label':lang._('Edit FastCGI Application')])}}
|
||||
{{ partial("layout_partials/base_dialog",['fields':formDialogMapfile,'id':'DialogMapfile','label':lang._('Edit Map File')])}}
|
||||
{{ partial("layout_partials/base_dialog",['fields':formDialogCpu,'id':'DialogCpu','label':lang._('Edit CPU Affinity Rule')])}}
|
||||
{{ partial("layout_partials/base_dialog",['fields':formDialogResolver,'id':'DialogResolver','label':lang._('Edit Resolver')])}}
|
||||
|
|
|
|||
|
|
@ -465,6 +465,20 @@
|
|||
{% set action_enabled = '0' %}
|
||||
# ERROR: missing parameters
|
||||
{% endif %}
|
||||
{% elif action_data.type == 'fcgi_pass_header' %}
|
||||
{% if action_data.fcgi_pass_header|default('') != '' %}
|
||||
{% do action_options.append('pass-header ' ~ action_data.fcgi_pass_header) %}
|
||||
{% else %}
|
||||
{% set action_enabled = '0' %}
|
||||
# ERROR: missing parameters
|
||||
{% endif %}
|
||||
{% elif action_data.type == 'fcgi_set_param' %}
|
||||
{% if action_data.fcgi_set_param|default('') != '' %}
|
||||
{% do action_options.append('set-param ' ~ action_data.fcgi_set_param) %}
|
||||
{% else %}
|
||||
{% set action_enabled = '0' %}
|
||||
# ERROR: missing parameters
|
||||
{% endif %}
|
||||
{% elif action_data.type == 'http-request_allow' %}
|
||||
{% do action_options.append('http-request allow') %}
|
||||
{% elif action_data.type == 'http-request_deny' %}
|
||||
|
|
@ -696,7 +710,7 @@
|
|||
{% set comment_lines = comment_lines + [' # NOTE: actions with no ACLs/conditions will always match'] %}
|
||||
{% endif %}
|
||||
{% if action_options|length > 0 %}
|
||||
{% do global_action_options.append(comment_lines|join('\n')) %}
|
||||
{% do global_action_options.append(comment_lines|join('\n')) -%}
|
||||
{% do global_action_options.append(([action_options|join(' '), acl_line]|join(' '))) %}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
|
|
@ -1626,6 +1640,17 @@ backend {{backend.name}}
|
|||
{% else %}
|
||||
balance {{backend.algorithm}}
|
||||
{% endif %}
|
||||
{# # FastCGI application #}
|
||||
{% if backend.linkedFcgi|default("") != "" %}
|
||||
{% set fcgi_data = helpers.getUUID(backend.linkedFcgi) %}
|
||||
{% if fcgi_data == {} %}
|
||||
# ERROR: FastCGI data not found ({{backend.linkedFcgi}})
|
||||
{% elif fcgi_data.enabled == '0' %}
|
||||
# NOTE: specified FastCGI application is disabled ({{fcgi_data.name}})
|
||||
{% else %}
|
||||
use-fcgi-app {{fcgi_data.name}}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{# # call macro to evaluate stickiness config #}
|
||||
{{ StickTableConfig(backend,true) }}
|
||||
# tuning options
|
||||
|
|
@ -1771,6 +1796,12 @@ backend {{backend.name}}
|
|||
{% if server_data.mode|default("") != 'active' %}
|
||||
{% do server_options.append(server_data.mode) %}
|
||||
{% endif %}
|
||||
{# # force multiplexer protocol if FastCGI is configured for this backend #}
|
||||
{% if backend.linkedFcgi|default("") != "" and fcgi_data.enabled == '1' %}
|
||||
{% do server_options.append('proto fcgi') %}
|
||||
{% elif server_data.multiplexer_protocol|default('') != '' and server_data.multiplexer_protocol|default('') != 'unspecified' %}
|
||||
{% do server_options.append('proto ' ~ server_data.multiplexer_protocol) %}
|
||||
{% endif %}
|
||||
{# # server ssl communication #}
|
||||
{% if server_data.ssl|default("") == '1' %}
|
||||
{% do server_options.append('ssl') %}
|
||||
|
|
@ -1785,7 +1816,8 @@ backend {{backend.name}}
|
|||
{% do server_options.append('alpn ' ~ alpn_options) %}
|
||||
{% endif %}
|
||||
{# # HTTP/2 without TLS #}
|
||||
{% elif backend.http2Enabled|default("") == '1' and backend.http2Enabled_nontls|default("") == '1' %}
|
||||
{# # Must be ignored when a FastCGI application is configured #}
|
||||
{% elif backend.http2Enabled|default("") == '1' and backend.http2Enabled_nontls|default("") == '1' and (server_data.multiplexer_protocol|default('') == '' or server_data.multiplexer_protocol|default('') == 'unspecified') and (backend.linkedFcgi|default('') == '' or fcgi_data.enabled == '0') %}
|
||||
{% do server_options.append('proto h2') %}
|
||||
{% endif %}
|
||||
{# # ssl verification can be enabled for two reasons: #}
|
||||
|
|
@ -1895,6 +1927,50 @@ backend {{backend.name}}
|
|||
{% endfor %}
|
||||
{%- endif -%}
|
||||
|
||||
{# ############################### #}
|
||||
{# FASTCGI #}
|
||||
{# ############################### #}
|
||||
|
||||
{%- if helpers.exists('OPNsense.HAProxy.fcgis') %}
|
||||
{% for fcgi in helpers.toList('OPNsense.HAProxy.fcgis.fcgi') %}
|
||||
{# # ignore disabled fcgis #}
|
||||
{% if fcgi.enabled == '1' %}
|
||||
# FastCGI: {{fcgi.name}} ({{fcgi.description}})
|
||||
fcgi-app {{fcgi.name}}
|
||||
docroot {{fcgi.docroot}}
|
||||
{% if fcgi.log_stderr|default('') == '1' %}
|
||||
log-stderr global
|
||||
{% endif -%}
|
||||
{% if fcgi.index|default('') != '' %}
|
||||
index {{fcgi.index}}
|
||||
{% endif -%}
|
||||
{% if fcgi.path_info|default('') != '' %}
|
||||
path-info {{fcgi.path_info}}
|
||||
{% endif -%}
|
||||
{% if fcgi.keep_conn|default('') == '1' %}
|
||||
option keep-conn
|
||||
{% endif -%}
|
||||
{% if fcgi.get_values|default('') == '1' %}
|
||||
option get-values
|
||||
{% endif -%}
|
||||
{% if fcgi.mpxs_conns|default('') == '1' %}
|
||||
option mpxs-conns
|
||||
{% endif -%}
|
||||
{% if fcgi.max_reqs|default('') != '' %}
|
||||
option max-reqs {{fcgi.max_reqs}}
|
||||
{% endif -%}
|
||||
{# # action and ACL configuration #}
|
||||
{% if fcgi.linkedActions|default("") != "" -%}
|
||||
{# # call macro to evaluate ACLs and actions #}
|
||||
{{ AclsAndActions(fcgi.linkedActions) }}
|
||||
{%- endif %}
|
||||
|
||||
{% else %}
|
||||
# FastCGI (DISABLED): {{fcgi.name}} ({{fcgi.description}})
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{%- endif %}
|
||||
|
||||
{# ############################### #}
|
||||
{# PEERS #}
|
||||
{# ############################### #}
|
||||
|
|
|
|||
Loading…
Reference in a new issue