From 0f7893d20726dde6d5e3dbf39514e4808973a549 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 22 Oct 2017 15:47:04 +0200
Subject: [PATCH 01/10] net/haproxy: extensive model refactoring, refs #208

---
 .../OPNsense/HAProxy/forms/dialogAcl.xml      | 253 +++++++++++-
 .../OPNsense/HAProxy/forms/dialogAction.xml   | 291 ++++++++++++--
 .../HAProxy/forms/dialogHealthcheck.xml       |  54 ++-
 .../OPNsense/HAProxy/forms/main.xml           |   2 +-
 .../app/models/OPNsense/HAProxy/HAProxy.xml   | 359 ++++++++++++++++--
 .../OPNsense/HAProxy/Migrations/M2_0_0.php    | 292 ++++++++++++++
 .../mvc/app/views/OPNsense/HAProxy/index.volt |  36 ++
 .../templates/OPNsense/HAProxy/haproxy.conf   | 242 ++++++------
 8 files changed, 1331 insertions(+), 198 deletions(-)
 create mode 100644 net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
index 34579e572..dc61d00ef 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
@@ -12,14 +12,14 @@
         <help>Description for this ACL.</help>
     </field>
     <field>
-        <label>Compose expression</label>
+        <label>Condition</label>
         <type>header</type>
     </field>
     <field>
         <id>acl.expression</id>
-        <label>Expression</label>
+        <label>Condition type</label>
         <type>dropdown</type>
-        <hint>Select ACL expression.</hint>
+        <hint>Select condition type.</hint>
     </field>
     <field>
         <id>acl.negate</id>
@@ -28,25 +28,246 @@
         <help><![CDATA[Use this to invert the meaning of the expression.]]></help>
     </field>
     <field>
-        <id>acl.value</id>
-        <label>Value</label>
-        <type>text</type>
-        <help><![CDATA[Specify a value to match with the expression.]]></help>
-    </field>
-    <field>
-        <label>Optional parameters</label>
+        <label>Parameters</label>
         <type>header</type>
+        <style>expression_table table_hdr_beg</style>
     </field>
     <field>
-        <id>acl.urlparam</id>
-        <label>URL parameter</label>
+        <id>acl.hdr_beg</id>
+        <label>Host Prefix</label>
         <type>text</type>
-        <help><![CDATA[Specify the URL parameter to be checked for the value specified below.<br/><b>Not used for any other expression.</b>]]></help>
+        <help><![CDATA[HTTP host header starts with string (prefix match)]]></help>
     </field>
     <field>
-        <id>acl.queryBackend</id>
-        <label>Query Backend</label>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_hdr_end</style>
+    </field>
+    <field>
+        <id>acl.hdr_end</id>
+        <label>Host Suffix</label>
+        <type>text</type>
+        <help><![CDATA[HTTP host header ends with string (suffix match)]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_hdr</style>
+    </field>
+    <field>
+        <id>acl.hdr</id>
+        <label>Host String</label>
+        <type>text</type>
+        <help><![CDATA[HTTP host header matches exact string]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_hdr_reg</style>
+    </field>
+    <field>
+        <id>acl.hdr_reg</id>
+        <label>Host Regex</label>
+        <type>text</type>
+        <help><![CDATA[HTTP host header matches regular expression]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_hdr_sub</style>
+    </field>
+    <field>
+        <id>acl.hdr_sub</id>
+        <label>Host Contains</label>
+        <type>text</type>
+        <help><![CDATA[HTTP host header contains string (substring match)]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_path_beg</style>
+    </field>
+    <field>
+        <id>acl.path_beg</id>
+        <label>Path Prefix</label>
+        <type>text</type>
+        <help><![CDATA[HTTP request URL path starts with string (prefix match)]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_path_end</style>
+    </field>
+    <field>
+        <id>acl.path_end</id>
+        <label>Path Suffix</label>
+        <type>text</type>
+        <help><![CDATA[HTTP request URL path ends with string (suffix match)]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_path</style>
+    </field>
+    <field>
+        <id>acl.path</id>
+        <label>Path Matches</label>
+        <type>text</type>
+        <help><![CDATA[HTTP request URL path matches exact string]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_path_reg</style>
+    </field>
+    <field>
+        <id>acl.path_reg</id>
+        <label>Path Regex</label>
+        <type>text</type>
+        <help><![CDATA[HTTP request URL path matches regular expression]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_path_dir</style>
+    </field>
+    <field>
+        <id>acl.path_dir</id>
+        <label>Subdir matches</label>
+        <type>text</type>
+        <help><![CDATA[HTTP request URL path contains directory (subdir match)]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_path_sub</style>
+    </field>
+    <field>
+        <id>acl.path_sub</id>
+        <label>Path Contains</label>
+        <type>text</type>
+        <help><![CDATA[HTTP request URL path contains string (substring match)]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_url_param</style>
+    </field>
+    <field>
+        <id>acl.url_param</id>
+        <label>URL Parameter</label>
+        <type>text</type>
+        <help><![CDATA[Specify the URL parameter to be checked for the value specified below.]]></help>
+    </field>
+    <field>
+        <id>acl.url_param_value</id>
+        <label>Parameter Value</label>
+        <type>text</type>
+        <help><![CDATA[Specify the value for the URL parameter.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_ssl_c_verify_code</style>
+    </field>
+    <field>
+        <id>acl.ssl_c_verify_code</id>
+        <label>SSL Error ID</label>
+        <type>text</type>
+        <help><![CDATA[Specify the SSL/TLS error ID that should be checked for the incoming connection. Please refer to your SSL library's documentation for an exhaustive list of error codes.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_ssl_c_ca_commonname</style>
+    </field>
+    <field>
+        <id>acl.ssl_c_ca_commonname</id>
+        <label>CA Common-Name</label>
+        <type>text</type>
+        <help><![CDATA[Verify the CA Common-Name of the certificate presented by the client against the specified string.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_src</style>
+    </field>
+    <field>
+        <id>acl.src</id>
+        <label>Source IP</label>
+        <type>text</type>
+        <help><![CDATA[Verify the source IPv4 address of the client of the session matches the specified IPv4 or IPv6 address.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_nbsrv</style>
+    </field>
+    <field>
+        <id>acl.nbsrv</id>
+        <label>Usable Servers</label>
+        <type>text</type>
+        <help><![CDATA[Verify the minimum number of usable servers in the named backend matches the specified value.]]></help>
+    </field>
+    <field>
+        <id>acl.nbsrv_backend</id>
+        <label>Backend</label>
         <type>dropdown</type>
-        <help><![CDATA[Use this backend to count usable servers.<br/><b>Not used for any other expression.</b>]]></help>
+        <help><![CDATA[Use the specified backend to count usable servers. Leave empty to use the current backend.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_ssl_sni</style>
+    </field>
+    <field>
+        <id>acl.ssl_sni</id>
+        <label>SNI Matches</label>
+        <type>text</type>
+        <help><![CDATA[The value of the Server Name TLS extension sent by a client matches the exact string.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_ssl_sni_sub</style>
+    </field>
+    <field>
+        <id>acl.ssl_sni_sub</id>
+        <label>SNI Contains</label>
+        <type>text</type>
+        <help><![CDATA[The value of the Server Name TLS extension sent by a client contains the specified string (substring match).]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_ssl_sni_beg</style>
+    </field>
+    <field>
+        <id>acl.ssl_sni_beg</id>
+        <label>SNI Prefix</label>
+        <type>text</type>
+        <help><![CDATA[The value of the Server Name TLS extension sent by a client starts with the specified string (prefix match).]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_ssl_sni_end</style>
+    </field>
+    <field>
+        <id>acl.ssl_sni_end</id>
+        <label>SNI Suffix</label>
+        <type>text</type>
+        <help><![CDATA[The value of the Server Name TLS extension sent by a client ends with the specified string (suffix match).]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_custom_acl</style>
+    </field>
+    <field>
+        <id>acl.custom_acl</id>
+        <label>Custom ACL</label>
+        <type>text</type>
+        <help><![CDATA[Specify a HAProxy ACL that is currently not supported by the GUI. Note that the syntax is not verified.]]></help>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
index 96e7f306b..ff3ef59dc 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
@@ -12,7 +12,7 @@
         <help>Description for this action.</help>
     </field>
     <field>
-        <label>Form condition</label>
+        <label>Optional condition</label>
         <type>header</type>
     </field>
     <field>
@@ -35,47 +35,292 @@
         <help><![CDATA[Choose an logical operator to be used to form a condition.]]></help>
     </field>
     <field>
-        <id>action.type</id>
-        <label>Choose action</label>
-        <type>dropdown</type>
-        <help><![CDATA[Choose an action that should be executed if the condition is true.]]></help>
-    </field>
-    <field>
-        <label>Optional parameters</label>
+        <label>HAProxy function</label>
         <type>header</type>
     </field>
     <field>
-        <id>action.useBackend</id>
+        <id>action.type</id>
+        <label>Run function</label>
+        <type>dropdown</type>
+        <help><![CDATA[Choose an action that should be executed if the condition evaluates to true.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_use_backend</style>
+    </field>
+    <field>
+        <id>action.use_backend</id>
         <label>Use backend</label>
         <type>dropdown</type>
-        <help><![CDATA[Use this backend if the condition is true.<br/><b>Not used for any other action.</b>]]></help>
+        <help><![CDATA[HAProxy will use this backend if the condition evaluates to true.]]></help>
     </field>
     <field>
-        <id>action.useServer</id>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_use_server</style>
+    </field>
+    <field>
+        <id>action.use_server</id>
         <label>Use server</label>
         <type>dropdown</type>
-        <help><![CDATA[Use this server if the condition is true.<br/><b>Not used for any other action.</b>]]></help>
+        <help><![CDATA[HAProxy will use this server if the condition evaluates to true.]]></help>
     </field>
     <field>
-        <label>Conditional parameters</label>
+        <label>Parameters</label>
         <type>header</type>
+        <style>type_table table_http-request_auth</style>
     </field>
     <field>
-        <id>action.actionName</id>
-        <label>Name/Identifier</label>
+        <id>action.http-request_auth</id>
+        <label>Auth Realm</label>
         <type>text</type>
-        <help><![CDATA[Specify a value to match with the action.]]></help>
+        <help><![CDATA[When HAProxy requests user name and password from the user, this optiomal authentication realm is returned with the response (typically the application's name).]]></help>
     </field>
     <field>
-        <id>action.actionFind</id>
-        <label>Find value</label>
-        <type>text</type>
-        <help><![CDATA[Specify a value to match with the action.]]></help>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-request_redirect</style>
     </field>
     <field>
-        <id>action.actionValue</id>
-        <label>Set value</label>
+        <id>action.http-request_redirect</id>
+        <label>HTTP Redirect</label>
         <type>text</type>
-        <help><![CDATA[Specify a value to match with the action.]]></help>
+        <help><![CDATA[Use HAProxy's powerful redirect function to return a HTTP redirection. See <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-request_lua</style>
+    </field>
+    <field>
+        <id>action.http-request_lua</id>
+        <label>Lua function</label>
+        <type>text</type>
+        <help><![CDATA[Run the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-request_use-service</style>
+    </field>
+    <field>
+        <id>action.http-request_use-service</id>
+        <label>Lua service</label>
+        <type>text</type>
+        <help><![CDATA[Register the specified Lua service. You will most likely need to include/load your Lua code first.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-request_add-header</style>
+    </field>
+    <field>
+        <id>action.http-request_add-header_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[Append a HTTP header field with the specified name.]]></help>
+    </field>
+    <field>
+        <id>action.http-request_add-header_content</id>
+        <label>Header Content</label>
+        <type>text</type>
+        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-request_set-header</style>
+    </field>
+    <field>
+        <id>action.http-request_set-header_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[Remove the HTTP header field with the specified name and add a new one with the same name. This is useful when passing security information to the server, where the header must not be manipulated by external users.]]></help>
+    </field>
+    <field>
+        <id>action.http-request_set-header_content</id>
+        <label>Header Content</label>
+        <type>text</type>
+        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-request_del-header</style>
+    </field>
+    <field>
+        <id>action.http-request_del-header_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[Remove the HTTP header field with the specified name.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-request_replace-header</style>
+    </field>
+    <field>
+        <id>action.http-request_replace-header_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[The name of the HTTP header field.]]></help>
+    </field>
+    <field>
+        <id>action.http-request_replace-header_regex</id>
+        <label>Regular Expression</label>
+        <type>text</type>
+        <help><![CDATA[Matches the specified regular expression in all occurrences of header field.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-request_replace-value</style>
+    </field>
+    <field>
+        <id>action.http-request_replace-value_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[The name of the HTTP header field.]]></help>
+    </field>
+    <field>
+        <id>action.http-request_replace-value_regex</id>
+        <label>Regular Expression</label>
+        <type>text</type>
+        <help><![CDATA[This is suited for all header fields which are allowed to carry more than one value: Matches the specified regular expression against every comma-delimited value of the header field.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-response_lua</style>
+    </field>
+    <field>
+        <id>action.http-response_lua</id>
+        <label>Lua function</label>
+        <type>text</type>
+        <help><![CDATA[Run the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-response_add-header</style>
+    </field>
+    <field>
+        <id>action.http-response_add-header_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[Append a HTTP header field with the specified name.]]></help>
+    </field>
+    <field>
+        <id>action.http-response_add-header_content</id>
+        <label>Header Content</label>
+        <type>text</type>
+        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-response_set-header</style>
+    </field>
+    <field>
+        <id>action.http-response_set-header_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[Remove the HTTP header field with the specified name and add a new one with the same name. This is useful when passing security information to the server, where the header must not be manipulated by external users.]]></help>
+    </field>
+    <field>
+        <id>action.http-response_set-header_content</id>
+        <label>Header Content</label>
+        <type>text</type>
+        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-response_del-header</style>
+    </field>
+    <field>
+        <id>action.http-response_del-header_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[Remove the HTTP header field with the specified name.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-response_replace-header</style>
+    </field>
+    <field>
+        <id>action.http-response_replace-header_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[The name of the HTTP header field.]]></help>
+    </field>
+    <field>
+        <id>action.http-response_replace-header_regex</id>
+        <label>Regular Expression</label>
+        <type>text</type>
+        <help><![CDATA[Matches the specified regular expression in all occurrences of header field.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_http-response_replace-value</style>
+    </field>
+    <field>
+        <id>action.http-response_replace-value_name</id>
+        <label>HTTP Header</label>
+        <type>text</type>
+        <help><![CDATA[The name of the HTTP header field.]]></help>
+    </field>
+    <field>
+        <id>action.http-response_replace-value_regex</id>
+        <label>Regular Expression</label>
+        <type>text</type>
+        <help><![CDATA[This is suited for all header fields which are allowed to carry more than one value: Matches the specified regular expression against every comma-delimited value of the header field.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_tcp-request_content_lua</style>
+    </field>
+    <field>
+        <id>action.tcp-request_content_lua</id>
+        <label>Lua function</label>
+        <type>text</type>
+        <help><![CDATA[Run the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_tcp-request_content_use-service</style>
+    </field>
+    <field>
+        <id>action.tcp-request_content_use-service</id>
+        <label>Lua service</label>
+        <type>text</type>
+        <help><![CDATA[Register the specified Lua service. You will most likely need to include/load your Lua code first.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_tcp-response_content_lua</style>
+    </field>
+    <field>
+        <id>action.tcp-response_content_lua</id>
+        <label>Lua function</label>
+        <type>text</type>
+        <help><![CDATA[Run the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
+    </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>type_table table_custom</style>
+    </field>
+    <field>
+        <id>action.custom</id>
+        <label>Custom Action</label>
+        <type>text</type>
+        <help><![CDATA[Specify a HAProxy Action that is currently not supported by the GUI. Note that the syntax is not verified.]]></help>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml
index e81ef4540..e93267ed5 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml
@@ -33,6 +33,7 @@
     <field>
         <label>HTTP check options</label>
         <type>header</type>
+        <style>type_table table_http</style>
     </field>
     <field>
         <id>healthcheck.http_method</id>
@@ -61,6 +62,7 @@
     <field>
         <label>Custom HTTP check</label>
         <type>header</type>
+        <style>type_table table_http</style>
     </field>
     <field>
         <id>healthcheck.http_expressionEnabled</id>
@@ -88,6 +90,7 @@
     <field>
         <label>Custom TCP check</label>
         <type>header</type>
+        <style>type_table table_tcp</style>
     </field>
     <field>
         <id>healthcheck.tcp_enabled</id>
@@ -119,25 +122,64 @@
         <help><![CDATA[Specify the pattern to look for in the response buffer. If the match is set to binary, then the pattern must be passed as a serie of hexadecimal digits in an even number.]]></help>
     </field>
     <field>
-        <label>Other check options</label>
+        <label>Agent check</label>
         <type>header</type>
+        <style>type_table table_agent</style>
     </field>
     <field>
-        <id>healthcheck.agentPort</id>
+        <id>healthcheck.agent_port</id>
         <label>Agent port</label>
         <type>text</type>
         <help><![CDATA[Specify the TCP port used for agent checks.]]></help>
     </field>
     <field>
-        <id>healthcheck.dbUser</id>
-        <label>DB user</label>
+        <label>MySQL check</label>
+        <type>header</type>
+        <style>type_table table_mysql</style>
+    </field>
+    <field>
+        <id>healthcheck.mysql_user</id>
+        <label>MySQL user</label>
         <type>text</type>
         <help><![CDATA[Specify the username to be used for database health checks.]]></help>
     </field>
     <field>
-        <id>healthcheck.smtpDomain</id>
+        <id>healthcheck.mysql_post41</id>
+        <label>MySQL 4.1+</label>
+        <type>checkbox</type>
+        <help><![CDATA[Send checks compatible with MySQL server 4.1 and later.]]></help>
+    </field>
+    <field>
+        <label>PostgreSQL check</label>
+        <type>header</type>
+        <style>type_table table_pgsql</style>
+    </field>
+    <field>
+        <id>healthcheck.pgsql_user</id>
+        <label>PostgreSQL user</label>
+        <type>text</type>
+        <help><![CDATA[Specify the username to be used for database health checks.]]></help>
+    </field>
+    <field>
+        <label>SMTP check</label>
+        <type>header</type>
+        <style>type_table table_smtp</style>
+    </field>
+    <field>
+        <id>healthcheck.smtp_domain</id>
         <label>SMTP domain</label>
         <type>text</type>
-        <help><![CDATA[Specify the domain name to present to the server for SMTP/ESMTP health checks.]]></help>
+        <help><![CDATA[Specify the domain name to present to the server for SMTP health checks.]]></help>
+    </field>
+    <field>
+        <label>ESMTP check</label>
+        <type>header</type>
+        <style>type_table table_esmtp</style>
+    </field>
+    <field>
+        <id>healthcheck.esmtp_domain</id>
+        <label>ESMTP domain</label>
+        <type>text</type>
+        <help><![CDATA[Specify the domain name to present to the server for ESMTP health checks.]]></help>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
index 66a0b4b57..171e5c507 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
@@ -1,5 +1,5 @@
 <form>
-    <tab id="haproxy-general" description="General Settings">
+    <tab id="haproxy-general" description="Settings">
         <subtab id="haproxy-general-settings" description="Service Settings">
             <field>
                 <label>NOTE: You need to configure frontends, backends and servers before enabling HAProxy.</label>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index e33063dea..cc61831f4 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/HAProxy</mount>
-    <version>1.0.0</version>
+    <version>2.0.0</version>
     <description>
         the HAProxy load balancer
     </description>
@@ -281,7 +281,6 @@
                     <ValidationMessage>Related backend item not found</ValidationMessage>
                     <Required>N</Required>
                 </defaultBackend>
-                <!-- XXX: add tag <ssl> once nesting is supported by our framework -->
                 <ssl_enabled type="BooleanField">
                     <default>0</default>
                     <Required>Y</Required>
@@ -299,7 +298,6 @@
                 <ssl_customOptions type="TextField">
                     <Required>N</Required>
                 </ssl_customOptions>
-                <!-- XXX: add tag <tuning> once nesting is supported by our framework -->
                 <tuning_maxConnections type="IntegerField">
                     <MinimumValue>1</MinimumValue>
                     <MaximumValue>500000</MaximumValue>
@@ -311,7 +309,6 @@
                     <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
                     <Required>N</Required>
                 </tuning_timeoutClient>
-                <!-- XXX: add tag <logging> once nesting is supported by our framework -->
                 <logging_dontLogNull type="BooleanField">
                     <default>0</default>
                     <Required>Y</Required>
@@ -451,7 +448,6 @@
                     <default>0</default>
                     <Required>N</Required>
                 </healthCheckLogStatus>
-                <!-- XXX: add tag <stickiness> once nesting is supported by our framework -->
                 <stickiness_pattern type="OptionField">
                     <Required>N</Required>
                     <default>sourceipv4</default>
@@ -487,7 +483,6 @@
                     <ValidationMessage>Please specify a value between 1 and 10000.</ValidationMessage>
                     <Required>N</Required>
                 </stickiness_cookielength>
-                <!-- XXX: add tag <tuning> once nesting is supported by our framework -->
                 <tuning_timeoutConnect type="TextField">
                     <mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
                     <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
@@ -675,7 +670,6 @@
                     <ValidationMessage>Please specify a value between 1 and 65535.</ValidationMessage>
                     <Required>N</Required>
                 </checkport>
-                <!-- XXX: add tag <http> once nesting is supported by our framework -->
                 <http_method type="OptionField">
                     <Required>N</Required>
                     <default>options</default>
@@ -752,21 +746,45 @@
                 <tcp_matchValue type="TextField">
                     <Required>N</Required>
                 </tcp_matchValue>
-                <agentPort type="IntegerField">
+                <agent_port type="IntegerField">
                     <MinimumValue>1</MinimumValue>
                     <MaximumValue>65535</MaximumValue>
                     <ValidationMessage>Please specify a value between 1 and 65535.</ValidationMessage>
                     <Required>N</Required>
-                </agentPort>
-                <dbUser type="TextField">
+                </agent_port>
+                <mysql_user type="TextField">
                     <mask>/^([0-9a-zA-Z._\-]){1,255}$/u</mask>
                     <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
                     <Required>N</Required>
-                </dbUser>
-                <smtpDomain type="TextField">
+                </mysql_user>
+                <mysql_post41 type="BooleanField">
+                    <default>0</default>
+                    <Required>N</Required>
+                </mysql_post41>
+                <pgsql_user type="TextField">
                     <mask>/^([0-9a-zA-Z._\-]){1,255}$/u</mask>
                     <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
                     <Required>N</Required>
+                </pgsql_user>
+                <smtp_domain type="TextField">
+                    <mask>/^([0-9a-zA-Z._\-]){1,255}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </smtp_domain>
+                <esmtp_domain type="TextField">
+                    <mask>/^([0-9a-zA-Z._\-]){1,255}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </esmtp_domain>
+                <!-- XXX old values, required for migration to model 2.0.0 -->
+                <agentPort type="IntegerField">
+                    <Required>N</Required>
+                </agentPort>
+                <dbUser type="TextField">
+                    <Required>N</Required>
+                </dbUser>
+                <smtpDomain type="TextField">
+                    <Required>N</Required>
                 </smtpDomain>
             </healthcheck>
         </healthchecks>
@@ -788,37 +806,160 @@
                 <expression type="OptionField">
                     <Required>Y</Required>
                     <OptionValues>
-                        <host_starts_with>Host starts with</host_starts_with>
-                        <host_ends_with>Host ends with</host_ends_with>
-                        <host_matches>Host matches</host_matches>
-                        <host_regex>Host regex</host_regex>
-                        <host_contains>Host contains</host_contains>
-                        <path_starts_with>Path starts with</path_starts_with>
-                        <path_ends_with>Path ends with</path_ends_with>
-                        <path_matches>Path matches</path_matches>
-                        <path_regex>Path regex</path_regex>
-                        <path_contains>Path contains</path_contains>
-                        <url_parameter>URL parameter contains</url_parameter>
+                        <hdr_beg>Host starts with</hdr_beg>
+                        <hdr_end>Host ends with</hdr_end>
+                        <hdr>Host matches</hdr>
+                        <hdr_reg>Host regex</hdr_reg>
+                        <hdr_sub>Host contains</hdr_sub>
+                        <path_beg>Path starts with</path_beg>
+                        <path_end>Path ends with</path_end>
+                        <path>Path matches</path>
+                        <path_reg>Path regex</path_reg>
+                        <!-- XXX: Notes for migration (added a new similar option):
+                                    path_contains = path_dir (Path contains subdir)
+                                    NEW:            path_sub (Path contains string) -->
+                        <path_dir>Path contains subdir</path_dir>
+                        <path_sub>Path contains string</path_sub>
+                        <url_param>URL parameter contains</url_param>
                         <ssl_fc>SSL/TLS connection established</ssl_fc>
-                        <ssl_c_verify_code>SSL Client certificate verify error result</ssl_c_verify_code>
                         <ssl_c_verify>SSL Client certificate is valid</ssl_c_verify>
-                        <ssl_c_ca_commonname>SSL Client issued by CA common-name</ssl_c_ca_commonname>
-                        <source_ip>Source IP matches IP or Alias</source_ip>
-                        <backendservercount>Minimum count usable servers</backendservercount>
-                        <traffic_is_http>Traffic is http (no value needed)</traffic_is_http>
-                        <traffic_is_ssl>Traffic is ssl (no value needed)</traffic_is_ssl>
-                        <ssl_sni_matches>SNI TLS extension matches</ssl_sni_matches>
-                        <ssl_sni_contains>SNI TLS extension contains</ssl_sni_contains>
-                        <ssl_sni_starts_with>SNI TLS extension starts with</ssl_sni_starts_with>
-                        <ssl_sni_ends_with>SNI TLS extension ends with</ssl_sni_ends_with>
-                        <ssl_sni_regex>SNI TLS extension regex</ssl_sni_regex>
-                        <custom_acl>Custom ACL</custom_acl>
+                        <ssl_c_verify_code>SSL Client certificate verify error result</ssl_c_verify_code>
+                        <ssl_c_ca_commonname>SSL Client certificate issued by CA common-name</ssl_c_ca_commonname>
+                        <src>Source IP matches IP or Alias</src>
+                        <nbsrv>Minimum number of usable servers in backend</nbsrv>
+                        <traffic_is_http>Traffic is HTTP</traffic_is_http>
+                        <traffic_is_ssl>Traffic is SSL</traffic_is_ssl>
+                        <ssl_sni>SNI TLS extension matches</ssl_sni>
+                        <ssl_sni_sub>SNI TLS extension contains</ssl_sni_sub>
+                        <ssl_sni_beg>SNI TLS extension starts with</ssl_sni_beg>
+                        <ssl_sni_end>SNI TLS extension ends with</ssl_sni_end>
+                        <ssl_sni_reg>SNI TLS extension regex</ssl_sni_reg>
+                        <custom_acl>Specify a custom ACL</custom_acl>
                     </OptionValues>
                 </expression>
                 <negate type="BooleanField">
                     <default>0</default>
                     <Required>Y</Required>
                 </negate>
+                <hdr_beg type="TextField">
+                    <mask>/^.{1,255}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </hdr_beg>
+                <hdr_end type="TextField">
+                    <mask>/^.{1,255}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </hdr_end>
+                <hdr type="TextField">
+                    <mask>/^.{1,1024}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </hdr>
+                <hdr_reg type="TextField">
+                    <mask>/^.{1,1024}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </hdr_reg>
+                <hdr_sub type="TextField">
+                    <mask>/^.{1,255}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </hdr_sub>
+                <path_beg type="TextField">
+                    <mask>/^.{1,255}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </path_beg>
+                <path_end type="TextField">
+                    <mask>/^.{1,255}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </path_end>
+                <path type="TextField">
+                    <mask>/^.{1,1024}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </path>
+                <path_reg type="TextField">
+                    <mask>/^.{1,1024}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </path_reg>
+                <path_dir type="TextField">
+                    <mask>/^.{1,255}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </path_dir>
+                <path_sub type="TextField">
+                    <mask>/^.{1,255}$/u</mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                    <Required>N</Required>
+                </path_sub>
+                <url_param type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </url_param>
+                <url_param_value type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </url_param_value>
+                <ssl_c_verify_code type="IntegerField">
+                    <MinimumValue>0</MinimumValue>
+                    <MaximumValue>500000</MaximumValue>
+                    <ValidationMessage>Please specify a value between 0 and 500000.</ValidationMessage>
+                    <Required>N</Required>
+                </ssl_c_verify_code>
+                <ssl_c_ca_commonname type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </ssl_c_ca_commonname>
+                <src type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </src>
+                <nbsrv type="IntegerField">
+                    <MinimumValue>0</MinimumValue>
+                    <MaximumValue>500000</MaximumValue>
+                    <ValidationMessage>Please specify a value between 0 and 500000.</ValidationMessage>
+                    <Required>N</Required>
+                </nbsrv>
+                <nbsrv_backend type="ModelRelationField">
+                    <Model>
+                        <template>
+                            <source>OPNsense.HAProxy.HAProxy</source>
+                            <items>backends.backend</items>
+                            <display>name</display>
+                        </template>
+                    </Model>
+                    <ValidationMessage>Related backend item not found</ValidationMessage>
+                    <Required>N</Required>
+                </nbsrv_backend>
+                <ssl_sni type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </ssl_sni>
+                <ssl_sni_sub type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </ssl_sni_sub>
+                <ssl_sni_beg type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </ssl_sni_beg>
+                <ssl_sni_end type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </ssl_sni_end>
+                <ssl_sni_reg type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </ssl_sni_reg>
+                <custom_acl type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </custom_acl>
+                <!-- XXX old values, required for migration to model 2.0.0 -->
                 <value type="TextField">
                     <Required>N</Required>
                 </value>
@@ -835,6 +976,7 @@
                     </Model>
                     <ValidationMessage>Related backend item not found</ValidationMessage>
                     <Required>N</Required>
+                    <Required>N</Required>
                 </queryBackend>
             </acl>
         </acls>
@@ -880,9 +1022,10 @@
                 </operator>
                 <type type="OptionField">
                     <Required>Y</Required>
+                    <!-- XXX TODO: use more user-friendly names instead of HAProxys option names -->
                     <OptionValues>
-                        <use_backend>Use Backend</use_backend>
-                        <use_server>Use Server</use_server>
+                        <use_backend>Use specified backend</use_backend>
+                        <use_server>Use specified server</use_server>
                         <http-request_allow>http-request allow</http-request_allow>
                         <http-request_deny>http-request deny</http-request_deny>
                         <http-request_tarpit>http-request tarpit</http-request_tarpit>
@@ -913,9 +1056,143 @@
                         <tcp-response_content_close>tcp-response content close</tcp-response_content_close>
                         <tcp-response_content_reject>tcp-response content reject</tcp-response_content_reject>
                         <tcp-response_content_lua>tcp-response content lua script</tcp-response_content_lua>
-                        <custom>Custom</custom>
+                        <custom>Custom Action (HAProxy syntax)</custom>
                     </OptionValues>
                 </type>
+                <use_backend type="ModelRelationField">
+                    <Model>
+                        <template>
+                            <source>OPNsense.HAProxy.HAProxy</source>
+                            <items>backends.backend</items>
+                            <display>name</display>
+                        </template>
+                    </Model>
+                    <ValidationMessage>Related backend item not found</ValidationMessage>
+                    <Multiple>Y</Multiple>
+                    <Required>N</Required>
+                </use_backend>
+                <use_server type="ModelRelationField">
+                    <Model>
+                        <template>
+                            <source>OPNsense.HAProxy.HAProxy</source>
+                            <items>servers.server</items>
+                            <display>name</display>
+                        </template>
+                    </Model>
+                    <ValidationMessage>Related server item not found</ValidationMessage>
+                    <Multiple>Y</Multiple>
+                    <Required>N</Required>
+                </use_server>
+                <http_request_auth type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_auth>
+                <!-- XXX: add support for all "redirect" parameters as separate fields -->
+                <http_request_redirect type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_redirect>
+                <http_request_lua type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_lua>
+                <http_request_use_service type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_use_service>
+                <http_request_add_header_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_add_header_name>
+                <http_request_add_header_content type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_add_header_content>
+                <http_request_set_header_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_set_header_name>
+                <http_request_set_header_content type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_set_header_content>
+                <http_request_del_header_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_del_header_name>
+                <http_request_replace_header_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_replace_header_name>
+                <http_request_replace_header_regex type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_replace_header_regex>
+                <http_request_replace_value_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_replace_value_name>
+                <http_request_replace_value_regex type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_request_replace_value_regex>
+                <http_response_lua type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_lua>
+                <http_response_add_header_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_add_header_name>
+                <http_response_add_header_content type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_add_header_content>
+                <http_response_set_header_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_set_header_name>
+                <http_response_set_header_content type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_set_header_content>
+                <http_response_del_header_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_del_header_name>
+                <http_response_replace_header_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_replace_header_name>
+                <http_response_replace_header_regex type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_replace_header_regex>
+                <http_response_replace_value_name type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_replace_value_name>
+                <http_response_replace_value_regex type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </http_response_replace_value_regex>
+                <tcp_request_content_lua type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </tcp_request_content_lua>
+                <tcp_request_content_use_service type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </tcp_request_content_use_service>
+                <tcp_response_content_lua type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </tcp_response_content_lua>
+                <custom type="TextField">
+                    <mask>/^.{1,4096}$/u</mask>
+                    <Required>N</Required>
+                </custom>
+                <!-- XXX old values, required for migration to model 2.0.0 -->
                 <useBackend type="ModelRelationField">
                     <Model>
                         <template>
@@ -941,13 +1218,13 @@
                     <Required>N</Required>
                 </useServer>
                 <actionName type="TextField">
-                    <Required>N</Required>
+                     <Required>N</Required>
                 </actionName>
                 <actionFind type="TextField">
-                    <Required>N</Required>
+                     <Required>N</Required>
                 </actionFind>
                 <actionValue type="TextField">
-                    <Required>N</Required>
+                     <Required>N</Required>
                 </actionValue>
             </action>
         </actions>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php
new file mode 100644
index 000000000..30bd75213
--- /dev/null
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php
@@ -0,0 +1,292 @@
+<?php
+/**
+ *    Copyright (C) 2017 Frank Wall
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+namespace OPNsense\HAProxy\Migrations;
+
+use OPNsense\Base\BaseModelMigration;
+
+class M2_0_0 extends BaseModelMigration
+{
+    public function run($model)
+    {
+        // Migrate ACLs
+        foreach ($model->getNodeByReference('acls.acl')->__items as $acl) {
+            switch ((string)$acl->expression) {
+                case 'host_starts_with':
+                    $acl->expression = 'hdr_beg';
+                    $acl->hdr_beg = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'host_ends_with':
+                    $acl->expression = 'hdr_end';
+                    $acl->hdr_end = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'host_matches':
+                    $acl->expression = 'hdr';
+                    $acl->hdr = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'host_regex':
+                    $acl->expression = 'hdr_reg';
+                    $acl->hdr_reg = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'host_contains':
+                    $acl->expression = 'hdr_sub';
+                    $acl->hdr_sub = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'path_starts_with':
+                    echo "DEBUG: migrating : " . (string)$acl->name . "\n";
+                    echo "  DEBUG: value: " . (string)$acl->value . "\n";
+                    $acl->expression = 'path_beg';
+                    $acl->path_beg = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'path_ends_with':
+                    $acl->expression = 'path_end';
+                    $acl->path_end = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'path_matches':
+                    $acl->expression = 'path';
+                    $acl->path = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'path_regex':
+                    $acl->expression = 'path_reg';
+                    $acl->path_reg = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'path_contains':
+                    $acl->expression = 'path_dir';
+                    $acl->path_dir = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'url_parameter':
+                    $acl->expression = 'url_param';
+                    $acl->url_param_value = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'ssl_c_verify_code':
+                    $acl->ssl_c_verify_code = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'ssl_c_ca_commonname':
+                    $acl->ssl_c_ca_commonname = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'source_ip':
+                    $acl->expression = 'src';
+                    $acl->src = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'backendservercount':
+                    $acl->expression = 'nbsrv';
+                    $acl->nbsrv = (string)$acl->value;
+                    $acl->nbsrv_backend = (string)$acl->queryBackend;
+                    $acl->value = NULL;
+                    $acl->queryBackend = NULL;
+                    break;
+                case 'ssl_sni_matches':
+                    $acl->expression = 'ssl_sni';
+                    $acl->ssl_sni = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'ssl_sni_contains':
+                    $acl->expression = 'ssl_sni_sub';
+                    $acl->ssl_sni_sub = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'ssl_sni_starts_with':
+                    $acl->expression = 'ssl_sni_beg';
+                    $acl->ssl_sni_beg = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'ssl_sni_ends_with':
+                    $acl->expression = 'ssl_sni_end';
+                    $acl->ssl_sni_end = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'ssl_sni_regex':
+                    $acl->expression = 'ssl_sni_reg';
+                    $acl->ssl_sni_reg = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                case 'custom_acl':
+                    $acl->custom_acl = (string)$acl->value;
+                    $acl->value = NULL;
+                    break;
+                default:
+                    echo "DEBUG: no ACL migration required: " . (string)$acl->name . "\n";
+            }
+        }
+
+        // Migrate Actions
+        foreach ($model->getNodeByReference('actions.action')->__items as $action) {
+            switch ((string)$action->type) {
+                case 'use_backend':
+                    $action->use_backend = (string)$action->useBackend;
+                    $action->useBackend = NULL;
+                    break;
+                case 'use_server':
+                    $action->use_server = (string)$action->useServer;
+                    $action->useServer = NULL;
+                    break;
+                case 'http-request_auth':
+                    $action->http_request_auth = (string)$action->actionValue;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-request_redirect':
+                    $action->http_request_redirect = (string)$action->actionValue;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-request_lua':
+                    $action->http_request_lua = (string)$action->actionValue;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-request_use-service':
+                    $action->http_request_use_service = (string)$action->actionValue;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-request_add-header':
+                    $action->http_request_add_header_name = (string)$action->actionName;
+                    $action->http_request_add_header_content = (string)$action->actionValue;
+                    $action->actionName = NULL;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-request_set-header':
+                    $action->http_request_set_header_name = (string)$action->actionName;
+                    $action->http_request_set_header_content = (string)$action->actionValue;
+                    $action->actionName = NULL;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-request_del-header':
+                    $action->http_request_del_header_name = (string)$action->actionName;
+                    $action->actionName = NULL;
+                    break;
+                case 'http-request_replace-header':
+                    $action->http_request_replace_header_name = (string)$action->actionName;
+                    $action->http_request_replace_header_regex = (string)$action->actionFind . ' ' . (string)$action->actionValue;
+                    $action->actionName = NULL;
+                    $action->actionFind = NULL;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-request_replace-value':
+                    $action->http_request_replace_value_name = (string)$action->actionName;
+                    $action->http_request_replace_value_regex = (string)$action->actionFind . ' ' . (string)$action->actionValue;
+                    $action->actionName = NULL;
+                    $action->actionFind = NULL;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-response_lua':
+                    $action->http_response_lua = (string)$action->actionValue;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-response_add-header':
+                    $action->http_response_add_header_name = (string)$action->actionName;
+                    $action->http_response_add_header_content = (string)$action->actionValue;
+                    $action->actionName = NULL;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-response_set-header':
+                    $action->http_response_set_header_name = (string)$action->actionName;
+                    $action->http_response_set_header_content = (string)$action->actionValue;
+                    $action->actionName = NULL;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-response_del-header':
+                    $action->http_response_del_header_name = (string)$action->actionName;
+                    $action->actionName = NULL;
+                    break;
+                case 'http-response_replace-header':
+                    $action->http_response_replace_header_name = (string)$action->actionName;
+                    $action->http_response_replace_header_regex = (string)$action->actionFind . ' ' . (string)$action->actionValue;
+                    $action->actionName = NULL;
+                    $action->actionFind = NULL;
+                    $action->actionValue = NULL;
+                    break;
+                case 'http-response_replace-value':
+                    $action->http_response_replace_value_name  = (string)$action->actionName;
+                    $action->http_response_replace_value_regex = (string)$action->actionFind . ' ' . (string)$action->actionValue;
+                    $action->actionName = NULL;
+                    $action->actionFind = NULL;
+                    $action->actionValue = NULL;
+                    break;
+                case 'tcp-request_content_lua':
+                    $action->tcp_request_content_lua = (string)$action->actionValue;
+                    $action->actionValue = NULL;
+                    break;
+                case 'tcp-request_content_use-service':
+                    $action->tcp_request_content_use_service = (string)$action->actionValue;
+                    $action->actionValue = NULL;
+                    break;
+                case 'tcp-response_content_lua':
+                    $action->tcp_response_content_lua = (string)$action->actionValue;
+                    $action->actionValue = NULL;
+                    break;
+                case 'custom':
+                    $action->custom = (string)$action->actionValue;
+                    $action->actionValue = NULL;
+                    break;
+                default:
+                    echo "DEBUG: no Action migration required: " . (string)$action->name . "\n";
+            }
+        }
+
+        // Migrate Healthchecks
+        foreach ($model->getNodeByReference('healthchecks.healthcheck')->__items as $hc) {
+            switch ((string)$hc->type) {
+                case 'agent':
+                    $hc->agent_port = (string)$hc->agentPort;
+                    $hc->agentPort = NULL;
+                    break;
+                case 'mysql':
+                    $hc->mysql_user = (string)$hc->dbUser;
+                    $hc->dbUser = NULL;
+                    break;
+                case 'pgsql':
+                    $hc->pgsql_user = (string)$hc->dbUser;
+                    $hc->dbUser = NULL;
+                    break;
+                case 'smtp':
+                    $hc->smtp_domain = (string)$hc->smtpDomain;
+                    $hc->smtpDomain = NULL;
+                    break;
+                case 'esmtp':
+                    $hc->esmtp_domain = (string)$hc->smtpDomain;
+                    $hc->smtpDomain = NULL;
+                    break;
+                default:
+                    echo "DEBUG: no Healthcheck migration required: " . (string)$hc->name . "\n";
+            }
+        }
+
+    }
+}
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
index 38e29d413..701e4da85 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
@@ -146,6 +146,42 @@ POSSIBILITY OF SUCH DAMAGE.
             }
         );
 
+        // hook into on-show event for dialog to extend layout.
+        $('#DialogAcl').on('shown.bs.modal', function (e) {
+            $("#acl\\.expression").change(function(){
+                var service_id = 'table_' + $(this).val();
+                console.log("[debug_X] " + service_id + " | " + "\n")
+                $(".expression_table").hide();
+                // $(".table_"+$(this).val()).show();
+                $("."+service_id).show();
+            });
+            $("#acl\\.expression").change();
+        })
+
+        // hook into on-show event for dialog to extend layout.
+        $('#DialogAction').on('shown.bs.modal', function (e) {
+            $("#action\\.type").change(function(){
+                var service_id = 'table_' + $(this).val();
+                console.log("[debug_Y] " + service_id + " | " + "\n")
+                $(".type_table").hide();
+                // $(".table_"+$(this).val()).show();
+                $("."+service_id).show();
+            });
+            $("#action\\.type").change();
+        })
+
+        // hook into on-show event for dialog to extend layout.
+        $('#DialogHealthcheck').on('shown.bs.modal', function (e) {
+            $("#healthcheck\\.type").change(function(){
+                var service_id = 'table_' + $(this).val();
+                console.log("[debug_Z] " + service_id + " | " + "\n")
+                $(".type_table").hide();
+                // $(".table_"+$(this).val()).show();
+                $("."+service_id).show();
+            });
+            $("#healthcheck\\.type").change();
+        })
+
         /***********************************************************************
          * Commands
          **********************************************************************/
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index aad1fcba0..5aa4e6b85 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -63,86 +63,93 @@
 {%             endif %}
 {%             do acls_seen.append(acl_data.id) %}
 {%             set acl_options = [] %}
-{%             if acl_data.expression == 'host_starts_with' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('hdr_beg(host) -i ' ~ acl_data.value) %}
+{%             if acl_data.expression == 'hdr_beg' %}
+{%               if acl_data.hdr_beg|default("") != "" %}
+{%                 do acl_options.append('hdr_beg(host) -i ' ~ acl_data.hdr_beg) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'host_ends_with' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('hdr_end(host) -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'hdr_end' %}
+{%               if acl_data.hdr_end|default("") != "" %}
+{%                 do acl_options.append('hdr_end(host) -i ' ~ acl_data.hdr_end) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'host_matches' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('hdr(host) -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'hdr' %}
+{%               if acl_data.hdr|default("") != "" %}
+{%                 do acl_options.append('hdr(host) -i ' ~ acl_data.hdr) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'host_regex' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('hdr_reg(host) -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'hdr_reg' %}
+{%               if acl_data.hdr_reg|default("") != "" %}
+{%                 do acl_options.append('hdr_reg(host) -i ' ~ acl_data.hdr_reg) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'host_contains' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('hdr_sub(host) -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'hdr_sub' %}
+{%               if acl_data.hdr_sub|default("") != "" %}
+{%                 do acl_options.append('hdr_sub(host) -i ' ~ acl_data.hdr_sub) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'path_starts_with' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('path_beg -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'path_beg' %}
+{%               if acl_data.path_beg|default("") != "" %}
+{%                 do acl_options.append('path_beg -i ' ~ acl_data.path_beg) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'path_ends_with' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('path_end -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'path_end' %}
+{%               if acl_data.path_end|default("") != "" %}
+{%                 do acl_options.append('path_end -i ' ~ acl_data.path_end) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'path_matches' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('path -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'path' %}
+{%               if acl_data.path|default("") != "" %}
+{%                 do acl_options.append('path -i ' ~ acl_data.path) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'path_regex' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('path_reg -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'path_reg' %}
+{%               if acl_data.path_reg|default("") != "" %}
+{%                 do acl_options.append('path_reg -i ' ~ acl_data.path_reg) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'path_contains' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('path_dir -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'path_dir' %}
+{%               if acl_data.path_dur|default("") != "" %}
+{%                 do acl_options.append('path_dir -i ' ~ acl_data.path_dir) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'url_parameter' %}
-{%               if acl_data.value|default("") != "" and acl_data.urlparam|default("") != "" %}
-{%                 do acl_options.append('url_param(' ~ acl_data.urlparam ~ ') -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'path_sub' %}
+{%               if acl_data.path_sub|default("") != "" %}
+{%                 do acl_options.append('path_sub -i ' ~ acl_data.path_sub) %}
+{%               else %}
+{%                 set acl_enabled = '0' %}
+    # ERROR: missing parameters
+{%               endif %}
+{%             elif acl_data.expression == 'url_param' %}
+{%               if acl_data.url_param_value|default("") != "" and acl_data.url_param|default("") != "" %}
+{%                 do acl_options.append('url_param(' ~ acl_data.url_param ~ ') -i ' ~ acl_data.url_param_value) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
 {%             elif acl_data.expression == 'ssl_c_verify_code' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('ssl_c_verify ' ~ acl_data.value) %}
+{%               if acl_data.ssl_c_verify_code|default("") != "" %}
+{%                 do acl_options.append('ssl_c_verify ' ~ acl_data.ssl_c_verify_code) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
@@ -150,25 +157,29 @@
 {%             elif acl_data.expression == 'ssl_c_verify' %}
 {%               do acl_options.append('ssl_c_verify 0') %}
 {%             elif acl_data.expression == 'ssl_c_ca_commonname' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('ssl_c_i_dn(CN) ' ~ acl_data.value) %}
+{%               if acl_data.ssl_c_ca_commonname|default("") != "" %}
+{%                 do acl_options.append('ssl_c_i_dn(CN) ' ~ acl_data.ssl_c_ca_commonname) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
 {%             elif acl_data.expression == 'ssl_fc' %}
 {%               do acl_options.append('ssl_fc') %}
-{%             elif acl_data.expression == 'source_ip' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('src ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'src' %}
+{%               if acl_data.src|default("") != "" %}
+{%                 do acl_options.append('src ' ~ acl_data.src) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'backendservercount' %}
+{%             elif acl_data.expression == 'nbsrv' %}
 {%               do acl_options.append('') %}
-{%               if acl_data.value|default("") != "" and acl_data.queryBackend|default("") != "" %}
-{%                 do acl_options.append('nbsrv(backend_' ~ acl_data.queryBackend ~ ') ge ' ~ acl_data.value) %}
+{%               if acl_data.nbsrv|default("") != "" %}
+{%                 if acl_data.nbsrv_backend|default("") != "" %}
+{%                   do acl_options.append('nbsrv(backend_' ~ acl_data.nbsrv_backend ~ ') ge ' ~ acl_data.nbsrv) %}
+{%                 else %}
+{%                   do acl_options.append('nbsrv ge ' ~ acl_data.nbsrv) %}
+{%                 endif %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
@@ -177,44 +188,44 @@
 {%               do acl_options.append('req.proto_http') %}
 {%             elif acl_data.expression == 'traffic_is_ssl' %}
 {%               do acl_options.append('req.ssl_ver gt 0') %}
-{%             elif acl_data.expression == 'ssl_sni_matches' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('req.ssl_sni -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'ssl_sni' %}
+{%               if acl_data.ssl_sni|default("") != "" %}
+{%                 do acl_options.append('req.ssl_sni -i ' ~ acl_data.ssl_sni) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'ssl_sni_contains' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('req.ssl_sni -m sub -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'ssl_sni_sub' %}
+{%               if acl_data.ssl_sni_sub|default("") != "" %}
+{%                 do acl_options.append('req.ssl_sni -m sub -i ' ~ acl_data.ssl_sni_sub) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'ssl_sni_starts_with' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('req.ssl_sni -m beg -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'ssl_sni_beg' %}
+{%               if acl_data.ssl_sni_beg|default("") != "" %}
+{%                 do acl_options.append('req.ssl_sni -m beg -i ' ~ acl_data.ssl_sni_beg) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'ssl_sni_ends_with' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('req.ssl_sni -m end -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'ssl_sni_end' %}
+{%               if acl_data.ssl_sni_end|default("") != "" %}
+{%                 do acl_options.append('req.ssl_sni -m end -i ' ~ acl_data.ssl_sni_end) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
-{%             elif acl_data.expression == 'ssl_sni_regex' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append('req.ssl_sni -m reg -i ' ~ acl_data.value) %}
+{%             elif acl_data.expression == 'ssl_sni_reg' %}
+{%               if acl_data.ssl_sni_reg|default("") != "" %}
+{%                 do acl_options.append('req.ssl_sni -m reg -i ' ~ acl_data.ssl_sni_reg) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
 {%             elif acl_data.expression == 'custom_acl' %}
-{%               if acl_data.value|default("") != "" %}
-{%                 do acl_options.append(acl_data.value) %}
+{%               if acl_data.custom_acl|default("") != "" %}
+{%                 do acl_options.append(acl_data.custom_acl) %}
 {%               else %}
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
@@ -240,16 +251,16 @@
 {%         set action_enabled = '1' %}
 {%         set action_options = [] %}
 {%         if action_data.type == 'use_backend' %}
-{%           if action_data.useBackend|default("") != "" %}
-{%             set acl_backend_data = helpers.getUUID(action_data.useBackend) %}
+{%           if action_data.use_backend|default("") != "" %}
+{%             set acl_backend_data = helpers.getUUID(action_data.use_backend) %}
 {%             do action_options.append('use_backend ' ~ acl_backend_data.name) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'use_server' %}
-{%           if action_data.useServer|default("") != "" %}
-{%             set server_data = helpers.getUUID(action_data.useServer) %}
+{%           if action_data.use_server|default("") != "" %}
+{%             set server_data = helpers.getUUID(action_data.use_server) %}
 {%             do action_options.append('use-server ' ~ server_data.name) %}
 {%           else %}
 {%             set action_enabled = '0' %}
@@ -262,64 +273,63 @@
 {%         elif action_data.type == 'http-request_tarpit' %}
 {%           do action_options.append('http-request tarpit') %}
 {%         elif action_data.type == 'http-request_auth' %}
-{%           if action_data.actionValue|default("") != "" %}
-{%             do action_options.append('http-request auth ' ~ action_data.actionValue) %}
+{%           if action_data.http_request_auth|default("") != "" %}
+{%             do action_options.append('http-request auth realm ' ~ action_data.http_request_auth) %}
 {%           else %}
-{%             set action_enabled = '0' %}
-    # ERROR: missing parameters
+{%             do action_options.append('http-request auth') %}
 {%           endif %}
 {%         elif action_data.type == 'http-request_redirect' %}
-{%           if action_data.actionValue|default("") != "" %}
-{%             do action_options.append('http-request redirect ' ~ action_data.actionValue) %}
+{%           if action_data.http_request_redirect|default("") != "" %}
+{%             do action_options.append('http-request redirect ' ~ action_data.http_request_redirect) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-request_lua' %}
-{%           if action_data.actionValue|default("") != "" %}
-{%             do action_options.append('http-request lua.' ~ action_data.actionValue) %}
+{%           if action_data.http_request_lua|default("") != "" %}
+{%             do action_options.append('http-request lua.' ~ action_data.http_request_lua) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-request_use-service' %}
-{%           if action_data.actionValue|default("") != "" %}
-{%             do action_options.append('http-request use-service lua.' ~ action_data.actionValue) %}
+{%           if action_data.http_request_use_service|default("") != "" %}
+{%             do action_options.append('http-request use-service lua.' ~ action_data.http_request_use_service) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-request_add-header' %}
-{%           if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
-{%             do action_options.append('http-request add-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
+{%           if action_data.http_request_add_header_name|default("") != "" and action_data.http_request_add_header_content|default("") != "" %}
+{%             do action_options.append('http-request add-header ' ~ action_data.http_request_add_header_name ~ ' ' ~ action_data.http_request_add_header_content) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-request_set-header' %}
-{%           if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
-{%             do action_options.append('http-request set-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
+{%           if action_data.http_request_set_header_name|default("") != "" and action_data.http_request_set_header_content|default("") != "" %}
+{%             do action_options.append('http-request set-header ' ~ action_data.http_request_set_header_name ~ ' ' ~ action_data.http_request_set_header_content) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-request_del-header' %}
-{%           if action_data.actionName|default("") != "" %}
-{%             do action_options.append('http-request del-header' ~ action_data.actionName) %}
+{%           if action_data.http_request_del_header_name|default("") != "" %}
+{%             do action_options.append('http-request del-header' ~ action_data.http_request_del_header_name) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-request_replace-header' %}
-{%           if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
-{%             do action_options.append('http-request replace-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
+{%           if action_data.http_request_replace_header_name|default("") != "" and action_data.http_request_replace_header_regex|default("") != "" %}
+{%             do action_options.append('http-request replace-header ' ~ action_data.http_request_replace_header_name ~ ' ' ~ action_data.http_request_replace_header_regex) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-request_replace-value' %}
-{%           if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
-{%             do action_options.append('http-request replace-value ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
+{%           if action_data.http_request_replace_value_name|default("") != "" and action_data.http_request_replace_value_regex|default("") != "" %}
+{%             do action_options.append('http-request replace-value ' ~ action_data.http_request_replace_value_name ~ ' ' ~ action_data.http_request_replace_value_regex) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
@@ -329,43 +339,43 @@
 {%         elif action_data.type == 'http-response_deny' %}
 {%           do action_options.append('http-response deny') %}
 {%         elif action_data.type == 'http-response_lua' %}
-{%           if action_data.actionValue|default("") != "" %}
-{%             do action_options.append('http-response lua.' ~ action_data.actionValue) %}
+{%           if action_data.http_response_lua|default("") != "" %}
+{%             do action_options.append('http-response lua.' ~ action_data.http_response_lua) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-response_add-header' %}
-{%           if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
-{%             do action_options.append('http-response add-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
+{%           if action_data.http_response_add_header_name|default("") != "" and action_data.http_response_add_header_content|default("") != "" %}
+{%             do action_options.append('http-response add-header ' ~ action_data.http_response_add_header_name ~ ' ' ~ action_data.http_response_add_header_content) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-response_set-header' %}
-{%           if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
-{%             do action_options.append('http-response set-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
+{%           if action_data.http_response_set_header_name|default("") != "" and action_data.http_response_set_header_content|default("") != "" %}
+{%             do action_options.append('http-response set-header ' ~ action_data.http_response_set_header_name ~ ' ' ~ action_data.http_response_set_header_content) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-response_del-header' %}
-{%           if action_data.actionName|default("") != "" %}
-{%             do action_options.append('http-response del-header' ~ action_data.actionName) %}
+{%           if action_data.http_response_del_header_name|default("") != "" %}
+{%             do action_options.append('http-response del-header' ~ action_data.http_response_del_header_name) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-response_replace-header' %}
-{%           if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
-{%             do action_options.append('http-response replace-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
+{%           if action_data.http_response_replace_header_name|default("") != "" and action_data.http_response_replace_header_regex|default("") != "" %}
+{%             do action_options.append('http-response replace-header ' ~ action_data.http_response_replace_header_name ~ ' ' ~ action_data.http_response_replace_header_regex) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'http-response_replace-value' %}
-{%           if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
-{%             do action_options.append('http-response replace-value ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
+{%           if action_data.http_response_replace_value_name|default("") != "" and action_data.http_response_replace_value_regex|default("") != "" %}
+{%             do action_options.append('http-response replace-value ' ~ action_data.http_response_replace_value_name ~ ' ' ~ action_data.http_response_replace_value_regex) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
@@ -379,15 +389,15 @@
 {%         elif action_data.type == 'tcp-request_content_reject' %}
 {%           do action_options.append('tcp-request content reject') %}
 {%         elif action_data.type == 'tcp-request_content_lua' %}
-{%           if action_data.actionValue|default("") != "" %}
-{%             do action_options.append('tcp-request content lua.' ~ action_data.actionValue) %}
+{%           if action_data.tcp-request_content_lua|default("") != "" %}
+{%             do action_options.append('tcp-request content lua.' ~ action_data.tcp_request_content_lua) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'tcp-request_content_use-service' %}
-{%           if action_data.actionValue|default("") != "" %}
-{%             do action_options.append('tcp-request content use-service lua.' ~ action_data.actionValue) %}
+{%           if action_data.tcp_request_content_use_service|default("") != "" %}
+{%             do action_options.append('tcp-request content use-service lua.' ~ action_data.tcp_request_content_use_service) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
@@ -399,15 +409,15 @@
 {%         elif action_data.type == 'tcp-response_content_reject' %}
 {%           do action_options.append('tcp-response content reject') %}
 {%         elif action_data.type == 'tcp-response_content_lua' %}
-{%           if action_data.actionValue|default("") != "" %}
-{%             do action_options.append('tcp-response content lua.' ~ action_data.actionValue) %}
+{%           if action_data.tcp_response_content_lua|default("") != "" %}
+{%             do action_options.append('tcp-response content lua.' ~ action_data.tcp_response_content_lua) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
 {%           endif %}
 {%         elif action_data.type == 'custom' %}
-{%           if action_data.actionValue|default("") != "" %}
-{%             do action_options.append(action_data.actionValue) %}
+{%           if action_data.custom|default("") != "" %}
+{%             do action_options.append(action_data.custom) %}
 {%           else %}
 {%             set action_enabled = '0' %}
     # ERROR: missing parameters
@@ -721,25 +731,35 @@ backend {{backend.name}}
 {%             endif %}
 {%           endif %}
 {%         elif healthcheck_data.type == 'agent' %}
-{%           if healthcheck_data.agentPort|default("") != "" %}
-{%             do healthcheck_additions.append('agent-check agent-port ' ~ healthcheck_data.agentPort) %}
+{%           if healthcheck_data.agent_port|default("") != "" %}
+{%             do healthcheck_additions.append('agent-check agent-port ' ~ healthcheck_data.agent_port) %}
 {%           else %}
     # ERROR: agent-check configured, but agent-port was not specified
 {%           endif %}
 {%         elif healthcheck_data.type == 'ldap' %}
     option ldap-check
-{%         elif healthcheck_data.type == 'mysql' or healthcheck_data.type == 'pgsql' %}
-{%           if healthcheck_data.dbUser|default("") != "" %}
-    option {{healthcheck_data.type}}-check user {{healthcheck_data.dbUser}}
+{%         elif healthcheck_data.type == 'mysql'  %}
+{%           if healthcheck_data.mysql_user|default("") != "" %}
+{%             if healthcheck_data.mysql_post41|default("") == '1' %}
+    option mysql-check user {{healthcheck_data.mysql_user}} post-41
+{%             else %}
+    option mysql-check user {{healthcheck_data.mysql_user}}
+{%             endif %}
+{%           else %}
+    # ERROR: {{healthcheck_data.type}} check configured, but db user was not specified
+{%           endif %}
+{%         elif healthcheck_data.type == 'pgsql' %}
+{%           if healthcheck_data.pgsql_user|default("") != "" %}
+    option pgsql-check user {{healthcheck_data.pgsql_user}}
 {%           else %}
     # ERROR: {{healthcheck_data.type}} check configured, but db user was not specified
 {%           endif %}
 {%         elif healthcheck_data.type == 'redis' %}
     option redis-check
 {%         elif healthcheck_data.type == 'smtp' %}
-    option smtpchk HELO {{healthcheck_data.smtpDomain}}
+    option smtpchk HELO {{healthcheck_data.smtp_domain}}
 {%         elif healthcheck_data.type == 'esmtp' %}
-    option smtpchk EHLO {{healthcheck_data.smtpDomain}}
+    option smtpchk EHLO {{healthcheck_data.esmtp_domain}}
 {%         elif healthcheck_data.type == 'ssl' %}
     option ssl-hello-chk
 {%         endif %}

From 40c13e8f6c5422915b68d312c297073345bdeae1 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 22 Oct 2017 22:35:59 +0200
Subject: [PATCH 02/10] net/haproxy: restructure/rephrase UI elements, refs
 #208

---
 .../OPNsense/HAProxy/forms/main.xml           |   6 -
 .../mvc/app/views/OPNsense/HAProxy/index.volt | 189 ++++++++++++++----
 2 files changed, 147 insertions(+), 48 deletions(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
index 171e5c507..1d1652a30 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
@@ -1,10 +1,6 @@
 <form>
     <tab id="haproxy-general" description="Settings">
         <subtab id="haproxy-general-settings" description="Service Settings">
-            <field>
-                <label>NOTE: You need to configure frontends, backends and servers before enabling HAProxy.</label>
-                <type>info</type>
-            </field>
             <field>
                 <id>haproxy.general.enabled</id>
                 <label>Enable HAProxy</label>
@@ -225,6 +221,4 @@
             </field>
         </subtab>
     </tab>
-
-    <activetab>haproxy-general-settings</activetab>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
index 701e4da85..097dce52b 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
@@ -1,6 +1,6 @@
 {#
 
-Copyright (C) 2016 Frank Wall
+Copyright (C) 2016-2017 Frank Wall
 OPNsense® is Copyright © 2014 – 2015 by Deciso B.V.
 All rights reserved.
 
@@ -344,50 +344,155 @@ POSSIBILITY OF SUCH DAMAGE.
 </script>
 
 <ul class="nav nav-tabs" role="tablist"  id="maintabs">
+    <li class="active"><a data-toggle="tab" href="#introduction"><b>{{ lang._('Introduction') }}</b></a></li>
+
+    {# add automatically generated tabs #}
 {% for tab in mainForm['tabs']|default([]) %}
     {% if tab['subtabs']|default(false) %}
         {# Tab with dropdown #}
-
-        {# Find active subtab #}
-            {% set active_subtab="" %}
-            {% for subtab in tab['subtabs']|default({}) %}
-                {% if subtab[0]==mainForm['activetab']|default("") %}
-                    {% set active_subtab=subtab[0] %}
-                {% endif %}
-            {% endfor %}
-
-        <li role="presentation" class="dropdown {% if mainForm['activetab']|default("") == active_subtab %}active{% endif %}">
+        <li role="presentation" class="dropdown">
             <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
                 <b><span class="caret"></span></b>
             </a>
             <a data-toggle="tab" href="#subtab_{{tab['subtabs'][0][0]}}" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{tab[1]}}</b></a>
             <ul class="dropdown-menu" role="menu">
                 {% for subtab in tab['subtabs']|default({})%}
-                <li class="{% if mainForm['activetab']|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
+                <li><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
                 {% endfor %}
             </ul>
         </li>
     {% else %}
         {# Standard Tab #}
-        <li {% if mainForm['activetab']|default("") == tab[0] %} class="active" {% endif %}>
+        <li>
                 <a data-toggle="tab" href="#tab_{{tab[0]}}">
                     <b>{{tab[1]}}</b>
                 </a>
         </li>
     {% endif %}
 {% endfor %}
-    {# add custom content #}
-    <li><a data-toggle="tab" href="#frontends"><b>{{ lang._('Frontends') }}</b></a></li>
-    <li><a data-toggle="tab" href="#backends"><b>{{ lang._('Backends') }}</b></a></li>
-    <li><a data-toggle="tab" href="#servers"><b>{{ lang._('Servers') }}</b></a></li>
-    <li><a data-toggle="tab" href="#healthchecks"><b>{{ lang._('Health Checks') }}</b></a></li>
-    <li><a data-toggle="tab" href="#actions"><b>{{ lang._('Actions') }}</b></a></li>
-    <li><a data-toggle="tab" href="#acls"><b>{{ lang._('ACLs') }}</b></a></li>
-    <li><a data-toggle="tab" href="#luas"><b>{{ lang._('Lua Scripts') }}</b></a></li>
-    <li><a data-toggle="tab" href="#errorfiles"><b>{{ lang._('Error Files') }}</b></a></li>
+
+    {# manually add more tabs #}
+    <li role="presentation" class="dropdown">
+        <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
+            <b><span class="caret"></span></b>
+        </a>
+        <a data-toggle="tab" href="#subtab_haproxy-real-servers-introduction" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{ lang._('Real Servers') }}</b></a>
+        <ul class="dropdown-menu" role="menu">
+            <li><a data-toggle="tab" href="#subtab_haproxy-real-servers-introduction"><i class="fa fa-check-square"></i> {{ lang._('Introduction') }}</a></li>
+            <li><a data-toggle="tab" href="#servers"><i class="fa fa-check-square"></i> {{ lang._('Servers') }}</a></li>
+        </ul>
+    </li>
+
+    <li role="presentation" class="dropdown">
+        <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
+            <b><span class="caret"></span></b>
+        </a>
+        <a data-toggle="tab" href="#subtab_haproxy-virtual-services-introduction" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{ lang._('Virtual Services') }}</b></a>
+        <ul class="dropdown-menu" role="menu">
+            <li><a data-toggle="tab" href="#subtab_haproxy-virtual-services-introduction"><i class="fa fa-check-square"></i> {{ lang._('Introduction') }}</a></li>
+            <li><a data-toggle="tab" href="#backends"><i class="fa fa-check-square"></i> {{ lang._('Backend Pools') }}</a></li>
+            <li><a data-toggle="tab" href="#frontends"><i class="fa fa-check-square"></i> {{ lang._('Public Services') }}</a></li>
+        </ul>
+    </li>
+
+    <li role="presentation" class="dropdown">
+        <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
+            <b><span class="caret"></span></b>
+        </a>
+        <a data-toggle="tab" href="#subtab_haproxy-rules-checks-introduction" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{ lang._('Rules & Checks') }}</b></a>
+        <ul class="dropdown-menu" role="menu">
+            <li><a data-toggle="tab" href="#subtab_haproxy-rules-checks-introduction"><i class="fa fa-check-square"></i> {{ lang._('Introduction') }}</a></li>
+            <li><a data-toggle="tab" href="#healthchecks"><i class="fa fa-check-square"></i> {{ lang._('Health Monitors') }}</a></li>
+            <li><a data-toggle="tab" href="#acls"><i class="fa fa-check-square"></i> {{ lang._('Conditions') }}</a></li>
+            <li><a data-toggle="tab" href="#actions"><i class="fa fa-check-square"></i> {{ lang._('Rules') }}</a></li>
+        </ul>
+    </li>
+
+    <li role="presentation" class="dropdown">
+        <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
+            <b><span class="caret"></span></b>
+        </a>
+        <a data-toggle="tab" href="#subtab_haproxy-advanced-introduction" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{ lang._('Advanced') }}</b></a>
+        <ul class="dropdown-menu" role="menu">
+            <li><a data-toggle="tab" href="#subtab_haproxy-advanced-introduction"><i class="fa fa-check-square"></i> {{ lang._('Introduction') }}</a></li>
+            <li><a data-toggle="tab" href="#errorfiles"><i class="fa fa-check-square"></i> {{ lang._('Error Messages') }}</a></li>
+            <li><a data-toggle="tab" href="#luas"><i class="fa fa-check-square"></i> {{ lang._('Lua Scripts') }}</a></li>
+        </ul>
+    </li>
 </ul>
 
 <div class="content-box tab-content">
+    <div id="introduction" class="tab-pane fade in active">
+        <div class="col-md-12">
+            <h1>Quick Start Guide</h1>
+            <p>{{ lang._('Welcome to the HAProxy plugin! This plugin is designed to offer all the features and flexibility HAProxy is famous for. If you are using HAProxy for the first time, please take some time to get familiar with it. The following information should help you to get started.')}}</p>
+            <p>{{ lang._('Note that you should configure everything in the following order:') }}</p>
+            <ul>
+              <li>{{ lang._('Add %sReal Servers:%s All physical or virtual servers that you want HAProxy to use should be added here.') | format('<b>', '</b>') }}</li>
+              <li>{{ lang._('Add %sBackend Pools:%s Group the previously added servers to build a server farm. All servers in a group usually deliver the same content. The Backend Pool cares for health monitoring and load distribution. A Backend Pool must also be configured if you only have a single server.') | format('<b>', '</b>')}}</li>
+              <li>{{ lang._('Add %sPublic Services:%s The Public Service listens for client connections, optionally applies rules and forwards client request data to the selected Backend Pool for load balancing (or proxying).') | format('<b>', '</b>') }}</li>
+              <li>{{ lang._('Finally enable HAProxy using the %sService Settings%s.') | format('<b>', '</b>') }}</li>
+            </ul>
+            <p>{{ lang._('Please be aware that you need to %smanually%s add the required firewall rules for all configured services.') | format('<b>', '</b>') }}</p>
+            <p>{{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('<a href="https://docs.opnsense.org/manual/how-tos/haproxy.html" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html" target="_blank">', '</a>', '<a href="https://github.com/opnsense/plugins/issues/" target="_blank">', '</a>') }}</p>
+            <br/>
+        </div>
+    </div>
+
+    <div id="subtab_haproxy-real-servers-introduction" class="tab-pane fade">
+        <div class="col-md-12">
+            <h1>Real Servers</h1>
+            <p>{{ lang._('HAProxy needs to know which servers should be used to serve content. The following minimum information must be provided for each server:') }}</p>
+            <ul>
+              <li>{{ lang._('%sFQDN or IP:%s The IP address or fully-qualified domain name that should be used when communicating with your server.') | format('<b>', '</b>') }}</li>
+              <li>{{ lang._('%sPort:%s The TCP or TCP port that should be used.') | format('<b>', '</b>') }}</li>
+            </ul>
+            <p>{{ lang._("Please note that advanced mode settings allow you to disable a certain server or to configure it as a backup server in a Backend Pool. Another neat option is the possibility to adjust a server's weight relative to other servers in the same Backend Pool.") }}</p>
+            <br/>
+        </div>
+    </div>
+
+    <div id="subtab_haproxy-virtual-services-introduction" class="tab-pane fade">
+        <div class="col-md-12">
+            <h1>Virtual Services</h1>
+            <p>{{ lang._("HAProxy requires two virtual services for it's loadbalancing and proxying features. The following virtual services must be configured for everything that should be served by HAProxy:") }}</p>
+            <ul>
+              <li>{{ lang._('%sBackend Pools:%s The HAProxy backend. Group the %spreviously added servers%s to build a server farm. All servers in a group usually deliver the same content. The Backend Pool cares for health monitoring and load distribution. A Backend Pool must also be configured if you only have a single server. The same Backend Pool may be used for multiple Public Services.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
+              <li>{{ lang._('%sPublic Services:%s The HAProxy frontend. The Public Service listens for client connections, optionally applies rules and forwards client request data to the selected Backend Pool for load balancing (or proxying). Every Public Service needs to be connected to a %spreviously created Backend Pool%s.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
+            </ul>
+            <p>{{ lang._('Remember to add firewall rules for all configured Public Services.') }}</p>
+            <br/>
+        </div>
+    </div>
+
+    <div id="subtab_haproxy-rules-checks-introduction" class="tab-pane fade">
+        <div class="col-md-12">
+            <h1>Rules &amp; Checks</h1>
+            <p>{{ lang._("These are all optional features, HAProxy can be used without them. After getting used to HAProxy you'll find these optional features pretty useful:") }}</p>
+            <ul>
+              <li>{{ lang._('%sHealth Monitors:%s The HAProxy "health checks". Health Monitors are used by %sBackend Pools%s to determine if a server is still able to respond to client requests. If a server fails a health check it will automatically be removed from a Backend Pool and healthy servers are automatically re-added.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
+              <li>{{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in (multiple) Rules.') | format('<b>', '</b>') }}</li>
+              <li>{{ lang._('%sRules:%s Perform a large set of actions if one or more %sConditions%s match. These Rules may be used in %sBackend Pools%s as well as %sPublic Services%s.') | format('<b>', '</b>', '<b>', '</b>', '<b>', '</b>', '<b>', '</b>') }}</li>
+            </ul>
+            <p>{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7" target="_blank">', '</a>') }}</p>
+            <br/>
+        </div>
+    </div>
+
+    <div id="subtab_haproxy-advanced-introduction" class="tab-pane fade">
+        <div class="col-md-12">
+            <h1>Advanced Features</h1>
+            <p>{{ lang._("Most of the time these features are not required, but in certain situations they will be handy:") }}</p>
+            <ul>
+              <li>{{ lang._("%sError Messages:%s Return a custom message instead of errors generated by HAProxy. Useful to overwrite HAProxy's internal error messages. The message must represent the full HTTP response and include required HTTP headers.") | format('<b>', '</b>') }}</li>
+              <li>{{ lang._("%sLua scripts:%s Include your own Lua code/scripts to extend HAProxy's functionality. The Lua code can be used in certain %sRules%s, for example.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
+            </ul>
+            <p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Files%s and the %sLua Script%s features.") | format('<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#lua-load" target="_blank">', '</a>') }}</p>
+            <br/>
+        </div>
+    </div>
+
+    {# add automatically generated tabs #}
     {% for tab in mainForm['tabs']|default([]) %}
         {% if tab['subtabs']|default(false) %}
             {# Tab with dropdown #}
@@ -410,8 +515,8 @@ POSSIBILITY OF SUCH DAMAGE.
             <thead>
             <tr>
                 <th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
-                <th data-column-id="frontendid" data-type="number"  data-visible="false">{{ lang._('Frontend ID') }}</th>
-                <th data-column-id="name" data-type="string">{{ lang._('Frontend Name') }}</th>
+                <th data-column-id="frontendid" data-type="number"  data-visible="false">{{ lang._('Public Service ID') }}</th>
+                <th data-column-id="name" data-type="string">{{ lang._('Public Service Name') }}</th>
                 <th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
                 <th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
                 <th data-column-id="uuid" data-type="string" data-identifier="true"  data-visible="false">{{ lang._('ID') }}</th>
@@ -445,8 +550,8 @@ POSSIBILITY OF SUCH DAMAGE.
             <thead>
             <tr>
                 <th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
-                <th data-column-id="backendid" data-type="number"  data-visible="false">{{ lang._('Backend ID') }}</th>
-                <th data-column-id="name" data-type="string">{{ lang._('Backend Name') }}</th>
+                <th data-column-id="backendid" data-type="number"  data-visible="false">{{ lang._('Backend Pool ID') }}</th>
+                <th data-column-id="name" data-type="string">{{ lang._('Backend Pool Name') }}</th>
                 <th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
                 <th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
                 <th data-column-id="uuid" data-type="string" data-identifier="true"  data-visible="false">{{ lang._('ID') }}</th>
@@ -479,7 +584,7 @@ POSSIBILITY OF SUCH DAMAGE.
         <table id="grid-servers" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogServer">
             <thead>
             <tr>
-                <th data-column-id="serverid" data-type="number"  data-visible="false">{{ lang._('Server id') }}</th>
+                <th data-column-id="serverid" data-type="number"  data-visible="false">{{ lang._('Server ID') }}</th>
                 <th data-column-id="name" data-type="string">{{ lang._('Server Name') }}</th>
                 <th data-column-id="address" data-type="string">{{ lang._('Server Address') }}</th>
                 <th data-column-id="port" data-type="string">{{ lang._('Server Port') }}</th>
@@ -515,8 +620,8 @@ POSSIBILITY OF SUCH DAMAGE.
         <table id="grid-healthchecks" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogHealthcheck">
             <thead>
             <tr>
-                <th data-column-id="healthcheckid" data-type="number"  data-visible="false">{{ lang._('Health Check ID') }}</th>
-                <th data-column-id="name" data-type="string">{{ lang._('Health Check Name') }}</th>
+                <th data-column-id="healthcheckid" data-type="number"  data-visible="false">{{ lang._('Health Monitor ID') }}</th>
+                <th data-column-id="name" data-type="string">{{ lang._('Health Monitor Name') }}</th>
                 <th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
                 <th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
                 <th data-column-id="uuid" data-type="string" data-identifier="true"  data-visible="false">{{ lang._('ID') }}</th>
@@ -549,8 +654,8 @@ POSSIBILITY OF SUCH DAMAGE.
         <table id="grid-actions" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogAction">
             <thead>
             <tr>
-                <th data-column-id="actionid" data-type="number"  data-visible="false">{{ lang._('Action ID') }}</th>
-                <th data-column-id="name" data-type="string">{{ lang._('Action Name') }}</th>
+                <th data-column-id="actionid" data-type="number"  data-visible="false">{{ lang._('Rule ID') }}</th>
+                <th data-column-id="name" data-type="string">{{ lang._('Rule Name') }}</th>
                 <th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
                 <th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
                 <th data-column-id="uuid" data-type="string" data-identifier="true"  data-visible="false">{{ lang._('ID') }}</th>
@@ -583,8 +688,8 @@ POSSIBILITY OF SUCH DAMAGE.
         <table id="grid-acls" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogAcl">
             <thead>
             <tr>
-                <th data-column-id="aclid" data-type="number"  data-visible="false">{{ lang._('ACL id') }}</th>
-                <th data-column-id="name" data-type="string">{{ lang._('ACL Name') }}</th>
+                <th data-column-id="aclid" data-type="number"  data-visible="false">{{ lang._('Condition ID') }}</th>
+                <th data-column-id="name" data-type="string">{{ lang._('Condition Name') }}</th>
                 <th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
                 <th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
                 <th data-column-id="uuid" data-type="string" data-identifier="true"  data-visible="false">{{ lang._('ID') }}</th>
@@ -618,7 +723,7 @@ POSSIBILITY OF SUCH DAMAGE.
             <thead>
             <tr>
                 <th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
-                <th data-column-id="luaid" data-type="number"  data-visible="false">{{ lang._('Lua ID') }}</th>
+                <th data-column-id="luaid" data-type="number"  data-visible="false">{{ lang._('Lua Script ID') }}</th>
                 <th data-column-id="name" data-type="string">{{ lang._('Lua Script Name') }}</th>
                 <th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
                 <th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
@@ -652,8 +757,8 @@ POSSIBILITY OF SUCH DAMAGE.
         <table id="grid-errorfiles" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogErrorfile">
             <thead>
             <tr>
-                <th data-column-id="errorfileid" data-type="number"  data-visible="false">{{ lang._('Error File ID') }}</th>
-                <th data-column-id="name" data-type="string">{{ lang._('Name') }}</th>
+                <th data-column-id="errorfileid" data-type="number"  data-visible="false">{{ lang._('Error Message ID') }}</th>
+                <th data-column-id="name" data-type="string">{{ lang._('Error Message Name') }}</th>
                 <th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
                 <th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
                 <th data-column-id="uuid" data-type="string" data-identifier="true"  data-visible="false">{{ lang._('ID') }}</th>
@@ -683,11 +788,11 @@ POSSIBILITY OF SUCH DAMAGE.
 </div>
 
 {# include dialogs #}
-{{ partial("layout_partials/base_dialog",['fields':formDialogFrontend,'id':'DialogFrontend','label':lang._('Edit Frontend')])}}
-{{ partial("layout_partials/base_dialog",['fields':formDialogBackend,'id':'DialogBackend','label':lang._('Edit Backend')])}}
+{{ partial("layout_partials/base_dialog",['fields':formDialogFrontend,'id':'DialogFrontend','label':lang._('Edit Public Service')])}}
+{{ partial("layout_partials/base_dialog",['fields':formDialogBackend,'id':'DialogBackend','label':lang._('Edit Backend Pool')])}}
 {{ partial("layout_partials/base_dialog",['fields':formDialogServer,'id':'DialogServer','label':lang._('Edit Server')])}}
-{{ partial("layout_partials/base_dialog",['fields':formDialogHealthcheck,'id':'DialogHealthcheck','label':lang._('Edit Health Check')])}}
-{{ partial("layout_partials/base_dialog",['fields':formDialogAction,'id':'DialogAction','label':lang._('Edit Action')])}}
-{{ partial("layout_partials/base_dialog",['fields':formDialogAcl,'id':'DialogAcl','label':lang._('Edit ACL')])}}
+{{ partial("layout_partials/base_dialog",['fields':formDialogHealthcheck,'id':'DialogHealthcheck','label':lang._('Edit Health Monitor')])}}
+{{ partial("layout_partials/base_dialog",['fields':formDialogAction,'id':'DialogAction','label':lang._('Edit Rule')])}}
+{{ partial("layout_partials/base_dialog",['fields':formDialogAcl,'id':'DialogAcl','label':lang._('Edit Condition')])}}
 {{ partial("layout_partials/base_dialog",['fields':formDialogLua,'id':'DialogLua','label':lang._('Edit Lua Script')])}}
-{{ partial("layout_partials/base_dialog",['fields':formDialogErrorfile,'id':'DialogErrorfile','label':lang._('Edit Error File')])}}
+{{ partial("layout_partials/base_dialog",['fields':formDialogErrorfile,'id':'DialogErrorfile','label':lang._('Edit Error Message')])}}

From 4fee23c3caa3e57985c5a00cfb3f99746fe43043 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 22 Oct 2017 22:49:00 +0200
Subject: [PATCH 03/10] net/haproxy: adjust public functions for model 2.0.0

---
 .../app/models/OPNsense/HAProxy/HAProxy.php   | 23 ++++++++-----------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.php b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.php
index ab3e2a460..c50c36086 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.php
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.php
@@ -139,12 +139,10 @@ class HAProxy extends BaseModel
      * @param string $description
      * @param string $expression
      * @param string $negate
-     * @param string $value
-     * @param string $urlparam
-     * @param string $querybackend
+     * @param hash $parameters
      * @return string
      */
-    public function newAcl($name, $description = "", $expression, $negate = "0", $value, $urlparam = "", $queryBackend = "")
+    public function newAcl($name, $description = "", $expression, $negate = "0", $parameters = array())
     {
         $acl = $this->acls->acl->Add();
         $uuid = $acl->getAttributes()['uuid'];
@@ -152,9 +150,9 @@ class HAProxy extends BaseModel
         $acl->description = $description;
         $acl->expression = $expression;
         $acl->negate = $negate;
-        $acl->value = $value;
-        $acl->urlparam = $urlparam;
-        $acl->queryBackend = $queryBackend;
+        foreach ($parameters as $key => $value) {
+            $acl->$key = $value;
+        }
         return $uuid;
     }
 
@@ -173,7 +171,7 @@ class HAProxy extends BaseModel
      * @param string $actionValue
      * @return string
      */
-    public function newAction($name, $description = "", $testType, $linkedAcls = "", $operator = "and", $type, $useBackend = "", $useServer = "", $actionName, $actionFind, $actionValue)
+    public function newAction($name, $description = "", $testType, $linkedAcls = "", $operator = "and", $type, $parameters = array())
     {
         $action = $this->actions->action->Add();
         $uuid = $action->getAttributes()['uuid'];
@@ -183,11 +181,9 @@ class HAProxy extends BaseModel
         $action->linkedAcls = $linkedAcls;
         $action->operator = $operator;
         $action->type = $type;
-        $action->useBackend = $useBackend;
-        $action->useServer = $useServer;
-        $action->actionName = $actionName;
-        $action->actionFind = $actionFind;
-        $action->actionValue = $actionValue;
+        foreach ($parameters as $key => $value) {
+            $action->$key = $value;
+        }
         return $uuid;
     }
 
@@ -251,7 +247,6 @@ class HAProxy extends BaseModel
      */
     public function linkAclToAction($acl_uuid, $action_uuid, $replace = false)
     {
-        //$mdl = new HAProxy();
         // ACL must exist
         $acl = $this->getByAclID($acl_uuid);
         if ((string)$acl === false) {

From 73a4d40eccf9aa27792582c5bde8638cedb18899 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 22 Oct 2017 23:23:04 +0200
Subject: [PATCH 04/10] net/haproxy: hide more options if unchecked, refs #208

---
 .../OPNsense/HAProxy/forms/dialogBackend.xml  | 11 +++++-----
 .../OPNsense/HAProxy/forms/dialogFrontend.xml |  8 ++++++-
 .../mvc/app/views/OPNsense/HAProxy/index.volt | 21 +++++++++++++++++++
 3 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
index 600c1cb13..2bad28b6d 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
@@ -47,16 +47,17 @@
         <help><![CDATA[Sets the source address which will be used when connecting to the server(s).]]></help>
         <advanced>true</advanced>
     </field>
-    <field>
-        <label>Health Checking</label>
-        <type>header</type>
-    </field>
     <field>
         <id>backend.healthCheckEnabled</id>
-        <label>Enabled</label>
+        <label>Enable Health Checking</label>
         <type>checkbox</type>
         <help><![CDATA[Enable or disable health checking.]]></help>
     </field>
+    <field>
+        <label>Health Checking</label>
+        <type>header</type>
+        <style>healthcheck_table table_healthcheck_true</style>
+    </field>
     <field>
         <id>backend.healthCheck</id>
         <label>Health check</label>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
index e6ed0b2c8..e1647255a 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
@@ -48,6 +48,7 @@
     <field>
         <label>SSL Offloading</label>
         <type>header</type>
+        <style>mode_table table_http table_ssl</style>
     </field>
     <field>
         <id>frontend.ssl_enabled</id>
@@ -134,8 +135,9 @@
         <advanced>true</advanced>
     </field>
     <field>
-        <label>Advanced settings</label>
+        <label>HTTP(S) settings</label>
         <type>header</type>
+        <style>mode_table table_http table_ssl</style>
     </field>
     <field>
         <id>frontend.forwardFor</id>
@@ -143,6 +145,10 @@
         <type>checkbox</type>
         <help><![CDATA[Enable insertion of the X-Forwarded-For header to requests sent to servers.]]></help>
     </field>
+    <field>
+        <label>Advanced settings</label>
+        <type>header</type>
+    </field>
     <field>
         <id>frontend.connectionBehaviour</id>
         <label>Type</label>
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
index 097dce52b..9bc0e11ea 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
@@ -170,6 +170,27 @@ POSSIBILITY OF SUCH DAMAGE.
             $("#action\\.type").change();
         })
 
+        // hook into on-show event for dialog to extend layout.
+        $('#DialogBackend').on('shown.bs.modal', function (e) {
+            $("#backend\\.healthCheckEnabled").change(function(){
+                var service_id = 'table_healthcheck_' + $(this).is(':checked');
+                console.log("[debug_B] " + service_id + " | " + "\n")
+                $(".healthcheck_table").hide();
+                $("."+service_id).show();
+            });
+            $("#backend\\.healthCheckEnabled").change();
+        })
+
+        // hook into on-show event for dialog to extend layout.
+        $('#DialogFrontend').on('shown.bs.modal', function (e) {
+            $("#frontend\\.mode").change(function(){
+                var service_id = 'table_' + $(this).val();
+                $(".mode_table").hide();
+                $("."+service_id).show();
+            });
+            $("#frontend\\.mode").change();
+        })
+
         // hook into on-show event for dialog to extend layout.
         $('#DialogHealthcheck').on('shown.bs.modal', function (e) {
             $("#healthcheck\\.type").change(function(){

From df3473b82aaab377247c17915c457b7a92995c86 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 22 Oct 2017 23:48:02 +0200
Subject: [PATCH 05/10] net/haproxy: s/old name/new name/ everyhwere

---
 .../OPNsense/HAProxy/forms/dialogAcl.xml      | 10 +++---
 .../OPNsense/HAProxy/forms/dialogAction.xml   | 24 ++++++-------
 .../OPNsense/HAProxy/forms/dialogBackend.xml  | 30 ++++++++--------
 .../HAProxy/forms/dialogErrorfile.xml         |  8 ++---
 .../OPNsense/HAProxy/forms/dialogFrontend.xml | 34 +++++++++----------
 .../HAProxy/forms/dialogHealthcheck.xml       |  4 +--
 .../mvc/app/views/OPNsense/HAProxy/index.volt |  2 +-
 7 files changed, 56 insertions(+), 56 deletions(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
index dc61d00ef..86b608296 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
@@ -3,13 +3,13 @@
         <id>acl.name</id>
         <label>Name</label>
         <type>text</type>
-        <help>Name to identify this ACL.</help>
+        <help>Name to identify this condition.</help>
     </field>
     <field>
         <id>acl.description</id>
         <label>Description</label>
         <type>text</type>
-        <help>Description for this ACL.</help>
+        <help>Description for this condition.</help>
     </field>
     <field>
         <label>Condition</label>
@@ -266,8 +266,8 @@
     </field>
     <field>
         <id>acl.custom_acl</id>
-        <label>Custom ACL</label>
-        <type>text</type>
-        <help><![CDATA[Specify a HAProxy ACL that is currently not supported by the GUI. Note that the syntax is not verified.]]></help>
+        <label>Option pass-through</label>
+        <type>textbox</type>
+        <help><![CDATA[Specify a HAProxy condition/ACL that is currently not supported by the GUI.<br/><div class="text-info"><b>NOTE:</b> This is strongly discouraged! The syntax will not be checked, use at your own risk!</div>]]></help>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
index ff3ef59dc..788660239 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
@@ -3,13 +3,13 @@
         <id>action.name</id>
         <label>Name</label>
         <type>text</type>
-        <help>Name to identify this action.</help>
+        <help>Name to identify this rule.</help>
     </field>
     <field>
         <id>action.description</id>
         <label>Description</label>
         <type>text</type>
-        <help>Description for this action.</help>
+        <help>Description for this rule.</help>
     </field>
     <field>
         <label>Optional condition</label>
@@ -23,16 +23,16 @@
     </field>
     <field>
         <id>action.linkedAcls</id>
-        <label>Select ACLs</label>
+        <label>Select conditions</label>
         <type>select_multiple</type>
         <style>tokenize</style>
-        <help><![CDATA[Select one ore more ACLs to be used as condition for this action.]]></help>
+        <help><![CDATA[Select one ore more conditions to be used for this action.]]></help>
     </field>
     <field>
         <id>action.operator</id>
-        <label>Logical operator (for ACLs)</label>
+        <label>Logical operator for conditions</label>
         <type>dropdown</type>
-        <help><![CDATA[Choose an logical operator to be used to form a condition.]]></help>
+        <help><![CDATA[Choose an logical operator.]]></help>
     </field>
     <field>
         <label>HAProxy function</label>
@@ -42,7 +42,7 @@
         <id>action.type</id>
         <label>Run function</label>
         <type>dropdown</type>
-        <help><![CDATA[Choose an action that should be executed if the condition evaluates to true.]]></help>
+        <help><![CDATA[Choose an HAProxy function that should be executed if the condition evaluates to true.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -51,9 +51,9 @@
     </field>
     <field>
         <id>action.use_backend</id>
-        <label>Use backend</label>
+        <label>Use backend pool</label>
         <type>dropdown</type>
-        <help><![CDATA[HAProxy will use this backend if the condition evaluates to true.]]></help>
+        <help><![CDATA[HAProxy will use this backend pool if the condition evaluates to true.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -319,8 +319,8 @@
     </field>
     <field>
         <id>action.custom</id>
-        <label>Custom Action</label>
-        <type>text</type>
-        <help><![CDATA[Specify a HAProxy Action that is currently not supported by the GUI. Note that the syntax is not verified.]]></help>
+        <label>Option pass-through</label>
+        <type>textbox</type>
+        <help><![CDATA[Specify a HAProxy rule/ACL that is currently not supported by the GUI.<br/><div class="text-info"><b>NOTE:</b> This is strongly discouraged! The syntax will not be checked, use at your own risk!</div>]]></help>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
index 2bad28b6d..57c8e5774 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
@@ -3,32 +3,32 @@
         <id>backend.enabled</id>
         <label>Enabled</label>
         <type>checkbox</type>
-        <help>Enable this backend</help>
+        <help>Enable this Backend Pool</help>
     </field>
     <field>
         <id>backend.name</id>
         <label>Name</label>
         <type>text</type>
-        <help>Name to identify this backend.</help>
+        <help>Name to identify this Backend Pool.</help>
     </field>
     <field>
         <id>backend.description</id>
         <label>Description</label>
         <type>text</type>
-        <help>Description for this backend.</help>
+        <help>Description for this Backend Pool.</help>
     </field>
     <field>
         <id>backend.mode</id>
         <label>Mode</label>
         <type>dropdown</type>
-        <help><![CDATA[Set the running mode or protocol of the backend. Usually the frontend and the backend are in the same mode.]]></help>
+        <help><![CDATA[Set the running mode or protocol of the Backend Pool. Usually the Public Service and the Backend Pool are in the same mode.]]></help>
         <hint>Set the same mode for backend and frontend.</hint>
     </field>
     <field>
         <id>backend.algorithm</id>
         <label>Balancing Algorithm</label>
         <type>dropdown</type>
-        <help><![CDATA[Define the load balancing algorithm to be used in a backend. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#balance">HAProxy documentation</a> for a full description.]]></help>
+        <help><![CDATA[Define the load balancing algorithm to be used in a Backend Pool. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#balance">HAProxy documentation</a> for a full description.]]></help>
         <hint>Choose a load balancing algorithm.</hint>
     </field>
     <field>
@@ -60,9 +60,9 @@
     </field>
     <field>
         <id>backend.healthCheck</id>
-        <label>Health check</label>
+        <label>Health Monitor</label>
         <type>dropdown</type>
-        <help><![CDATA[Select health check for servers in this backend.]]></help>
+        <help><![CDATA[Select Health Monitor for servers in this backend.]]></help>
     </field>
     <field>
         <id>backend.healthCheckLogStatus</id>
@@ -160,27 +160,27 @@
         <advanced>true</advanced>
     </field>
     <field>
-        <label>Actions (ACLs)</label>
+        <label>Rules</label>
         <type>header</type>
     </field>
     <field>
         <id>backend.linkedActions</id>
-        <label>Actions</label>
+        <label>Select Rules</label>
         <type>select_multiple</type>
         <style>tokenize</style>
-        <help><![CDATA[Choose actions to be included in this backend.]]></help>
-        <hint>Choose actions.</hint>
+        <help><![CDATA[Choose rules to be included in this Backend Pool.]]></help>
+        <hint>Choose rules.</hint>
     </field>
     <field>
-        <label>Error Files</label>
+        <label>Error Messages</label>
         <type>header</type>
     </field>
     <field>
         <id>backend.linkedErrorfiles</id>
-        <label>Error files</label>
+        <label>Select Error Messages</label>
         <type>select_multiple</type>
         <style>tokenize</style>
-        <help><![CDATA[Choose error files to be included in this backend.]]></help>
-        <hint>Choose error files.</hint>
+        <help><![CDATA[Choose error messages to be included in this Backend Pool.]]></help>
+        <hint>Choose error messages.</hint>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogErrorfile.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogErrorfile.xml
index b47402da1..818127c46 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogErrorfile.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogErrorfile.xml
@@ -3,24 +3,24 @@
         <id>errorfile.name</id>
         <label>Name</label>
         <type>text</type>
-        <help>Name to identify this error file.</help>
+        <help>Name to identify this error message.</help>
     </field>
     <field>
         <id>errorfile.description</id>
         <label>Description</label>
         <type>text</type>
-        <help>Description for this error file.</help>
+        <help>Description for this error message.</help>
     </field>
     <field>
         <id>errorfile.code</id>
         <label>Error code</label>
         <type>dropdown</type>
-        <help><![CDATA[The HTTP status code.<br/><div class="text-info"><b>NOTE:</b> It is important to understand that errorfiles are NOT meant to rewrite errors returned by the server, but errors detected and returned by HAProxy. This is why the list of supported errors is limited to a small set.</div>]]></help>
+        <help><![CDATA[The HTTP status code.<br/><div class="text-info"><b>NOTE:</b> It is important to understand that error messages are NOT meant to rewrite errors returned by the server, but errors detected and returned by HAProxy. This is why the list of supported errors is limited to a small set.</div>]]></help>
     </field>
     <field>
         <id>errorfile.content</id>
         <label>Content</label>
         <type>textbox</type>
-        <help>Paste the content of your errorfile here. The files should not exceed the configured buffer size, which generally is 8 or 16 kB.</help>
+        <help>Paste the content of your error messages here. The message must represent the full HTTP response and include required HTTP headers. It should not exceed the configured buffer size, which generally is 8 or 16 kB.</help>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
index e1647255a..3078d0fb3 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
@@ -3,19 +3,19 @@
         <id>frontend.enabled</id>
         <label>Enabled</label>
         <type>checkbox</type>
-        <help>Enable this frontend</help>
+        <help>Enable this Public Service.</help>
     </field>
     <field>
         <id>frontend.name</id>
         <label>Name</label>
         <type>text</type>
-        <help>Name to identify this frontend.</help>
+        <help>Name to identify this Public Service.</help>
     </field>
     <field>
         <id>frontend.description</id>
         <label>Description</label>
         <type>text</type>
-        <help>Description for this frontend.</help>
+        <help>Description for this Public Service.</help>
     </field>
     <field>
         <id>frontend.bind</id>
@@ -23,7 +23,7 @@
         <type>select_multiple</type>
         <style>tokenize</style>
         <allownew>true</allownew>
-        <help><![CDATA[Configure listen addresses for this frontend, i.e. 127.0.0.1:8080 or www.example.com:443. Use TAB key to complete typing a listen address.]]></help>
+        <help><![CDATA[Configure listen addresses for this Public Service, i.e. 127.0.0.1:8080 or www.example.com:443. Use TAB key to complete typing a listen address.]]></help>
         <hint>Enter address:port here. Finish with TAB.</hint>
     </field>
     <field>
@@ -37,13 +37,13 @@
         <id>frontend.mode</id>
         <label>Type</label>
         <type>dropdown</type>
-        <help><![CDATA[Set the running mode or protocol for this frontend.]]></help>
+        <help><![CDATA[Set the running mode or protocol for this Public Service.]]></help>
     </field>
     <field>
         <id>frontend.defaultBackend</id>
-        <label>Default Backend</label>
+        <label>Default Backend Pool</label>
         <type>dropdown</type>
-        <help><![CDATA[Set the default backend to use for this frontend.]]></help>
+        <help><![CDATA[Set the default Backend Pool to use for this Public Service.]]></help>
     </field>
     <field>
         <label>SSL Offloading</label>
@@ -87,7 +87,7 @@
         <id>frontend.tuning_maxConnections</id>
         <label>Max. Connections</label>
         <type>text</type>
-        <help><![CDATA[Set the maximum number of concurrent connections for this frontend.]]></help>
+        <help><![CDATA[Set the maximum number of concurrent connections for this Public Service.]]></help>
     </field>
     <field>
         <id>frontend.tuning_timeoutClient</id>
@@ -160,31 +160,31 @@
         <id>frontend.customOptions</id>
         <label>Option pass-through</label>
         <type>textbox</type>
-        <help><![CDATA[These lines will be added to the HAProxy frontend configuration.<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>]]></help>
+        <help><![CDATA[These lines will be added to the HAProxy frontend configuration.<br/><div class="text-info"><b>NOTE:</b> This is strongly discouraged! The syntax will not be checked, use at your own risk!</div>]]></help>
         <advanced>true</advanced>
     </field>
     <field>
-        <label>Actions (ACLs)</label>
+        <label>Rules</label>
         <type>header</type>
     </field>
     <field>
         <id>frontend.linkedActions</id>
-        <label>Actions</label>
+        <label>Select Rules</label>
         <type>select_multiple</type>
         <style>tokenize</style>
-        <help><![CDATA[Choose actions to be included in this frontend.]]></help>
-        <hint>Choose actions.</hint>
+        <help><![CDATA[Choose rules to be included in this Public Service.]]></help>
+        <hint>Choose rules.</hint>
     </field>
     <field>
-        <label>Error Files</label>
+        <label>Error Messages</label>
         <type>header</type>
     </field>
     <field>
         <id>frontend.linkedErrorfiles</id>
-        <label>Error files</label>
+        <label>Select Error Messages</label>
         <type>select_multiple</type>
         <style>tokenize</style>
-        <help><![CDATA[Choose error files to be included in this backend.]]></help>
-        <hint>Choose error files.</hint>
+        <help><![CDATA[Choose error messages to be included in this Public Service.]]></help>
+        <hint>Choose error messages.</hint>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml
index e93267ed5..1fb2beee5 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml
@@ -3,13 +3,13 @@
         <id>healthcheck.name</id>
         <label>Name</label>
         <type>text</type>
-        <help>Name to identify this ACL.</help>
+        <help>Name to identify this Health Monitor.</help>
     </field>
     <field>
         <id>healthcheck.description</id>
         <label>Description</label>
         <type>text</type>
-        <help>Description for this ACL.</help>
+        <help>Description for this Health Monitor.</help>
     </field>
     <field>
         <id>healthcheck.type</id>
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
index 9bc0e11ea..ed5f3b87c 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
@@ -508,7 +508,7 @@ POSSIBILITY OF SUCH DAMAGE.
               <li>{{ lang._("%sError Messages:%s Return a custom message instead of errors generated by HAProxy. Useful to overwrite HAProxy's internal error messages. The message must represent the full HTTP response and include required HTTP headers.") | format('<b>', '</b>') }}</li>
               <li>{{ lang._("%sLua scripts:%s Include your own Lua code/scripts to extend HAProxy's functionality. The Lua code can be used in certain %sRules%s, for example.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
             </ul>
-            <p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Files%s and the %sLua Script%s features.") | format('<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#lua-load" target="_blank">', '</a>') }}</p>
+            <p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s and the %sLua Script%s features.") | format('<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#lua-load" target="_blank">', '</a>') }}</p>
             <br/>
         </div>
     </div>

From 3f49804875a4fcee4ac7ae99273334d5cefa2288 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Mon, 23 Oct 2017 00:06:07 +0200
Subject: [PATCH 06/10] net/haproxy: move Settings tab, remove debug output

---
 .../OPNsense/HAProxy/forms/main.xml           |  2 +-
 .../OPNsense/HAProxy/Migrations/M2_0_0.php    |  8 +--
 .../mvc/app/views/OPNsense/HAProxy/index.volt | 56 +++++++++----------
 3 files changed, 30 insertions(+), 36 deletions(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
index 1d1652a30..bfe9c6e35 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
@@ -89,7 +89,7 @@
         </subtab>
         <subtab id="haproxy-general-defaults" description="Default Parameters">
             <field>
-                <label>NOTE: Define default parameters for ALL Frontends, Backends and Servers here. They may still be overriden elsewhere.</label>
+                <label>NOTE: Define default parameters for ALL Public Services, Backend Pools and Servers here. They may still be overriden elsewhere.</label>
                 <type>info</type>
             </field>
             <field>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php
index 30bd75213..7e1a72d93 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php
@@ -63,8 +63,6 @@ class M2_0_0 extends BaseModelMigration
                     $acl->value = NULL;
                     break;
                 case 'path_starts_with':
-                    echo "DEBUG: migrating : " . (string)$acl->name . "\n";
-                    echo "  DEBUG: value: " . (string)$acl->value . "\n";
                     $acl->expression = 'path_beg';
                     $acl->path_beg = (string)$acl->value;
                     $acl->value = NULL;
@@ -144,7 +142,7 @@ class M2_0_0 extends BaseModelMigration
                     $acl->value = NULL;
                     break;
                 default:
-                    echo "DEBUG: no ACL migration required: " . (string)$acl->name . "\n";
+                    // echo "DEBUG: no ACL migration required: " . (string)$acl->name . "\n";
             }
         }
 
@@ -256,7 +254,7 @@ class M2_0_0 extends BaseModelMigration
                     $action->actionValue = NULL;
                     break;
                 default:
-                    echo "DEBUG: no Action migration required: " . (string)$action->name . "\n";
+                    // echo "DEBUG: no Action migration required: " . (string)$action->name . "\n";
             }
         }
 
@@ -284,7 +282,7 @@ class M2_0_0 extends BaseModelMigration
                     $hc->smtpDomain = NULL;
                     break;
                 default:
-                    echo "DEBUG: no Healthcheck migration required: " . (string)$hc->name . "\n";
+                    // echo "DEBUG: no Healthcheck migration required: " . (string)$hc->name . "\n";
             }
         }
 
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
index ed5f3b87c..2415237d8 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
@@ -150,7 +150,6 @@ POSSIBILITY OF SUCH DAMAGE.
         $('#DialogAcl').on('shown.bs.modal', function (e) {
             $("#acl\\.expression").change(function(){
                 var service_id = 'table_' + $(this).val();
-                console.log("[debug_X] " + service_id + " | " + "\n")
                 $(".expression_table").hide();
                 // $(".table_"+$(this).val()).show();
                 $("."+service_id).show();
@@ -162,7 +161,6 @@ POSSIBILITY OF SUCH DAMAGE.
         $('#DialogAction').on('shown.bs.modal', function (e) {
             $("#action\\.type").change(function(){
                 var service_id = 'table_' + $(this).val();
-                console.log("[debug_Y] " + service_id + " | " + "\n")
                 $(".type_table").hide();
                 // $(".table_"+$(this).val()).show();
                 $("."+service_id).show();
@@ -174,7 +172,6 @@ POSSIBILITY OF SUCH DAMAGE.
         $('#DialogBackend').on('shown.bs.modal', function (e) {
             $("#backend\\.healthCheckEnabled").change(function(){
                 var service_id = 'table_healthcheck_' + $(this).is(':checked');
-                console.log("[debug_B] " + service_id + " | " + "\n")
                 $(".healthcheck_table").hide();
                 $("."+service_id).show();
             });
@@ -195,7 +192,6 @@ POSSIBILITY OF SUCH DAMAGE.
         $('#DialogHealthcheck').on('shown.bs.modal', function (e) {
             $("#healthcheck\\.type").change(function(){
                 var service_id = 'table_' + $(this).val();
-                console.log("[debug_Z] " + service_id + " | " + "\n")
                 $(".type_table").hide();
                 // $(".table_"+$(this).val()).show();
                 $("."+service_id).show();
@@ -365,34 +361,9 @@ POSSIBILITY OF SUCH DAMAGE.
 </script>
 
 <ul class="nav nav-tabs" role="tablist"  id="maintabs">
+    {# manually add tabs #}
     <li class="active"><a data-toggle="tab" href="#introduction"><b>{{ lang._('Introduction') }}</b></a></li>
 
-    {# add automatically generated tabs #}
-{% for tab in mainForm['tabs']|default([]) %}
-    {% if tab['subtabs']|default(false) %}
-        {# Tab with dropdown #}
-        <li role="presentation" class="dropdown">
-            <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
-                <b><span class="caret"></span></b>
-            </a>
-            <a data-toggle="tab" href="#subtab_{{tab['subtabs'][0][0]}}" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{tab[1]}}</b></a>
-            <ul class="dropdown-menu" role="menu">
-                {% for subtab in tab['subtabs']|default({})%}
-                <li><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
-                {% endfor %}
-            </ul>
-        </li>
-    {% else %}
-        {# Standard Tab #}
-        <li>
-                <a data-toggle="tab" href="#tab_{{tab[0]}}">
-                    <b>{{tab[1]}}</b>
-                </a>
-        </li>
-    {% endif %}
-{% endfor %}
-
-    {# manually add more tabs #}
     <li role="presentation" class="dropdown">
         <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
             <b><span class="caret"></span></b>
@@ -429,6 +400,31 @@ POSSIBILITY OF SUCH DAMAGE.
         </ul>
     </li>
 
+    {# add automatically generated tabs #}
+    {% for tab in mainForm['tabs']|default([]) %}
+        {% if tab['subtabs']|default(false) %}
+        {# Tab with dropdown #}
+        <li role="presentation" class="dropdown">
+            <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
+                <b><span class="caret"></span></b>
+            </a>
+            <a data-toggle="tab" href="#subtab_{{tab['subtabs'][0][0]}}" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{tab[1]}}</b></a>
+            <ul class="dropdown-menu" role="menu">
+                {% for subtab in tab['subtabs']|default({})%}
+                <li><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
+                {% endfor %}
+            </ul>
+        </li>
+        {% else %}
+        {# Standard Tab #}
+        <li>
+                <a data-toggle="tab" href="#tab_{{tab[0]}}">
+                    <b>{{tab[1]}}</b>
+                </a>
+        </li>
+        {% endif %}
+    {% endfor %}
+
     <li role="presentation" class="dropdown">
         <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
             <b><span class="caret"></span></b>

From 7b72d448fdecb748224e6b1655628f94e6d91a23 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Mon, 23 Oct 2017 00:36:44 +0200
Subject: [PATCH 07/10] net/haproxy: bump version

---
 net/haproxy/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
index 754cb2054..ca3a4105f 100644
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		haproxy
-PLUGIN_VERSION=		1.17
+PLUGIN_VERSION=		2.0
 PLUGIN_COMMENT=		Reliable, high performance TCP/HTTP load balancer
 PLUGIN_DEPENDS=		haproxy
 PLUGIN_MAINTAINER=	opnsense@moov.de

From 9329177fbb10a1148ac36082a35c093804d8e04a Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Tue, 24 Oct 2017 00:43:47 +0200
Subject: [PATCH 08/10] net/haproxy: improve wording & style, refs #330

---
 .../OPNsense/HAProxy/forms/dialogAcl.xml      |  2 +-
 .../OPNsense/HAProxy/forms/dialogAction.xml   | 24 +++++++++----------
 .../OPNsense/HAProxy/forms/dialogBackend.xml  |  4 ++--
 .../OPNsense/HAProxy/forms/dialogFrontend.xml |  8 +++----
 .../OPNsense/HAProxy/forms/dialogServer.xml   |  4 ++--
 .../app/models/OPNsense/HAProxy/HAProxy.xml   |  4 ++--
 .../OPNsense/HAProxy/Migrations/M2_0_0.php    |  6 -----
 .../mvc/app/views/OPNsense/HAProxy/index.volt | 23 ++++++++++--------
 8 files changed, 36 insertions(+), 39 deletions(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
index 86b608296..a86a6599e 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
@@ -268,6 +268,6 @@
         <id>acl.custom_acl</id>
         <label>Option pass-through</label>
         <type>textbox</type>
-        <help><![CDATA[Specify a HAProxy condition/ACL that is currently not supported by the GUI.<br/><div class="text-info"><b>NOTE:</b> This is strongly discouraged! The syntax will not be checked, use at your own risk!</div>]]></help>
+        <help><![CDATA[Specify a HAProxy condition/ACL that is currently not supported by the GUI.]]></help>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
index 788660239..5d7cda972 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
@@ -26,13 +26,13 @@
         <label>Select conditions</label>
         <type>select_multiple</type>
         <style>tokenize</style>
-        <help><![CDATA[Select one ore more conditions to be used for this action.]]></help>
+        <help><![CDATA[Select one or more conditions to be used for this rule.]]></help>
     </field>
     <field>
         <id>action.operator</id>
         <label>Logical operator for conditions</label>
         <type>dropdown</type>
-        <help><![CDATA[Choose an logical operator.]]></help>
+        <help><![CDATA[Choose a logical operator.]]></help>
     </field>
     <field>
         <label>HAProxy function</label>
@@ -40,9 +40,9 @@
     </field>
     <field>
         <id>action.type</id>
-        <label>Run function</label>
+        <label>Execute function</label>
         <type>dropdown</type>
-        <help><![CDATA[Choose an HAProxy function that should be executed if the condition evaluates to true.]]></help>
+        <help><![CDATA[Choose a HAProxy function that should be executed if the condition evaluates to true.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -86,7 +86,7 @@
         <id>action.http-request_redirect</id>
         <label>HTTP Redirect</label>
         <type>text</type>
-        <help><![CDATA[Use HAProxy's powerful redirect function to return a HTTP redirection. See <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
+        <help><![CDATA[Use HAProxy's redirect function to return a HTTP redirection. See <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -97,7 +97,7 @@
         <id>action.http-request_lua</id>
         <label>Lua function</label>
         <type>text</type>
-        <help><![CDATA[Run the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
+        <help><![CDATA[Execute the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -125,7 +125,7 @@
         <id>action.http-request_add-header_content</id>
         <label>Header Content</label>
         <type>text</type>
-        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
+        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it is possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -170,7 +170,7 @@
         <id>action.http-request_replace-header_regex</id>
         <label>Regular Expression</label>
         <type>text</type>
-        <help><![CDATA[Matches the specified regular expression in all occurrences of header field.]]></help>
+        <help><![CDATA[Matches the specified regular expression in all occurrences of the header field.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -198,7 +198,7 @@
         <id>action.http-response_lua</id>
         <label>Lua function</label>
         <type>text</type>
-        <help><![CDATA[Run the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
+        <help><![CDATA[Execute the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -288,7 +288,7 @@
         <id>action.tcp-request_content_lua</id>
         <label>Lua function</label>
         <type>text</type>
-        <help><![CDATA[Run the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
+        <help><![CDATA[Execute the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -310,7 +310,7 @@
         <id>action.tcp-response_content_lua</id>
         <label>Lua function</label>
         <type>text</type>
-        <help><![CDATA[Run the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
+        <help><![CDATA[Execute the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -321,6 +321,6 @@
         <id>action.custom</id>
         <label>Option pass-through</label>
         <type>textbox</type>
-        <help><![CDATA[Specify a HAProxy rule/ACL that is currently not supported by the GUI.<br/><div class="text-info"><b>NOTE:</b> This is strongly discouraged! The syntax will not be checked, use at your own risk!</div>]]></help>
+        <help><![CDATA[Specify a HAProxy rule/ACL that is currently not supported by the GUI.]]></help>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
index 57c8e5774..6c7d1fbe9 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
@@ -78,7 +78,7 @@
         <id>backend.stickiness_pattern</id>
         <label>Table type</label>
         <type>dropdown</type>
-        <help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
+        <help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
         <hint>Choose a persistence type.</hint>
     </field>
     <field>
@@ -142,7 +142,7 @@
         <id>backend.customOptions</id>
         <label>Option pass-through</label>
         <type>textbox</type>
-        <help><![CDATA[These lines will be added to the HAProxy backend configuration.<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>]]></help>
+        <help><![CDATA[These lines will be added to the HAProxy backend configuration.]]></help>
         <advanced>true</advanced>
     </field>
     <field>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
index 3078d0fb3..2ed5d20a4 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
@@ -28,9 +28,9 @@
     </field>
     <field>
         <id>frontend.bindOptions</id>
-        <label>Advanced Bind Options</label>
+        <label>Bind option pass-through</label>
         <type>text</type>
-        <help><![CDATA[A list of parameters that will be appended to every Listen Address line.<br/>Example: accept-proxy npn http/1.1<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>]]></help>
+        <help><![CDATA[A list of parameters that will be appended to every Listen Address line.<br/>Example: accept-proxy npn http/1.1<br/>]]></help>
         <advanced>true</advanced>
     </field>
     <field>
@@ -76,7 +76,7 @@
         <id>frontend.ssl_customOptions</id>
         <label>Advanced SSL options</label>
         <type>text</type>
-        <help><![CDATA[Specify additional SSL parameters such as force-sslv3, force-tlsv10, force-tlsv11, force-tlsv12, no-sslv3, no-tlsv10, no-tlsv11, no-tlsv12, no-tls-tickets or customize the list of SSL ciphers.<br/>Example: no-sslv3 ciphers HIGH:!DSS:!aNULL@STRENGTH<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>]]></help>
+        <help><![CDATA[Specify additional SSL parameters such as force-sslv3, force-tlsv10, force-tlsv11, force-tlsv12, no-sslv3, no-tlsv10, no-tlsv11, no-tlsv12, no-tls-tickets or customize the list of SSL ciphers.<br/>Example: no-sslv3 ciphers HIGH:!DSS:!aNULL@STRENGTH<br/>]]></help>
         <advanced>true</advanced>
     </field>
     <field>
@@ -160,7 +160,7 @@
         <id>frontend.customOptions</id>
         <label>Option pass-through</label>
         <type>textbox</type>
-        <help><![CDATA[These lines will be added to the HAProxy frontend configuration.<br/><div class="text-info"><b>NOTE:</b> This is strongly discouraged! The syntax will not be checked, use at your own risk!</div>]]></help>
+        <help><![CDATA[These lines will be added to the HAProxy frontend configuration.]]></help>
         <advanced>true</advanced>
     </field>
     <field>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
index 578ad7b61..59f84d496 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
@@ -103,9 +103,9 @@
     </field>
     <field>
         <id>server.advanced</id>
-        <label>Advanced options</label>
+        <label>Option pass-through</label>
         <type>text</type>
-        <help><![CDATA[A list of parameters that will be appended to the server line in every backend where this is will be used.<br/>Example: send-proxy<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>.]]></help>
+        <help><![CDATA[A list of parameters that will be appended to the server line in every backend where this server will be used.<br/>Example: send-proxy<br/>.]]></help>
         <advanced>true</advanced>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index cc61831f4..8587955a1 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -834,7 +834,7 @@
                         <ssl_sni_beg>SNI TLS extension starts with</ssl_sni_beg>
                         <ssl_sni_end>SNI TLS extension ends with</ssl_sni_end>
                         <ssl_sni_reg>SNI TLS extension regex</ssl_sni_reg>
-                        <custom_acl>Specify a custom ACL</custom_acl>
+                        <custom_acl>Custom condition (option pass-through)</custom_acl>
                     </OptionValues>
                 </expression>
                 <negate type="BooleanField">
@@ -1056,7 +1056,7 @@
                         <tcp-response_content_close>tcp-response content close</tcp-response_content_close>
                         <tcp-response_content_reject>tcp-response content reject</tcp-response_content_reject>
                         <tcp-response_content_lua>tcp-response content lua script</tcp-response_content_lua>
-                        <custom>Custom Action (HAProxy syntax)</custom>
+                        <custom>Custom rule (option pass-through)</custom>
                     </OptionValues>
                 </type>
                 <use_backend type="ModelRelationField">
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php
index 7e1a72d93..621882d94 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php
@@ -141,8 +141,6 @@ class M2_0_0 extends BaseModelMigration
                     $acl->custom_acl = (string)$acl->value;
                     $acl->value = NULL;
                     break;
-                default:
-                    // echo "DEBUG: no ACL migration required: " . (string)$acl->name . "\n";
             }
         }
 
@@ -253,8 +251,6 @@ class M2_0_0 extends BaseModelMigration
                     $action->custom = (string)$action->actionValue;
                     $action->actionValue = NULL;
                     break;
-                default:
-                    // echo "DEBUG: no Action migration required: " . (string)$action->name . "\n";
             }
         }
 
@@ -281,8 +277,6 @@ class M2_0_0 extends BaseModelMigration
                     $hc->esmtp_domain = (string)$hc->smtpDomain;
                     $hc->smtpDomain = NULL;
                     break;
-                default:
-                    // echo "DEBUG: no Healthcheck migration required: " . (string)$hc->name . "\n";
             }
         }
 
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
index 2415237d8..f6001eab1 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
@@ -371,7 +371,7 @@ POSSIBILITY OF SUCH DAMAGE.
         <a data-toggle="tab" href="#subtab_haproxy-real-servers-introduction" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{ lang._('Real Servers') }}</b></a>
         <ul class="dropdown-menu" role="menu">
             <li><a data-toggle="tab" href="#subtab_haproxy-real-servers-introduction"><i class="fa fa-check-square"></i> {{ lang._('Introduction') }}</a></li>
-            <li><a data-toggle="tab" href="#servers"><i class="fa fa-check-square"></i> {{ lang._('Servers') }}</a></li>
+            <li><a data-toggle="tab" href="#servers"><i class="fa fa-check-square"></i> {{ lang._('Real Servers') }}</a></li>
         </ul>
     </li>
 
@@ -443,12 +443,12 @@ POSSIBILITY OF SUCH DAMAGE.
         <div class="col-md-12">
             <h1>Quick Start Guide</h1>
             <p>{{ lang._('Welcome to the HAProxy plugin! This plugin is designed to offer all the features and flexibility HAProxy is famous for. If you are using HAProxy for the first time, please take some time to get familiar with it. The following information should help you to get started.')}}</p>
-            <p>{{ lang._('Note that you should configure everything in the following order:') }}</p>
+            <p>{{ lang._('Note that you should configure HAProxy in the following order:') }}</p>
             <ul>
-              <li>{{ lang._('Add %sReal Servers:%s All physical or virtual servers that you want HAProxy to use should be added here.') | format('<b>', '</b>') }}</li>
-              <li>{{ lang._('Add %sBackend Pools:%s Group the previously added servers to build a server farm. All servers in a group usually deliver the same content. The Backend Pool cares for health monitoring and load distribution. A Backend Pool must also be configured if you only have a single server.') | format('<b>', '</b>')}}</li>
-              <li>{{ lang._('Add %sPublic Services:%s The Public Service listens for client connections, optionally applies rules and forwards client request data to the selected Backend Pool for load balancing (or proxying).') | format('<b>', '</b>') }}</li>
-              <li>{{ lang._('Finally enable HAProxy using the %sService Settings%s.') | format('<b>', '</b>') }}</li>
+              <li>{{ lang._('Add %sReal Servers:%s All physical or virtual servers that HAProxy should use to load balance between or proxy to.') | format('<b>', '</b>') }}</li>
+              <li>{{ lang._('Add %sBackend Pools:%s Group the previously added servers to build a server farm. All servers in a group usually deliver the same content. The Backend Pool takes care of health monitoring and load distribution. A Backend Pool must be configured even if you only have a single server.') | format('<b>', '</b>')}}</li>
+              <li>{{ lang._('Add %sPublic Services:%s The Public Service listens for client connections, optionally applies rules and forwards client request data to the selected Backend Pool for load balancing or proxying.') | format('<b>', '</b>') }}</li>
+              <li>{{ lang._('Lastly, enable HAProxy using the %sService Settings%s.') | format('<b>', '</b>') }}</li>
             </ul>
             <p>{{ lang._('Please be aware that you need to %smanually%s add the required firewall rules for all configured services.') | format('<b>', '</b>') }}</p>
             <p>{{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('<a href="https://docs.opnsense.org/manual/how-tos/haproxy.html" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html" target="_blank">', '</a>', '<a href="https://github.com/opnsense/plugins/issues/" target="_blank">', '</a>') }}</p>
@@ -465,6 +465,7 @@ POSSIBILITY OF SUCH DAMAGE.
               <li>{{ lang._('%sPort:%s The TCP or TCP port that should be used.') | format('<b>', '</b>') }}</li>
             </ul>
             <p>{{ lang._("Please note that advanced mode settings allow you to disable a certain server or to configure it as a backup server in a Backend Pool. Another neat option is the possibility to adjust a server's weight relative to other servers in the same Backend Pool.") }}</p>
+            <p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>
             <br/>
         </div>
     </div>
@@ -472,12 +473,13 @@ POSSIBILITY OF SUCH DAMAGE.
     <div id="subtab_haproxy-virtual-services-introduction" class="tab-pane fade">
         <div class="col-md-12">
             <h1>Virtual Services</h1>
-            <p>{{ lang._("HAProxy requires two virtual services for it's loadbalancing and proxying features. The following virtual services must be configured for everything that should be served by HAProxy:") }}</p>
+            <p>{{ lang._("HAProxy requires two virtual services for its load balancing and proxying features. The following virtual services must be configured for everything that should be served by HAProxy:") }}</p>
             <ul>
               <li>{{ lang._('%sBackend Pools:%s The HAProxy backend. Group the %spreviously added servers%s to build a server farm. All servers in a group usually deliver the same content. The Backend Pool cares for health monitoring and load distribution. A Backend Pool must also be configured if you only have a single server. The same Backend Pool may be used for multiple Public Services.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
-              <li>{{ lang._('%sPublic Services:%s The HAProxy frontend. The Public Service listens for client connections, optionally applies rules and forwards client request data to the selected Backend Pool for load balancing (or proxying). Every Public Service needs to be connected to a %spreviously created Backend Pool%s.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
+              <li>{{ lang._('%sPublic Services:%s The HAProxy frontend. The Public Service listens for client connections, optionally applies rules and forwards client request data to the selected Backend Pool for load balancing or proxying. Every Public Service needs to be connected to a %spreviously created Backend Pool%s.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
             </ul>
             <p>{{ lang._('Remember to add firewall rules for all configured Public Services.') }}</p>
+            <p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>
             <br/>
         </div>
     </div>
@@ -485,13 +487,14 @@ POSSIBILITY OF SUCH DAMAGE.
     <div id="subtab_haproxy-rules-checks-introduction" class="tab-pane fade">
         <div class="col-md-12">
             <h1>Rules &amp; Checks</h1>
-            <p>{{ lang._("These are all optional features, HAProxy can be used without them. After getting used to HAProxy you'll find these optional features pretty useful:") }}</p>
+            <p>{{ lang._("After getting acquainted with HAProxy the following optional features may prove useful:") }}</p>
             <ul>
               <li>{{ lang._('%sHealth Monitors:%s The HAProxy "health checks". Health Monitors are used by %sBackend Pools%s to determine if a server is still able to respond to client requests. If a server fails a health check it will automatically be removed from a Backend Pool and healthy servers are automatically re-added.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
-              <li>{{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in (multiple) Rules.') | format('<b>', '</b>') }}</li>
+              <li>{{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in multiple Rules.') | format('<b>', '</b>') }}</li>
               <li>{{ lang._('%sRules:%s Perform a large set of actions if one or more %sConditions%s match. These Rules may be used in %sBackend Pools%s as well as %sPublic Services%s.') | format('<b>', '</b>', '<b>', '</b>', '<b>', '</b>', '<b>', '</b>') }}</li>
             </ul>
             <p>{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7" target="_blank">', '</a>') }}</p>
+            <p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>
             <br/>
         </div>
     </div>

From fc6a5675b7a037e84007b4071c23ef6447d1b2a8 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 29 Oct 2017 12:47:47 +0100
Subject: [PATCH 09/10] net/haproxy: make server port optional, closes #341

---
 .../app/controllers/OPNsense/HAProxy/forms/dialogServer.xml    | 2 +-
 .../src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml   | 3 +--
 .../opnsense/service/templates/OPNsense/HAProxy/haproxy.conf   | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
index 59f84d496..70e56075b 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
@@ -22,7 +22,7 @@
         <id>server.port</id>
         <label>Port</label>
         <type>text</type>
-        <help><![CDATA[Provide the TCP communication port for this server, i.e. 80 or 443.]]></help>
+        <help><![CDATA[Provide the TCP communication port for this server, i.e. 80 or 443. If set, all connections will be sent to this port. If unset, the same port the client connected to will be used.]]></help>
     </field>
     <field>
         <id>server.mode</id>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index 8587955a1..47d2e94a4 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -558,11 +558,10 @@
                     <Required>Y</Required>
                 </address>
                 <port type="IntegerField">
-                    <default>80</default>
                     <MinimumValue>1</MinimumValue>
                     <MaximumValue>65535</MaximumValue>
                     <ValidationMessage>Please specify a value between 1 and 65535.</ValidationMessage>
-                    <Required>Y</Required>
+                    <Required>N</Required>
                 </port>
                 <checkport type="IntegerField">
                     <default></default>
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index 5aa4e6b85..ad6ce9700 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -908,7 +908,7 @@ backend {{backend.name}}
 {%           if server_data.advanced|default("") != "" %}
 {%             do server_options.append(server_data.advanced) %}
 {%           endif %}
-    server {{server_data.name}} {{server_data.address}}:{% if backend.tuning_noport != '1' %}{{server_data.port}}{% endif %} {{server_options|join(' ')}}
+    server {{server_data.name}} {{server_data.address}}:{% if backend.tuning_noport != '1' %}{% if server_data.port|default("") != "" %}{{server_data.port}}{% endif %}{% endif %} {{server_options|join(' ')}}
 {%         endif %}
 {%       endfor %}
 

From 9d31848230e30b8203cc32e0597304ffda8dfa2e Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 29 Oct 2017 12:56:28 +0100
Subject: [PATCH 10/10] net/haproxy: fix introduction/help for servers

---
 .../mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml | 2 +-
 .../src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
index 70e56075b..a96adc5f2 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
@@ -22,7 +22,7 @@
         <id>server.port</id>
         <label>Port</label>
         <type>text</type>
-        <help><![CDATA[Provide the TCP communication port for this server, i.e. 80 or 443. If set, all connections will be sent to this port. If unset, the same port the client connected to will be used.]]></help>
+        <help><![CDATA[Provide the TCP or UDP communication port for this server, i.e. 80 or 443. If set, all connections will be sent to this port. If unset, the same port the client connected to will be used.]]></help>
     </field>
     <field>
         <id>server.mode</id>
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
index f6001eab1..031b8f8c5 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
@@ -462,7 +462,7 @@ POSSIBILITY OF SUCH DAMAGE.
             <p>{{ lang._('HAProxy needs to know which servers should be used to serve content. The following minimum information must be provided for each server:') }}</p>
             <ul>
               <li>{{ lang._('%sFQDN or IP:%s The IP address or fully-qualified domain name that should be used when communicating with your server.') | format('<b>', '</b>') }}</li>
-              <li>{{ lang._('%sPort:%s The TCP or TCP port that should be used.') | format('<b>', '</b>') }}</li>
+              <li>{{ lang._('%sPort:%s The TCP or UDP port that should be used. If unset, the same port the client connected to will be used.') | format('<b>', '</b>') }}</li>
             </ul>
             <p>{{ lang._("Please note that advanced mode settings allow you to disable a certain server or to configure it as a backup server in a Backend Pool. Another neat option is the possibility to adjust a server's weight relative to other servers in the same Backend Pool.") }}</p>
             <p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>