From 66d0b8682b7ddaa239a3e3d4519decb2efc7a328 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Wed, 19 Jan 2022 23:14:14 +0100
Subject: [PATCH] net/haproxy: disable strict-limits for safekeeping, refs
 #2644

---
 net/haproxy/pkg-descr                                          | 1 +
 .../app/controllers/OPNsense/HAProxy/forms/generalTuning.xml   | 2 +-
 .../opnsense/service/templates/OPNsense/HAProxy/haproxy.conf   | 3 +++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr
index cba85b6e4..eacea0b89 100644
--- a/net/haproxy/pkg-descr
+++ b/net/haproxy/pkg-descr
@@ -13,6 +13,7 @@ which may result in incompatible changes for some users.
 
 Changed:
 * upgrade to HAProxy 2.4 release series (#2644)
+* disable strict-limits for safekeeping (#2644)
 
 Removed:
 * remove deprecated option tune.chksize (#2644)
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalTuning.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalTuning.xml
index ff481bd13..8d93dc989 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalTuning.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalTuning.xml
@@ -27,7 +27,7 @@
         <id>haproxy.general.tuning.maxConnections</id>
         <label>Maximum connections</label>
         <type>text</type>
-        <help><![CDATA[Sets the maximum number of concurrent connections per HAProxy process.<br/><div class="text-info"><b>NOTE:</b> HAProxy will not be able to allocate enough memory if you set this value too high. Consider raising the settings for kern.maxfiles and kern.maxfilesperproc if you need to specify a non-default value.</div>]]></help>
+        <help><![CDATA[Sets the maximum number of concurrent connections per HAProxy process.<br/><div class="text-info"><b>NOTE:</b> Consider raising the settings for kern.maxfiles and kern.maxfilesperproc in <a target="_blank" href="/ui/haproxy#general-settings">System: Settings: Tunables</a>, otherwise HAProxy will fail to open the specified number of connections.</div>]]></help>
     </field>
     <field>
         <id>haproxy.general.tuning.sslServerVerify</id>
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index 94403c1ae..0c8c1ab2e 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -958,6 +958,9 @@ global
 {% if OPNsense.HAProxy.general.hardStopAfter|default('') != '' %}
     hard-stop-after             {{OPNsense.HAProxy.general.hardStopAfter}}
 {% endif %}
+{# # Disable strict-limits because a syntax check will not reveal #}
+{# # whether kern.maxfilesperproc or kern.maxfiles are too low. #}
+    no strict-limits
 {% if helpers.exists('OPNsense.HAProxy.general.tuning.maxConnections') %}
     maxconn                     {{OPNsense.HAProxy.general.tuning.maxConnections}}
 {% endif %}