+
+
+
+
+
+
+
{{ lang._('Download Config') }} {{ lang._('Download All') }}
+
+
+
+
+
+
',' ') }}",
buttons: [{
- label: '{{ lang._('Continue') }}',
- cssClass: 'btn-primary',
- action: function(dlg){
- ajaxCall(url="/api/haproxy/service/reconfigure", sendData={}, callback=function(data,status) {
- if (status != "success" || data['status'] != 'ok') {
- BootstrapDialog.show({
- type: BootstrapDialog.TYPE_WARNING,
- title: "{{ lang._('Error reconfiguring HAProxy') }}",
- message: data['status'],
- draggable: true
- });
- }
- });
- // when done, disable progress animation
- $('[id*="reconfigureAct_progress"]').each(function(){
- $(this).removeClass("fa fa-spinner fa-pulse");
- });
- dlg.close();
- }
- }, {
icon: 'fa fa-trash-o',
label: '{{ lang._('Abort') }}',
action: function(dlg){
@@ -385,21 +386,21 @@ POSSIBILITY OF SUCH DAMAGE.
if (data['result'].indexOf('ALERT') > -1) {
BootstrapDialog.show({
type: BootstrapDialog.TYPE_DANGER,
- title: "{{ lang._('HAProxy config contains critical errors') }}",
+ title: "{{ lang._('HAProxy configtest found critical errors') }}",
message: data['result'],
draggable: true
});
} else if (data['result'].indexOf('WARNING') > -1) {
BootstrapDialog.show({
type: BootstrapDialog.TYPE_WARNING,
- title: "{{ lang._('HAProxy config contains minor errors') }}",
+ title: "{{ lang._('HAProxy configtest found minor errors') }}",
message: data['result'],
draggable: true
});
} else {
BootstrapDialog.show({
type: BootstrapDialog.TYPE_WARNING,
- title: "{{ lang._('HAProxy config test result') }}",
+ title: "{{ lang._('HAProxy configtest result') }}",
message: "{{ lang._('Your HAProxy config contains no errors.') }}",
draggable: true
});
@@ -628,6 +629,7 @@ POSSIBILITY OF SUCH DAMAGE.
{{ lang._('Map Files') }} {{ lang._('CPU Affinity Rules') }} {{ lang._('Resolvers') }} {{ lang._('E-Mail Alerts') }} {{ lang._('Lastly, enable HAProxy using the %sService%s settings page.') | format('', ' ') }}
{{ lang._('Please be aware that you need to %smanually%s add the required firewall rules for all configured services.') | format('', ' ') }}
- {{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('', ' ', '', ' ', '', ' ') }}
+ {{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('', ' ', '', ' ', '', ' ') }}
{{ lang._('Real Servers') }}
-
{{ lang._('HAProxy needs to know which servers should be used to serve content. The following minimum information must be provided for each server:') }}
+
{{ lang._('HAProxy needs to know which servers should be used to serve content. Either add a static server configuration or use a template to initialize multiple servers at once. The latter one can also be used to discover the available services via DNS SRV records. The following minimum information must be provided for each server:') }}
- {{ lang._('%sFQDN or IP:%s The IP address or fully-qualified domain name that should be used when communicating with your server.') | format('', ' ') }}
- {{ lang._('%sPort:%s The TCP or UDP port that should be used. If unset, the same port the client connected to will be used.') | format('', ' ') }}
+ {{ lang._('%sStatic Servers:%s The IP address or fully-qualified domain name that should be used when communicating with your server. Additionally the TCP or UDP port that should be used. If unset, the same port the client connected to will be used.') | format('', ' ') }}
+ {{ lang._('%sServer Templates:%s A prefix is required to build the server names. Additionally a service name or FQDN is required to identify the servers this template initializes') | format('', ' ') }}
-
{{ lang._("Please note that advanced mode settings allow you to disable a certain server or to configure it as a backup server in a Backend Pool. Another neat option is the possibility to adjust a server's weight relative to other servers in the same Backend Pool.") }}
+
{{ lang._("Please note that advanced mode settings allow you to adjust a server's weight relative to other servers in the same Backend Pool, in addition to fine-grained health check options.") }}
{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('', ' ') }}
@@ -687,7 +689,7 @@ POSSIBILITY OF SUCH DAMAGE.
{{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in multiple Rules.') | format('', ' ') }}
{{ lang._('%sRules:%s Perform a large set of actions if one or more %sConditions%s match. These Rules may be used in %sBackend Pools%s as well as %sPublic Services%s.') | format('', ' ', '', ' ', '', ' ', '', ' ') }}
-
{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('', ' ', '', ' ') }}
+
{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('', ' ', '', ' ') }}
{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('', ' ') }}
@@ -702,7 +704,7 @@ POSSIBILITY OF SUCH DAMAGE.
{{ lang._('%sGroup:%s A optional list containing one or more users. Groups usually make it easier to manage permissions for a large number of users') | format('', ' ') }}
{{ lang._('Note that users and groups must be selected from the Backend Pool or Public Service configuration in order to be used for authentication. In addition to this users and groups may also be used in Rules/Conditions.') }}
- {{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('', ' ', '', ' ') }}
+ {{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('', ' ', '', ' ') }}
{{ lang._("%sCache:%s HAProxy's cache which was designed to perform cache on small objects (favicon, css, etc.). This is a minimalist low-maintenance cache which runs in RAM.") | format('', ' ', '', ' ') }}
{{ lang._("%sPeers:%s Configure a communication channel between two HAProxy instances. This will propagate entries of any data-types in stick-tables between these HAProxy instances over TCP connections in a multi-master fashion. Useful when aiming for a seamless failover in a HA setup.") | format('', ' ', '', ' ') }}
- {{ lang._("For more details visit HAProxy's official documentation regarding the %sStatistics%s, %sCache%s and %sPeers%s features.") | format('', ' ', '', ' ', '', ' ') }}
+ {{ lang._("For more details visit HAProxy's official documentation regarding the %sStatistics%s, %sCache%s and %sPeers%s features.") | format('', ' ', '', ' ', '', ' ') }}
{{ lang._("%sMap Files:%s A map allows to map a data in input to an other one on output. For example, this makes it possible to map a large number of domains to backend pools without using the GUI. Map files need to be used in %sRules%s, otherwise they are ignored.") | format('', ' ', '', ' ') }}
{{ lang._("%sCPU Affinity Rules:%s This feature makes it possible to bind HAProxy's processes/threads to a specific CPU (or a CPU set). Furthermore it is possible to select CPU Affinity Rules in %sPublic Services%s to restrict them to a certain set of processes/threads/CPUs.") | format('', ' ', '', ' ') }}
{{ lang._("%sResolvers:%s This feature allows in-depth configuration of how HAProxy handles name resolution and interacts with name resolvers (DNS). Each resolver configuration can be used in %sBackend Pools%s to apply individual name resolution configurations.") | format('', ' ', '', ' ') }}
+ {{ lang._("%sE-Mail Alerts:%s It is possible to send email alerts when the state of servers changes. Each configuration can be used in %sBackend Pools%s to send e-mail alerts to the configured recipient.") | format('', ' ', '', ' ') }}
- {{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s. A detailed explanation of the resolvers feature can be found %shere%s.") | format('', ' ', '', ' ', '', ' ' ,'', ' ' ,'', ' ' ,'', ' ','', ' ') }}
+ {{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s. A detailed explanation of the resolvers feature can be found %shere%s.") | format('', ' ', '', ' ', '', ' ' ,'', ' ' ,'', ' ' ,'', ' ','', ' ') }}
{{ lang._('Enabled') }}
{{ lang._('Server ID') }}
{{ lang._('Server Name') }}
+ {{ lang._('Type') }}
{{ lang._('Server Address') }}
{{ lang._('Server Port') }}
{{ lang._('Description') }}
@@ -1169,6 +1173,40 @@ POSSIBILITY OF SUCH DAMAGE.
+
+
+
+
+ {{ lang._('Mailer ID') }}
+ {{ lang._('Enabled') }}
+ {{ lang._('Name') }}
+ {{ lang._('Sender') }}
+ {{ lang._('Recipient') }}
+ {{ lang._('Commands') }}
+ {{ lang._('ID') }}
+
+
+
+
+
+
+
+
+
+
+
+
+
{{ lang._('Apply') }} {{ lang._('Test syntax') }}
+
@@ -1262,3 +1300,4 @@ POSSIBILITY OF SUCH DAMAGE.
{{ partial("layout_partials/base_dialog",['fields':formDialogMapfile,'id':'DialogMapfile','label':lang._('Edit Map File')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogCpu,'id':'DialogCpu','label':lang._('Edit CPU Affinity Rule')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogResolver,'id':'DialogResolver','label':lang._('Edit Resolver')])}}
+{{ partial("layout_partials/base_dialog",['fields':formDialogMailer,'id':'DialogMailer','label':lang._('Edit E-Mail Alert')])}}
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/maintenance.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/maintenance.volt
index 33332c27b..63c870e6d 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/maintenance.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/maintenance.volt
@@ -45,10 +45,10 @@ POSSIBILITY OF SUCH DAMAGE.
formatters: {
"commands": function (column, row) {
buttons = ""
- buttons += "
-
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/statistics.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/statistics.volt
index 52be520da..1f2c4085d 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/statistics.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/statistics.volt
@@ -157,6 +157,17 @@ POSSIBILITY OF SUCH DAMAGE.
$("#update-status").click();
$("#update-counters").click();
$("#update-tables").click();
+
+ // update history on tab state and implement navigation
+ if(window.location.hash != "") {
+ $('a[href="' + window.location.hash + '"]').click()
+ }
+ $('.nav-tabs a').on('shown.bs.tab', function (e) {
+ history.pushState(null, null, e.target.hash);
+ });
+ $(window).on('hashchange', function(e) {
+ $('a[href="' + window.location.hash + '"]').click()
+ });
});
diff --git a/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/exportCerts.php b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/exportCerts.php
index ea4c086f5..7bfa26819 100755
--- a/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/exportCerts.php
+++ b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/exportCerts.php
@@ -80,7 +80,13 @@ foreach ($configNodes as $key => $value) {
if (!empty((string)$cert->caref)) {
$cert = (array)$cert;
$ca = ca_chain($cert);
+ // append the CA to the certificate data
$pem_content .= "\n" . $ca;
+ // additionally export CA to it's own file,
+ // not required for HAProxy, but makes OCSP handling easier
+ $output_ca_filename = $export_path . $cert_refid . ".issuer";
+ file_put_contents($output_ca_filename, $ca);
+ chmod($output_ca_filename, 0600);
}
}
// generate pem file for individual certs
diff --git a/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/setup.sh b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/setup.sh
index cb88ee64d..8dc393461 100755
--- a/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/setup.sh
+++ b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/setup.sh
@@ -1,5 +1,9 @@
#!/bin/sh
+if [ -f /etc/rc.conf.d/haproxy ]; then
+. /etc/rc.conf.d/haproxy
+fi
+
# NOTE: Keep /var/haproxy on this list, see GH issue opnsense/plugins #39.
HAPROXY_DIRS="/var/haproxy /var/haproxy/var/run /tmp/haproxy /tmp/haproxy/ssl /tmp/haproxy/lua /tmp/haproxy/errorfiles /tmp/haproxy/mapfiles"
@@ -18,4 +22,19 @@ find /var/haproxy -type d -exec chmod 550 {} \;
/usr/local/opnsense/scripts/OPNsense/HAProxy/exportErrorFiles.php > /dev/null 2>&1
/usr/local/opnsense/scripts/OPNsense/HAProxy/exportMapFiles.php > /dev/null 2>&1
+# update OCSP data
+if [ "${haproxy_ocsp}" == "YES" ]; then
+ /usr/local/opnsense/scripts/OPNsense/HAProxy/updateOcsp.sh > /dev/null 2>&1
+fi
+
+# deploy new config
+case "$1" in
+deploy)
+ # run syntax check against newly generated config
+ if /usr/local/sbin/haproxy -c -f /usr/local/etc/haproxy.conf.staging > /dev/null 2>&1; then
+ cp /usr/local/etc/haproxy.conf.staging /usr/local/etc/haproxy.conf
+ fi
+ ;;
+esac
+
exit 0
diff --git a/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/socketCommand.py b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/socketCommand.py
index fd9b438c0..554db684a 100755
--- a/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/socketCommand.py
+++ b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/socketCommand.py
@@ -148,7 +148,7 @@ try:
if con:
result = con.sendCmd(command_class(**command_args), objectify=False)
if result:
- print(result.strip())
+ print(result)
else:
print(f"Could not open socket {SOCKET}")
diff --git a/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/updateOcsp.sh b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/updateOcsp.sh
new file mode 100755
index 000000000..12c4c8724
--- /dev/null
+++ b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/updateOcsp.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+# This file is based on:
+# https://github.com/acmesh-official/acme.sh/blob/master/deploy/haproxy.sh
+#
+# Copyright (C) 2021 Neil Pang
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see