mirror of
https://github.com/opnsense/plugins.git
synced 2026-05-28 04:34:15 -04:00
net/haproxy: merge version 1.17 from master
This commit is contained in:
Franco Fichtner
parent
eab1b4254f
commit
d22badec85
3 changed files with 27 additions and 14 deletions
|
|
@ -1,5 +1,5 @@
|
|||
PLUGIN_NAME= haproxy
|
||||
PLUGIN_VERSION= 1.16
|
||||
PLUGIN_VERSION= 1.17
|
||||
PLUGIN_COMMENT= Reliable, high performance TCP/HTTP load balancer
|
||||
PLUGIN_DEPENDS= haproxy
|
||||
PLUGIN_MAINTAINER= opnsense@moov.de
|
||||
|
|
|
|||
|
|
@ -51,6 +51,9 @@ foreach ($configNodes as $key => $value) {
|
|||
// lookup all config nodes
|
||||
if (isset($configObj->OPNsense->HAProxy->$key)) {
|
||||
foreach ($configObj->OPNsense->HAProxy->$key->children() as $child) {
|
||||
// generate a crt-list for every child node
|
||||
$crtlist = array();
|
||||
$crtlist_filename = "/var/etc/haproxy/ssl/" . (string)$child->id . ".crtlist";
|
||||
// search in all matching child elements for ssl data
|
||||
foreach ($configNodes[$key] as $sslchild) {
|
||||
if (isset($child->$sslchild)) {
|
||||
|
|
@ -85,11 +88,31 @@ foreach ($configNodes as $key => $value) {
|
|||
file_put_contents($output_pem_filename, $pem_content);
|
||||
chmod($output_pem_filename, 0600);
|
||||
echo "exported $type to " . $output_pem_filename . "\n";
|
||||
// add pem file to crt-list
|
||||
$crtlist[] = $output_pem_filename;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// generate crt-list file
|
||||
// (this makes only sense for frontends)
|
||||
if ( $key == 'frontends' ) {
|
||||
// ignore if crt-list is empty
|
||||
if (empty($crtlist)) { continue; }
|
||||
// check if a default certificate is configured
|
||||
if (isset($child->ssl_default_certificate) and (string)$child->ssl_default_certificate != "") {
|
||||
$default_cert = (string)$child->ssl_default_certificate;
|
||||
$default_cert_filename = "/var/etc/haproxy/ssl/" . $default_cert . ".pem";
|
||||
// ensure default certificate is the first entry on the list
|
||||
unset($crtlist[$default_cert]);
|
||||
array_unshift($crtlist, $default_cert_filename);
|
||||
}
|
||||
$crtlist_content = implode("\n", $crtlist) . "\n";
|
||||
file_put_contents($crtlist_filename, $crtlist_content);
|
||||
chmod($crtlist_filename, 0600);
|
||||
echo "exported crt-list to " . $crtlist_filename . "\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -562,20 +562,10 @@ defaults
|
|||
frontend {{frontend.name}}
|
||||
{% set ssl_certs = [] %}
|
||||
{% if frontend.ssl_enabled == '1' %}
|
||||
{# # collect ssl certs (if configured) #}
|
||||
{# # check if ssl certs are configured #}
|
||||
{% if frontend.ssl_certificates|default("") != "" %}
|
||||
{# # check if a default certificate is configured #}
|
||||
{% if frontend.ssl_default_certificate|default("") != "" %}
|
||||
{% do ssl_certs.append('crt /var/etc/haproxy/ssl/' ~ frontend.ssl_default_certificate ~ '.pem') %}
|
||||
{% endif %}
|
||||
{% for cert in frontend.ssl_certificates.split(",") %}
|
||||
{# # skip default certificate, it was already added to the list #}
|
||||
{% if frontend.ssl_default_certificate|default("") != "" and cert == frontend.ssl_default_certificate %}
|
||||
{# # do nothing #}
|
||||
{% else %}
|
||||
{% do ssl_certs.append('crt /var/etc/haproxy/ssl/' ~ cert ~ '.pem') %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{# # NOTE: Cert lists are generated by exportCerts.php #}
|
||||
{% do ssl_certs.append('crt-list /var/etc/haproxy/ssl/' ~ frontend.id ~ '.crtlist') %}
|
||||
{% endif %}
|
||||
{# # advanced ssl options #}
|
||||
{% if frontend.ssl_customOptions|default("") != "" %}
|
||||
|
|
|
|||
Loading…
Reference in a new issue