upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

net/haproxy: merge version 2.0 from master

Browse source 
"DO IT :D" @fraenki
This commit is contained in:
Franco Fichtner 2017-11-22 14:02:48 +01:00
parent abb793605b
commit d970addb77
14 changed files with 1754 additions and 338 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/haproxy/Makefile
View file

@ -1,5 +1,5 @@
PLUGIN_NAME= haproxy
PLUGIN_VERSION= 1.17
PLUGIN_VERSION= 2.0
PLUGIN_COMMENT= Reliable, high performance TCP/HTTP load balancer
PLUGIN_DEPENDS= haproxy
PLUGIN_MAINTAINER= opnsense@moov.de

257
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
View file

@ -3,23 +3,23 @@
<id>acl.name</id>
<label>Name</label>
<type>text</type>
<help>Name to identify this ACL.</help>
<help>Name to identify this condition.</help>
</field>
<field>
<id>acl.description</id>
<label>Description</label>
<type>text</type>
<help>Description for this ACL.</help>
<help>Description for this condition.</help>
</field>
<field>
<label>Compose expression</label>
<label>Condition</label>
<type>header</type>
</field>
<field>
<id>acl.expression</id>
<label>Expression</label>
<label>Condition type</label>
<type>dropdown</type>
<hint>Select ACL expression.</hint>
<hint>Select condition type.</hint>
</field>
<field>
<id>acl.negate</id>
@ -28,25 +28,246 @@
<help><![CDATA[Use this to invert the meaning of the expression.]]></help>
</field>
<field>
<id>acl.value</id>
<label>Value</label>
<type>text</type>
<help><![CDATA[Specify a value to match with the expression.]]></help>
</field>
<field>
<label>Optional parameters</label>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_hdr_beg</style>
</field>
<field>
<id>acl.urlparam</id>
<label>URL parameter</label>
<id>acl.hdr_beg</id>
<label>Host Prefix</label>
<type>text</type>
<help><![CDATA[Specify the URL parameter to be checked for the value specified below.<br/><b>Not used for any other expression.</b>]]></help>
<help><![CDATA[HTTP host header starts with string (prefix match)]]></help>
</field>
<field>
<id>acl.queryBackend</id>
<label>Query Backend</label>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_hdr_end</style>
</field>
<field>
<id>acl.hdr_end</id>
<label>Host Suffix</label>
<type>text</type>
<help><![CDATA[HTTP host header ends with string (suffix match)]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_hdr</style>
</field>
<field>
<id>acl.hdr</id>
<label>Host String</label>
<type>text</type>
<help><![CDATA[HTTP host header matches exact string]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_hdr_reg</style>
</field>
<field>
<id>acl.hdr_reg</id>
<label>Host Regex</label>
<type>text</type>
<help><![CDATA[HTTP host header matches regular expression]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_hdr_sub</style>
</field>
<field>
<id>acl.hdr_sub</id>
<label>Host Contains</label>
<type>text</type>
<help><![CDATA[HTTP host header contains string (substring match)]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_path_beg</style>
</field>
<field>
<id>acl.path_beg</id>
<label>Path Prefix</label>
<type>text</type>
<help><![CDATA[HTTP request URL path starts with string (prefix match)]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_path_end</style>
</field>
<field>
<id>acl.path_end</id>
<label>Path Suffix</label>
<type>text</type>
<help><![CDATA[HTTP request URL path ends with string (suffix match)]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_path</style>
</field>
<field>
<id>acl.path</id>
<label>Path Matches</label>
<type>text</type>
<help><![CDATA[HTTP request URL path matches exact string]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_path_reg</style>
</field>
<field>
<id>acl.path_reg</id>
<label>Path Regex</label>
<type>text</type>
<help><![CDATA[HTTP request URL path matches regular expression]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_path_dir</style>
</field>
<field>
<id>acl.path_dir</id>
<label>Subdir matches</label>
<type>text</type>
<help><![CDATA[HTTP request URL path contains directory (subdir match)]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_path_sub</style>
</field>
<field>
<id>acl.path_sub</id>
<label>Path Contains</label>
<type>text</type>
<help><![CDATA[HTTP request URL path contains string (substring match)]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_url_param</style>
</field>
<field>
<id>acl.url_param</id>
<label>URL Parameter</label>
<type>text</type>
<help><![CDATA[Specify the URL parameter to be checked for the value specified below.]]></help>
</field>
<field>
<id>acl.url_param_value</id>
<label>Parameter Value</label>
<type>text</type>
<help><![CDATA[Specify the value for the URL parameter.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_ssl_c_verify_code</style>
</field>
<field>
<id>acl.ssl_c_verify_code</id>
<label>SSL Error ID</label>
<type>text</type>
<help><![CDATA[Specify the SSL/TLS error ID that should be checked for the incoming connection. Please refer to your SSL library's documentation for an exhaustive list of error codes.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_ssl_c_ca_commonname</style>
</field>
<field>
<id>acl.ssl_c_ca_commonname</id>
<label>CA Common-Name</label>
<type>text</type>
<help><![CDATA[Verify the CA Common-Name of the certificate presented by the client against the specified string.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src</style>
</field>
<field>
<id>acl.src</id>
<label>Source IP</label>
<type>text</type>
<help><![CDATA[Verify the source IPv4 address of the client of the session matches the specified IPv4 or IPv6 address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_nbsrv</style>
</field>
<field>
<id>acl.nbsrv</id>
<label>Usable Servers</label>
<type>text</type>
<help><![CDATA[Verify the minimum number of usable servers in the named backend matches the specified value.]]></help>
</field>
<field>
<id>acl.nbsrv_backend</id>
<label>Backend</label>
<type>dropdown</type>
<help><![CDATA[Use this backend to count usable servers.<br/><b>Not used for any other expression.</b>]]></help>
<help><![CDATA[Use the specified backend to count usable servers. Leave empty to use the current backend.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_ssl_sni</style>
</field>
<field>
<id>acl.ssl_sni</id>
<label>SNI Matches</label>
<type>text</type>
<help><![CDATA[The value of the Server Name TLS extension sent by a client matches the exact string.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_ssl_sni_sub</style>
</field>
<field>
<id>acl.ssl_sni_sub</id>
<label>SNI Contains</label>
<type>text</type>
<help><![CDATA[The value of the Server Name TLS extension sent by a client contains the specified string (substring match).]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_ssl_sni_beg</style>
</field>
<field>
<id>acl.ssl_sni_beg</id>
<label>SNI Prefix</label>
<type>text</type>
<help><![CDATA[The value of the Server Name TLS extension sent by a client starts with the specified string (prefix match).]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_ssl_sni_end</style>
</field>
<field>
<id>acl.ssl_sni_end</id>
<label>SNI Suffix</label>
<type>text</type>
<help><![CDATA[The value of the Server Name TLS extension sent by a client ends with the specified string (suffix match).]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_custom_acl</style>
</field>
<field>
<id>acl.custom_acl</id>
<label>Option pass-through</label>
<type>textbox</type>
<help><![CDATA[Specify a HAProxy condition/ACL that is currently not supported by the GUI.]]></help>
</field>
</form>

301
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
View file

@ -3,16 +3,16 @@
<id>action.name</id>
<label>Name</label>
<type>text</type>
<help>Name to identify this action.</help>
<help>Name to identify this rule.</help>
</field>
<field>
<id>action.description</id>
<label>Description</label>
<type>text</type>
<help>Description for this action.</help>
<help>Description for this rule.</help>
</field>
<field>
<label>Form condition</label>
<label>Optional condition</label>
<type>header</type>
</field>
<field>
@ -23,59 +23,308 @@
</field>
<field>
<id>action.linkedAcls</id>
<label>Select ACLs</label>
<label>Select conditions</label>
<type>select_multiple</type>
<style>tokenize</style>
<help><![CDATA[Select one ore more ACLs to be used as condition for this action.]]></help>
<help><![CDATA[Select one or more conditions to be used for this rule.]]></help>
</field>
<field>
<id>action.operator</id>
<label>Logical operator (for ACLs)</label>
<label>Logical operator for conditions</label>
<type>dropdown</type>
<help><![CDATA[Choose an logical operator to be used to form a condition.]]></help>
<help><![CDATA[Choose a logical operator.]]></help>
</field>
<field>
<label>HAProxy function</label>
<type>header</type>
</field>
<field>
<id>action.type</id>
<label>Choose action</label>
<label>Execute function</label>
<type>dropdown</type>
<help><![CDATA[Choose an action that should be executed if the condition is true.]]></help>
<help><![CDATA[Choose a HAProxy function that should be executed if the condition evaluates to true.]]></help>
</field>
<field>
<label>Optional parameters</label>
<label>Parameters</label>
<type>header</type>
<style>type_table table_use_backend</style>
</field>
<field>
<id>action.useBackend</id>
<label>Use backend</label>
<id>action.use_backend</id>
<label>Use backend pool</label>
<type>dropdown</type>
<help><![CDATA[Use this backend if the condition is true.<br/><b>Not used for any other action.</b>]]></help>
<help><![CDATA[HAProxy will use this backend pool if the condition evaluates to true.]]></help>
</field>
<field>
<id>action.useServer</id>
<label>Parameters</label>
<type>header</type>
<style>type_table table_use_server</style>
</field>
<field>
<id>action.use_server</id>
<label>Use server</label>
<type>dropdown</type>
<help><![CDATA[Use this server if the condition is true.<br/><b>Not used for any other action.</b>]]></help>
<help><![CDATA[HAProxy will use this server instead of other servers that are specified in the Backend Pool. The server must exist in the context where this rule is applied.]]></help>
</field>
<field>
<label>Conditional parameters</label>
<label>NOTE: The specified server must be present in the Backend Pool where this rule is applied.</label>
<type>info</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-request_auth</style>
</field>
<field>
<id>action.actionName</id>
<label>Name/Identifier</label>
<id>action.http-request_auth</id>
<label>Auth Realm</label>
<type>text</type>
<help><![CDATA[Specify a value to match with the action.]]></help>
<help><![CDATA[When HAProxy requests user name and password from the user, this optiomal authentication realm is returned with the response (typically the application's name).]]></help>
</field>
<field>
<id>action.actionFind</id>
<label>Find value</label>
<type>text</type>
<help><![CDATA[Specify a value to match with the action.]]></help>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-request_redirect</style>
</field>
<field>
<id>action.actionValue</id>
<label>Set value</label>
<id>action.http-request_redirect</id>
<label>HTTP Redirect</label>
<type>text</type>
<help><![CDATA[Specify a value to match with the action.]]></help>
<help><![CDATA[Use HAProxy's redirect function to return a HTTP redirection. See <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-request_lua</style>
</field>
<field>
<id>action.http-request_lua</id>
<label>Lua function</label>
<type>text</type>
<help><![CDATA[Execute the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-request_use-service</style>
</field>
<field>
<id>action.http-request_use-service</id>
<label>Lua service</label>
<type>text</type>
<help><![CDATA[Register the specified Lua service. You will most likely need to include/load your Lua code first.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-request_add-header</style>
</field>
<field>
<id>action.http-request_add-header_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[Append a HTTP header field with the specified name.]]></help>
</field>
<field>
<id>action.http-request_add-header_content</id>
<label>Header Content</label>
<type>text</type>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it is possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-request_set-header</style>
</field>
<field>
<id>action.http-request_set-header_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[Remove the HTTP header field with the specified name and add a new one with the same name. This is useful when passing security information to the server, where the header must not be manipulated by external users.]]></help>
</field>
<field>
<id>action.http-request_set-header_content</id>
<label>Header Content</label>
<type>text</type>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-request_del-header</style>
</field>
<field>
<id>action.http-request_del-header_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[Remove the HTTP header field with the specified name.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-request_replace-header</style>
</field>
<field>
<id>action.http-request_replace-header_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[The name of the HTTP header field.]]></help>
</field>
<field>
<id>action.http-request_replace-header_regex</id>
<label>Regular Expression</label>
<type>text</type>
<help><![CDATA[Matches the specified regular expression in all occurrences of the header field.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-request_replace-value</style>
</field>
<field>
<id>action.http-request_replace-value_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[The name of the HTTP header field.]]></help>
</field>
<field>
<id>action.http-request_replace-value_regex</id>
<label>Regular Expression</label>
<type>text</type>
<help><![CDATA[This is suited for all header fields which are allowed to carry more than one value: Matches the specified regular expression against every comma-delimited value of the header field.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-response_lua</style>
</field>
<field>
<id>action.http-response_lua</id>
<label>Lua function</label>
<type>text</type>
<help><![CDATA[Execute the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-response_add-header</style>
</field>
<field>
<id>action.http-response_add-header_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[Append a HTTP header field with the specified name.]]></help>
</field>
<field>
<id>action.http-response_add-header_content</id>
<label>Header Content</label>
<type>text</type>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-response_set-header</style>
</field>
<field>
<id>action.http-response_set-header_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[Remove the HTTP header field with the specified name and add a new one with the same name. This is useful when passing security information to the server, where the header must not be manipulated by external users.]]></help>
</field>
<field>
<id>action.http-response_set-header_content</id>
<label>Header Content</label>
<type>text</type>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-response_del-header</style>
</field>
<field>
<id>action.http-response_del-header_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[Remove the HTTP header field with the specified name.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-response_replace-header</style>
</field>
<field>
<id>action.http-response_replace-header_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[The name of the HTTP header field.]]></help>
</field>
<field>
<id>action.http-response_replace-header_regex</id>
<label>Regular Expression</label>
<type>text</type>
<help><![CDATA[Matches the specified regular expression in all occurrences of header field.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_http-response_replace-value</style>
</field>
<field>
<id>action.http-response_replace-value_name</id>
<label>HTTP Header</label>
<type>text</type>
<help><![CDATA[The name of the HTTP header field.]]></help>
</field>
<field>
<id>action.http-response_replace-value_regex</id>
<label>Regular Expression</label>
<type>text</type>
<help><![CDATA[This is suited for all header fields which are allowed to carry more than one value: Matches the specified regular expression against every comma-delimited value of the header field.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_tcp-request_content_lua</style>
</field>
<field>
<id>action.tcp-request_content_lua</id>
<label>Lua function</label>
<type>text</type>
<help><![CDATA[Execute the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_tcp-request_content_use-service</style>
</field>
<field>
<id>action.tcp-request_content_use-service</id>
<label>Lua service</label>
<type>text</type>
<help><![CDATA[Register the specified Lua service. You will most likely need to include/load your Lua code first.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_tcp-response_content_lua</style>
</field>
<field>
<id>action.tcp-response_content_lua</id>
<label>Lua function</label>
<type>text</type>
<help><![CDATA[Execute the specified Lua function. You will most likely need to include/load your Lua code first.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>type_table table_custom</style>
</field>
<field>
<id>action.custom</id>
<label>Option pass-through</label>
<type>textbox</type>
<help><![CDATA[Specify a HAProxy rule/ACL that is currently not supported by the GUI.]]></help>
</field>
</form>

45
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
View file

@ -3,32 +3,32 @@
<id>backend.enabled</id>
<label>Enabled</label>
<type>checkbox</type>
<help>Enable this backend</help>
<help>Enable this Backend Pool</help>
</field>
<field>
<id>backend.name</id>
<label>Name</label>
<type>text</type>
<help>Name to identify this backend.</help>
<help>Name to identify this Backend Pool.</help>
</field>
<field>
<id>backend.description</id>
<label>Description</label>
<type>text</type>
<help>Description for this backend.</help>
<help>Description for this Backend Pool.</help>
</field>
<field>
<id>backend.mode</id>
<label>Mode</label>
<type>dropdown</type>
<help><![CDATA[Set the running mode or protocol of the backend. Usually the frontend and the backend are in the same mode.]]></help>
<help><![CDATA[Set the running mode or protocol of the Backend Pool. Usually the Public Service and the Backend Pool are in the same mode.]]></help>
<hint>Set the same mode for backend and frontend.</hint>
</field>
<field>
<id>backend.algorithm</id>
<label>Balancing Algorithm</label>
<type>dropdown</type>
<help><![CDATA[Define the load balancing algorithm to be used in a backend. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#balance">HAProxy documentation</a> for a full description.]]></help>
<help><![CDATA[Define the load balancing algorithm to be used in a Backend Pool. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#balance">HAProxy documentation</a> for a full description.]]></help>
<hint>Choose a load balancing algorithm.</hint>
</field>
<field>
@ -47,21 +47,22 @@
<help><![CDATA[Sets the source address which will be used when connecting to the server(s).]]></help>
<advanced>true</advanced>
</field>
<field>
<label>Health Checking</label>
<type>header</type>
</field>
<field>
<id>backend.healthCheckEnabled</id>
<label>Enabled</label>
<label>Enable Health Checking</label>
<type>checkbox</type>
<help><![CDATA[Enable or disable health checking.]]></help>
</field>
<field>
<label>Health Checking</label>
<type>header</type>
<style>healthcheck_table table_healthcheck_true</style>
</field>
<field>
<id>backend.healthCheck</id>
<label>Health check</label>
<label>Health Monitor</label>
<type>dropdown</type>
<help><![CDATA[Select health check for servers in this backend.]]></help>
<help><![CDATA[Select Health Monitor for servers in this backend.]]></help>
</field>
<field>
<id>backend.healthCheckLogStatus</id>
@ -77,7 +78,7 @@
<id>backend.stickiness_pattern</id>
<label>Table type</label>
<type>dropdown</type>
<help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
<help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
<hint>Choose a persistence type.</hint>
</field>
<field>
@ -141,7 +142,7 @@
<id>backend.customOptions</id>
<label>Option pass-through</label>
<type>textbox</type>
<help><![CDATA[These lines will be added to the HAProxy backend configuration.<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>]]></help>
<help><![CDATA[These lines will be added to the HAProxy backend configuration.]]></help>
<advanced>true</advanced>
</field>
<field>
@ -159,27 +160,27 @@
<advanced>true</advanced>
</field>
<field>
<label>Actions (ACLs)</label>
<label>Rules</label>
<type>header</type>
</field>
<field>
<id>backend.linkedActions</id>
<label>Actions</label>
<label>Select Rules</label>
<type>select_multiple</type>
<style>tokenize</style>
<help><![CDATA[Choose actions to be included in this backend.]]></help>
<hint>Choose actions.</hint>
<help><![CDATA[Choose rules to be included in this Backend Pool.]]></help>
<hint>Choose rules.</hint>
</field>
<field>
<label>Error Files</label>
<label>Error Messages</label>
<type>header</type>
</field>
<field>
<id>backend.linkedErrorfiles</id>
<label>Error files</label>
<label>Select Error Messages</label>
<type>select_multiple</type>
<style>tokenize</style>
<help><![CDATA[Choose error files to be included in this backend.]]></help>
<hint>Choose error files.</hint>
<help><![CDATA[Choose error messages to be included in this Backend Pool.]]></help>
<hint>Choose error messages.</hint>
</field>
</form>

8
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogErrorfile.xml
View file

@ -3,24 +3,24 @@
<id>errorfile.name</id>
<label>Name</label>
<type>text</type>
<help>Name to identify this error file.</help>
<help>Name to identify this error message.</help>
</field>
<field>
<id>errorfile.description</id>
<label>Description</label>
<type>text</type>
<help>Description for this error file.</help>
<help>Description for this error message.</help>
</field>
<field>
<id>errorfile.code</id>
<label>Error code</label>
<type>dropdown</type>
<help><![CDATA[The HTTP status code.<br/><div class="text-info"><b>NOTE:</b> It is important to understand that errorfiles are NOT meant to rewrite errors returned by the server, but errors detected and returned by HAProxy. This is why the list of supported errors is limited to a small set.</div>]]></help>
<help><![CDATA[The HTTP status code.<br/><div class="text-info"><b>NOTE:</b> It is important to understand that error messages are NOT meant to rewrite errors returned by the server, but errors detected and returned by HAProxy. This is why the list of supported errors is limited to a small set.</div>]]></help>
</field>
<field>
<id>errorfile.content</id>
<label>Content</label>
<type>textbox</type>
<help>Paste the content of your errorfile here. The files should not exceed the configured buffer size, which generally is 8 or 16 kB.</help>
<help>Paste the content of your error messages here. The message must represent the full HTTP response and include required HTTP headers. It should not exceed the configured buffer size, which generally is 8 or 16 kB.</help>
</field>
</form>

99
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
View file

@ -3,19 +3,19 @@
<id>frontend.enabled</id>
<label>Enabled</label>
<type>checkbox</type>
<help>Enable this frontend</help>
<help>Enable this Public Service.</help>
</field>
<field>
<id>frontend.name</id>
<label>Name</label>
<type>text</type>
<help>Name to identify this frontend.</help>
<help>Name to identify this Public Service.</help>
</field>
<field>
<id>frontend.description</id>
<label>Description</label>
<type>text</type>
<help>Description for this frontend.</help>
<help>Description for this Public Service.</help>
</field>
<field>
<id>frontend.bind</id>
@ -23,37 +23,38 @@
<type>select_multiple</type>
<style>tokenize</style>
<allownew>true</allownew>
<help><![CDATA[Configure listen addresses for this frontend, i.e. 127.0.0.1:8080 or www.example.com:443. Use TAB key to complete typing a listen address.]]></help>
<help><![CDATA[Configure listen addresses for this Public Service, i.e. 127.0.0.1:8080 or www.example.com:443. Use TAB key to complete typing a listen address.]]></help>
<hint>Enter address:port here. Finish with TAB.</hint>
</field>
<field>
<id>frontend.bindOptions</id>
<label>Advanced Bind Options</label>
<label>Bind option pass-through</label>
<type>text</type>
<help><![CDATA[A list of parameters that will be appended to every Listen Address line.<br/>Example: accept-proxy npn http/1.1<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>]]></help>
<help><![CDATA[A list of parameters that will be appended to every Listen Address line.<br/>Example: accept-proxy npn http/1.1<br/>]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.mode</id>
<label>Type</label>
<type>dropdown</type>
<help><![CDATA[Set the running mode or protocol for this frontend.]]></help>
<help><![CDATA[Set the running mode or protocol for this Public Service.]]></help>
</field>
<field>
<id>frontend.defaultBackend</id>
<label>Default Backend</label>
<label>Default Backend Pool</label>
<type>dropdown</type>
<help><![CDATA[Set the default backend to use for this frontend.]]></help>
<help><![CDATA[Set the default Backend Pool to use for this Public Service.]]></help>
</field>
<field>
<id>frontend.ssl_enabled</id>
<label>Enable SSL offloading</label>
<type>checkbox</type>
<help>Enable SSL offloading</help>
</field>
<field>
<label>SSL Offloading</label>
<type>header</type>
</field>
<field>
<id>frontend.ssl_enabled</id>
<label>Enabled</label>
<type>checkbox</type>
<help>Enable SSL offloading</help>
<style>mode_table table_http table_ssl table_ssl_true</style>
</field>
<field>
<id>frontend.ssl_certificates</id>
@ -73,11 +74,48 @@
</field>
<field>
<id>frontend.ssl_customOptions</id>
<label>Advanced SSL options</label>
<label>SSL option pass-through</label>
<type>text</type>
<help><![CDATA[Specify additional SSL parameters such as force-sslv3, force-tlsv10, force-tlsv11, force-tlsv12, no-sslv3, no-tlsv10, no-tlsv11, no-tlsv12, no-tls-tickets or customize the list of SSL ciphers.<br/>Example: no-sslv3 ciphers HIGH:!DSS:!aNULL@STRENGTH<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>]]></help>
<help><![CDATA[Pass additional SSL parameters to the HAProxy configuration.]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.ssl_advancedEnabled</id>
<label>Enable Advanced settings</label>
<type>checkbox</type>
<help><![CDATA[Enable advanced SSL settings.]]></help>
</field>
<field>
<label>Advanced SSL settings</label>
<type>header</type>
<style>mode_table table_http table_ssl table_ssl_advanced table_ssl_advanced_true</style>
</field>
<field>
<id>frontend.ssl_bindOptions</id>
<label>Bind options</label>
<type>select_multiple</type>
<style>tokenize</style>
<allownew>true</allownew>
<help><![CDATA[Used to enforce or disable certain SSL options.]]></help>
</field>
<field>
<id>frontend.ssl_cipherList</id>
<label>Cipher List</label>
<type>text</type>
<help><![CDATA[It sets the default string describing the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake.]]></help>
</field>
<field>
<id>frontend.ssl_hstsEnabled</id>
<label>Enable HSTS</label>
<type>checkbox</type>
<help><![CDATA[Enable HTTP Strict Transport Security.]]></help>
</field>
<field>
<id>frontend.ssl_hstsMaxAge</id>
<label>HSTS max-age</label>
<type>text</type>
<help><![CDATA[Future requests to the domain should use only HTTPS for the specified time (in seconds): 15768000 = 6 months]]></help>
</field>
<field>
<label>Tuning Options</label>
<type>header</type>
@ -86,7 +124,7 @@
<id>frontend.tuning_maxConnections</id>
<label>Max. Connections</label>
<type>text</type>
<help><![CDATA[Set the maximum number of concurrent connections for this frontend.]]></help>
<help><![CDATA[Set the maximum number of concurrent connections for this Public Service.]]></help>
</field>
<field>
<id>frontend.tuning_timeoutClient</id>
@ -134,8 +172,9 @@
<advanced>true</advanced>
</field>
<field>
<label>Advanced settings</label>
<label>HTTP(S) settings</label>
<type>header</type>
<style>mode_table table_http table_ssl</style>
</field>
<field>
<id>frontend.forwardFor</id>
@ -143,6 +182,10 @@
<type>checkbox</type>
<help><![CDATA[Enable insertion of the X-Forwarded-For header to requests sent to servers.]]></help>
</field>
<field>
<label>Advanced settings</label>
<type>header</type>
</field>
<field>
<id>frontend.connectionBehaviour</id>
<label>Type</label>
@ -154,31 +197,31 @@
<id>frontend.customOptions</id>
<label>Option pass-through</label>
<type>textbox</type>
<help><![CDATA[These lines will be added to the HAProxy frontend configuration.<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>]]></help>
<help><![CDATA[These lines will be added to the HAProxy frontend configuration.]]></help>
<advanced>true</advanced>
</field>
<field>
<label>Actions (ACLs)</label>
<label>Rules</label>
<type>header</type>
</field>
<field>
<id>frontend.linkedActions</id>
<label>Actions</label>
<label>Select Rules</label>
<type>select_multiple</type>
<style>tokenize</style>
<help><![CDATA[Choose actions to be included in this frontend.]]></help>
<hint>Choose actions.</hint>
<help><![CDATA[Choose rules to be included in this Public Service.]]></help>
<hint>Choose rules.</hint>
</field>
<field>
<label>Error Files</label>
<label>Error Messages</label>
<type>header</type>
</field>
<field>
<id>frontend.linkedErrorfiles</id>
<label>Error files</label>
<label>Select Error Messages</label>
<type>select_multiple</type>
<style>tokenize</style>
<help><![CDATA[Choose error files to be included in this backend.]]></help>
<hint>Choose error files.</hint>
<help><![CDATA[Choose error messages to be included in this Public Service.]]></help>
<hint>Choose error messages.</hint>
</field>
</form>

58
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml
View file

@ -3,13 +3,13 @@
<id>healthcheck.name</id>
<label>Name</label>
<type>text</type>
<help>Name to identify this ACL.</help>
<help>Name to identify this Health Monitor.</help>
</field>
<field>
<id>healthcheck.description</id>
<label>Description</label>
<type>text</type>
<help>Description for this ACL.</help>
<help>Description for this Health Monitor.</help>
</field>
<field>
<id>healthcheck.type</id>
@ -33,6 +33,7 @@
<field>
<label>HTTP check options</label>
<type>header</type>
<style>type_table table_http</style>
</field>
<field>
<id>healthcheck.http_method</id>
@ -61,6 +62,7 @@
<field>
<label>Custom HTTP check</label>
<type>header</type>
<style>type_table table_http</style>
</field>
<field>
<id>healthcheck.http_expressionEnabled</id>
@ -88,6 +90,7 @@
<field>
<label>Custom TCP check</label>
<type>header</type>
<style>type_table table_tcp</style>
</field>
<field>
<id>healthcheck.tcp_enabled</id>
@ -119,25 +122,64 @@
<help><![CDATA[Specify the pattern to look for in the response buffer. If the match is set to binary, then the pattern must be passed as a serie of hexadecimal digits in an even number.]]></help>
</field>
<field>
<label>Other check options</label>
<label>Agent check</label>
<type>header</type>
<style>type_table table_agent</style>
</field>
<field>
<id>healthcheck.agentPort</id>
<id>healthcheck.agent_port</id>
<label>Agent port</label>
<type>text</type>
<help><![CDATA[Specify the TCP port used for agent checks.]]></help>
</field>
<field>
<id>healthcheck.dbUser</id>
<label>DB user</label>
<label>MySQL check</label>
<type>header</type>
<style>type_table table_mysql</style>
</field>
<field>
<id>healthcheck.mysql_user</id>
<label>MySQL user</label>
<type>text</type>
<help><![CDATA[Specify the username to be used for database health checks.]]></help>
</field>
<field>
<id>healthcheck.smtpDomain</id>
<id>healthcheck.mysql_post41</id>
<label>MySQL 4.1+</label>
<type>checkbox</type>
<help><![CDATA[Send checks compatible with MySQL server 4.1 and later.]]></help>
</field>
<field>
<label>PostgreSQL check</label>
<type>header</type>
<style>type_table table_pgsql</style>
</field>
<field>
<id>healthcheck.pgsql_user</id>
<label>PostgreSQL user</label>
<type>text</type>
<help><![CDATA[Specify the username to be used for database health checks.]]></help>
</field>
<field>
<label>SMTP check</label>
<type>header</type>
<style>type_table table_smtp</style>
</field>
<field>
<id>healthcheck.smtp_domain</id>
<label>SMTP domain</label>
<type>text</type>
<help><![CDATA[Specify the domain name to present to the server for SMTP/ESMTP health checks.]]></help>
<help><![CDATA[Specify the domain name to present to the server for SMTP health checks.]]></help>
</field>
<field>
<label>ESMTP check</label>
<type>header</type>
<style>type_table table_esmtp</style>
</field>
<field>
<id>healthcheck.esmtp_domain</id>
<label>ESMTP domain</label>
<type>text</type>
<help><![CDATA[Specify the domain name to present to the server for ESMTP health checks.]]></help>
</field>
</form>

6
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml
View file

@ -22,7 +22,7 @@
<id>server.port</id>
<label>Port</label>
<type>text</type>
<help><![CDATA[Provide the TCP communication port for this server, i.e. 80 or 443.]]></help>
<help><![CDATA[Provide the TCP or UDP communication port for this server, i.e. 80 or 443. If set, all connections will be sent to this port. If unset, the same port the client connected to will be used.]]></help>
</field>
<field>
<id>server.mode</id>
@ -103,9 +103,9 @@
</field>
<field>
<id>server.advanced</id>
<label>Advanced options</label>
<label>Option pass-through</label>
<type>text</type>
<help><![CDATA[A list of parameters that will be appended to the server line in every backend where this is will be used.<br/>Example: send-proxy<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>.]]></help>
<help><![CDATA[A list of parameters that will be appended to the server line in every backend where this server will be used.<br/>Example: send-proxy<br/>.]]></help>
<advanced>true</advanced>
</field>
</form>

34
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
View file

@ -1,10 +1,6 @@
<form>
<tab id="haproxy-general" description="General Settings">
<tab id="haproxy-general" description="Settings">
<subtab id="haproxy-general-settings" description="Service Settings">
<field>
<label>NOTE: You need to configure frontends, backends and servers before enabling HAProxy.</label>
<type>info</type>
</field>
<field>
<id>haproxy.general.enabled</id>
<label>Enable HAProxy</label>
@ -90,10 +86,34 @@
<help><![CDATA[These lines will be added to the global settings of to the HAProxy configuration file.<br/><div class="text-info"><b>NOTE:</b> The syntax will not be checked, use at your own risk!</div>]]></help>
<advanced>true</advanced>
</field>
<field>
<label>SSL default settings</label>
<type>header</type>
</field>
<field>
<id>haproxy.general.tuning.ssl_defaultsEnabled</id>
<label>Enabled</label>
<type>checkbox</type>
<help><![CDATA[Enable global SSL default values.]]></help>
</field>
<field>
<id>haproxy.general.tuning.ssl_bindOptions</id>
<label>Bind options</label>
<type>select_multiple</type>
<style>tokenize</style>
<allownew>true</allownew>
<help><![CDATA[Used to enforce or disable certain SSL options.]]></help>
</field>
<field>
<id>haproxy.general.tuning.ssl_cipherList</id>
<label>Cipher List</label>
<type>text</type>
<help><![CDATA[It sets the default string describing the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake.]]></help>
</field>
</subtab>
<subtab id="haproxy-general-defaults" description="Default Parameters">
<field>
<label>NOTE: Define default parameters for ALL Frontends, Backends and Servers here. They may still be overriden elsewhere.</label>
<label>NOTE: Define default parameters for ALL Public Services, Backend Pools and Servers here. They may still be overriden elsewhere.</label>
<type>info</type>
</field>
<field>
@ -225,6 +245,4 @@
</field>
</subtab>
</tab>
<activetab>haproxy-general-settings</activetab>
</form>

23
net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.php
View file

@ -139,12 +139,10 @@ class HAProxy extends BaseModel
* @param string $description
* @param string $expression
* @param string $negate
* @param string $value
* @param string $urlparam
* @param string $querybackend
* @param hash $parameters
* @return string
*/
public function newAcl($name, $description = "", $expression, $negate = "0", $value, $urlparam = "", $queryBackend = "")
public function newAcl($name, $description = "", $expression, $negate = "0", $parameters = array())
{
$acl = $this->acls->acl->Add();
$uuid = $acl->getAttributes()['uuid'];
@ -152,9 +150,9 @@ class HAProxy extends BaseModel
$acl->description = $description;
$acl->expression = $expression;
$acl->negate = $negate;
$acl->value = $value;
$acl->urlparam = $urlparam;
$acl->queryBackend = $queryBackend;
foreach ($parameters as $key => $value) {
$acl->$key = $value;
}
return $uuid;
}
@ -173,7 +171,7 @@ class HAProxy extends BaseModel
* @param string $actionValue
* @return string
*/
public function newAction($name, $description = "", $testType, $linkedAcls = "", $operator = "and", $type, $useBackend = "", $useServer = "", $actionName, $actionFind, $actionValue)
public function newAction($name, $description = "", $testType, $linkedAcls = "", $operator = "and", $type, $parameters = array())
{
$action = $this->actions->action->Add();
$uuid = $action->getAttributes()['uuid'];
@ -183,11 +181,9 @@ class HAProxy extends BaseModel
$action->linkedAcls = $linkedAcls;
$action->operator = $operator;
$action->type = $type;
$action->useBackend = $useBackend;
$action->useServer = $useServer;
$action->actionName = $actionName;
$action->actionFind = $actionFind;
$action->actionValue = $actionValue;
foreach ($parameters as $key => $value) {
$action->$key = $value;
}
return $uuid;
}
@ -251,7 +247,6 @@ class HAProxy extends BaseModel
*/
public function linkAclToAction($acl_uuid, $action_uuid, $replace = false)
{
//$mdl = new HAProxy();
// ACL must exist
$acl = $this->getByAclID($acl_uuid);
if ((string)$acl === false) {

423
net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
View file

@ -1,6 +1,6 @@
<model>
<mount>//OPNsense/HAProxy</mount>
<version>1.0.0</version>
<version>2.0.0</version>
<description>
the HAProxy load balancer
</description>
@ -79,6 +79,31 @@
<customOptions type="TextField">
<Required>N</Required>
</customOptions>
<ssl_defaultsEnabled type="BooleanField">
<default>0</default>
<Required>Y</Required>
</ssl_defaultsEnabled>
<ssl_bindOptions type="OptionField">
<Required>N</Required>
<default>no-sslv3,no-tlsv10,no-tls-tickets</default>
<Multiple>Y</Multiple>
<OptionValues>
<no-sslv3>no-sslv3</no-sslv3>
<no-tlsv10>no-tlsv10</no-tlsv10>
<no-tlsv11>no-tlsv11</no-tlsv11>
<no-tlsv12>no-tlsv12</no-tlsv12>
<no-tls-tickets>no-tls-tickets</no-tls-tickets>
<force-sslv3>force-sslv3</force-sslv3>
<force-tlsv10>force-tlsv10</force-tlsv10>
<force-tlsv11>force-tlsv11</force-tlsv11>
<force-tlsv12>force-tlsv12</force-tlsv12>
<strict-sni>strict-sni</strict-sni>
</OptionValues>
</ssl_bindOptions>
<ssl_cipherList type="TextField">
<default>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256</default>
<Required>N</Required>
</ssl_cipherList>
</tuning>
<defaults>
<maxConnections type="IntegerField">
@ -281,7 +306,6 @@
<ValidationMessage>Related backend item not found</ValidationMessage>
<Required>N</Required>
</defaultBackend>
<!-- XXX: add tag <ssl> once nesting is supported by our framework -->
<ssl_enabled type="BooleanField">
<default>0</default>
<Required>Y</Required>
@ -299,7 +323,42 @@
<ssl_customOptions type="TextField">
<Required>N</Required>
</ssl_customOptions>
<!-- XXX: add tag <tuning> once nesting is supported by our framework -->
<ssl_advancedEnabled type="BooleanField">
<default>0</default>
<Required>Y</Required>
</ssl_advancedEnabled>
<ssl_bindOptions type="OptionField">
<Required>N</Required>
<default>no-sslv3,no-tlsv10,no-tls-tickets</default>
<Multiple>Y</Multiple>
<OptionValues>
<no-sslv3>no-sslv3</no-sslv3>
<no-tlsv10>no-tlsv10</no-tlsv10>
<no-tlsv11>no-tlsv11</no-tlsv11>
<no-tlsv12>no-tlsv12</no-tlsv12>
<no-tls-tickets>no-tls-tickets</no-tls-tickets>
<force-sslv3>force-sslv3</force-sslv3>
<force-tlsv10>force-tlsv10</force-tlsv10>
<force-tlsv11>force-tlsv11</force-tlsv11>
<force-tlsv12>force-tlsv12</force-tlsv12>
<strict-sni>strict-sni</strict-sni>
</OptionValues>
</ssl_bindOptions>
<ssl_cipherList type="TextField">
<default>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256</default>
<Required>N</Required>
</ssl_cipherList>
<ssl_hstsEnabled type="BooleanField">
<default>1</default>
<Required>Y</Required>
</ssl_hstsEnabled>
<ssl_hstsMaxAge type="IntegerField">
<default>15768000</default>
<MinimumValue>1</MinimumValue>
<MaximumValue>1000000000</MaximumValue>
<ValidationMessage>Please specify a value between 1 and 1000000000.</ValidationMessage>
<Required>Y</Required>
</ssl_hstsMaxAge>
<tuning_maxConnections type="IntegerField">
<MinimumValue>1</MinimumValue>
<MaximumValue>500000</MaximumValue>
@ -311,7 +370,6 @@
<ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
<Required>N</Required>
</tuning_timeoutClient>
<!-- XXX: add tag <logging> once nesting is supported by our framework -->
<logging_dontLogNull type="BooleanField">
<default>0</default>
<Required>Y</Required>
@ -451,7 +509,6 @@
<default>0</default>
<Required>N</Required>
</healthCheckLogStatus>
<!-- XXX: add tag <stickiness> once nesting is supported by our framework -->
<stickiness_pattern type="OptionField">
<Required>N</Required>
<default>sourceipv4</default>
@ -487,7 +544,6 @@
<ValidationMessage>Please specify a value between 1 and 10000.</ValidationMessage>
<Required>N</Required>
</stickiness_cookielength>
<!-- XXX: add tag <tuning> once nesting is supported by our framework -->
<tuning_timeoutConnect type="TextField">
<mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
<ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
@ -563,11 +619,10 @@
<Required>Y</Required>
</address>
<port type="IntegerField">
<default>80</default>
<MinimumValue>1</MinimumValue>
<MaximumValue>65535</MaximumValue>
<ValidationMessage>Please specify a value between 1 and 65535.</ValidationMessage>
<Required>Y</Required>
<Required>N</Required>
</port>
<checkport type="IntegerField">
<default></default>
@ -675,7 +730,6 @@
<ValidationMessage>Please specify a value between 1 and 65535.</ValidationMessage>
<Required>N</Required>
</checkport>
<!-- XXX: add tag <http> once nesting is supported by our framework -->
<http_method type="OptionField">
<Required>N</Required>
<default>options</default>
@ -752,21 +806,45 @@
<tcp_matchValue type="TextField">
<Required>N</Required>
</tcp_matchValue>
<agentPort type="IntegerField">
<agent_port type="IntegerField">
<MinimumValue>1</MinimumValue>
<MaximumValue>65535</MaximumValue>
<ValidationMessage>Please specify a value between 1 and 65535.</ValidationMessage>
<Required>N</Required>
</agentPort>
<dbUser type="TextField">
</agent_port>
<mysql_user type="TextField">
<mask>/^([0-9a-zA-Z._\-]){1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</dbUser>
<smtpDomain type="TextField">
</mysql_user>
<mysql_post41 type="BooleanField">
<default>0</default>
<Required>N</Required>
</mysql_post41>
<pgsql_user type="TextField">
<mask>/^([0-9a-zA-Z._\-]){1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</pgsql_user>
<smtp_domain type="TextField">
<mask>/^([0-9a-zA-Z._\-]){1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</smtp_domain>
<esmtp_domain type="TextField">
<mask>/^([0-9a-zA-Z._\-]){1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</esmtp_domain>
<!-- XXX old values, required for migration to model 2.0.0 -->
<agentPort type="IntegerField">
<Required>N</Required>
</agentPort>
<dbUser type="TextField">
<Required>N</Required>
</dbUser>
<smtpDomain type="TextField">
<Required>N</Required>
</smtpDomain>
</healthcheck>
</healthchecks>
@ -788,37 +866,160 @@
<expression type="OptionField">
<Required>Y</Required>
<OptionValues>
<host_starts_with>Host starts with</host_starts_with>
<host_ends_with>Host ends with</host_ends_with>
<host_matches>Host matches</host_matches>
<host_regex>Host regex</host_regex>
<host_contains>Host contains</host_contains>
<path_starts_with>Path starts with</path_starts_with>
<path_ends_with>Path ends with</path_ends_with>
<path_matches>Path matches</path_matches>
<path_regex>Path regex</path_regex>
<path_contains>Path contains</path_contains>
<url_parameter>URL parameter contains</url_parameter>
<hdr_beg>Host starts with</hdr_beg>
<hdr_end>Host ends with</hdr_end>
<hdr>Host matches</hdr>
<hdr_reg>Host regex</hdr_reg>
<hdr_sub>Host contains</hdr_sub>
<path_beg>Path starts with</path_beg>
<path_end>Path ends with</path_end>
<path>Path matches</path>
<path_reg>Path regex</path_reg>
<!-- XXX: Notes for migration (added a new similar option):
path_contains = path_dir (Path contains subdir)
NEW: path_sub (Path contains string) -->
<path_dir>Path contains subdir</path_dir>
<path_sub>Path contains string</path_sub>
<url_param>URL parameter contains</url_param>
<ssl_fc>SSL/TLS connection established</ssl_fc>
<ssl_c_verify_code>SSL Client certificate verify error result</ssl_c_verify_code>
<ssl_c_verify>SSL Client certificate is valid</ssl_c_verify>
<ssl_c_ca_commonname>SSL Client issued by CA common-name</ssl_c_ca_commonname>
<source_ip>Source IP matches IP or Alias</source_ip>
<backendservercount>Minimum count usable servers</backendservercount>
<traffic_is_http>Traffic is http (no value needed)</traffic_is_http>
<traffic_is_ssl>Traffic is ssl (no value needed)</traffic_is_ssl>
<ssl_sni_matches>SNI TLS extension matches</ssl_sni_matches>
<ssl_sni_contains>SNI TLS extension contains</ssl_sni_contains>
<ssl_sni_starts_with>SNI TLS extension starts with</ssl_sni_starts_with>
<ssl_sni_ends_with>SNI TLS extension ends with</ssl_sni_ends_with>
<ssl_sni_regex>SNI TLS extension regex</ssl_sni_regex>
<custom_acl>Custom ACL</custom_acl>
<ssl_c_verify_code>SSL Client certificate verify error result</ssl_c_verify_code>
<ssl_c_ca_commonname>SSL Client certificate issued by CA common-name</ssl_c_ca_commonname>
<src>Source IP matches specified IP</src>
<nbsrv>Minimum number of usable servers in backend</nbsrv>
<traffic_is_http>Traffic is HTTP</traffic_is_http>
<traffic_is_ssl>Traffic is SSL</traffic_is_ssl>
<ssl_sni>SNI TLS extension matches</ssl_sni>
<ssl_sni_sub>SNI TLS extension contains</ssl_sni_sub>
<ssl_sni_beg>SNI TLS extension starts with</ssl_sni_beg>
<ssl_sni_end>SNI TLS extension ends with</ssl_sni_end>
<ssl_sni_reg>SNI TLS extension regex</ssl_sni_reg>
<custom_acl>Custom condition (option pass-through)</custom_acl>
</OptionValues>
</expression>
<negate type="BooleanField">
<default>0</default>
<Required>Y</Required>
</negate>
<hdr_beg type="TextField">
<mask>/^.{1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</hdr_beg>
<hdr_end type="TextField">
<mask>/^.{1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</hdr_end>
<hdr type="TextField">
<mask>/^.{1,1024}$/u</mask>
<ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
<Required>N</Required>
</hdr>
<hdr_reg type="TextField">
<mask>/^.{1,1024}$/u</mask>
<ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
<Required>N</Required>
</hdr_reg>
<hdr_sub type="TextField">
<mask>/^.{1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</hdr_sub>
<path_beg type="TextField">
<mask>/^.{1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</path_beg>
<path_end type="TextField">
<mask>/^.{1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</path_end>
<path type="TextField">
<mask>/^.{1,1024}$/u</mask>
<ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
<Required>N</Required>
</path>
<path_reg type="TextField">
<mask>/^.{1,1024}$/u</mask>
<ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
<Required>N</Required>
</path_reg>
<path_dir type="TextField">
<mask>/^.{1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</path_dir>
<path_sub type="TextField">
<mask>/^.{1,255}$/u</mask>
<ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
<Required>N</Required>
</path_sub>
<url_param type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</url_param>
<url_param_value type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</url_param_value>
<ssl_c_verify_code type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>500000</MaximumValue>
<ValidationMessage>Please specify a value between 0 and 500000.</ValidationMessage>
<Required>N</Required>
</ssl_c_verify_code>
<ssl_c_ca_commonname type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</ssl_c_ca_commonname>
<src type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</src>
<nbsrv type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>500000</MaximumValue>
<ValidationMessage>Please specify a value between 0 and 500000.</ValidationMessage>
<Required>N</Required>
</nbsrv>
<nbsrv_backend type="ModelRelationField">
<Model>
<template>
<source>OPNsense.HAProxy.HAProxy</source>
<items>backends.backend</items>
<display>name</display>
</template>
</Model>
<ValidationMessage>Related backend item not found</ValidationMessage>
<Required>N</Required>
</nbsrv_backend>
<ssl_sni type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</ssl_sni>
<ssl_sni_sub type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</ssl_sni_sub>
<ssl_sni_beg type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</ssl_sni_beg>
<ssl_sni_end type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</ssl_sni_end>
<ssl_sni_reg type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</ssl_sni_reg>
<custom_acl type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</custom_acl>
<!-- XXX old values, required for migration to model 2.0.0 -->
<value type="TextField">
<Required>N</Required>
</value>
@ -835,6 +1036,7 @@
</Model>
<ValidationMessage>Related backend item not found</ValidationMessage>
<Required>N</Required>
<Required>N</Required>
</queryBackend>
</acl>
</acls>
@ -880,9 +1082,10 @@
</operator>
<type type="OptionField">
<Required>Y</Required>
<!-- XXX TODO: use more user-friendly names instead of HAProxys option names -->
<OptionValues>
<use_backend>Use Backend</use_backend>
<use_server>Use Server</use_server>
<use_backend>Use specified Backend Pool</use_backend>
<use_server>Override server in Backend Pool</use_server>
<http-request_allow>http-request allow</http-request_allow>
<http-request_deny>http-request deny</http-request_deny>
<http-request_tarpit>http-request tarpit</http-request_tarpit>
@ -913,9 +1116,143 @@
<tcp-response_content_close>tcp-response content close</tcp-response_content_close>
<tcp-response_content_reject>tcp-response content reject</tcp-response_content_reject>
<tcp-response_content_lua>tcp-response content lua script</tcp-response_content_lua>
<custom>Custom</custom>
<custom>Custom rule (option pass-through)</custom>
</OptionValues>
</type>
<use_backend type="ModelRelationField">
<Model>
<template>
<source>OPNsense.HAProxy.HAProxy</source>
<items>backends.backend</items>
<display>name</display>
</template>
</Model>
<ValidationMessage>Related backend item not found</ValidationMessage>
<Multiple>Y</Multiple>
<Required>N</Required>
</use_backend>
<use_server type="ModelRelationField">
<Model>
<template>
<source>OPNsense.HAProxy.HAProxy</source>
<items>servers.server</items>
<display>name</display>
</template>
</Model>
<ValidationMessage>Related server item not found</ValidationMessage>
<Multiple>Y</Multiple>
<Required>N</Required>
</use_server>
<http_request_auth type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_auth>
<!-- XXX: add support for all "redirect" parameters as separate fields -->
<http_request_redirect type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_redirect>
<http_request_lua type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_lua>
<http_request_use_service type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_use_service>
<http_request_add_header_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_add_header_name>
<http_request_add_header_content type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_add_header_content>
<http_request_set_header_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_set_header_name>
<http_request_set_header_content type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_set_header_content>
<http_request_del_header_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_del_header_name>
<http_request_replace_header_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_replace_header_name>
<http_request_replace_header_regex type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_replace_header_regex>
<http_request_replace_value_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_replace_value_name>
<http_request_replace_value_regex type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_request_replace_value_regex>
<http_response_lua type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_lua>
<http_response_add_header_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_add_header_name>
<http_response_add_header_content type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_add_header_content>
<http_response_set_header_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_set_header_name>
<http_response_set_header_content type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_set_header_content>
<http_response_del_header_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_del_header_name>
<http_response_replace_header_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_replace_header_name>
<http_response_replace_header_regex type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_replace_header_regex>
<http_response_replace_value_name type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_replace_value_name>
<http_response_replace_value_regex type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</http_response_replace_value_regex>
<tcp_request_content_lua type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</tcp_request_content_lua>
<tcp_request_content_use_service type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</tcp_request_content_use_service>
<tcp_response_content_lua type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</tcp_response_content_lua>
<custom type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</custom>
<!-- XXX old values, required for migration to model 2.0.0 -->
<useBackend type="ModelRelationField">
<Model>
<template>
@ -941,13 +1278,13 @@
<Required>N</Required>
</useServer>
<actionName type="TextField">
<Required>N</Required>
<Required>N</Required>
</actionName>
<actionFind type="TextField">
<Required>N</Required>
<Required>N</Required>
</actionFind>
<actionValue type="TextField">
<Required>N</Required>
<Required>N</Required>
</actionValue>
</action>
</actions>

284
net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M2_0_0.php Normal file
View file

@ -0,0 +1,284 @@
<?php
/**
* Copyright (C) 2017 Frank Wall
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\HAProxy\Migrations;
use OPNsense\Base\BaseModelMigration;
class M2_0_0 extends BaseModelMigration
{
public function run($model)
{
// Migrate ACLs
foreach ($model->getNodeByReference('acls.acl')->__items as $acl) {
switch ((string)$acl->expression) {
case 'host_starts_with':
$acl->expression = 'hdr_beg';
$acl->hdr_beg = (string)$acl->value;
$acl->value = NULL;
break;
case 'host_ends_with':
$acl->expression = 'hdr_end';
$acl->hdr_end = (string)$acl->value;
$acl->value = NULL;
break;
case 'host_matches':
$acl->expression = 'hdr';
$acl->hdr = (string)$acl->value;
$acl->value = NULL;
break;
case 'host_regex':
$acl->expression = 'hdr_reg';
$acl->hdr_reg = (string)$acl->value;
$acl->value = NULL;
break;
case 'host_contains':
$acl->expression = 'hdr_sub';
$acl->hdr_sub = (string)$acl->value;
$acl->value = NULL;
break;
case 'path_starts_with':
$acl->expression = 'path_beg';
$acl->path_beg = (string)$acl->value;
$acl->value = NULL;
break;
case 'path_ends_with':
$acl->expression = 'path_end';
$acl->path_end = (string)$acl->value;
$acl->value = NULL;
break;
case 'path_matches':
$acl->expression = 'path';
$acl->path = (string)$acl->value;
$acl->value = NULL;
break;
case 'path_regex':
$acl->expression = 'path_reg';
$acl->path_reg = (string)$acl->value;
$acl->value = NULL;
break;
case 'path_contains':
$acl->expression = 'path_dir';
$acl->path_dir = (string)$acl->value;
$acl->value = NULL;
break;
case 'url_parameter':
$acl->expression = 'url_param';
$acl->url_param_value = (string)$acl->value;
$acl->value = NULL;
break;
case 'ssl_c_verify_code':
$acl->ssl_c_verify_code = (string)$acl->value;
$acl->value = NULL;
break;
case 'ssl_c_ca_commonname':
$acl->ssl_c_ca_commonname = (string)$acl->value;
$acl->value = NULL;
break;
case 'source_ip':
$acl->expression = 'src';
$acl->src = (string)$acl->value;
$acl->value = NULL;
break;
case 'backendservercount':
$acl->expression = 'nbsrv';
$acl->nbsrv = (string)$acl->value;
$acl->nbsrv_backend = (string)$acl->queryBackend;
$acl->value = NULL;
$acl->queryBackend = NULL;
break;
case 'ssl_sni_matches':
$acl->expression = 'ssl_sni';
$acl->ssl_sni = (string)$acl->value;
$acl->value = NULL;
break;
case 'ssl_sni_contains':
$acl->expression = 'ssl_sni_sub';
$acl->ssl_sni_sub = (string)$acl->value;
$acl->value = NULL;
break;
case 'ssl_sni_starts_with':
$acl->expression = 'ssl_sni_beg';
$acl->ssl_sni_beg = (string)$acl->value;
$acl->value = NULL;
break;
case 'ssl_sni_ends_with':
$acl->expression = 'ssl_sni_end';
$acl->ssl_sni_end = (string)$acl->value;
$acl->value = NULL;
break;
case 'ssl_sni_regex':
$acl->expression = 'ssl_sni_reg';
$acl->ssl_sni_reg = (string)$acl->value;
$acl->value = NULL;
break;
case 'custom_acl':
$acl->custom_acl = (string)$acl->value;
$acl->value = NULL;
break;
}
}
// Migrate Actions
foreach ($model->getNodeByReference('actions.action')->__items as $action) {
switch ((string)$action->type) {
case 'use_backend':
$action->use_backend = (string)$action->useBackend;
$action->useBackend = NULL;
break;
case 'use_server':
$action->use_server = (string)$action->useServer;
$action->useServer = NULL;
break;
case 'http-request_auth':
$action->http_request_auth = (string)$action->actionValue;
$action->actionValue = NULL;
break;
case 'http-request_redirect':
$action->http_request_redirect = (string)$action->actionValue;
$action->actionValue = NULL;
break;
case 'http-request_lua':
$action->http_request_lua = (string)$action->actionValue;
$action->actionValue = NULL;
break;
case 'http-request_use-service':
$action->http_request_use_service = (string)$action->actionValue;
$action->actionValue = NULL;
break;
case 'http-request_add-header':
$action->http_request_add_header_name = (string)$action->actionName;
$action->http_request_add_header_content = (string)$action->actionValue;
$action->actionName = NULL;
$action->actionValue = NULL;
break;
case 'http-request_set-header':
$action->http_request_set_header_name = (string)$action->actionName;
$action->http_request_set_header_content = (string)$action->actionValue;
$action->actionName = NULL;
$action->actionValue = NULL;
break;
case 'http-request_del-header':
$action->http_request_del_header_name = (string)$action->actionName;
$action->actionName = NULL;
break;
case 'http-request_replace-header':
$action->http_request_replace_header_name = (string)$action->actionName;
$action->http_request_replace_header_regex = (string)$action->actionFind . ' ' . (string)$action->actionValue;
$action->actionName = NULL;
$action->actionFind = NULL;
$action->actionValue = NULL;
break;
case 'http-request_replace-value':
$action->http_request_replace_value_name = (string)$action->actionName;
$action->http_request_replace_value_regex = (string)$action->actionFind . ' ' . (string)$action->actionValue;
$action->actionName = NULL;
$action->actionFind = NULL;
$action->actionValue = NULL;
break;
case 'http-response_lua':
$action->http_response_lua = (string)$action->actionValue;
$action->actionValue = NULL;
break;
case 'http-response_add-header':
$action->http_response_add_header_name = (string)$action->actionName;
$action->http_response_add_header_content = (string)$action->actionValue;
$action->actionName = NULL;
$action->actionValue = NULL;
break;
case 'http-response_set-header':
$action->http_response_set_header_name = (string)$action->actionName;
$action->http_response_set_header_content = (string)$action->actionValue;
$action->actionName = NULL;
$action->actionValue = NULL;
break;
case 'http-response_del-header':
$action->http_response_del_header_name = (string)$action->actionName;
$action->actionName = NULL;
break;
case 'http-response_replace-header':
$action->http_response_replace_header_name = (string)$action->actionName;
$action->http_response_replace_header_regex = (string)$action->actionFind . ' ' . (string)$action->actionValue;
$action->actionName = NULL;
$action->actionFind = NULL;
$action->actionValue = NULL;
break;
case 'http-response_replace-value':
$action->http_response_replace_value_name = (string)$action->actionName;
$action->http_response_replace_value_regex = (string)$action->actionFind . ' ' . (string)$action->actionValue;
$action->actionName = NULL;
$action->actionFind = NULL;
$action->actionValue = NULL;
break;
case 'tcp-request_content_lua':
$action->tcp_request_content_lua = (string)$action->actionValue;
$action->actionValue = NULL;
break;
case 'tcp-request_content_use-service':
$action->tcp_request_content_use_service = (string)$action->actionValue;
$action->actionValue = NULL;
break;
case 'tcp-response_content_lua':
$action->tcp_response_content_lua = (string)$action->actionValue;
$action->actionValue = NULL;
break;
case 'custom':
$action->custom = (string)$action->actionValue;
$action->actionValue = NULL;
break;
}
}
// Migrate Healthchecks
foreach ($model->getNodeByReference('healthchecks.healthcheck')->__items as $hc) {
switch ((string)$hc->type) {
case 'agent':
$hc->agent_port = (string)$hc->agentPort;
$hc->agentPort = NULL;
break;
case 'mysql':
$hc->mysql_user = (string)$hc->dbUser;
$hc->dbUser = NULL;
break;
case 'pgsql':
$hc->pgsql_user = (string)$hc->dbUser;
$hc->dbUser = NULL;
break;
case 'smtp':
$hc->smtp_domain = (string)$hc->smtpDomain;
$hc->smtpDomain = NULL;
break;
case 'esmtp':
$hc->esmtp_domain = (string)$hc->smtpDomain;
$hc->smtpDomain = NULL;
break;
}
}
}
}

271
net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
View file

@ -1,6 +1,6 @@
{#
Copyright (C) 2016 Frank Wall
Copyright (C) 2016-2017 Frank Wall
OPNsense® is Copyright © 2014 2015 by Deciso B.V.
All rights reserved.
@ -146,6 +146,75 @@ POSSIBILITY OF SUCH DAMAGE.
}
);
// hook into on-show event for dialog to extend layout.
$('#DialogAcl').on('shown.bs.modal', function (e) {
$("#acl\\.expression").change(function(){
var service_id = 'table_' + $(this).val();
$(".expression_table").hide();
// $(".table_"+$(this).val()).show();
$("."+service_id).show();
});
$("#acl\\.expression").change();
})
// hook into on-show event for dialog to extend layout.
$('#DialogAction').on('shown.bs.modal', function (e) {
$("#action\\.type").change(function(){
var service_id = 'table_' + $(this).val();
$(".type_table").hide();
// $(".table_"+$(this).val()).show();
$("."+service_id).show();
});
$("#action\\.type").change();
})
// hook into on-show event for dialog to extend layout.
$('#DialogBackend').on('shown.bs.modal', function (e) {
$("#backend\\.healthCheckEnabled").change(function(){
var service_id = 'table_healthcheck_' + $(this).is(':checked');
$(".healthcheck_table").hide();
$("."+service_id).show();
});
$("#backend\\.healthCheckEnabled").change();
})
// hook into on-show event for dialog to extend layout.
$('#DialogFrontend').on('shown.bs.modal', function (e) {
$("#frontend\\.mode").change(function(){
var service_id = 'table_' + $(this).val();
$(".mode_table").hide();
$("."+service_id).show();
});
$("#frontend\\.mode").change();
// show/hide SSL offloading
$("#frontend\\.ssl_enabled").change(function(){
var service_id = 'table_ssl_' + $(this).is(':checked');
$(".table_ssl").hide();
$("."+service_id).show();
});
$("#frontend\\.ssl_enabled").change();
// show/hide advanced SSL settings
$("#frontend\\.ssl_advancedEnabled").change(function(){
var service_id = 'table_ssl_advanced_' + $(this).is(':checked');
$(".table_ssl_advanced").hide();
$("."+service_id).show();
});
$("#frontend\\.ssl_advancedEnabled").change();
})
// hook into on-show event for dialog to extend layout.
$('#DialogHealthcheck').on('shown.bs.modal', function (e) {
$("#healthcheck\\.type").change(function(){
var service_id = 'table_' + $(this).val();
$(".type_table").hide();
// $(".table_"+$(this).val()).show();
$("."+service_id).show();
});
$("#healthcheck\\.type").change();
})
/***********************************************************************
* Commands
**********************************************************************/
@ -308,50 +377,158 @@ POSSIBILITY OF SUCH DAMAGE.
</script>
<ul class="nav nav-tabs" role="tablist" id="maintabs">
{% for tab in mainForm['tabs']|default([]) %}
{% if tab['subtabs']|default(false) %}
{# manually add tabs #}
<li class="active"><a data-toggle="tab" href="#introduction"><b>{{ lang._('Introduction') }}</b></a></li>
<li role="presentation" class="dropdown">
<a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
<b><span class="caret"></span></b>
</a>
<a data-toggle="tab" href="#subtab_haproxy-real-servers-introduction" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{ lang._('Real Servers') }}</b></a>
<ul class="dropdown-menu" role="menu">
<li><a data-toggle="tab" href="#subtab_haproxy-real-servers-introduction"><i class="fa fa-check-square"></i> {{ lang._('Introduction') }}</a></li>
<li><a data-toggle="tab" href="#servers"><i class="fa fa-check-square"></i> {{ lang._('Real Servers') }}</a></li>
</ul>
</li>
<li role="presentation" class="dropdown">
<a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
<b><span class="caret"></span></b>
</a>
<a data-toggle="tab" href="#subtab_haproxy-virtual-services-introduction" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{ lang._('Virtual Services') }}</b></a>
<ul class="dropdown-menu" role="menu">
<li><a data-toggle="tab" href="#subtab_haproxy-virtual-services-introduction"><i class="fa fa-check-square"></i> {{ lang._('Introduction') }}</a></li>
<li><a data-toggle="tab" href="#backends"><i class="fa fa-check-square"></i> {{ lang._('Backend Pools') }}</a></li>
<li><a data-toggle="tab" href="#frontends"><i class="fa fa-check-square"></i> {{ lang._('Public Services') }}</a></li>
</ul>
</li>
<li role="presentation" class="dropdown">
<a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
<b><span class="caret"></span></b>
</a>
<a data-toggle="tab" href="#subtab_haproxy-rules-checks-introduction" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{ lang._('Rules & Checks') }}</b></a>
<ul class="dropdown-menu" role="menu">
<li><a data-toggle="tab" href="#subtab_haproxy-rules-checks-introduction"><i class="fa fa-check-square"></i> {{ lang._('Introduction') }}</a></li>
<li><a data-toggle="tab" href="#healthchecks"><i class="fa fa-check-square"></i> {{ lang._('Health Monitors') }}</a></li>
<li><a data-toggle="tab" href="#acls"><i class="fa fa-check-square"></i> {{ lang._('Conditions') }}</a></li>
<li><a data-toggle="tab" href="#actions"><i class="fa fa-check-square"></i> {{ lang._('Rules') }}</a></li>
</ul>
</li>
{# add automatically generated tabs #}
{% for tab in mainForm['tabs']|default([]) %}
{% if tab['subtabs']|default(false) %}
{# Tab with dropdown #}
{# Find active subtab #}
{% set active_subtab="" %}
{% for subtab in tab['subtabs']|default({}) %}
{% if subtab[0]==mainForm['activetab']|default("") %}
{% set active_subtab=subtab[0] %}
{% endif %}
{% endfor %}
<li role="presentation" class="dropdown {% if mainForm['activetab']|default("") == active_subtab %}active{% endif %}">
<li role="presentation" class="dropdown">
<a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
<b><span class="caret"></span></b>
</a>
<a data-toggle="tab" href="#subtab_{{tab['subtabs'][0][0]}}" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{tab[1]}}</b></a>
<ul class="dropdown-menu" role="menu">
{% for subtab in tab['subtabs']|default({})%}
<li class="{% if mainForm['activetab']|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
<li><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
{% endfor %}
</ul>
</li>
{% else %}
{% else %}
{# Standard Tab #}
<li {% if mainForm['activetab']|default("") == tab[0] %} class="active" {% endif %}>
<li>
<a data-toggle="tab" href="#tab_{{tab[0]}}">
<b>{{tab[1]}}</b>
</a>
</li>
{% endif %}
{% endfor %}
{# add custom content #}
<li><a data-toggle="tab" href="#frontends"><b>{{ lang._('Frontends') }}</b></a></li>
<li><a data-toggle="tab" href="#backends"><b>{{ lang._('Backends') }}</b></a></li>
<li><a data-toggle="tab" href="#servers"><b>{{ lang._('Servers') }}</b></a></li>
<li><a data-toggle="tab" href="#healthchecks"><b>{{ lang._('Health Checks') }}</b></a></li>
<li><a data-toggle="tab" href="#actions"><b>{{ lang._('Actions') }}</b></a></li>
<li><a data-toggle="tab" href="#acls"><b>{{ lang._('ACLs') }}</b></a></li>
<li><a data-toggle="tab" href="#luas"><b>{{ lang._('Lua Scripts') }}</b></a></li>
<li><a data-toggle="tab" href="#errorfiles"><b>{{ lang._('Error Files') }}</b></a></li>
{% endif %}
{% endfor %}
<li role="presentation" class="dropdown">
<a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
<b><span class="caret"></span></b>
</a>
<a data-toggle="tab" href="#subtab_haproxy-advanced-introduction" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{ lang._('Advanced') }}</b></a>
<ul class="dropdown-menu" role="menu">
<li><a data-toggle="tab" href="#subtab_haproxy-advanced-introduction"><i class="fa fa-check-square"></i> {{ lang._('Introduction') }}</a></li>
<li><a data-toggle="tab" href="#errorfiles"><i class="fa fa-check-square"></i> {{ lang._('Error Messages') }}</a></li>
<li><a data-toggle="tab" href="#luas"><i class="fa fa-check-square"></i> {{ lang._('Lua Scripts') }}</a></li>
</ul>
</li>
</ul>
<div class="content-box tab-content">
<div id="introduction" class="tab-pane fade in active">
<div class="col-md-12">
<h1>Quick Start Guide</h1>
<p>{{ lang._('Welcome to the HAProxy plugin! This plugin is designed to offer all the features and flexibility HAProxy is famous for. If you are using HAProxy for the first time, please take some time to get familiar with it. The following information should help you to get started.')}}</p>
<p>{{ lang._('Note that you should configure HAProxy in the following order:') }}</p>
<ul>
<li>{{ lang._('Add %sReal Servers:%s All physical or virtual servers that HAProxy should use to load balance between or proxy to.') | format('<b>', '</b>') }}</li>
<li>{{ lang._('Add %sBackend Pools:%s Group the previously added servers to build a server farm. All servers in a group usually deliver the same content. The Backend Pool takes care of health monitoring and load distribution. A Backend Pool must be configured even if you only have a single server.') | format('<b>', '</b>')}}</li>
<li>{{ lang._('Add %sPublic Services:%s The Public Service listens for client connections, optionally applies rules and forwards client request data to the selected Backend Pool for load balancing or proxying.') | format('<b>', '</b>') }}</li>
<li>{{ lang._('Lastly, enable HAProxy using the %sService Settings%s.') | format('<b>', '</b>') }}</li>
</ul>
<p>{{ lang._('Please be aware that you need to %smanually%s add the required firewall rules for all configured services.') | format('<b>', '</b>') }}</p>
<p>{{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('<a href="https://docs.opnsense.org/manual/how-tos/haproxy.html" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html" target="_blank">', '</a>', '<a href="https://github.com/opnsense/plugins/issues/" target="_blank">', '</a>') }}</p>
<br/>
</div>
</div>
<div id="subtab_haproxy-real-servers-introduction" class="tab-pane fade">
<div class="col-md-12">
<h1>Real Servers</h1>
<p>{{ lang._('HAProxy needs to know which servers should be used to serve content. The following minimum information must be provided for each server:') }}</p>
<ul>
<li>{{ lang._('%sFQDN or IP:%s The IP address or fully-qualified domain name that should be used when communicating with your server.') | format('<b>', '</b>') }}</li>
<li>{{ lang._('%sPort:%s The TCP or UDP port that should be used. If unset, the same port the client connected to will be used.') | format('<b>', '</b>') }}</li>
</ul>
<p>{{ lang._("Please note that advanced mode settings allow you to disable a certain server or to configure it as a backup server in a Backend Pool. Another neat option is the possibility to adjust a server's weight relative to other servers in the same Backend Pool.") }}</p>
<p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>
<br/>
</div>
</div>
<div id="subtab_haproxy-virtual-services-introduction" class="tab-pane fade">
<div class="col-md-12">
<h1>Virtual Services</h1>
<p>{{ lang._("HAProxy requires two virtual services for its load balancing and proxying features. The following virtual services must be configured for everything that should be served by HAProxy:") }}</p>
<ul>
<li>{{ lang._('%sBackend Pools:%s The HAProxy backend. Group the %spreviously added servers%s to build a server farm. All servers in a group usually deliver the same content. The Backend Pool cares for health monitoring and load distribution. A Backend Pool must also be configured if you only have a single server. The same Backend Pool may be used for multiple Public Services.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
<li>{{ lang._('%sPublic Services:%s The HAProxy frontend. The Public Service listens for client connections, optionally applies rules and forwards client request data to the selected Backend Pool for load balancing or proxying. Every Public Service needs to be connected to a %spreviously created Backend Pool%s.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
</ul>
<p>{{ lang._('Remember to add firewall rules for all configured Public Services.') }}</p>
<p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>
<br/>
</div>
</div>
<div id="subtab_haproxy-rules-checks-introduction" class="tab-pane fade">
<div class="col-md-12">
<h1>Rules &amp; Checks</h1>
<p>{{ lang._("After getting acquainted with HAProxy the following optional features may prove useful:") }}</p>
<ul>
<li>{{ lang._('%sHealth Monitors:%s The HAProxy "health checks". Health Monitors are used by %sBackend Pools%s to determine if a server is still able to respond to client requests. If a server fails a health check it will automatically be removed from a Backend Pool and healthy servers are automatically re-added.') | format('<b>', '</b>', '<b>', '</b>') }}</li>
<li>{{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in multiple Rules.') | format('<b>', '</b>') }}</li>
<li>{{ lang._('%sRules:%s Perform a large set of actions if one or more %sConditions%s match. These Rules may be used in %sBackend Pools%s as well as %sPublic Services%s.') | format('<b>', '</b>', '<b>', '</b>', '<b>', '</b>', '<b>', '</b>') }}</li>
</ul>
<p>{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7" target="_blank">', '</a>') }}</p>
<p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>
<br/>
</div>
</div>
<div id="subtab_haproxy-advanced-introduction" class="tab-pane fade">
<div class="col-md-12">
<h1>Advanced Features</h1>
<p>{{ lang._("Most of the time these features are not required, but in certain situations they will be handy:") }}</p>
<ul>
<li>{{ lang._("%sError Messages:%s Return a custom message instead of errors generated by HAProxy. Useful to overwrite HAProxy's internal error messages. The message must represent the full HTTP response and include required HTTP headers.") | format('<b>', '</b>') }}</li>
<li>{{ lang._("%sLua scripts:%s Include your own Lua code/scripts to extend HAProxy's functionality. The Lua code can be used in certain %sRules%s, for example.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
</ul>
<p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s and the %sLua Script%s features.") | format('<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#lua-load" target="_blank">', '</a>') }}</p>
<br/>
</div>
</div>
{# add automatically generated tabs #}
{% for tab in mainForm['tabs']|default([]) %}
{% if tab['subtabs']|default(false) %}
{# Tab with dropdown #}
@ -374,8 +551,8 @@ POSSIBILITY OF SUCH DAMAGE.
<thead>
<tr>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="frontendid" data-type="number" data-visible="false">{{ lang._('Frontend ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Frontend Name') }}</th>
<th data-column-id="frontendid" data-type="number" data-visible="false">{{ lang._('Public Service ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Public Service Name') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
@ -409,8 +586,8 @@ POSSIBILITY OF SUCH DAMAGE.
<thead>
<tr>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="backendid" data-type="number" data-visible="false">{{ lang._('Backend ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Backend Name') }}</th>
<th data-column-id="backendid" data-type="number" data-visible="false">{{ lang._('Backend Pool ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Backend Pool Name') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
@ -443,7 +620,7 @@ POSSIBILITY OF SUCH DAMAGE.
<table id="grid-servers" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogServer">
<thead>
<tr>
<th data-column-id="serverid" data-type="number" data-visible="false">{{ lang._('Server id') }}</th>
<th data-column-id="serverid" data-type="number" data-visible="false">{{ lang._('Server ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Server Name') }}</th>
<th data-column-id="address" data-type="string">{{ lang._('Server Address') }}</th>
<th data-column-id="port" data-type="string">{{ lang._('Server Port') }}</th>
@ -479,8 +656,8 @@ POSSIBILITY OF SUCH DAMAGE.
<table id="grid-healthchecks" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogHealthcheck">
<thead>
<tr>
<th data-column-id="healthcheckid" data-type="number" data-visible="false">{{ lang._('Health Check ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Health Check Name') }}</th>
<th data-column-id="healthcheckid" data-type="number" data-visible="false">{{ lang._('Health Monitor ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Health Monitor Name') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
@ -513,8 +690,8 @@ POSSIBILITY OF SUCH DAMAGE.
<table id="grid-actions" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogAction">
<thead>
<tr>
<th data-column-id="actionid" data-type="number" data-visible="false">{{ lang._('Action ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Action Name') }}</th>
<th data-column-id="actionid" data-type="number" data-visible="false">{{ lang._('Rule ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Rule Name') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
@ -547,8 +724,8 @@ POSSIBILITY OF SUCH DAMAGE.
<table id="grid-acls" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogAcl">
<thead>
<tr>
<th data-column-id="aclid" data-type="number" data-visible="false">{{ lang._('ACL id') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('ACL Name') }}</th>
<th data-column-id="aclid" data-type="number" data-visible="false">{{ lang._('Condition ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Condition Name') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
@ -582,7 +759,7 @@ POSSIBILITY OF SUCH DAMAGE.
<thead>
<tr>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="luaid" data-type="number" data-visible="false">{{ lang._('Lua ID') }}</th>
<th data-column-id="luaid" data-type="number" data-visible="false">{{ lang._('Lua Script ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Lua Script Name') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
@ -616,8 +793,8 @@ POSSIBILITY OF SUCH DAMAGE.
<table id="grid-errorfiles" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogErrorfile">
<thead>
<tr>
<th data-column-id="errorfileid" data-type="number" data-visible="false">{{ lang._('Error File ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Name') }}</th>
<th data-column-id="errorfileid" data-type="number" data-visible="false">{{ lang._('Error Message ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Error Message Name') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
@ -647,11 +824,11 @@ POSSIBILITY OF SUCH DAMAGE.
</div>
{# include dialogs #}
{{ partial("layout_partials/base_dialog",['fields':formDialogFrontend,'id':'DialogFrontend','label':lang._('Edit Frontend')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogBackend,'id':'DialogBackend','label':lang._('Edit Backend')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogFrontend,'id':'DialogFrontend','label':lang._('Edit Public Service')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogBackend,'id':'DialogBackend','label':lang._('Edit Backend Pool')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogServer,'id':'DialogServer','label':lang._('Edit Server')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogHealthcheck,'id':'DialogHealthcheck','label':lang._('Edit Health Check')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogAction,'id':'DialogAction','label':lang._('Edit Action')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogAcl,'id':'DialogAcl','label':lang._('Edit ACL')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogHealthcheck,'id':'DialogHealthcheck','label':lang._('Edit Health Monitor')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogAction,'id':'DialogAction','label':lang._('Edit Rule')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogAcl,'id':'DialogAcl','label':lang._('Edit Condition')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogLua,'id':'DialogLua','label':lang._('Edit Lua Script')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogErrorfile,'id':'DialogErrorfile','label':lang._('Edit Error File')])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogErrorfile,'id':'DialogErrorfile','label':lang._('Edit Error Message')])}}

281
net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
View file

@ -63,86 +63,93 @@
{% endif %}
{% do acls_seen.append(acl_data.id) %}
{% set acl_options = [] %}
{% if acl_data.expression == 'host_starts_with' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('hdr_beg(host) -i ' ~ acl_data.value) %}
{% if acl_data.expression == 'hdr_beg' %}
{% if acl_data.hdr_beg|default("") != "" %}
{% do acl_options.append('hdr_beg(host) -i ' ~ acl_data.hdr_beg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'host_ends_with' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('hdr_end(host) -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'hdr_end' %}
{% if acl_data.hdr_end|default("") != "" %}
{% do acl_options.append('hdr_end(host) -i ' ~ acl_data.hdr_end) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'host_matches' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('hdr(host) -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'hdr' %}
{% if acl_data.hdr|default("") != "" %}
{% do acl_options.append('hdr(host) -i ' ~ acl_data.hdr) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'host_regex' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('hdr_reg(host) -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'hdr_reg' %}
{% if acl_data.hdr_reg|default("") != "" %}
{% do acl_options.append('hdr_reg(host) -i ' ~ acl_data.hdr_reg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'host_contains' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('hdr_sub(host) -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'hdr_sub' %}
{% if acl_data.hdr_sub|default("") != "" %}
{% do acl_options.append('hdr_sub(host) -i ' ~ acl_data.hdr_sub) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_starts_with' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('path_beg -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'path_beg' %}
{% if acl_data.path_beg|default("") != "" %}
{% do acl_options.append('path_beg -i ' ~ acl_data.path_beg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_ends_with' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('path_end -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'path_end' %}
{% if acl_data.path_end|default("") != "" %}
{% do acl_options.append('path_end -i ' ~ acl_data.path_end) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_matches' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('path -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'path' %}
{% if acl_data.path|default("") != "" %}
{% do acl_options.append('path -i ' ~ acl_data.path) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_regex' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('path_reg -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'path_reg' %}
{% if acl_data.path_reg|default("") != "" %}
{% do acl_options.append('path_reg -i ' ~ acl_data.path_reg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_contains' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('path_dir -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'path_dir' %}
{% if acl_data.path_dur|default("") != "" %}
{% do acl_options.append('path_dir -i ' ~ acl_data.path_dir) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'url_parameter' %}
{% if acl_data.value|default("") != "" and acl_data.urlparam|default("") != "" %}
{% do acl_options.append('url_param(' ~ acl_data.urlparam ~ ') -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'path_sub' %}
{% if acl_data.path_sub|default("") != "" %}
{% do acl_options.append('path_sub -i ' ~ acl_data.path_sub) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'url_param' %}
{% if acl_data.url_param_value|default("") != "" and acl_data.url_param|default("") != "" %}
{% do acl_options.append('url_param(' ~ acl_data.url_param ~ ') -i ' ~ acl_data.url_param_value) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'ssl_c_verify_code' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('ssl_c_verify ' ~ acl_data.value) %}
{% if acl_data.ssl_c_verify_code|default("") != "" %}
{% do acl_options.append('ssl_c_verify ' ~ acl_data.ssl_c_verify_code) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
@ -150,25 +157,29 @@
{% elif acl_data.expression == 'ssl_c_verify' %}
{% do acl_options.append('ssl_c_verify 0') %}
{% elif acl_data.expression == 'ssl_c_ca_commonname' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('ssl_c_i_dn(CN) ' ~ acl_data.value) %}
{% if acl_data.ssl_c_ca_commonname|default("") != "" %}
{% do acl_options.append('ssl_c_i_dn(CN) ' ~ acl_data.ssl_c_ca_commonname) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'ssl_fc' %}
{% do acl_options.append('ssl_fc') %}
{% elif acl_data.expression == 'source_ip' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('src ' ~ acl_data.value) %}
{% elif acl_data.expression == 'src' %}
{% if acl_data.src|default("") != "" %}
{% do acl_options.append('src ' ~ acl_data.src) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'backendservercount' %}
{% elif acl_data.expression == 'nbsrv' %}
{% do acl_options.append('') %}
{% if acl_data.value|default("") != "" and acl_data.queryBackend|default("") != "" %}
{% do acl_options.append('nbsrv(backend_' ~ acl_data.queryBackend ~ ') ge ' ~ acl_data.value) %}
{% if acl_data.nbsrv|default("") != "" %}
{% if acl_data.nbsrv_backend|default("") != "" %}
{% do acl_options.append('nbsrv(backend_' ~ acl_data.nbsrv_backend ~ ') ge ' ~ acl_data.nbsrv) %}
{% else %}
{% do acl_options.append('nbsrv ge ' ~ acl_data.nbsrv) %}
{% endif %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
@ -177,44 +188,44 @@
{% do acl_options.append('req.proto_http') %}
{% elif acl_data.expression == 'traffic_is_ssl' %}
{% do acl_options.append('req.ssl_ver gt 0') %}
{% elif acl_data.expression == 'ssl_sni_matches' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('req.ssl_sni -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'ssl_sni' %}
{% if acl_data.ssl_sni|default("") != "" %}
{% do acl_options.append('req.ssl_sni -i ' ~ acl_data.ssl_sni) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'ssl_sni_contains' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('req.ssl_sni -m sub -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'ssl_sni_sub' %}
{% if acl_data.ssl_sni_sub|default("") != "" %}
{% do acl_options.append('req.ssl_sni -m sub -i ' ~ acl_data.ssl_sni_sub) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'ssl_sni_starts_with' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('req.ssl_sni -m beg -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'ssl_sni_beg' %}
{% if acl_data.ssl_sni_beg|default("") != "" %}
{% do acl_options.append('req.ssl_sni -m beg -i ' ~ acl_data.ssl_sni_beg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'ssl_sni_ends_with' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('req.ssl_sni -m end -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'ssl_sni_end' %}
{% if acl_data.ssl_sni_end|default("") != "" %}
{% do acl_options.append('req.ssl_sni -m end -i ' ~ acl_data.ssl_sni_end) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'ssl_sni_regex' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append('req.ssl_sni -m reg -i ' ~ acl_data.value) %}
{% elif acl_data.expression == 'ssl_sni_reg' %}
{% if acl_data.ssl_sni_reg|default("") != "" %}
{% do acl_options.append('req.ssl_sni -m reg -i ' ~ acl_data.ssl_sni_reg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'custom_acl' %}
{% if acl_data.value|default("") != "" %}
{% do acl_options.append(acl_data.value) %}
{% if acl_data.custom_acl|default("") != "" %}
{% do acl_options.append(acl_data.custom_acl) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
@ -240,16 +251,16 @@
{% set action_enabled = '1' %}
{% set action_options = [] %}
{% if action_data.type == 'use_backend' %}
{% if action_data.useBackend|default("") != "" %}
{% set acl_backend_data = helpers.getUUID(action_data.useBackend) %}
{% if action_data.use_backend|default("") != "" %}
{% set acl_backend_data = helpers.getUUID(action_data.use_backend) %}
{% do action_options.append('use_backend ' ~ acl_backend_data.name) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'use_server' %}
{% if action_data.useServer|default("") != "" %}
{% set server_data = helpers.getUUID(action_data.useServer) %}
{% if action_data.use_server|default("") != "" %}
{% set server_data = helpers.getUUID(action_data.use_server) %}
{% do action_options.append('use-server ' ~ server_data.name) %}
{% else %}
{% set action_enabled = '0' %}
@ -262,64 +273,63 @@
{% elif action_data.type == 'http-request_tarpit' %}
{% do action_options.append('http-request tarpit') %}
{% elif action_data.type == 'http-request_auth' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request auth ' ~ action_data.actionValue) %}
{% if action_data.http_request_auth|default("") != "" %}
{% do action_options.append('http-request auth realm ' ~ action_data.http_request_auth) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% do action_options.append('http-request auth') %}
{% endif %}
{% elif action_data.type == 'http-request_redirect' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request redirect ' ~ action_data.actionValue) %}
{% if action_data.http_request_redirect|default("") != "" %}
{% do action_options.append('http-request redirect ' ~ action_data.http_request_redirect) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request lua.' ~ action_data.actionValue) %}
{% if action_data.http_request_lua|default("") != "" %}
{% do action_options.append('http-request lua.' ~ action_data.http_request_lua) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_use-service' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request use-service lua.' ~ action_data.actionValue) %}
{% if action_data.http_request_use_service|default("") != "" %}
{% do action_options.append('http-request use-service lua.' ~ action_data.http_request_use_service) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_add-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-request add-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% if action_data.http_request_add_header_name|default("") != "" and action_data.http_request_add_header_content|default("") != "" %}
{% do action_options.append('http-request add-header ' ~ action_data.http_request_add_header_name ~ ' ' ~ action_data.http_request_add_header_content) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_set-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-request set-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% if action_data.http_request_set_header_name|default("") != "" and action_data.http_request_set_header_content|default("") != "" %}
{% do action_options.append('http-request set-header ' ~ action_data.http_request_set_header_name ~ ' ' ~ action_data.http_request_set_header_content) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_del-header' %}
{% if action_data.actionName|default("") != "" %}
{% do action_options.append('http-request del-header' ~ action_data.actionName) %}
{% if action_data.http_request_del_header_name|default("") != "" %}
{% do action_options.append('http-request del-header' ~ action_data.http_request_del_header_name) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_replace-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-request replace-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% if action_data.http_request_replace_header_name|default("") != "" and action_data.http_request_replace_header_regex|default("") != "" %}
{% do action_options.append('http-request replace-header ' ~ action_data.http_request_replace_header_name ~ ' ' ~ action_data.http_request_replace_header_regex) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_replace-value' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-request replace-value ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% if action_data.http_request_replace_value_name|default("") != "" and action_data.http_request_replace_value_regex|default("") != "" %}
{% do action_options.append('http-request replace-value ' ~ action_data.http_request_replace_value_name ~ ' ' ~ action_data.http_request_replace_value_regex) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
@ -329,43 +339,43 @@
{% elif action_data.type == 'http-response_deny' %}
{% do action_options.append('http-response deny') %}
{% elif action_data.type == 'http-response_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-response lua.' ~ action_data.actionValue) %}
{% if action_data.http_response_lua|default("") != "" %}
{% do action_options.append('http-response lua.' ~ action_data.http_response_lua) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_add-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-response add-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% if action_data.http_response_add_header_name|default("") != "" and action_data.http_response_add_header_content|default("") != "" %}
{% do action_options.append('http-response add-header ' ~ action_data.http_response_add_header_name ~ ' ' ~ action_data.http_response_add_header_content) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_set-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-response set-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% if action_data.http_response_set_header_name|default("") != "" and action_data.http_response_set_header_content|default("") != "" %}
{% do action_options.append('http-response set-header ' ~ action_data.http_response_set_header_name ~ ' ' ~ action_data.http_response_set_header_content) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_del-header' %}
{% if action_data.actionName|default("") != "" %}
{% do action_options.append('http-response del-header' ~ action_data.actionName) %}
{% if action_data.http_response_del_header_name|default("") != "" %}
{% do action_options.append('http-response del-header' ~ action_data.http_response_del_header_name) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_replace-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-response replace-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% if action_data.http_response_replace_header_name|default("") != "" and action_data.http_response_replace_header_regex|default("") != "" %}
{% do action_options.append('http-response replace-header ' ~ action_data.http_response_replace_header_name ~ ' ' ~ action_data.http_response_replace_header_regex) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_replace-value' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-response replace-value ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% if action_data.http_response_replace_value_name|default("") != "" and action_data.http_response_replace_value_regex|default("") != "" %}
{% do action_options.append('http-response replace-value ' ~ action_data.http_response_replace_value_name ~ ' ' ~ action_data.http_response_replace_value_regex) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
@ -379,15 +389,15 @@
{% elif action_data.type == 'tcp-request_content_reject' %}
{% do action_options.append('tcp-request content reject') %}
{% elif action_data.type == 'tcp-request_content_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('tcp-request content lua.' ~ action_data.actionValue) %}
{% if action_data.tcp-request_content_lua|default("") != "" %}
{% do action_options.append('tcp-request content lua.' ~ action_data.tcp_request_content_lua) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'tcp-request_content_use-service' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('tcp-request content use-service lua.' ~ action_data.actionValue) %}
{% if action_data.tcp_request_content_use_service|default("") != "" %}
{% do action_options.append('tcp-request content use-service lua.' ~ action_data.tcp_request_content_use_service) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
@ -399,15 +409,15 @@
{% elif action_data.type == 'tcp-response_content_reject' %}
{% do action_options.append('tcp-response content reject') %}
{% elif action_data.type == 'tcp-response_content_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('tcp-response content lua.' ~ action_data.actionValue) %}
{% if action_data.tcp_response_content_lua|default("") != "" %}
{% do action_options.append('tcp-response content lua.' ~ action_data.tcp_response_content_lua) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'custom' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append(action_data.actionValue) %}
{% if action_data.custom|default("") != "" %}
{% do action_options.append(action_data.custom) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
@ -508,6 +518,20 @@ global
{% endif %}
{% endfor %}
{% endif %}
{# # ssl default settings #}
{% if OPNsense.HAProxy.general.tuning.ssl_defaultsEnabled|default("") == '1' %}
{% if OPNsense.HAProxy.general.tuning.ssl_bindOptions|default("") != "" %}
{% set bindopts = [] %}
{% for bindopt in OPNsense.HAProxy.general.tuning.ssl_bindOptions.split(",") %}
{% do bindopts.append(bindopt) %}
{% endfor %}
ssl-default-bind-options {{ bindopts|join(' ') }}
{% endif %}
{% if OPNsense.HAProxy.general.tuning.ssl_cipherList|default("") != "" %}
ssl-default-bind-ciphers {{ OPNsense.HAProxy.general.tuning.ssl_cipherList }}
{% endif %}
{% endif %}
{# # pass-through options #}
{% if OPNsense.HAProxy.general.tuning.customOptions|default("") != "" %}
# WARNING: pass through options below this line
{% for customOpt in OPNsense.HAProxy.general.tuning.customOptions.split("\n") %}
@ -561,22 +585,37 @@ defaults
# Frontend: {{frontend.name}} ({{frontend.description}})
frontend {{frontend.name}}
{% set ssl_certs = [] %}
{% set ssl_options = [] %}
{% if frontend.ssl_enabled == '1' %}
{# # check if ssl certs are configured #}
{% if frontend.ssl_certificates|default("") != "" %}
{# # NOTE: Cert lists are generated by exportCerts.php #}
{% do ssl_certs.append('crt-list /var/etc/haproxy/ssl/' ~ frontend.id ~ '.crtlist') %}
{% endif %}
{# # advanced ssl options #}
{# # advanced ssl parameters (pass-through) #}
{% if frontend.ssl_customOptions|default("") != "" %}
{# # add a space to separate it from other ssl params #}
{% set ssl_options = frontend.ssl_customOptions ~ ' ' %}
{% do ssl_options.append(frontend.ssl_customOptions ~ ' ') %}
{% endif %}
{# # advanced ssl settings #}
{% if frontend.ssl_advancedEnabled|default("") == '1' %}
{% if frontend.ssl_bindOptions|default("") != "" %}
{% for bindopt in frontend.ssl_bindOptions.split(",") %}
{% do ssl_options.append(bindopt) %}
{% endfor %}
{% endif %}
{% if frontend.ssl_cipherList|default("") != "" %}
{% do ssl_options.append('ciphers ' ~ frontend.ssl_cipherList) %}
{% endif %}
{% endif %}
{# # HSTS #}
{% if frontend.ssl_hstsEnabled|default("") == '1' %}
http-response set-header Strict-Transport-Security max-age={{frontend.ssl_hstsMaxAge}}
{% endif %}
{% endif %}
{# # bind/listen configuration #}
{% if frontend.bind|default("") != "" %}
{% for bind in frontend.bind.split(",") %}
bind {{bind}} name {{bind}} {% if frontend.bindOptions|default("") != "" %}{{ frontend.bindOptions }} {% endif %}{% if frontend.ssl_enabled == '1' and ssl_certs|default("") != "" %}ssl {{ ssl_options }}{{ssl_certs|join(' ')}} {% endif %}
bind {{bind}} name {{bind}} {% if frontend.bindOptions|default("") != "" %}{{ frontend.bindOptions }} {% endif %}{% if frontend.ssl_enabled == '1' and ssl_certs|default("") != "" %}ssl {{ ssl_options|join(' ') }} {{ ssl_certs|join(' ') }} {% endif %}
{% endfor %}
{% endif %}
@ -721,25 +760,35 @@ backend {{backend.name}}
{% endif %}
{% endif %}
{% elif healthcheck_data.type == 'agent' %}
{% if healthcheck_data.agentPort|default("") != "" %}
{% do healthcheck_additions.append('agent-check agent-port ' ~ healthcheck_data.agentPort) %}
{% if healthcheck_data.agent_port|default("") != "" %}
{% do healthcheck_additions.append('agent-check agent-port ' ~ healthcheck_data.agent_port) %}
{% else %}
# ERROR: agent-check configured, but agent-port was not specified
{% endif %}
{% elif healthcheck_data.type == 'ldap' %}
option ldap-check
{% elif healthcheck_data.type == 'mysql' or healthcheck_data.type == 'pgsql' %}
{% if healthcheck_data.dbUser|default("") != "" %}
option {{healthcheck_data.type}}-check user {{healthcheck_data.dbUser}}
{% elif healthcheck_data.type == 'mysql' %}
{% if healthcheck_data.mysql_user|default("") != "" %}
{% if healthcheck_data.mysql_post41|default("") == '1' %}
option mysql-check user {{healthcheck_data.mysql_user}} post-41
{% else %}
option mysql-check user {{healthcheck_data.mysql_user}}
{% endif %}
{% else %}
# ERROR: {{healthcheck_data.type}} check configured, but db user was not specified
{% endif %}
{% elif healthcheck_data.type == 'pgsql' %}
{% if healthcheck_data.pgsql_user|default("") != "" %}
option pgsql-check user {{healthcheck_data.pgsql_user}}
{% else %}
# ERROR: {{healthcheck_data.type}} check configured, but db user was not specified
{% endif %}
{% elif healthcheck_data.type == 'redis' %}
option redis-check
{% elif healthcheck_data.type == 'smtp' %}
option smtpchk HELO {{healthcheck_data.smtpDomain}}
option smtpchk HELO {{healthcheck_data.smtp_domain}}
{% elif healthcheck_data.type == 'esmtp' %}
option smtpchk EHLO {{healthcheck_data.smtpDomain}}
option smtpchk EHLO {{healthcheck_data.esmtp_domain}}
{% elif healthcheck_data.type == 'ssl' %}
option ssl-hello-chk
{% endif %}
@ -888,7 +937,7 @@ backend {{backend.name}}
{% if server_data.advanced|default("") != "" %}
{% do server_options.append(server_data.advanced) %}
{% endif %}
server {{server_data.name}} {{server_data.address}}:{% if backend.tuning_noport != '1' %}{{server_data.port}}{% endif %} {{server_options|join(' ')}}
server {{server_data.name}} {{server_data.address}}:{% if backend.tuning_noport != '1' %}{% if server_data.port|default("") != "" %}{{server_data.port}}{% endif %}{% endif %} {{server_options|join(' ')}}
{% endif %}
{% endfor %}