mirror of
https://github.com/opnsense/plugins.git
synced 2026-05-28 04:34:15 -04:00
Merge pull request #3156 from fraenki/haproxy_312
net/haproxy: release 3.12
This commit is contained in:
Frank Wall
GitHub
commit
efdf6afbd9
14 changed files with 70 additions and 38 deletions
|
|
@ -1,6 +1,5 @@
|
|||
PLUGIN_NAME= haproxy
|
||||
PLUGIN_VERSION= 3.11
|
||||
PLUGIN_REVISION= 1
|
||||
PLUGIN_VERSION= 3.12
|
||||
PLUGIN_COMMENT= Reliable, high performance TCP/HTTP load balancer
|
||||
PLUGIN_DEPENDS= haproxy24
|
||||
PLUGIN_MAINTAINER= opnsense@moov.de
|
||||
|
|
|
|||
|
|
@ -6,6 +6,18 @@ very high loads while needing persistence or Layer7 processing.
|
|||
Plugin Changelog
|
||||
================
|
||||
|
||||
3.12
|
||||
|
||||
Added:
|
||||
* add support for req.ssl_hello_type (#2311)
|
||||
|
||||
Fixed:
|
||||
* fix unix sockets in chrooted environment (#3093)
|
||||
* fix peers by automatically configuring the local peer (#3114)
|
||||
|
||||
Changed:
|
||||
* update HAProxy documentation URLs
|
||||
|
||||
3.11
|
||||
|
||||
Added:
|
||||
|
|
|
|||
|
|
@ -56,8 +56,6 @@ class ServiceController extends ApiMutableServiceControllerBase
|
|||
$backend = new Backend();
|
||||
// first generate template based on current configuration
|
||||
$backend->configdRun('template reload OPNsense/HAProxy');
|
||||
// now export all the required files (or syntax check will fail)
|
||||
$backend->configdRun("haproxy setup");
|
||||
// finally run the syntax check
|
||||
$response = $backend->configdRun("haproxy configtest");
|
||||
return array("result" => $response);
|
||||
|
|
|
|||
|
|
@ -278,6 +278,17 @@
|
|||
<type>text</type>
|
||||
<help><![CDATA[Verify the CA Common-Name of the certificate presented by the client against the specified string.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Parameters</label>
|
||||
<type>header</type>
|
||||
<style>expression_table table_ssl_hello_type</style>
|
||||
</field>
|
||||
<field>
|
||||
<id>acl.ssl_hello_type</id>
|
||||
<label>SSL Hello Type</label>
|
||||
<type>dropdown</type>
|
||||
<help><![CDATA[An integer value containing the type of the SSL hello message found in the request buffer if the buffer contains data that parse as a complete SSL (v3 or superior) client hello message.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Parameters</label>
|
||||
<type>header</type>
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@
|
|||
<id>action.http_request_redirect</id>
|
||||
<label>HTTP Redirect</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[Use HAProxy's redirect function to return a HTTP redirection. See <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
<help><![CDATA[Use HAProxy's redirect function to return a HTTP redirection. See <a href="http://docs.haproxy.org/2.4/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Parameters</label>
|
||||
|
|
@ -128,7 +128,7 @@
|
|||
<id>action.http_request_add_header_content</id>
|
||||
<label>Header Content</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it is possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it is possible to use pre-defined variables, see <a href="http://docs.haproxy.org/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Parameters</label>
|
||||
|
|
@ -145,7 +145,7 @@
|
|||
<id>action.http_request_set_header_content</id>
|
||||
<label>Header Content</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://docs.haproxy.org/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Parameters</label>
|
||||
|
|
@ -251,7 +251,7 @@
|
|||
<id>action.http_response_add_header_content</id>
|
||||
<label>Header Content</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://docs.haproxy.org/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Parameters</label>
|
||||
|
|
@ -268,7 +268,7 @@
|
|||
<id>action.http_response_set_header_content</id>
|
||||
<label>Header Content</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://docs.haproxy.org/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Parameters</label>
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@
|
|||
<id>backend.algorithm</id>
|
||||
<label>Balancing Algorithm</label>
|
||||
<type>dropdown</type>
|
||||
<help><![CDATA[Define the load balancing algorithm to be used in a Backend Pool. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#balance">HAProxy documentation</a> for a full description.]]></help>
|
||||
<help><![CDATA[Define the load balancing algorithm to be used in a Backend Pool. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#balance">HAProxy documentation</a> for a full description.]]></help>
|
||||
<hint>Choose a load balancing algorithm.</hint>
|
||||
</field>
|
||||
<field>
|
||||
|
|
@ -42,7 +42,7 @@
|
|||
<id>backend.proxyProtocol</id>
|
||||
<label>Proxy Protocol</label>
|
||||
<type>dropdown</type>
|
||||
<help><![CDATA[Enforces use of the PROXY protocol over any connection established to the configured servers. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection, so that it can know the client's address or the public address it accessed to, whatever the upper layer protocol. This setting must not be used if the servers are not aware of the PROXY protocol. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#send-proxy">HAProxy documentation</a> for a full description.]]></help>
|
||||
<help><![CDATA[Enforces use of the PROXY protocol over any connection established to the configured servers. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection, so that it can know the client's address or the public address it accessed to, whatever the upper layer protocol. This setting must not be used if the servers are not aware of the PROXY protocol. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#send-proxy">HAProxy documentation</a> for a full description.]]></help>
|
||||
<advanced>true</advanced>
|
||||
</field>
|
||||
<field>
|
||||
|
|
@ -186,7 +186,7 @@
|
|||
<id>backend.persistence_cookiemode</id>
|
||||
<label>Cookie handling</label>
|
||||
<type>dropdown</type>
|
||||
<help><![CDATA[Usually it is better to reuse an existing cookie. In this case HAProxy prefixes the cookie with the required information. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4.2-cookie">HAProxy documentation</a> for a full description.]]></help>
|
||||
<help><![CDATA[Usually it is better to reuse an existing cookie. In this case HAProxy prefixes the cookie with the required information. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#4.2-cookie">HAProxy documentation</a> for a full description.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>backend.persistence_cookiename</id>
|
||||
|
|
@ -208,14 +208,14 @@
|
|||
<id>backend.stickiness_pattern</id>
|
||||
<label>Table type</label>
|
||||
<type>dropdown</type>
|
||||
<help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
|
||||
<help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
|
||||
<hint>Choose a persistence type.</hint>
|
||||
</field>
|
||||
<field>
|
||||
<id>backend.stickiness_dataTypes</id>
|
||||
<label>Stored data types</label>
|
||||
<type>select_multiple</type>
|
||||
<help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
|
||||
<help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>backend.stickiness_expire</id>
|
||||
|
|
|
|||
|
|
@ -322,14 +322,14 @@
|
|||
<id>frontend.stickiness_pattern</id>
|
||||
<label>Table type</label>
|
||||
<type>dropdown</type>
|
||||
<help><![CDATA[Choose the type of data that should be stored in this stick-table. Note that this stick-table cannot be used for session persistence, it is only used to store additional per-connection data (select below). See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stick-table">HAProxy documentation</a> for further information.]]></help>
|
||||
<help><![CDATA[Choose the type of data that should be stored in this stick-table. Note that this stick-table cannot be used for session persistence, it is only used to store additional per-connection data (select below). See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#stick-table">HAProxy documentation</a> for further information.]]></help>
|
||||
<hint>Choose a stick-table type.</hint>
|
||||
</field>
|
||||
<field>
|
||||
<id>frontend.stickiness_dataTypes</id>
|
||||
<label>Stored data types</label>
|
||||
<type>select_multiple</type>
|
||||
<help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
|
||||
<help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>frontend.stickiness_expire</id>
|
||||
|
|
@ -356,7 +356,7 @@
|
|||
<id>frontend.stickiness_counter_key</id>
|
||||
<label>Sticky counter key</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[It describes what elements of the incoming request or connection will be analyzed, extracted, combined, and used to select which table entry to update the counters. Defaults to "src" to track elements of the source IP. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#tcp-request connection">HAProxy documentation</a> for a full description.]]></help>
|
||||
<help><![CDATA[It describes what elements of the incoming request or connection will be analyzed, extracted, combined, and used to select which table entry to update the counters. Defaults to "src" to track elements of the source IP. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#tcp-request connection">HAProxy documentation</a> for a full description.]]></help>
|
||||
<advanced>true</advanced>
|
||||
</field>
|
||||
<field>
|
||||
|
|
|
|||
|
|
@ -15,6 +15,6 @@
|
|||
<id>mapfile.content</id>
|
||||
<label>Content</label>
|
||||
<type>textbox</type>
|
||||
<help><![CDATA[Paste the content of your map file here. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#map">HAProxy documentation</a> for a full description.]]></help>
|
||||
<help><![CDATA[Paste the content of your map file here. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#map">HAProxy documentation</a> for a full description.]]></help>
|
||||
</field>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -10,14 +10,14 @@
|
|||
<help><![CDATA[Enable or disable HAProxy peers. This will propagate entries of any data-types in stick-tables between several HAProxy instances over TCP connections in a multi-master fashion.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Peer 1 (this host)</label>
|
||||
<label>Peer 1</label>
|
||||
<type>header</type>
|
||||
</field>
|
||||
<field>
|
||||
<id>haproxy.general.peers.name1</id>
|
||||
<label>Peer name (FQDN)</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[The name of the peer. This is usually the full hostname to make it possible for HAProxy to recognize the local peer. If HAProxy is unable to find the local peer it will fail to start.]]></help>
|
||||
<help><![CDATA[The name of the peer. This is usually the fully qualified domain name. If the name matches the <a href="/system_general.php">system hostname</a>, then this peer is automatically configured as local peer.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>haproxy.general.peers.listen1</id>
|
||||
|
|
@ -32,14 +32,14 @@
|
|||
<help><![CDATA[The TCP port that should be used for connections to this peer. It must not be used by any other service.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<label>Peer 2 (remote host)</label>
|
||||
<label>Peer 2</label>
|
||||
<type>header</type>
|
||||
</field>
|
||||
<field>
|
||||
<id>haproxy.general.peers.name2</id>
|
||||
<label>Peer name (FQDN)</label>
|
||||
<type>text</type>
|
||||
<help><![CDATA[The name of the peer. This is usually the full hostname to make it possible for HAProxy to recognize the local peer. If HAProxy is unable to find the local peer it will fail to start.]]></help>
|
||||
<help><![CDATA[The name of the peer. This is usually the fully qualified domain name. If the name matches the <a href="/system_general.php">system hostname</a>, then this peer is automatically configured as local peer.]]></help>
|
||||
</field>
|
||||
<field>
|
||||
<id>haproxy.general.peers.listen2</id>
|
||||
|
|
|
|||
|
|
@ -1599,6 +1599,7 @@
|
|||
<ssl_c_verify>SSL Client certificate is valid</ssl_c_verify>
|
||||
<ssl_c_verify_code>SSL Client certificate verify error result</ssl_c_verify_code>
|
||||
<ssl_c_ca_commonname>SSL Client certificate issued by CA common-name</ssl_c_ca_commonname>
|
||||
<ssl_hello_type>SSL Hello Type</ssl_hello_type>
|
||||
<src>Source IP matches specified IP</src>
|
||||
<src_is_local>Source IP is local</src_is_local>
|
||||
<src_port>Source IP: TCP source port</src_port>
|
||||
|
|
@ -1764,6 +1765,15 @@
|
|||
<mask>/^.{1,4096}$/u</mask>
|
||||
<Required>N</Required>
|
||||
</ssl_c_ca_commonname>
|
||||
<ssl_hello_type type="OptionField">
|
||||
<Required>N</Required>
|
||||
<default>x1</default>
|
||||
<OptionValues>
|
||||
<x0>0 - no client hello</x0>
|
||||
<x1>1 - client hello</x1>
|
||||
<x2>2 - server hello</x2>
|
||||
</OptionValues>
|
||||
</ssl_hello_type>
|
||||
<src type="TextField">
|
||||
<mask>/^.{1,4096}$/u</mask>
|
||||
<Required>N</Required>
|
||||
|
|
|
|||
|
|
@ -698,7 +698,7 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
<li>{{ lang._('Lastly, enable HAProxy using the %sService%s settings page.') | format('<b>', '</b>') }}</li>
|
||||
</ul>
|
||||
<p>{{ lang._('Please be aware that you need to %smanually%s add the required firewall rules for all configured services.') | format('<b>', '</b>') }}</p>
|
||||
<p>{{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('<a href="https://docs.opnsense.org/manual/how-tos/haproxy.html" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html" target="_blank">', '</a>', '<a href="https://github.com/opnsense/plugins/issues/" target="_blank">', '</a>') }}</p>
|
||||
<p>{{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('<a href="https://docs.opnsense.org/manual/how-tos/haproxy.html" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html" target="_blank">', '</a>', '<a href="https://github.com/opnsense/plugins/issues/" target="_blank">', '</a>') }}</p>
|
||||
<br/>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -740,7 +740,7 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
<li>{{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in multiple Rules.') | format('<b>', '</b>') }}</li>
|
||||
<li>{{ lang._('%sRules:%s Perform a large set of actions if one or more %sConditions%s match. These Rules may be used in %sBackend Pools%s as well as %sPublic Services%s.') | format('<b>', '</b>', '<b>', '</b>', '<b>', '</b>', '<b>', '</b>') }}</li>
|
||||
</ul>
|
||||
<p>{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#7" target="_blank">', '</a>') }}</p>
|
||||
<p>{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://docs.haproxy.org/2.4/configuration.html#7" target="_blank">', '</a>') }}</p>
|
||||
<p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>
|
||||
<br/>
|
||||
</div>
|
||||
|
|
@ -755,7 +755,7 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
<li>{{ lang._('%sGroup:%s A optional list containing one or more users. Groups usually make it easier to manage permissions for a large number of users') | format('<b>', '</b>') }}</li>
|
||||
</ul>
|
||||
<p>{{ lang._('Note that users and groups must be selected from the Backend Pool or Public Service configuration in order to be used for authentication. In addition to this users and groups may also be used in Rules/Conditions.') }}</p>
|
||||
<p>{{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#3.4" target="_blank">', '</a>') }}</p>
|
||||
<p>{{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://docs.haproxy.org/2.4/configuration.html#3.4" target="_blank">', '</a>') }}</p>
|
||||
<br/>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -773,7 +773,7 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
<li>{{ lang._("%sCache:%s HAProxy's cache which was designed to perform cache on small objects (favicon, css, etc.). This is a minimalist low-maintenance cache which runs in RAM.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
|
||||
<li>{{ lang._("%sPeers:%s Configure a communication channel between two HAProxy instances. This will propagate entries of any data-types in stick-tables between these HAProxy instances over TCP connections in a multi-master fashion. Useful when aiming for a seamless failover in a HA setup.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
|
||||
</ul>
|
||||
<p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sStatistics%s, %sCache%s and %sPeers%s features.") | format('<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stats%20enable" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#10" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#3.5" target="_blank">', '</a>') }}</p>
|
||||
<p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sStatistics%s, %sCache%s and %sPeers%s features.") | format('<a href="http://docs.haproxy.org/2.4/configuration.html#stats%20enable" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html#10" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html#3.5" target="_blank">', '</a>') }}</p>
|
||||
<br/>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -790,7 +790,7 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
<li>{{ lang._("%sResolvers:%s This feature allows in-depth configuration of how HAProxy handles name resolution and interacts with name resolvers (DNS). Each resolver configuration can be used in %sBackend Pools%s to apply individual name resolution configurations.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
|
||||
<li>{{ lang._("%sE-Mail Alerts:%s It is possible to send email alerts when the state of servers changes. Each configuration can be used in %sBackend Pools%s to send e-mail alerts to the configured recipient.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
|
||||
</ul>
|
||||
<p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s. A detailed explanation of the resolvers feature can be found %shere%s.") | format('<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#lua-load" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#map" target="_blank">', '</a>' ,'<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#cpu-map" target="_blank">', '</a>' ,'<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#bind-process" target="_blank">', '</a>' ,'<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#process" target="_blank">', '</a>','<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#5.3.2" target="_blank">', '</a>') }}</p>
|
||||
<p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s. A detailed explanation of the resolvers feature can be found %shere%s.") | format('<a href="http://docs.haproxy.org/2.4/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html#lua-load" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html#map" target="_blank">', '</a>' ,'<a href="http://docs.haproxy.org/2.4/configuration.html#cpu-map" target="_blank">', '</a>' ,'<a href="http://docs.haproxy.org/2.4/configuration.html#bind-process" target="_blank">', '</a>' ,'<a href="http://docs.haproxy.org/2.4/configuration.html#process" target="_blank">', '</a>','<a href="http://docs.haproxy.org/2.4/configuration.html#5.3.2" target="_blank">', '</a>') }}</p>
|
||||
<br/>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,3 @@
|
|||
[setup]
|
||||
command:/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh
|
||||
parameters:
|
||||
type:script_output
|
||||
message:setup haproxy service requirements
|
||||
|
||||
[start]
|
||||
command:/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh deploy; /usr/local/opnsense/scripts/OPNsense/HAProxy/rc-wrapper.sh start
|
||||
parameters:
|
||||
|
|
@ -31,7 +25,7 @@ description:Reload HAProxy service
|
|||
message:reloading haproxy
|
||||
|
||||
[configtest]
|
||||
command:/usr/local/sbin/haproxy -c -f /usr/local/etc/haproxy.conf.staging 2>&1 || exit 0
|
||||
command:/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh; /usr/local/sbin/haproxy -c -f /usr/local/etc/haproxy.conf.staging 2>&1 || exit 0
|
||||
parameters:
|
||||
type:script_output
|
||||
message:testing haproxy configuration
|
||||
|
|
|
|||
|
|
@ -284,6 +284,8 @@
|
|||
{% set acl_enabled = '0' %}
|
||||
# ERROR: missing parameters
|
||||
{% endif %}
|
||||
{% elif acl_data.expression == 'ssl_hello_type' %}
|
||||
{% do acl_options.append('req.ssl_hello_type ' ~ acl_data.ssl_hello_type|replace('x', '')) %}
|
||||
{% elif acl_data.expression == 'src' %}
|
||||
{% if acl_data.src|default("") != "" %}
|
||||
{% do acl_options.append('src ' ~ acl_data.src) %}
|
||||
|
|
@ -1039,6 +1041,10 @@ global
|
|||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{# # specify local peer #}
|
||||
{% if peers_enabled is defined %}
|
||||
localpeer {{ system.hostname|lower }}.{{ system.domain|lower }}
|
||||
{% endif %}
|
||||
{# # pass-through options #}
|
||||
{% if OPNsense.HAProxy.general.tuning.customOptions|default("") != "" %}
|
||||
# WARNING: pass through options below this line
|
||||
|
|
@ -1890,7 +1896,7 @@ backend {{backend.name}}
|
|||
{# PEERS #}
|
||||
{# ############################### #}
|
||||
|
||||
{%- if helpers.exists('OPNsense.HAProxy.general.peers') and OPNsense.HAProxy.general.peers.enabled|default("") == "1" %}
|
||||
{%- if peers_enabled is defined %}
|
||||
{# # ensure that no value is missing #}
|
||||
{% if OPNsense.HAProxy.general.peers.name1|default("") != '' and
|
||||
OPNsense.HAProxy.general.peers.listen1|default("") != '' and
|
||||
|
|
@ -1899,8 +1905,10 @@ backend {{backend.name}}
|
|||
OPNsense.HAProxy.general.peers.listen2|default("") != '' and
|
||||
OPNsense.HAProxy.general.peers.port2|default("") != '' %}
|
||||
peers {{peers_name}}
|
||||
peer {{OPNsense.HAProxy.general.peers.name1}} {{OPNsense.HAProxy.general.peers.listen1}}:{{OPNsense.HAProxy.general.peers.port1}}
|
||||
peer {{OPNsense.HAProxy.general.peers.name2}} {{OPNsense.HAProxy.general.peers.listen2}}:{{OPNsense.HAProxy.general.peers.port2}}
|
||||
peer {{OPNsense.HAProxy.general.peers.name1|lower}} {{OPNsense.HAProxy.general.peers.listen1}}:{{OPNsense.HAProxy.general.peers.port1}}
|
||||
peer {{OPNsense.HAProxy.general.peers.name2|lower}} {{OPNsense.HAProxy.general.peers.listen2}}:{{OPNsense.HAProxy.general.peers.port2}}
|
||||
{% else %}
|
||||
# ERROR: peers configuration is incomplete
|
||||
{% endif %}
|
||||
{%- endif -%}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{% if helpers.exists('OPNsense.HAProxy.general.enabled') and OPNsense.HAProxy.general.enabled|default("0") == "1" %}
|
||||
haproxy_enable=YES
|
||||
#haproxy_setup="/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh"
|
||||
haproxy_setup="/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh"
|
||||
haproxy_pidfile="/var/run/haproxy.pid"
|
||||
haproxy_config="/usr/local/etc/haproxy.conf"
|
||||
{% if helpers.exists('OPNsense.HAProxy.general.storeOcsp') and OPNsense.HAProxy.general.storeOcsp|default("0") == "1" %}
|
||||
|
|
|
|||
Loading…
Reference in a new issue