diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
index 0c4fd723e..084dfc5a4 100644
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -1,6 +1,5 @@
 PLUGIN_NAME=		haproxy
-PLUGIN_VERSION=		3.11
-PLUGIN_REVISION=	1
+PLUGIN_VERSION=		3.12
 PLUGIN_COMMENT=		Reliable, high performance TCP/HTTP load balancer
 PLUGIN_DEPENDS=		haproxy24
 PLUGIN_MAINTAINER=	opnsense@moov.de
diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr
index d33a113b1..37b084e82 100644
--- a/net/haproxy/pkg-descr
+++ b/net/haproxy/pkg-descr
@@ -6,6 +6,18 @@ very high loads while needing persistence or Layer7 processing.
 Plugin Changelog
 ================
 
+3.12
+
+Added:
+* add support for req.ssl_hello_type (#2311)
+
+Fixed:
+* fix unix sockets in chrooted environment (#3093)
+* fix peers by automatically configuring the local peer (#3114)
+
+Changed:
+* update HAProxy documentation URLs
+
 3.11
 
 Added:
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/ServiceController.php b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/ServiceController.php
index 524597aef..0632cef86 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/ServiceController.php
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/ServiceController.php
@@ -56,8 +56,6 @@ class ServiceController extends ApiMutableServiceControllerBase
         $backend = new Backend();
         // first generate template based on current configuration
         $backend->configdRun('template reload OPNsense/HAProxy');
-        // now export all the required files (or syntax check will fail)
-        $backend->configdRun("haproxy setup");
         // finally run the syntax check
         $response = $backend->configdRun("haproxy configtest");
         return array("result" => $response);
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
index 4643f99a8..895bd6e4b 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
@@ -278,6 +278,17 @@
         <type>text</type>
         <help><![CDATA[Verify the CA Common-Name of the certificate presented by the client against the specified string.]]></help>
     </field>
+    <field>
+        <label>Parameters</label>
+        <type>header</type>
+        <style>expression_table table_ssl_hello_type</style>
+    </field>
+    <field>
+        <id>acl.ssl_hello_type</id>
+        <label>SSL Hello Type</label>
+        <type>dropdown</type>
+        <help><![CDATA[An integer value containing the type of the SSL hello message found in the request buffer if the buffer contains data that parse as a complete SSL (v3 or superior) client hello message.]]></help>
+    </field>
     <field>
         <label>Parameters</label>
         <type>header</type>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
index c81064259..f0a663f16 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
@@ -89,7 +89,7 @@
         <id>action.http_request_redirect</id>
         <label>HTTP Redirect</label>
         <type>text</type>
-        <help><![CDATA[Use HAProxy's redirect function to return a HTTP redirection. See <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
+        <help><![CDATA[Use HAProxy's redirect function to return a HTTP redirection. See <a href="http://docs.haproxy.org/2.4/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -128,7 +128,7 @@
         <id>action.http_request_add_header_content</id>
         <label>Header Content</label>
         <type>text</type>
-        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it is possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
+        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it is possible to use pre-defined variables, see <a href="http://docs.haproxy.org/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -145,7 +145,7 @@
         <id>action.http_request_set_header_content</id>
         <label>Header Content</label>
         <type>text</type>
-        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
+        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://docs.haproxy.org/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -251,7 +251,7 @@
         <id>action.http_response_add_header_content</id>
         <label>Header Content</label>
         <type>text</type>
-        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
+        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://docs.haproxy.org/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
     </field>
     <field>
         <label>Parameters</label>
@@ -268,7 +268,7 @@
         <id>action.http_response_set_header_content</id>
         <label>Header Content</label>
         <type>text</type>
-        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
+        <help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://docs.haproxy.org/2.4/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
     </field>
     <field>
         <label>Parameters</label>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
index 27a6115e2..cd1aec54e 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
@@ -28,7 +28,7 @@
         <id>backend.algorithm</id>
         <label>Balancing Algorithm</label>
         <type>dropdown</type>
-        <help><![CDATA[Define the load balancing algorithm to be used in a Backend Pool. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#balance">HAProxy documentation</a> for a full description.]]></help>
+        <help><![CDATA[Define the load balancing algorithm to be used in a Backend Pool. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#balance">HAProxy documentation</a> for a full description.]]></help>
         <hint>Choose a load balancing algorithm.</hint>
     </field>
     <field>
@@ -42,7 +42,7 @@
         <id>backend.proxyProtocol</id>
         <label>Proxy Protocol</label>
         <type>dropdown</type>
-        <help><![CDATA[Enforces use of the PROXY protocol over any connection established to the configured servers. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection, so that it can know the client's address or the public address it accessed to, whatever the upper layer protocol. This setting must not be used if the servers are not aware of the PROXY protocol. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#send-proxy">HAProxy documentation</a> for a full description.]]></help>
+        <help><![CDATA[Enforces use of the PROXY protocol over any connection established to the configured servers. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection, so that it can know the client's address or the public address it accessed to, whatever the upper layer protocol. This setting must not be used if the servers are not aware of the PROXY protocol. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#send-proxy">HAProxy documentation</a> for a full description.]]></help>
         <advanced>true</advanced>
     </field>
     <field>
@@ -186,7 +186,7 @@
         <id>backend.persistence_cookiemode</id>
         <label>Cookie handling</label>
         <type>dropdown</type>
-        <help><![CDATA[Usually it is better to reuse an existing cookie. In this case HAProxy prefixes the cookie with the required information. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4.2-cookie">HAProxy documentation</a> for a full description.]]></help>
+        <help><![CDATA[Usually it is better to reuse an existing cookie. In this case HAProxy prefixes the cookie with the required information. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#4.2-cookie">HAProxy documentation</a> for a full description.]]></help>
     </field>
     <field>
         <id>backend.persistence_cookiename</id>
@@ -208,14 +208,14 @@
         <id>backend.stickiness_pattern</id>
         <label>Table type</label>
         <type>dropdown</type>
-        <help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
+        <help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
         <hint>Choose a persistence type.</hint>
     </field>
     <field>
         <id>backend.stickiness_dataTypes</id>
         <label>Stored data types</label>
         <type>select_multiple</type>
-        <help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
+        <help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
     </field>
     <field>
         <id>backend.stickiness_expire</id>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
index 6d6a4cda7..a028a16f1 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
@@ -322,14 +322,14 @@
         <id>frontend.stickiness_pattern</id>
         <label>Table type</label>
         <type>dropdown</type>
-        <help><![CDATA[Choose the type of data that should be stored in this stick-table. Note that this stick-table cannot be used for session persistence, it is only used to store additional per-connection data (select below). See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stick-table">HAProxy documentation</a> for further information.]]></help>
+        <help><![CDATA[Choose the type of data that should be stored in this stick-table. Note that this stick-table cannot be used for session persistence, it is only used to store additional per-connection data (select below). See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#stick-table">HAProxy documentation</a> for further information.]]></help>
         <hint>Choose a stick-table type.</hint>
     </field>
     <field>
         <id>frontend.stickiness_dataTypes</id>
         <label>Stored data types</label>
         <type>select_multiple</type>
-        <help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
+        <help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
     </field>
     <field>
         <id>frontend.stickiness_expire</id>
@@ -356,7 +356,7 @@
         <id>frontend.stickiness_counter_key</id>
         <label>Sticky counter key</label>
         <type>text</type>
-        <help><![CDATA[It describes what elements of the incoming request or connection will be analyzed, extracted, combined, and used to select which table entry to update the counters. Defaults to "src" to track elements of the source IP. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#tcp-request connection">HAProxy documentation</a> for a full description.]]></help>
+        <help><![CDATA[It describes what elements of the incoming request or connection will be analyzed, extracted, combined, and used to select which table entry to update the counters. Defaults to "src" to track elements of the source IP. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#tcp-request connection">HAProxy documentation</a> for a full description.]]></help>
         <advanced>true</advanced>
     </field>
     <field>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml
index d988e782e..fc0011cc8 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml
@@ -15,6 +15,6 @@
         <id>mapfile.content</id>
         <label>Content</label>
         <type>textbox</type>
-        <help><![CDATA[Paste the content of your map file here. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#map">HAProxy documentation</a> for a full description.]]></help>
+        <help><![CDATA[Paste the content of your map file here. See the <a target="_blank" href="http://docs.haproxy.org/2.4/configuration.html#map">HAProxy documentation</a> for a full description.]]></help>
     </field>
 </form>
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalPeers.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalPeers.xml
index f1091f4f3..7dba7f9f8 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalPeers.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalPeers.xml
@@ -10,14 +10,14 @@
         <help><![CDATA[Enable or disable HAProxy peers. This will propagate entries of any data-types in stick-tables between several HAProxy instances over TCP connections in a multi-master fashion.]]></help>
     </field>
     <field>
-        <label>Peer 1 (this host)</label>
+        <label>Peer 1</label>
         <type>header</type>
     </field>
     <field>
         <id>haproxy.general.peers.name1</id>
         <label>Peer name (FQDN)</label>
         <type>text</type>
-        <help><![CDATA[The name of the peer. This is usually the full hostname to make it possible for HAProxy to recognize the local peer. If HAProxy is unable to find the local peer it will fail to start.]]></help>
+        <help><![CDATA[The name of the peer. This is usually the fully qualified domain name. If the name matches the <a href="/system_general.php">system hostname</a>, then this peer is automatically configured as local peer.]]></help>
     </field>
     <field>
         <id>haproxy.general.peers.listen1</id>
@@ -32,14 +32,14 @@
         <help><![CDATA[The TCP port that should be used for connections to this peer. It must not be used by any other service.]]></help>
     </field>
     <field>
-        <label>Peer 2 (remote host)</label>
+        <label>Peer 2</label>
         <type>header</type>
     </field>
     <field>
         <id>haproxy.general.peers.name2</id>
         <label>Peer name (FQDN)</label>
         <type>text</type>
-        <help><![CDATA[The name of the peer. This is usually the full hostname to make it possible for HAProxy to recognize the local peer. If HAProxy is unable to find the local peer it will fail to start.]]></help>
+        <help><![CDATA[The name of the peer. This is usually the fully qualified domain name. If the name matches the <a href="/system_general.php">system hostname</a>, then this peer is automatically configured as local peer.]]></help>
     </field>
     <field>
         <id>haproxy.general.peers.listen2</id>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index f6baa5c87..3be9a91e1 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -1599,6 +1599,7 @@
                         <ssl_c_verify>SSL Client certificate is valid</ssl_c_verify>
                         <ssl_c_verify_code>SSL Client certificate verify error result</ssl_c_verify_code>
                         <ssl_c_ca_commonname>SSL Client certificate issued by CA common-name</ssl_c_ca_commonname>
+                        <ssl_hello_type>SSL Hello Type</ssl_hello_type>
                         <src>Source IP matches specified IP</src>
                         <src_is_local>Source IP is local</src_is_local>
                         <src_port>Source IP: TCP source port</src_port>
@@ -1764,6 +1765,15 @@
                     <mask>/^.{1,4096}$/u</mask>
                     <Required>N</Required>
                 </ssl_c_ca_commonname>
+                <ssl_hello_type type="OptionField">
+                    <Required>N</Required>
+                    <default>x1</default>
+                    <OptionValues>
+                        <x0>0 - no client hello</x0>
+                        <x1>1 - client hello</x1>
+                        <x2>2 - server hello</x2>
+                    </OptionValues>
+                </ssl_hello_type>
                 <src type="TextField">
                     <mask>/^.{1,4096}$/u</mask>
                     <Required>N</Required>
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
index eda3e7ff1..7510ca1ed 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
@@ -698,7 +698,7 @@ POSSIBILITY OF SUCH DAMAGE.
               <li>{{ lang._('Lastly, enable HAProxy using the %sService%s settings page.') | format('<b>', '</b>') }}</li>
             </ul>
             <p>{{ lang._('Please be aware that you need to %smanually%s add the required firewall rules for all configured services.') | format('<b>', '</b>') }}</p>
-            <p>{{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('<a href="https://docs.opnsense.org/manual/how-tos/haproxy.html" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html" target="_blank">', '</a>', '<a href="https://github.com/opnsense/plugins/issues/" target="_blank">', '</a>') }}</p>
+            <p>{{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('<a href="https://docs.opnsense.org/manual/how-tos/haproxy.html" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html" target="_blank">', '</a>', '<a href="https://github.com/opnsense/plugins/issues/" target="_blank">', '</a>') }}</p>
             <br/>
         </div>
     </div>
@@ -740,7 +740,7 @@ POSSIBILITY OF SUCH DAMAGE.
               <li>{{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in multiple Rules.') | format('<b>', '</b>') }}</li>
               <li>{{ lang._('%sRules:%s Perform a large set of actions if one or more %sConditions%s match. These Rules may be used in %sBackend Pools%s as well as %sPublic Services%s.') | format('<b>', '</b>', '<b>', '</b>', '<b>', '</b>', '<b>', '</b>') }}</li>
             </ul>
-            <p>{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#7" target="_blank">', '</a>') }}</p>
+            <p>{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://docs.haproxy.org/2.4/configuration.html#7" target="_blank">', '</a>') }}</p>
             <p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>
             <br/>
         </div>
@@ -755,7 +755,7 @@ POSSIBILITY OF SUCH DAMAGE.
               <li>{{ lang._('%sGroup:%s A optional list containing one or more users. Groups usually make it easier to manage permissions for a large number of users') | format('<b>', '</b>') }}</li>
             </ul>
             <p>{{ lang._('Note that users and groups must be selected from the Backend Pool or Public Service configuration in order to be used for authentication. In addition to this users and groups may also be used in Rules/Conditions.') }}</p>
-            <p>{{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#3.4" target="_blank">', '</a>') }}</p>
+            <p>{{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://docs.haproxy.org/2.4/configuration.html#3.4" target="_blank">', '</a>') }}</p>
             <br/>
         </div>
     </div>
@@ -773,7 +773,7 @@ POSSIBILITY OF SUCH DAMAGE.
               <li>{{ lang._("%sCache:%s HAProxy's cache which was designed to perform cache on small objects (favicon, css, etc.). This is a minimalist low-maintenance cache which runs in RAM.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
               <li>{{ lang._("%sPeers:%s Configure a communication channel between two HAProxy instances. This will propagate entries of any data-types in stick-tables between these HAProxy instances over TCP connections in a multi-master fashion. Useful when aiming for a seamless failover in a HA setup.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
             </ul>
-            <p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sStatistics%s, %sCache%s and %sPeers%s features.") | format('<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#stats%20enable" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#10" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#3.5" target="_blank">', '</a>') }}</p>
+            <p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sStatistics%s, %sCache%s and %sPeers%s features.") | format('<a href="http://docs.haproxy.org/2.4/configuration.html#stats%20enable" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html#10" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html#3.5" target="_blank">', '</a>') }}</p>
             <br/>
         </div>
     </div>
@@ -790,7 +790,7 @@ POSSIBILITY OF SUCH DAMAGE.
               <li>{{ lang._("%sResolvers:%s This feature allows in-depth configuration of how HAProxy handles name resolution and interacts with name resolvers (DNS). Each resolver configuration can be used in %sBackend Pools%s to apply individual name resolution configurations.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
               <li>{{ lang._("%sE-Mail Alerts:%s It is possible to send email alerts when the state of servers changes. Each configuration can be used in %sBackend Pools%s to send e-mail alerts to the configured recipient.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
             </ul>
-            <p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s. A detailed explanation of the resolvers feature can be found %shere%s.") | format('<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#lua-load" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#map" target="_blank">', '</a>' ,'<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#cpu-map" target="_blank">', '</a>' ,'<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#bind-process" target="_blank">', '</a>' ,'<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#process" target="_blank">', '</a>','<a href="http://cbonte.github.io/haproxy-dconv/2.4/configuration.html#5.3.2" target="_blank">', '</a>') }}</p>
+            <p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s. A detailed explanation of the resolvers feature can be found %shere%s.") | format('<a href="http://docs.haproxy.org/2.4/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html#lua-load" target="_blank">', '</a>', '<a href="http://docs.haproxy.org/2.4/configuration.html#map" target="_blank">', '</a>' ,'<a href="http://docs.haproxy.org/2.4/configuration.html#cpu-map" target="_blank">', '</a>' ,'<a href="http://docs.haproxy.org/2.4/configuration.html#bind-process" target="_blank">', '</a>' ,'<a href="http://docs.haproxy.org/2.4/configuration.html#process" target="_blank">', '</a>','<a href="http://docs.haproxy.org/2.4/configuration.html#5.3.2" target="_blank">', '</a>') }}</p>
             <br/>
         </div>
     </div>
diff --git a/net/haproxy/src/opnsense/service/conf/actions.d/actions_haproxy.conf b/net/haproxy/src/opnsense/service/conf/actions.d/actions_haproxy.conf
index a9f3c5b25..9ca6d13dd 100644
--- a/net/haproxy/src/opnsense/service/conf/actions.d/actions_haproxy.conf
+++ b/net/haproxy/src/opnsense/service/conf/actions.d/actions_haproxy.conf
@@ -1,9 +1,3 @@
-[setup]
-command:/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh
-parameters:
-type:script_output
-message:setup haproxy service requirements
-
 [start]
 command:/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh deploy; /usr/local/opnsense/scripts/OPNsense/HAProxy/rc-wrapper.sh start
 parameters:
@@ -31,7 +25,7 @@ description:Reload HAProxy service
 message:reloading haproxy
 
 [configtest]
-command:/usr/local/sbin/haproxy -c -f /usr/local/etc/haproxy.conf.staging 2>&1 || exit 0
+command:/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh; /usr/local/sbin/haproxy -c -f /usr/local/etc/haproxy.conf.staging 2>&1 || exit 0
 parameters:
 type:script_output
 message:testing haproxy configuration
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index ea00d11a8..c6f0ff8dd 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -284,6 +284,8 @@
 {%                 set acl_enabled = '0' %}
     # ERROR: missing parameters
 {%               endif %}
+{%             elif acl_data.expression == 'ssl_hello_type' %}
+{%               do acl_options.append('req.ssl_hello_type ' ~ acl_data.ssl_hello_type|replace('x', '')) %}
 {%             elif acl_data.expression == 'src' %}
 {%               if acl_data.src|default("") != "" %}
 {%                 do acl_options.append('src ' ~ acl_data.src) %}
@@ -1039,6 +1041,10 @@ global
 {%     endif %}
 {%   endif %}
 {% endif %}
+{# # specify local peer #}
+{% if peers_enabled is defined %}
+    localpeer {{ system.hostname|lower }}.{{ system.domain|lower }}
+{% endif %}
 {# # pass-through options #}
 {% if OPNsense.HAProxy.general.tuning.customOptions|default("") != "" %}
     # WARNING: pass through options below this line
@@ -1890,7 +1896,7 @@ backend {{backend.name}}
 {#               PEERS             #}
 {# ############################### #}
 
-{%- if helpers.exists('OPNsense.HAProxy.general.peers') and OPNsense.HAProxy.general.peers.enabled|default("") == "1" %}
+{%- if peers_enabled is defined %}
 {#   # ensure that no value is missing #}
 {%   if OPNsense.HAProxy.general.peers.name1|default("") != '' and
        OPNsense.HAProxy.general.peers.listen1|default("") != '' and
@@ -1899,8 +1905,10 @@ backend {{backend.name}}
        OPNsense.HAProxy.general.peers.listen2|default("") != '' and
        OPNsense.HAProxy.general.peers.port2|default("") != '' %}
 peers {{peers_name}}
-    peer {{OPNsense.HAProxy.general.peers.name1}} {{OPNsense.HAProxy.general.peers.listen1}}:{{OPNsense.HAProxy.general.peers.port1}}
-    peer {{OPNsense.HAProxy.general.peers.name2}} {{OPNsense.HAProxy.general.peers.listen2}}:{{OPNsense.HAProxy.general.peers.port2}}
+    peer {{OPNsense.HAProxy.general.peers.name1|lower}} {{OPNsense.HAProxy.general.peers.listen1}}:{{OPNsense.HAProxy.general.peers.port1}}
+    peer {{OPNsense.HAProxy.general.peers.name2|lower}} {{OPNsense.HAProxy.general.peers.listen2}}:{{OPNsense.HAProxy.general.peers.port2}}
+{%   else %}
+# ERROR: peers configuration is incomplete
 {%   endif %}
 {%- endif -%}
 
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/rc.conf.d b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/rc.conf.d
index fdb9bcf37..2e2090670 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/rc.conf.d
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/rc.conf.d
@@ -1,6 +1,6 @@
 {% if helpers.exists('OPNsense.HAProxy.general.enabled') and OPNsense.HAProxy.general.enabled|default("0") == "1" %}
 haproxy_enable=YES
-#haproxy_setup="/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh"
+haproxy_setup="/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh"
 haproxy_pidfile="/var/run/haproxy.pid"
 haproxy_config="/usr/local/etc/haproxy.conf"
 {% if helpers.exists('OPNsense.HAProxy.general.storeOcsp') and OPNsense.HAProxy.general.storeOcsp|default("0") == "1" %}