diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 754cb2054a..ca3a4105fb 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -1,5 +1,5 @@ PLUGIN_NAME= haproxy -PLUGIN_VERSION= 1.17 +PLUGIN_VERSION= 2.0 PLUGIN_COMMENT= Reliable, high performance TCP/HTTP load balancer PLUGIN_DEPENDS= haproxy PLUGIN_MAINTAINER= opnsense@moov.de diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml index 34579e5725..a86a6599ef 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml @@ -3,23 +3,23 @@ acl.name text - Name to identify this ACL. + Name to identify this condition. acl.description text - Description for this ACL. + Description for this condition. - + header acl.expression - + dropdown - Select ACL expression. + Select condition type. acl.negate @@ -28,25 +28,246 @@ - acl.value - + + header + + + + acl.hdr_beg + + text + + + + + header + + + + acl.hdr_end + + text + + + + + header + + + + acl.hdr + + text + + + + + header + + + + acl.hdr_reg + + text + + + + + header + + + + acl.hdr_sub + + text + + + + + header + + + + acl.path_beg + + text + + + + + header + + + + acl.path_end + + text + + + + + header + + + + acl.path + text - + - + header + - acl.urlparam - + acl.path_reg + text - Not used for any other expression.]]> + + + + + header + + + + acl.path_dir + + text + + + + + header + + + + acl.path_sub + + text + + + + + header + - acl.queryBackend - + acl.url_param + + text + + + + acl.url_param_value + + text + + + + + header + + + + acl.ssl_c_verify_code + + text + + + + + header + + + + acl.ssl_c_ca_commonname + + text + + + + + header + + + + acl.src + + text + + + + + header + + + + acl.nbsrv + + text + + + + acl.nbsrv_backend + dropdown - Not used for any other expression.]]> + + + + + header + + + + acl.ssl_sni + + text + + + + + header + + + + acl.ssl_sni_sub + + text + + + + + header + + + + acl.ssl_sni_beg + + text + + + + + header + + + + acl.ssl_sni_end + + text + + + + + header + + + + acl.custom_acl + + textbox + diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml index 96e7f306b9..5d7cda9724 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml @@ -3,16 +3,16 @@ action.name text - Name to identify this action. + Name to identify this rule. action.description text - Description for this action. + Description for this rule. - + header @@ -23,59 +23,304 @@ action.linkedAcls - + select_multiple - + action.operator - + dropdown - + + + + + header action.type - + dropdown - + - + header + - action.useBackend - + action.use_backend + dropdown - Not used for any other action.]]> + - action.useServer + + header + + + + action.use_server dropdown - Not used for any other action.]]> + + + + + header + + + + action.http-request_auth + + text + + + + + header + + + + action.http-request_redirect + + text + HAProxy's documentation for further details and examples.]]> + + + + header + + + + action.http-request_lua + + text + + + + + header + + + + action.http-request_use-service + + text + + + + + header + - + action.http-request_add-header_name + + text + + + + action.http-request_add-header_content + + text + HAProxy's documentation for further details and examples.]]> + + + header + - action.actionName - + action.http-request_set-header_name + text - + - action.actionFind - + action.http-request_set-header_content + text - + HAProxy's documentation for further details and examples.]]> + + + + header + + + + action.http-request_del-header_name + + text + + + + + header + + + + action.http-request_replace-header_name + + text + + + + action.http-request_replace-header_regex + + text + + + + + header + + + + action.http-request_replace-value_name + + text + + + + action.http-request_replace-value_regex + + text + + + + + header + - action.actionValue - + action.http-response_lua + text - + + + + + header + + + + action.http-response_add-header_name + + text + + + + action.http-response_add-header_content + + text + HAProxy's documentation for further details and examples.]]> + + + + header + + + + action.http-response_set-header_name + + text + + + + action.http-response_set-header_content + + text + HAProxy's documentation for further details and examples.]]> + + + + header + + + + action.http-response_del-header_name + + text + + + + + header + + + + action.http-response_replace-header_name + + text + + + + action.http-response_replace-header_regex + + text + + + + + header + + + + action.http-response_replace-value_name + + text + + + + action.http-response_replace-value_regex + + text + + + + + header + + + + action.tcp-request_content_lua + + text + + + + + header + + + + action.tcp-request_content_use-service + + text + + + + + header + + + + action.tcp-response_content_lua + + text + + + + + header + + + + action.custom + + textbox + diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml index 600c1cb134..6c7d1fbe95 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml @@ -3,32 +3,32 @@ backend.enabled checkbox - Enable this backend + Enable this Backend Pool backend.name text - Name to identify this backend. + Name to identify this Backend Pool. backend.description text - Description for this backend. + Description for this Backend Pool. backend.mode dropdown - + Set the same mode for backend and frontend. backend.algorithm dropdown - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> Choose a load balancing algorithm. @@ -47,21 +47,22 @@ true - - - header - backend.healthCheckEnabled - + checkbox + + + header + + backend.healthCheck - + dropdown - + backend.healthCheckLogStatus @@ -77,7 +78,7 @@ backend.stickiness_pattern dropdown - HAProxy documentation for a full description.
NOTE: Consider not using this feature in multi-process mode, it can result in random behaviours.
]]> + HAProxy documentation for a full description.
NOTE: Consider not using this feature in multi-process mode, it can result in random behaviours.
]]> Choose a persistence type. @@ -141,7 +142,7 @@ backend.customOptions textbox -
NOTE: The syntax will not be checked, use at your own risk!
]]> + true @@ -159,27 +160,27 @@ true - + header backend.linkedActions - + select_multiple - - Choose actions. + + Choose rules. - + header backend.linkedErrorfiles - + select_multiple - - Choose error files. + + Choose error messages. diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogErrorfile.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogErrorfile.xml index b47402da11..818127c46f 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogErrorfile.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogErrorfile.xml @@ -3,24 +3,24 @@ errorfile.name text - Name to identify this error file. + Name to identify this error message. errorfile.description text - Description for this error file. + Description for this error message. errorfile.code dropdown -
NOTE: It is important to understand that errorfiles are NOT meant to rewrite errors returned by the server, but errors detected and returned by HAProxy. This is why the list of supported errors is limited to a small set.
]]> +
NOTE: It is important to understand that error messages are NOT meant to rewrite errors returned by the server, but errors detected and returned by HAProxy. This is why the list of supported errors is limited to a small set.
]]> errorfile.content textbox - Paste the content of your errorfile here. The files should not exceed the configured buffer size, which generally is 8 or 16 kB. + Paste the content of your error messages here. The message must represent the full HTTP response and include required HTTP headers. It should not exceed the configured buffer size, which generally is 8 or 16 kB. diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml index e6ed0b2c8e..2ed5d20a45 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml @@ -3,19 +3,19 @@ frontend.enabled checkbox - Enable this frontend + Enable this Public Service. frontend.name text - Name to identify this frontend. + Name to identify this Public Service. frontend.description text - Description for this frontend. + Description for this Public Service. frontend.bind @@ -23,31 +23,32 @@ select_multiple true - + Enter address:port here. Finish with TAB. frontend.bindOptions - + text - Example: accept-proxy npn http/1.1
NOTE: The syntax will not be checked, use at your own risk!
]]> + Example: accept-proxy npn http/1.1
]]> true frontend.mode dropdown - + frontend.defaultBackend - + dropdown - + header + frontend.ssl_enabled @@ -75,7 +76,7 @@ frontend.ssl_customOptions text - Example: no-sslv3 ciphers HIGH:!DSS:!aNULL@STRENGTH
NOTE: The syntax will not be checked, use at your own risk!
]]> + Example: no-sslv3 ciphers HIGH:!DSS:!aNULL@STRENGTH
]]> true @@ -86,7 +87,7 @@ frontend.tuning_maxConnections text - + frontend.tuning_timeoutClient @@ -134,8 +135,9 @@ true - + header + frontend.forwardFor @@ -143,6 +145,10 @@ checkbox + + + header + frontend.connectionBehaviour @@ -154,31 +160,31 @@ frontend.customOptions textbox -
NOTE: The syntax will not be checked, use at your own risk!
]]> + true - + header frontend.linkedActions - + select_multiple - - Choose actions. + + Choose rules. - + header frontend.linkedErrorfiles - + select_multiple - - Choose error files. + + Choose error messages. diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml index e81ef45408..1fb2beee52 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogHealthcheck.xml @@ -3,13 +3,13 @@ healthcheck.name text - Name to identify this ACL. + Name to identify this Health Monitor. healthcheck.description text - Description for this ACL. + Description for this Health Monitor. healthcheck.type @@ -33,6 +33,7 @@ header + healthcheck.http_method @@ -61,6 +62,7 @@ header + healthcheck.http_expressionEnabled @@ -88,6 +90,7 @@ header + healthcheck.tcp_enabled @@ -119,25 +122,64 @@ - + header + - healthcheck.agentPort + healthcheck.agent_port text - healthcheck.dbUser - + + header + + + + healthcheck.mysql_user + + text + + + + healthcheck.mysql_post41 + + checkbox + + + + + header + + + + healthcheck.pgsql_user + text - healthcheck.smtpDomain + + header + + + + healthcheck.smtp_domain text - + + + + + header + + + + healthcheck.esmtp_domain + + text + diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml index 578ad7b61e..a96adc5f2d 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogServer.xml @@ -22,7 +22,7 @@ server.port text - + server.mode @@ -103,9 +103,9 @@ server.advanced - + text - Example: send-proxy
NOTE: The syntax will not be checked, use at your own risk!
.]]> + Example: send-proxy
.]]> true diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml index 66a0b4b575..bfe9c6e354 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml @@ -1,10 +1,6 @@
- + - - - info - haproxy.general.enabled @@ -93,7 +89,7 @@ - + info @@ -225,6 +221,4 @@ - - haproxy-general-settings diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.php b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.php index ab3e2a460b..c50c360867 100644 --- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.php +++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.php @@ -139,12 +139,10 @@ public function getByAclID($uuid) * @param string $description * @param string $expression * @param string $negate - * @param string $value - * @param string $urlparam - * @param string $querybackend + * @param hash $parameters * @return string */ - public function newAcl($name, $description = "", $expression, $negate = "0", $value, $urlparam = "", $queryBackend = "") + public function newAcl($name, $description = "", $expression, $negate = "0", $parameters = array()) { $acl = $this->acls->acl->Add(); $uuid = $acl->getAttributes()['uuid']; @@ -152,9 +150,9 @@ public function newAcl($name, $description = "", $expression, $negate = "0", $va $acl->description = $description; $acl->expression = $expression; $acl->negate = $negate; - $acl->value = $value; - $acl->urlparam = $urlparam; - $acl->queryBackend = $queryBackend; + foreach ($parameters as $key => $value) { + $acl->$key = $value; + } return $uuid; } @@ -173,7 +171,7 @@ public function newAcl($name, $description = "", $expression, $negate = "0", $va * @param string $actionValue * @return string */ - public function newAction($name, $description = "", $testType, $linkedAcls = "", $operator = "and", $type, $useBackend = "", $useServer = "", $actionName, $actionFind, $actionValue) + public function newAction($name, $description = "", $testType, $linkedAcls = "", $operator = "and", $type, $parameters = array()) { $action = $this->actions->action->Add(); $uuid = $action->getAttributes()['uuid']; @@ -183,11 +181,9 @@ public function newAction($name, $description = "", $testType, $linkedAcls = "", $action->linkedAcls = $linkedAcls; $action->operator = $operator; $action->type = $type; - $action->useBackend = $useBackend; - $action->useServer = $useServer; - $action->actionName = $actionName; - $action->actionFind = $actionFind; - $action->actionValue = $actionValue; + foreach ($parameters as $key => $value) { + $action->$key = $value; + } return $uuid; } @@ -251,7 +247,6 @@ public function newBackend($enabled = "0", $name, $description = "", $mode, $alg */ public function linkAclToAction($acl_uuid, $action_uuid, $replace = false) { - //$mdl = new HAProxy(); // ACL must exist $acl = $this->getByAclID($acl_uuid); if ((string)$acl === false) { diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml index e33063dea3..47d2e94a4d 100644 --- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml +++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml @@ -1,6 +1,6 @@ //OPNsense/HAProxy - 1.0.0 + 2.0.0 the HAProxy load balancer @@ -281,7 +281,6 @@ Related backend item not found N - 0 Y @@ -299,7 +298,6 @@ N - 1 500000 @@ -311,7 +309,6 @@ Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us". N - 0 Y @@ -451,7 +448,6 @@ 0 N - N sourceipv4 @@ -487,7 +483,6 @@ Please specify a value between 1 and 10000. N - /^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us". @@ -563,11 +558,10 @@ Y - 80 1 65535 Please specify a value between 1 and 65535. - Y + N @@ -675,7 +669,6 @@ Please specify a value between 1 and 65535. N - N options @@ -752,21 +745,45 @@ N - + 1 65535 Please specify a value between 1 and 65535. N - - + + /^([0-9a-zA-Z._\-]){1,255}$/u Should be a string between 1 and 255 characters. N - - + + + 0 + N + + + /^([0-9a-zA-Z._\-]){1,255}$/u + Should be a string between 1 and 255 characters. + N + + /^([0-9a-zA-Z._\-]){1,255}$/u Should be a string between 1 and 255 characters. N + + + /^([0-9a-zA-Z._\-]){1,255}$/u + Should be a string between 1 and 255 characters. + N + + + + N + + + N + + + N @@ -788,37 +805,160 @@ Y - Host starts with - Host ends with - Host matches - Host regex - Host contains - Path starts with - Path ends with - Path matches - Path regex - Path contains - URL parameter contains + Host starts with + Host ends with + Host matches + Host regex + Host contains + Path starts with + Path ends with + Path matches + Path regex + + Path contains subdir + Path contains string + URL parameter contains SSL/TLS connection established - SSL Client certificate verify error result SSL Client certificate is valid - SSL Client issued by CA common-name - Source IP matches IP or Alias - Minimum count usable servers - Traffic is http (no value needed) - Traffic is ssl (no value needed) - SNI TLS extension matches - SNI TLS extension contains - SNI TLS extension starts with - SNI TLS extension ends with - SNI TLS extension regex - Custom ACL + SSL Client certificate verify error result + SSL Client certificate issued by CA common-name + Source IP matches IP or Alias + Minimum number of usable servers in backend + Traffic is HTTP + Traffic is SSL + SNI TLS extension matches + SNI TLS extension contains + SNI TLS extension starts with + SNI TLS extension ends with + SNI TLS extension regex + Custom condition (option pass-through) 0 Y + + /^.{1,255}$/u + Should be a string between 1 and 255 characters. + N + + + /^.{1,255}$/u + Should be a string between 1 and 255 characters. + N + + + /^.{1,1024}$/u + Should be a string between 1 and 1024 characters. + N + + + /^.{1,1024}$/u + Should be a string between 1 and 1024 characters. + N + + + /^.{1,255}$/u + Should be a string between 1 and 255 characters. + N + + + /^.{1,255}$/u + Should be a string between 1 and 255 characters. + N + + + /^.{1,255}$/u + Should be a string between 1 and 255 characters. + N + + + /^.{1,1024}$/u + Should be a string between 1 and 1024 characters. + N + + + /^.{1,1024}$/u + Should be a string between 1 and 1024 characters. + N + + + /^.{1,255}$/u + Should be a string between 1 and 255 characters. + N + + + /^.{1,255}$/u + Should be a string between 1 and 255 characters. + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + 0 + 500000 + Please specify a value between 0 and 500000. + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + 0 + 500000 + Please specify a value between 0 and 500000. + N + + + + + + Related backend item not found + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + N @@ -835,6 +975,7 @@ Related backend item not found N + N @@ -880,9 +1021,10 @@ Y + - Use Backend - Use Server + Use specified backend + Use specified server http-request allow http-request deny http-request tarpit @@ -913,9 +1055,143 @@ tcp-response content close tcp-response content reject tcp-response content lua script - Custom + Custom rule (option pass-through) + + + + + Related backend item not found + Y + N + + + + + + Related server item not found + Y + N + + + /^.{1,4096}$/u + N + + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + + + /^.{1,4096}$/u + N + +