Skip to content

Commit

Permalink
net/haproxy: sync with master
Browse files Browse the repository at this point in the history
  • Loading branch information
fichtner committed Jul 15, 2019
1 parent 488049f commit c785ded
Show file tree
Hide file tree
Showing 6 changed files with 155 additions and 113 deletions.
2 changes: 1 addition & 1 deletion net/haproxy/Makefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
PLUGIN_NAME= haproxy
PLUGIN_VERSION= 2.16
PLUGIN_VERSION= 2.17
PLUGIN_COMMENT= Reliable, high performance TCP/HTTP load balancer
PLUGIN_DEPENDS= haproxy18
PLUGIN_MAINTAINER= [email protected]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -423,6 +423,17 @@
<type>dropdown</type>
<help><![CDATA[Use the specified backend to count usable servers. Leave empty to use the current backend.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_ssl_fc_sni</style>
</field>
<field>
<id>acl.ssl_fc_sni</id>
<label>SNI Matches</label>
<type>text</type>
<help><![CDATA[The value of the Server Name TLS extension sent by a client matches the exact string.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@
<type>text</type>
<help><![CDATA[Select interval (in milliseconds) between two consecutive health checks. This value can be overriden in backend pool and real server configuration.]]></help>
</field>
<field>
<id>healthcheck.force_ssl</id>
<label>Force SSL</label>
<type>checkbox</type>
<help><![CDATA[This option forces encryption of all health checks over SSL, regardless of whether the server uses SSL or not for the normal traffic.]]></help>
</field>
<field>
<id>healthcheck.checkport</id>
<label>Port to check</label>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,6 @@
<label>Verify SSL Server Certificates</label>
<type>dropdown</type>
<help><![CDATA[This enforces a certain behavior for SSL verify on servers, ignoring per-server settings. If set to 'enforce verify', server certificates are verified. If set to 'disable verify', server certificates are not verified. The default is 'no preference' to only use per-server configurations and not enforce a global default for all servers.]]></help>
<advanced>true</advanced>
</field>
<field>
<id>haproxy.general.tuning.maxDHSize</id>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1134,6 +1134,10 @@
<ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
<Required>Y</Required>
</interval>
<force_ssl type="BooleanField">
<default>0</default>
<Required>N</Required>
</force_ssl>
<checkport type="IntegerField">
<default></default>
<MinimumValue>1</MinimumValue>
Expand Down Expand Up @@ -1290,7 +1294,6 @@
<path_dir>Path contains subdir</path_dir>
<path_sub>Path contains string</path_sub>
<url_param>URL parameter contains</url_param>
<ssl_fc>SSL/TLS connection established</ssl_fc>
<ssl_c_verify>SSL Client certificate is valid</ssl_c_verify>
<ssl_c_verify_code>SSL Client certificate verify error result</ssl_c_verify_code>
<ssl_c_ca_commonname>SSL Client certificate issued by CA common-name</ssl_c_ca_commonname>
Expand All @@ -1317,12 +1320,14 @@
<src_sess_rate>Source IP: session rate</src_sess_rate>
<nbsrv>Minimum number of usable servers in backend</nbsrv>
<traffic_is_http>Traffic is HTTP</traffic_is_http>
<traffic_is_ssl>Traffic is SSL</traffic_is_ssl>
<ssl_sni>SNI TLS extension matches</ssl_sni>
<ssl_sni_sub>SNI TLS extension contains</ssl_sni_sub>
<ssl_sni_beg>SNI TLS extension starts with</ssl_sni_beg>
<ssl_sni_end>SNI TLS extension ends with</ssl_sni_end>
<ssl_sni_reg>SNI TLS extension regex</ssl_sni_reg>
<traffic_is_ssl>Traffic is SSL (TCP request content inspection)</traffic_is_ssl>
<ssl_fc>Traffic is SSL (locally deciphered)</ssl_fc>
<ssl_fc_sni>SNI TLS extension matches (locally deciphered)</ssl_fc_sni>
<ssl_sni>SNI TLS extension matches (TCP request content inspection)</ssl_sni>
<ssl_sni_sub>SNI TLS extension contains (TCP request content inspection)</ssl_sni_sub>
<ssl_sni_beg>SNI TLS extension starts with (TCP request content inspection)</ssl_sni_beg>
<ssl_sni_end>SNI TLS extension ends with (TCP request content inspection)</ssl_sni_end>
<ssl_sni_reg>SNI TLS extension regex (TCP request content inspection)</ssl_sni_reg>
<custom_acl>Custom condition (option pass-through)</custom_acl>
</OptionValues>
</expression>
Expand Down Expand Up @@ -1620,6 +1625,10 @@
<ValidationMessage>Related backend item not found</ValidationMessage>
<Required>N</Required>
</nbsrv_backend>
<ssl_fc_sni type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</ssl_fc_sni>
<ssl_sni type="TextField">
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
Expand Down
Loading

0 comments on commit c785ded

Please sign in to comment.