aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiBa-NL <pba_2k3@yahoo.com>2013-03-27 01:08:40 +0100
committerPiBa-NL <pba_2k3@yahoo.com>2013-03-27 01:08:40 +0100
commit16e49a1c9ceddcb81dd5b8800c1627394bb3311e (patch)
tree9b0a99fe47c37cfa9baf1b76d5b83518e2830824
parent826b152e5d25978f8b9306f90450197ce4f4827b (diff)
downloadpfsense-packages-16e49a1c9ceddcb81dd5b8800c1627394bb3311e.tar.gz
pfsense-packages-16e49a1c9ceddcb81dd5b8800c1627394bb3311e.tar.bz2
pfsense-packages-16e49a1c9ceddcb81dd5b8800c1627394bb3311e.zip
advanced bind options, extended username/password characters+escaping, change deprecated options to current equivalents, changed nbproc default to 1, for better (default settings) compatibility with other options.
-rw-r--r--config/haproxy-devel/haproxy.inc42
-rwxr-xr-xconfig/haproxy-devel/haproxy_global.php7
-rw-r--r--config/haproxy-devel/haproxy_listeners_edit.php14
-rw-r--r--config/haproxy-devel/haproxy_pool_edit.php29
4 files changed, 67 insertions, 25 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index a8fc1497..f949bf98 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -360,11 +360,11 @@ function write_backend($fd, $name, $pool, $frontend) {
if(!$pool['connection_timeout'])
$pool['connection_timeout'] = 30000;
- fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n");
+ fwrite ($fd, "\ttimeout connect\t\t" . $pool['connection_timeout'] . "\n");
if(!$pool['server_timeout'])
$pool['server_timeout'] = 30000;
- fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n");
+ fwrite ($fd, "\ttimeout server\t\t" . $pool['server_timeout'] . "\n");
if(!$pool['retries'])
$pool['retries'] = 3;
@@ -375,10 +375,13 @@ function write_backend($fd, $name, $pool, $frontend) {
if($pool['stats_uri'])
fwrite ($fd, "\tstats\t\t\turi ".$pool['stats_uri']."\n");
if($pool['stats_realm'])
- fwrite ($fd, "\tstats\t\t\trealm " . $pool['stats_realm'] . "\n");
+ fwrite ($fd, "\tstats\t\t\trealm " . haproxy_escapestring($pool['stats_realm']) . "\n");
else
fwrite ($fd, "\tstats\t\t\trealm .\n");
- fwrite ($fd, "\tstats\t\t\tauth " . $pool['stats_username'].":". $pool['stats_password']."\n");
+ fwrite ($fd, "\tstats\t\t\tauth " . haproxy_escapestring($pool['stats_username']).":". haproxy_escapestring($pool['stats_password'])."\n");
+
+ if($pool['stats_admin']=='yes')
+ fwrite ($fd, "\tstats\t\t\tadmin if TRUE" . "\n");
if($pool['stats_node_enabled']=='yes')
fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n");
@@ -477,8 +480,6 @@ function haproxy_writeconf() {
if(is_array($a_global)) {
fwrite ($fd, "global\n");
- if($a_global['advanced'])
- fwrite ($fd, "\t" . base64_decode($a_global['advanced']) . "\n");
fwrite ($fd, "\tmaxconn\t\t\t".$a_global['maxconn']."\n");
if($a_global['remotesyslog'])
fwrite ($fd, "\tlog\t\t\t{$a_global['remotesyslog']}\t{$a_global['logfacility']}\t{$a_global['loglevel']}\n");
@@ -488,10 +489,18 @@ function haproxy_writeconf() {
if($a_global['nbproc'])
$numprocs = $a_global['nbproc'];
else
- $numprocs = trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`);
+ $numprocs ="1";
fwrite ($fd, "\tnbproc\t\t\t$numprocs\n");
fwrite ($fd, "\tchroot\t\t\t/var/empty\n");
fwrite ($fd, "\tdaemon\n");
+
+ // Keep the advanced options on the bottom of the global settings, to allow additional sections to be easely added
+ if($a_global['advanced']) {
+ $adv = explode("\n", base64_decode($a_global['advanced']));
+ foreach($adv as $adv_line) {
+ fwrite($fd, "\t" . $adv_line . "\n");
+ }
+ }
fwrite ($fd, "\n");
}
@@ -548,6 +557,7 @@ function haproxy_writeconf() {
$b['client_timeout'] = $backend['client_timeout'];
$b['advanced'] = $backend['advanced'];
$b['ssloffload'] = $backend['ssloffload'];
+ $b['advanced_bind'] = $backend['advanced_bind'];
}
if ($ssl_crt != "") {
@@ -577,6 +587,7 @@ function haproxy_writeconf() {
$portss = "{$bind['port']},";
$ports = split(",", $portss);
$ssl_info = $bind['ssl_info'];
+ $advanced_bind = $bind['advanced_bind'];
// Initialize variable
$listenip = "";
@@ -584,11 +595,11 @@ function haproxy_writeconf() {
foreach($ports as $port) {
if($port) {
if($bind['extaddr'] == "any")
- $listenip .= "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info}\n";
+ $listenip .= "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info} {$advanced_bind}\n";
elseif($bind['extaddr'])
- $listenip .= "\tbind\t\t\t{$bind['extaddr']}:{$port} {$ssl_info}\n";
+ $listenip .= "\tbind\t\t\t{$bind['extaddr']}:{$port} {$ssl_info} {$advanced_bind}\n";
else
- $listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info}\n";
+ $listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info} {$advanced_bind}\n";
}
}
@@ -632,7 +643,7 @@ function haproxy_writeconf() {
if(!$bind['client_timeout'])
$bind['client_timeout'] = 30000;
- fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n");
+ fwrite ($fd, "\ttimeout client\t\t" . $bind['client_timeout'] . "\n");
// Combine the rest of the listener configs
@@ -1026,9 +1037,14 @@ function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName
}
}
-function phparray_to_javascriptarray($items, $javaMapName, $includeitems)
-{
+function phparray_to_javascriptarray($items, $javaMapName, $includeitems) {
phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems);
}
+function haproxy_escapestring($configurationsting) {
+ $result = str_replace('\\', '\\\\', $configurationsting);
+ $result = str_replace(' ', '\\ ', $result);
+ return str_replace('#', '\\#', $result);
+}
+
?>
diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php
index 8e2949fd..c906cda0 100755
--- a/config/haproxy-devel/haproxy_global.php
+++ b/config/haproxy-devel/haproxy_global.php
@@ -227,7 +227,9 @@ function enable_change(enable_change) {
<td class="vtable">
<input name="nbproc" type="text" class="formfld" id="nbproc" size="18" value="<?=htmlspecialchars($pconfig['nbproc']);?>">
<br/>
- Defaults to number of cores/processors installed if left blank (<?php echo trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); ?> detected).
+ Defaults to 1 if left blank (<?php echo trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); ?> CPU core(s) detected).<br/>
+ Note : Consider leaving this value empty or 1 because in multi-process mode (nbproc > 1) memory is not shared between the processes, which could result in random behaviours for several options like ACL's, sticky connections and some others.<br/>
+ For more information about the <b>"nbproc"</b> option please see <b><a href='http://haproxy.1wt.eu/download/1.5/doc/configuration.txt' target='_new'>HAProxy Documentation</a> </b>
</td>
</tr>
<tr>
@@ -235,7 +237,8 @@ function enable_change(enable_change) {
Remote syslog host
</td>
<td class="vtable">
- <input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>">
+ <input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>"><br/>
+ To log to the local pfSense systemlog fill the host with the value <b>/var/run/log</b>, however if a lot of messages are generated logging is likely to be incomplete. (Also currently no informational logging gets shown in the systemlog.)
</td>
</tr>
<tr>
diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php
index afd424c7..2e943e96 100644
--- a/config/haproxy-devel/haproxy_listeners_edit.php
+++ b/config/haproxy-devel/haproxy_listeners_edit.php
@@ -144,7 +144,7 @@ $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item'];
global $simplefields;
$simplefields = array('name','desc','status','secondary','primary_frontend','type','forwardfor','httpclose','extaddr','backend_serverpool',
- 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl');
+ 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl','advanced_bind');
if (isset($_POST['id']))
$id = $_POST['id'];
@@ -708,9 +708,17 @@ include("head.inc");
</td>
</tr>
<tr align="left">
+ <td width="22%" valign="top" class="vncell">Bind pass thru</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input name="advanced_bind" type="text" <?if(isset($pconfig['advanced_bind'])) echo "value=\"".htmlspecialchars($pconfig['advanced_bind'])."\"";?> size="64">
+ <br/>
+ NOTE: paste text into this box that you would like to pass behind the bind option.
+ </td>
+ </tr>
+ <tr align="left">
<td width="22%" valign="top" class="vncell">Advanced pass thru</td>
<td width="78%" class="vtable" colspan="2">
- <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea>
+ <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo htmlspecialchars($pconfig['advanced']); ?></textarea>
<br/>
NOTE: paste text into this box that you would like to pass thru.
</td>
@@ -752,7 +760,7 @@ include("head.inc");
<input id="ssloffloadacl" name="ssloffloadacl" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacl']=='yes') echo "checked";?> onclick="updatevisibility();">Add ACL for certificate CommonName.</input>
</td>
</tr>
- <tr class="haproxy_ssloffloading_enabled" align="left">
+ <tr class="haproxy_ssloffloading_enabled haproxy_primary" align="left">
<td width="22%" valign="top" class="vncell">Advanced ssl options</td>
<td width="78%" class="vtable" colspan="2">
<input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64">
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index 446c8e35..3ed0b799 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -48,7 +48,7 @@ if (isset($_GET['dup']))
$id = $_GET['dup'];
global $simplefields;
-$simplefields = array("retries","balance","connection_timeout","server_timeout", "stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_node_enabled","stats_node","stats_desc","stats_refresh");
+$simplefields = array("retries","balance","connection_timeout","server_timeout", "stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_admin","stats_node_enabled","stats_node","stats_desc","stats_refresh");
if (isset($id) && $a_pools[$id]) {
$pconfig['name'] = $a_pools[$id]['name'];
@@ -97,10 +97,12 @@ if ($_POST) {
if ($_POST['retries'] !== "" && !is_numeric($_POST['retries']))
$input_errors[] = "The field 'Retries' value is not a number.";
- if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username']))
+ // the colon ":" is invalid in the username, other than that pretty much any character can be used.
+ if (preg_match("/[^a-zA-Z0-9!-\/;-~ ]/", $_POST['stats_username']))
$input_errors[] = "The field 'Stats Username' contains invalid characters.";
- if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password']))
+ // the colon ":" can also be used in the password
+ if (preg_match("/[^a-zA-Z0-9!-~ ]/", $_POST['stats_password']))
$input_errors[] = "The field 'Stats Password' contains invalid characters.";
/* Ensure that our pool names are unique */
@@ -256,7 +258,7 @@ row_helper();
rowsize[0] = "30";
rowname[1] = "server_address";
rowtype[1] = "textbox";
- rowsize[1] = "30";
+ rowsize[1] = "20";
rowname[2] = "server_port";
rowtype[2] = "textbox";
rowsize[2] = "5";
@@ -269,6 +271,9 @@ row_helper();
rowname[5] = "server_status";
rowtype[5] = "select";
rowsize[5] = "1";
+ rowname[6] = "server_name";
+ rowtype[6] = "textbox";
+ rowsize[6] = "20";
</script>
<?php include("fbegin.inc"); ?>
<?php if ($input_errors) print_input_errors($input_errors); ?>
@@ -543,14 +548,24 @@ set by the 'retries' parameter.</div>
<tr class="haproxy_stats_visible" align="left" id='stats_username_row' name='stats_username_row'>
<td width="22%" valign="top" class="vncellreq">Stats Username</td>
<td width="78%" class="vtable" colspan="2">
- <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"{$pconfig['stats_username']}\"";?> size="64">
+ <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"".htmlspecialchars($pconfig['stats_username'])."\"";?> size="64">
</td>
</tr>
<tr class="haproxy_stats_visible" align="left" id='stats_password_row' name='stats_password_row'>
<td width="22%" valign="top" class="vncellreq">Stats Password</td>
<td width="78%" class="vtable" colspan="2">
- <input id="stats_password" name="stats_password" type="password" <?if(isset($pconfig['stats_password'])) echo "value=\"{$pconfig['stats_password']}\"";?> size="64">
+ <input id="stats_password" name="stats_password" type="password" <?
+ if(isset($pconfig['stats_password']))
+ echo "value=\"".htmlspecialchars($pconfig['stats_password'])."\"";
+ ?> size="64">
+ <br/>
+ </td>
+ </tr>
+ <tr class="haproxy_stats_visible" align="left" id='stats_node_admin_row' name='stats_node_enabled_row'>
+ <td width="22%" valign="top" class="vncell">Stats Admin</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_admin" name="stats_admin" type="checkbox" value="yes" <?php if ($pconfig['stats_admin']=='yes') echo "checked"; ?>>
<br/>
</td>
</tr>
@@ -600,7 +615,7 @@ set by the 'retries' parameter.</div>
<br>
<?php include("fend.inc"); ?>
<script type="text/javascript">
- field_counter_js = 6;
+ field_counter_js = 7;
rows = 1;
totalrows = <?php echo $counter; ?>;
loaded = <?php echo $counter; ?>;