aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim P <jim@pingle.org>2013-03-03 16:28:07 -0800
committerJim P <jim@pingle.org>2013-03-03 16:28:07 -0800
commitb87e60234eb78a4da246c5e7fcbfde5b91df84b3 (patch)
treeae3ce22b2916fbb7109f9ff11dfa909d1bfd93e4
parent5ff675560ff5f9c2ce53d6a69e4f60d6423c388a (diff)
parentb9c747aa763690dea3a00be3fa55811f8665b465 (diff)
downloadpfsense-packages-b87e60234eb78a4da246c5e7fcbfde5b91df84b3.tar.gz
pfsense-packages-b87e60234eb78a4da246c5e7fcbfde5b91df84b3.tar.bz2
pfsense-packages-b87e60234eb78a4da246c5e7fcbfde5b91df84b3.zip
Merge pull request #395 from PiBa-NL/haproxy-devel_build_tags
haproxy-devel, improvements (but 'breaks' parts current config)
-rw-r--r--config/haproxy-devel/haproxy.inc57
-rw-r--r--config/haproxy-devel/haproxy_listeners.php4
-rw-r--r--config/haproxy-devel/haproxy_listeners_edit.php447
-rw-r--r--config/haproxy-devel/haproxy_pool_edit.php260
-rw-r--r--config/haproxy-devel/haproxy_pools.php4
5 files changed, 424 insertions, 348 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index ab56f34c..05264c87 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -61,8 +61,7 @@ $a_acltypes[] = array('name' => 'path_contains', 'descr' => 'Path contains',
'mode' => 'http', 'syntax' => 'path_dir -i');
$a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP',
'mode' => '', 'syntax' => 'src');
-if ($haproxy_sni_ssloffloading)
-{
+if ($haproxy_sni_ssloffloading) {
$a_acltypes[] = array('name' => 'ssl_sni_matches', 'descr' => 'Server Name Indication TLS extension matches',
'mode' => 'https', 'syntax' => 'req_ssl_sni -i', 'advancedoptions' => "tcp-request inspect-delay 5s\r\ntcp-request content accept if { req_ssl_hello_type 1 }");
}
@@ -341,34 +340,34 @@ function write_backend($fd, $name, $pool, $frontend) {
fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n");
- if($frontend['balance'])
- fwrite ($fd, "\tbalance\t\t\t" . $frontend['balance'] . "\n");
+ if($pool['balance'])
+ fwrite ($fd, "\tbalance\t\t\t" . $pool['balance'] . "\n");
- if($frontend['connection_timeout'])
- fwrite ($fd, "\tcontimeout\t\t" . $frontend['connection_timeout'] . "\n");
+ if($pool['connection_timeout'])
+ fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n");
- if($frontend['server_timeout'])
- fwrite ($fd, "\tsrvtimeout\t\t" . $frontend['server_timeout'] . "\n");
+ if($pool['server_timeout'])
+ fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n");
- if($frontend['retries'])
- fwrite ($fd, "\tretries\t\t\t" . $frontend['retries'] . "\n");
+ if($pool['retries'])
+ fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n");
- if($frontend['stats_enabled']=='yes') {
+ if($pool['stats_enabled']=='yes') {
fwrite ($fd, "\tstats\t\t\tenable\n");
- if($frontend['stats_uri'])
- fwrite ($fd, "\tstats\t\t\turi ".$frontend['stats_uri']."\n");
- if($frontend['stats_realm'])
- fwrite ($fd, "\tstats\t\t\trealm " . $frontend['stats_realm'] . "\n");
+ if($pool['stats_uri'])
+ fwrite ($fd, "\tstats\t\t\turi ".$pool['stats_uri']."\n");
+ if($pool['stats_realm'])
+ fwrite ($fd, "\tstats\t\t\trealm " . $pool['stats_realm'] . "\n");
else
fwrite ($fd, "\tstats\t\t\trealm .\n");
- fwrite ($fd, "\tstats\t\t\tauth " . $frontend['stats_username'].":". $frontend['stats_password']."\n");
+ fwrite ($fd, "\tstats\t\t\tauth " . $pool['stats_username'].":". $pool['stats_password']."\n");
- if($frontend['stats_node_enabled']=='yes')
- fwrite ($fd, "\tstats\t\t\tshow-node " . $frontend['stats_node'] . "\n");
- if($frontend['stats_desc'])
- fwrite ($fd, "\tstats\t\t\tshow-desc " . $frontend['stats_desc'] . "\n");
- if($frontend['stats_refresh'])
- fwrite ($fd, "\tstats\t\t\trefresh " . $frontend['stats_refresh'] . "\n");
+ if($pool['stats_node_enabled']=='yes')
+ fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n");
+ if($pool['stats_desc'])
+ fwrite ($fd, "\tstats\t\t\tshow-desc " . $pool['stats_desc'] . "\n");
+ if($pool['stats_refresh'])
+ fwrite ($fd, "\tstats\t\t\trefresh " . $pool['stats_refresh'] . "\n");
}
$uri = $pool['monitor_uri'];
@@ -397,15 +396,6 @@ function write_backend($fd, $name, $pool, $frontend) {
$a_servers = &$pool['ha_servers']['item'];
foreach($a_servers as $be) {
- if(!$be['port']) {
- // the listener can specify a default port
- $be['port'] = $frontend['svrport'];
- }
- if(!$be['port']) {
- // last resort, use the frontend port
- $ports = split(",", "{$frontend['port']},");
- $be['port'] = $ports[0];
- }
if (!$be['name'])
$be['name'] = $be['address'];
if($be['backup']) {
@@ -472,7 +462,10 @@ function haproxy_writeconf() {
if ($backend['ssloffload']){
//ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem
$ssl_info="ssl crt /var/etc/{$backend['name']}.{$backend['port']}.crt {$backend['dcertadv']}";
- file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt",base64_decode($backend['dcert']));
+ $cert = lookup_cert($backend['ssloffloadcert']);
+ $certcontent = base64_decode($cert['crt']).base64_decode($cert['prv']);
+ file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent);
+ unset($certcontent);
}else{
$ssl_info="";
unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt");
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php
index 1f6031c2..c5c41714 100644
--- a/config/haproxy-devel/haproxy_listeners.php
+++ b/config/haproxy-devel/haproxy_listeners.php
@@ -98,7 +98,7 @@ include("head.inc");
<tr>
<td>
<div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Name</td>
<td width="30%" class="listhdrr">Description</td>
@@ -153,6 +153,7 @@ include("head.inc");
</td>
</tr>
<?php $i++; endforeach; ?>
+ <tfoot>
<tr>
<td class="list" colspan="5"></td>
<td class="list">
@@ -163,6 +164,7 @@ include("head.inc");
</table>
</td>
</tr>
+ </tfoot>
</table>
</div>
</table>
diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php
index b0207421..0c39ac7f 100644
--- a/config/haproxy-devel/haproxy_listeners_edit.php
+++ b/config/haproxy-devel/haproxy_listeners_edit.php
@@ -33,6 +33,78 @@
require("guiconfig.inc");
require_once("haproxy.inc");
+function get_certificat_usage($refid) {
+ $usage = array();
+ $cert = lookup_cert($refid);
+ if (is_cert_revoked($cert))
+ $usage[] = "Revoked";
+ if (is_webgui_cert($refid))
+ $usage[] = "webConfigurator";
+ if (is_user_cert($refid))
+ $usage[] = "User Cert";
+ if (is_openvpn_server_cert($refid))
+ $usage[] = "OpenVPN Server";
+ if (is_openvpn_client_cert($refid))
+ $usage[] = "OpenVPN Client";
+ if (is_ipsec_cert($cert['refid']))
+ $usage[] = "IPsec Tunnel";
+ if (is_captiveportal_cert($refid))
+ $usage[] = "Captive Portal";
+
+ return $usage;
+}
+
+/// This function (is intendet to) provides a uniform way to retrieve a list of use selectable certificates
+function get_certificates_server($get_includeWebCert=false) {
+ global $config;
+ $certificates=array();
+ $a_cert = &$config['cert'];
+ foreach ($a_cert as $cert)
+ {
+ if ($get_ca == false && is_webgui_cert($cert['refid']))
+ continue;
+
+ $selected = "";
+ $caname = "";
+ $inuse = "";
+ $revoked = "";
+ $ca = lookup_ca($cert['caref']);
+ if ($ca)
+ $caname = " (CA: {$ca['descr']})";
+ if ($pconfig['certref'] == $cert['refid'])
+ $selected = "selected";
+ if (cert_in_use($cert['refid']))
+ $inuse = " *In Use";
+ if (is_cert_revoked($cert))
+ $revoked = " *Revoked";
+
+ $usagestr="";
+ $usage = get_certificat_usage($cert['refid']);
+ foreach($usage as $use){
+ $usagestr .= " " . $use;
+ }
+ if ($usagestr != "")
+ $usagestr = " (".trim($usagestr).")";
+
+ $certificates[$cert['refid']] = $cert['descr'] . $caname . $inuse . $revoked . $usagestr;
+ }
+ return $certificates;
+}
+
+function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="")
+{
+ if (count($keyvaluelist)>0){
+ echo "<select name=\"$name\" class=\"formselect\">";
+ foreach($keyvaluelist as $key => $desc){
+ $selectedhtml = $key == $selected ? "selected" : "";
+ echo "<option value=\"{$key}\" {$selectedhtml}>{$desc}</option>";
+ }
+ echo "</select>";
+ } else {
+ echo $listEmptyMessage;
+ }
+}
+
function haproxy_acl_select($mode) {
global $a_acltypes;
@@ -66,25 +138,11 @@ if (isset($id) && $a_backend[$id]) {
$pconfig['name'] = $a_backend[$id]['name'];
$pconfig['desc'] = $a_backend[$id]['desc'];
$pconfig['status'] = $a_backend[$id]['status'];
- $pconfig['connection_timeout'] = $a_backend[$id]['connection_timeout'];
- $pconfig['server_timeout'] = $a_backend[$id]['server_timeout'];
- $pconfig['retries'] = $a_backend[$id]['retries'];
$pconfig['type'] = $a_backend[$id]['type'];
- $pconfig['balance'] = $a_backend[$id]['balance'];
$pconfig['forwardfor'] = $a_backend[$id]['forwardfor'];
$pconfig['httpclose'] = $a_backend[$id]['httpclose'];
-
- $pconfig['stats_enabled'] = $a_backend[$id]['stats_enabled'];
- $pconfig['stats_username'] = $a_backend[$id]['stats_username'];
- $pconfig['stats_password'] = $a_backend[$id]['stats_password'];
- $pconfig['stats_uri'] = $a_backend[$id]['stats_uri'];
- $pconfig['stats_realm'] = $a_backend[$id]['stats_realm'];
- $pconfig['stats_node_enabled'] = $a_backend[$id]['stats_node_enabled'];
- $pconfig['stats_node'] = $a_backend[$id]['stats_node'];
- $pconfig['stats_desc'] = $a_backend[$id]['stats_desc'];
- $pconfig['stats_refresh'] = $a_backend[$id]['stats_refresh'];
$pconfig['type'] = $a_backend[$id]['type'];
$pconfig['extaddr'] = $a_backend[$id]['extaddr'];
@@ -92,10 +150,9 @@ if (isset($id) && $a_backend[$id]) {
$pconfig['max_connections'] = $a_backend[$id]['max_connections'];
$pconfig['client_timeout'] = $a_backend[$id]['client_timeout'];
$pconfig['port'] = $a_backend[$id]['port'];
- $pconfig['svrport'] = $a_backend[$id]['svrport'];
$pconfig['a_acl']=&$a_backend[$id]['ha_acls']['item'];
$pconfig['advanced'] = base64_decode($a_backend[$id]['advanced']);
- $pconfig['dcert'] = base64_decode($a_backend[$id]['dcert']);
+ $pconfig['ssloffloadcert'] = $a_backend[$id]['ssloffloadcert'];
$pconfig['dcertadv'] = $a_backend[$id]['dcertadv'];
$pconfig['ssloffload'] = $a_backend[$id]['ssloffload'];
}
@@ -112,39 +169,13 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- if ($_POST['stats_enabled']) {
- $reqdfields = explode(" ", "name connection_timeout server_timeout stats_username stats_password stats_uri stats_realm");
- $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout,Stats Username,Stats Password,Stats Uri,Stats Realm");
- } else {
- $reqdfields = explode(" ", "name connection_timeout server_timeout");
- $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout");
- }
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- $reqdfields = explode(" ", "name type port max_connections client_timeout");
- $reqdfieldsn = explode(",", "Name,Type,Port,Max connections,Client timeout");
-
+ $reqdfields = explode(" ", "name type port max_connections");
+ $reqdfieldsn = explode(",", "Name,Type,Port,Max connections");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name']))
$input_errors[] = "The field 'Name' contains invalid characters.";
- if (!is_numeric($_POST['connection_timeout']))
- $input_errors[] = "The field 'Connection timeout' value is not a number.";
-
- if (!is_numeric($_POST['server_timeout']))
- $input_errors[] = "The field 'Server timeout' value is not a number.";
-
- if (!$_POST['retries'] && is_numeric($_POST['retries']))
- $input_errors[] = "The field 'Retries' value is not a number.";
-
- if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username']))
- $input_errors[] = "The field 'Stats Username' contains invalid characters.";
-
- if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password']))
- $input_errors[] = "The field 'Stats Password' contains invalid characters.";
-
if (!is_numeric($_POST['max_connections']))
$input_errors[] = "The field 'Max connections' value is not a number.";
@@ -208,32 +239,18 @@ if ($_POST) {
update_if_changed("name", $backend['name'], $_POST['name']);
update_if_changed("description", $backend['desc'], $_POST['desc']);
update_if_changed("status", $backend['status'], $_POST['status']);
- update_if_changed("connection_timeout", $backend['connection_timeout'], $_POST['connection_timeout']);
- update_if_changed("server_timeout", $backend['server_timeout'], $_POST['server_timeout']);
- update_if_changed("retries", $backend['retries'], $_POST['retries']);
update_if_changed("type", $backend['type'], $_POST['type']);
- update_if_changed("balance", $backend['balance'], $_POST['balance']);
update_if_changed("cookie_name", $backend['cookie_name'], $_POST['cookie_name']);
update_if_changed("forwardfor", $backend['forwardfor'], $_POST['forwardfor']);
update_if_changed("httpclose", $backend['httpclose'], $_POST['httpclose']);
- update_if_changed("stats_enabled", $backend['stats_enabled'], $_POST['stats_enabled']);
- update_if_changed("stats_username", $backend['stats_username'], $_POST['stats_username']);
- update_if_changed("stats_password", $backend['stats_password'], $_POST['stats_password']);
- update_if_changed("stats_uri", $backend['stats_uri'], $_POST['stats_uri']);
- update_if_changed("stats_realm", $backend['stats_realm'], $_POST['stats_realm']);
- update_if_changed("stats_node_enabled", $backend['stats_node_enabled'], $_POST['stats_node_enabled']);
- update_if_changed("stats_node", $backend['stats_node'], $_POST['stats_node']);
- update_if_changed("stats_desc", $backend['stats_desc'], $_POST['stats_desc']);
- update_if_changed("stats_refresh", $backend['stats_refresh'], $_POST['stats_refresh']);
update_if_changed("type", $backend['type'], $_POST['type']);
update_if_changed("port", $backend['port'], $_POST['port']);
- update_if_changed("svrport", $backend['svrport'], $_POST['svrport']);
update_if_changed("extaddr", $backend['extaddr'], $_POST['extaddr']);
update_if_changed("backend_serverpool", $backend['backend_serverpool'], $_POST['backend_serverpool']);
update_if_changed("max_connections", $backend['max_connections'], $_POST['max_connections']);
update_if_changed("client_timeout", $backend['client_timeout'], $_POST['client_timeout']);
update_if_changed("advanced", $backend['advanced'], base64_encode($_POST['advanced']));
- update_if_changed("dcert", $backend['dcert'], base64_encode($_POST['dcert']));
+ update_if_changed("ssloffloadcert", $backend['ssloffloadcert'], $_POST['ssloffloadcert']);
update_if_changed("dcertadv", $backend['dcertadv'], $_POST['dcertadv']);
update_if_changed("ssloffload", $backend['ssloffload'], $_POST['ssloffload']);
$backend['ha_acls']['item'] = $a_acl;
@@ -263,7 +280,12 @@ include("head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()">
+ <style type="text/css">
+ .haproxy_mode_http{display:none;}
+ .haproxy_ssloffloading_enabled{display:none;}
+ </style>
+
<?php if($one_two): ?>
<script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script>
<script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script>
@@ -411,45 +433,35 @@ include("head.inc");
rowtype[2] = "textbox";
rowsize[2] = "35";
- function toggle_stats() {
- var stats_enabled=document.getElementById('stats_enabled');
- var stats_realm_row=document.getElementById('stats_realm_row');
- var stats_username_row=document.getElementById('stats_username_row');
- var stats_password_row=document.getElementById('stats_password_row');
- var stats_uri_row=document.getElementById('stats_uri_row');
- var stats_node_enabled_row=document.getElementById('stats_node_enabled_row');
- var stats_node_row=document.getElementById('stats_node_row');
- var stats_desc_row=document.getElementById('stats_desc_row');
- var stats_refresh_row=document.getElementById('stats_refresh_row');
-
- if (stats_enabled.checked) {
- stats_realm_row.style.display='';
- stats_username_row.style.display='';
- stats_password_row.style.display='';
- stats_uri_row.style.display='';
- stats_node_enabled_row.style.display='';
- stats_node_row.style.display='';
- stats_desc_row.style.display='';
- stats_refresh_row.style.display='';
- } else {
- stats_realm_row.style.display='none';
- stats_username_row.style.display='none';
- stats_password_row.style.display='none';
- stats_uri_row.style.display='none';
- stats_node_enabled_row.style.display='none';
- stats_node_row.style.display='none';
- stats_desc_row.style.display='none';
- stats_refresh_row.style.display='none';
+ function setCSSdisplay(cssID, display)
+ {
+ var ss = document.styleSheets;
+ for (var i=0; i<ss.length; i++) {
+ var rules = ss[i].cssRules || ss[i].rules;
+ for (var j=0; j<rules.length; j++) {
+ if (rules[j].selectorText === cssID) {
+ rules[j].style.display = display ? "" : "none";
+ }
+ }
}
}
+
+ function updatevisibility()
+ {
+ setCSSdisplay(".haproxy_ssloffloading_enabled", ssloffload.checked);
+ setCSSdisplay(".haproxy_mode_http", type.value == "http");
+ }
+
function type_change() {
var type, d, i, j, el, row;
var count = <?=count($a_acltypes);?>;
var acl = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['name']."'," ?> ];
var mode = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['mode']."'," ?> ];
- d = document;
+ d = document;
type = d.getElementById("type").value;
+
+
for (i = 0; i < 99; i++) {
el = d.getElementById("acl_expression" + i);
row = d.getElementById("aclrow" + i);
@@ -465,6 +477,7 @@ include("head.inc");
}
}
}
+ updatevisibility();
}
</script>
<?php include("fbegin.inc"); ?>
@@ -473,6 +486,7 @@ include("head.inc");
<p class="pgtitle"><?=$pgtitle?></p>
<?php endif; ?>
<form action="haproxy_listeners_edit.php" method="post" name="iform" id="iform">
+ <div class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="top" class="listtopic">Edit haproxy listener</td>
@@ -549,13 +563,6 @@ include("head.inc");
?>
</select>
<tr align="left">
- <td width="22%" valign="top" class="vncell">Server Port</td>
- <td width="78%" class="vtable" colspan="2">
- <input name="svrport" type="text" <?if(isset($pconfig['svrport'])) echo "value=\"{$pconfig['svrport']}\"";?> size="10" maxlength="10">
- <div>The default server port.</div>
- </td>
- </tr>
- <tr align="left">
<td width="22%" valign="top" class="vncellreq">Type</td>
<td width="78%" class="vtable" colspan="2">
<select name="type" id="type" onchange="type_change();">
@@ -619,7 +626,7 @@ include("head.inc");
<a onclick="javascript:addRowTo('acltable'); return false;" href="#">
<img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" />
</a><br/>
- For more information about ACL's please see <a href='http://haproxy.1wt.eu/download/1.3/doc/configuration.txt' target='_new'>HAProxy Documentation</a> Section 7 - Using ACL's
+ For more information about ACL's please see <a href='http://haproxy.1wt.eu/download/1.5/doc/configuration.txt' target='_new'>HAProxy Documentation</a> Section 7 - Using ACL's
</td>
</tr>
</table>
@@ -629,235 +636,88 @@ include("head.inc");
<td colspan="2" valign="top" class="listtopic">Advanced settings</td>
</tr>
<tr align="left">
- <td width="22%" valign="top" class="vncellreq">Connection timeout</td>
+ <td width="22%" valign="top" class="vncellreq">Max connections</td>
<td width="78%" class="vtable" colspan="2">
- <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64">
- <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div>
+ <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10">
</td>
</tr>
<tr align="left">
- <td width="22%" valign="top" class="vncellreq">Server timeout</td>
+ <td width="22%" valign="top" class="vncellreq">Client timeout</td>
<td width="78%" class="vtable" colspan="2">
- <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64">
- <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div>
+ <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10">
+ <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div>
</td>
</tr>
<tr align="left">
- <td width="22%" valign="top" class="vncell">Retries</td>
+ <td width="22%" valign="top" class="vncell">Use 'forwardfor' option</td>
<td width="78%" class="vtable" colspan="2">
- <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="64">
- <div>After a connection failure to a server, it is possible to retry, potentially
-on another server. This is useful if health-checks are too rare and you don't
-want the clients to see the failures. The number of attempts to reconnect is
-set by the 'retries' parameter (2).</div>
+ <input id="forwardfor" name="forwardfor" type="checkbox" value="yes" <?php if ($pconfig['forwardfor']=='yes') echo "checked"; ?>>
+ <br/>
+ The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which
+ contains the client's IP address. This is useful to let the final web server
+ know what the client address was (eg for statistics on domains)
</td>
</tr>
<tr align="left">
- <td width="22%" valign="top" class="vncellreq">Balance</td>
+ <td width="22%" valign="top" class="vncell">Use 'httpclose' option</td>
<td width="78%" class="vtable" colspan="2">
- <table width="100%">
- <tr>
- <td width="20%" valign="top">
- <input type="radio" name="balance" id="balance" value="roundrobin"<?php if($pconfig['balance'] == "roundrobin") echo " CHECKED"; ?>>Round robin</input>
- </td>
- <td>
- Each server is used in turns, according to their weights.
- This is the smoothest and fairest algorithm when the server's
- processing time remains equally distributed. This algorithm
- is dynamic, which means that server weights may be adjusted
- on the fly for slow starts for instance.
- </td>
- </tr>
- <tr>
- <td width="20%" valign="top">
- <input type="radio" name="balance" id="balance" value="static-rr"<?php if($pconfig['balance'] == "static-rr") echo " CHECKED"; ?>>Static Round Robin</input>
- </td>
- <td>
- Each server is used in turns, according to their weights.
- This algorithm is as similar to roundrobin except that it is
- static, which means that changing a server's weight on the
- fly will have no effect. On the other hand, it has no design
- limitation on the number of servers, and when a server goes
- up, it is always immediately reintroduced into the farm, once
- the full map is recomputed. It also uses slightly less CPU to
- run (around -1%).
- </td>
- </tr>
- <tr>
- <td width="20%" valign="top">
- <input type="radio" name="balance" id="balance" value="leastconn"<?php if($pconfig['balance'] == "leastconn") echo " CHECKED"; ?>>Least Connections</input>
- </td>
- <td>
- The server with the lowest number of connections receives the
- connection. Round-robin is performed within groups of servers
- of the same load to ensure that all servers will be used. Use
- of this algorithm is recommended where very long sessions are
- expected, such as LDAP, SQL, TSE, etc... but is not very well
- suited for protocols using short sessions such as HTTP. This
- algorithm is dynamic, which means that server weights may be
- adjusted on the fly for slow starts for instance.
- </td>
- </tr>
- <tr><td valign="top"><input type="radio" name="balance" id="balance" value="source"<?php if($pconfig['balance'] ==
-"source") echo " CHECKED"; ?>>Source</input></td><td>
- The source IP address is hashed and divided by the total
- weight of the running servers to designate which server will
- receive the request. This ensures that the same client IP
- address will always reach the same server as long as no
- server goes down or up. If the hash result changes due to the
- number of running servers changing, many clients will be
- directed to a different server. This algorithm is generally
- used in TCP mode where no cookie may be inserted. It may also
- be used on the Internet to provide a best-effort stickyness
- to clients which refuse session cookies. This algorithm is
- static, which means that changing a server's weight on the
- fly will have no effect.
- </td>
- </tr>
- </table>
+ <input id="httpclose" name="httpclose" type="checkbox" value="yes" <?php if ($pconfig['httpclose']=='yes') echo "checked"; ?>>
+ <br/>
+ The 'httpclose' option removes any 'Connection' header both ways, and
+ adds a 'Connection: close' header in each direction. This makes it easier to
+ disable HTTP keep-alive than the previous 4-rules block.
</td>
</tr>
<tr align="left">
- <td width="22%" valign="top" class="vncell">Stats Enabled</td>
+ <td width="22%" valign="top" class="vncell">Advanced pass thru</td>
<td width="78%" class="vtable" colspan="2">
- <input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='toggle_stats();'><br/>
- EXAMPLE: haproxystats
- </td>
- </tr>
- <tr align="left" id='stats_realm_row' name='stats_realm_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>>
- <td width="22%" valign="top" class="vncellreq">Stats Realm</td>
- <td width="78%" class="vtable" colspan="2">
- <input id="stats_realm" name="stats_realm" type="text" <?if(isset($pconfig['stats_realm'])) echo "value=\"{$pconfig['stats_realm']}\"";?> size="64">
- </td>
- </tr>
- <tr align="left" id='stats_uri_row' name='stats_uri_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>>
- <td width="22%" valign="top" class="vncellreq">Stats Uri</td>
- <td width="78%" class="vtable" colspan="2">
- <input id="stats_uri" name="stats_uri" type="text" <?if(isset($pconfig['stats_uri'])) echo "value=\"{$pconfig['stats_uri']}\"";?> size="64"><br/>
- EXAMPLE: /haproxy?stats
+ <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea>
+ <br/>
+ NOTE: paste text into this box that you would like to pass thru.
</td>
</tr>
- <tr align="left" id='stats_username_row' name='stats_username_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>>
- <td width="22%" valign="top" class="vncellreq">Stats Username</td>
- <td width="78%" class="vtable" colspan="2">
- <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"{$pconfig['stats_username']}\"";?> size="64">
- </td>
+ </table>
+ <br/>&nbsp;<br/>
+<?
+ global $haproxy_sni_ssloffloading;
+ if ($haproxy_sni_ssloffloading):
+?>
+ <table class="haproxy_mode_http" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">SSL Offloading</td>
</tr>
-
- <tr align="left" id='stats_password_row' name='stats_password_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>>
- <td width="22%" valign="top" class="vncellreq">Stats Password</td>
+ <tr align="left">
+ <td width="22%" valign="top" class="vncell">Use Offloading</td>
<td width="78%" class="vtable" colspan="2">
- <input id="stats_password" name="stats_password" type="password" <?if(isset($pconfig['stats_password'])) echo "value=\"{$pconfig['stats_password']}\"";?> size="64">
+ <input id="ssloffload" name="ssloffload" type="checkbox" value="yes" <?php if ($pconfig['ssloffload']=='yes') echo "checked";?> onclick="updatevisibility();"><strong>Use Offloading</strong></input>
<br/>
+ The SSL Offloading will reduce web servers load by encrypt data to users on internet and send it without encrytion to internal servers.
</td>
</tr>
- <tr align="left" id='stats_node_enabled_row' name='stats_node_enabled_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>>
- <td width="22%" valign="top" class="vncell">Stats Enable Node Name</td>
+ <tr class="haproxy_ssloffloading_enabled" align="left">
+ <td width="22%" valign="top" class="vncell">Certificate</td>
<td width="78%" class="vtable" colspan="2">
- <input id="stats_node_enabled" name="stats_node_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_node_enabled']=='yes') echo "checked"; ?>>
+ <?
+ $servercerts = get_certificates_server();
+ echo_html_select("ssloffloadcert", $servercerts, $pconfig['ssloffloadcert'], '<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a>.');
+ ?>
<br/>
+ NOTE: choose the cert to use on this frontend.
</td>
</tr>
- <tr align="left" id='stats_node_row' name='stats_node_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>>
- <td width="22%" valign="top" class="vncell">Stats Node</td>
+ <tr class="haproxy_ssloffloading_enabled" align="left">
+ <td width="22%" valign="top" class="vncell">Advanced ssl options</td>
<td width="78%" class="vtable" colspan="2">
- <input id="stats_node" name="stats_node" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_node']}\"";?> size="64"><br/>
- The node name is displayed in the stats and helps to differentiate which server in a cluster is actually serving clients.<br/>
- Leave blank to use the system name.
- </td>
- </tr>
- <tr align="left" id='stats_desc_row' name='stats_desc_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>>
- <td width="22%" valign="top" class="vncell">Stats Description</td>
- <td width="78%" class="vtable" colspan="2">
- <input id="stats_desc" name="stats_desc" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_desc']}\"";?> size="64"><br/>
- </td>
- </tr>
- <tr align="left" id='stats_refresh_row' name='stats_refresh_row' <?if ($pconfig['stats_enabled']!='yes') echo "style=\"display: none;\"";?>>
- <td width="22%" valign="top" class="vncell">Stats Refresh</td>
- <td width="78%" class="vtable" colspan="2">
- <input id="stats_refresh" name="stats_refresh" type="text" <?if(isset($pconfig['stats_refresh'])) echo "value=\"{$pconfig['stats_refresh']}\"";?> size="10" maxlength="30"><br/>
- Specify the refresh rate of the stats page in seconds, or specified time unit (us, ms, s, m, h, d).
+ <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64">
+ <br/>
+ NOTE: Paste additional ssl options(without commas) to include on ssl listening options.<br>
+ some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
</td>
</tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncellreq">Max connections</td>
- <td width="78%" class="vtable" colspan="2">
- <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10">
- </td>
- </tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncellreq">Client timeout</td>
- <td width="78%" class="vtable" colspan="2">
- <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10">
- <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div>
- </td>
- </tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncell">Use 'forwardfor' option</td>
- <td width="78%" class="vtable" colspan="2">
- <input id="forwardfor" name="forwardfor" type="checkbox" value="yes" <?php if ($pconfig['forwardfor']=='yes') echo "checked"; ?>>
- <br/>
- The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which
- contains the client's IP address. This is useful to let the final web server
- know what the client address was (eg for statistics on domains)
- </td>
- </tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncell">Use 'httpclose' option</td>
- <td width="78%" class="vtable" colspan="2">
- <input id="httpclose" name="httpclose" type="checkbox" value="yes" <?php if ($pconfig['httpclose']=='yes') echo "checked"; ?>>
- <br/>
- The 'httpclose' option removes any 'Connection' header both ways, and
- adds a 'Connection: close' header in each direction. This makes it easier to
- disable HTTP keep-alive than the previous 4-rules block.
- </td>
- </tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncell">Advanced pass thru</td>
- <td width="78%" class="vtable" colspan="2">
- <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea>
- <br/>
- NOTE: paste text into this box that you would like to pass thru.
- </td>
- </tr>
- </table>
- <br/>&nbsp;<br/>
-<?
- global $haproxy_sni_ssloffloading;
- if ($haproxy_sni_ssloffloading):
-?>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td colspan="2" valign="top" class="listtopic">SSL Offloading</td>
+ <td>&nbsp;</td>
</tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncell">Use Offloading</td>
- <td width="78%" class="vtable" colspan="2">
- <input id="ssloffload" name="ssloffload" type="checkbox" value="yes" <?php if ($pconfig['ssloffload']=='yes') echo "checked"; ?>>
- <br/>
- The SSL Offloading will reduce web servers load by encrypt data to users on internet and send it without encrytion to internal servers.
- </td>
- </tr>
- </tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncell">cert</td>
- <td width="78%" class="vtable" colspan="2">
- <textarea name='dcert' rows="8" cols="70" id='dcert'><?php echo $pconfig['dcert']; ?></textarea>
- <br/>
- NOTE: paste cert and rsa key to use on this frontend.
- </td>
- </tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncell">Advanced ssl options</td>
- <td width="78%" class="vtable" colspan="2">
- <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64">
- <br/>
- NOTE: Paste additional ssl options(without commas) to include on ssl listening options.<br>
- some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
- </td>
- </tr>
</table>
- <br/>&nbsp;<br/>
<?
endif;
?>
@@ -878,6 +738,7 @@ set by the 'retries' parameter (2).</div>
</td>
</tr>
</table>
+ </div>
</form>
<br>
<script type="text/javascript">
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index 4560bea2..6720122b 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -47,6 +47,9 @@ else
if (isset($_GET['dup']))
$id = $_GET['dup'];
+global $simplefields;
+$simplefields = array("retries","balance","connection_timeout","server_timeout", "stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_node_enabled","stats_node","stats_desc","stats_refresh");
+
if (isset($id) && $a_pools[$id]) {
$pconfig['name'] = $a_pools[$id]['name'];
$pconfig['checkinter'] = $a_pools[$id]['checkinter'];
@@ -54,6 +57,9 @@ if (isset($id) && $a_pools[$id]) {
$pconfig['cookie'] = $a_pools[$id]['cookie'];
$pconfig['advanced'] = base64_decode($a_pools[$id]['advanced']);
$pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item'];
+
+ foreach($simplefields as $stat)
+ $pconfig[$stat] = $a_pools[$id][$stat];
}
if (isset($_GET['dup']))
@@ -70,11 +76,31 @@ if ($_POST) {
$reqdfields = explode(" ", "name");
$reqdfieldsn = explode(",", "Name");
-
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ if ($_POST['stats_enabled']) {
+ $reqdfields = explode(" ", "name stats_username stats_password stats_uri stats_realm");
+ $reqdfieldsn = explode(",", "Name,Stats Username,Stats Password,Stats Uri,Stats Realm");
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ }
+
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name']))
$input_errors[] = "The field 'Name' contains invalid characters.";
+
+ if (!is_numeric($_POST['connection_timeout']))
+ $input_errors[] = "The field 'Connection timeout' value is not a number.";
+
+ if (!is_numeric($_POST['server_timeout']))
+ $input_errors[] = "The field 'Server timeout' value is not a number.";
+
+ if (!$_POST['retries'] && is_numeric($_POST['retries']))
+ $input_errors[] = "The field 'Retries' value is not a number.";
+
+ if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username']))
+ $input_errors[] = "The field 'Stats Username' contains invalid characters.";
+
+ if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password']))
+ $input_errors[] = "The field 'Stats Password' contains invalid characters.";
/* Ensure that our pool names are unique */
for ($i=0; isset($config['installedpackages']['haproxy']['ha_pools']['item'][$i]); $i++)
@@ -149,6 +175,10 @@ if ($_POST) {
update_if_changed("checkinter", $pool['checkinter'], $_POST['checkinter']);
update_if_changed("monitor_uri", $pool['monitor_uri'], $_POST['monitor_uri']);
+ global $simplefields;
+ foreach($simplefields as $stat)
+ update_if_changed($stat, $pool[$stat], $_POST[$stat]);
+
if (isset($id) && $a_pools[$id]) {
$a_pools[$id] = $pool;
} else {
@@ -175,7 +205,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
if(strstr($pfSversion, "1.2"))
$one_two = true;
-$pgtitle = "HAProxy: pool: Edit";
+$pgtitle = "HAProxy: Backend: Edit";
include("head.inc");
row_helper();
@@ -184,16 +214,37 @@ row_helper();
<input type='hidden' name='address_type' value='textbox' />
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<script type="text/javascript" language="javascript" src="pool.js"></script>
-
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()">
+ <style type="text/css">
+ .haproxy_stats_visible{display:none;}
+ </style>
<script language="javascript">
-function clearcombo(){
- for (var i=document.iform.serversSelect.options.length-1; i>=0; i--){
- document.iform.serversSelect.options[i] = null;
- }
- document.iform.serversSelect.selectedIndex = -1;
-}
+ function clearcombo(){
+ for (var i=document.iform.serversSelect.options.length-1; i>=0; i--){
+ document.iform.serversSelect.options[i] = null;
+ }
+ document.iform.serversSelect.selectedIndex = -1;
+ }
+
+ function setCSSdisplay(cssID, display)
+ {
+ var ss = document.styleSheets;
+ for (var i=0; i<ss.length; i++) {
+ var rules = ss[i].cssRules || ss[i].rules;
+ for (var j=0; j<rules.length; j++) {
+ if (rules[j].selectorText === cssID) {
+ rules[j].style.display = display ? "" : "none";
+ }
+ }
+ }
+ }
+
+ function updatevisibility()
+ {
+ setCSSdisplay(".haproxy_stats_visible", stats_enabled.checked);
+ }
+
+
</script>
<script type="text/javascript">
rowname[0] = "server_name";
@@ -218,6 +269,7 @@ function clearcombo(){
<p class="pgtitle"><?=$pgtitle?></p>
<?php endif; ?>
<form action="haproxy_pool_edit.php" method="post" name="iform" id="iform">
+ <div class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="top" class="listtopic">Edit HAProxy pool</td>
@@ -248,11 +300,11 @@ function clearcombo(){
<td width="78%" class="vtable" colspan="2" valign="top">
<table class="" width="100%" cellpadding="0" cellspacing="0" id='servertable'>
<tr>
- <td width="30%" class="">Name</td>
- <td width="30%" class="">Address</td>
- <td width="18%" class="">Port</td>
- <td width="18%" class="">Weight</td>
- <td width="5%" class="">Backup</td>
+ <td width="30%" class="listhdrr">Name</td>
+ <td width="30%" class="listhdrr">Address</td>
+ <td width="18%" class="listhdrr">Port</td>
+ <td width="18%" class="listhdrr">Weight</td>
+ <td width="5%" class="listhdr">Backup</td>
<td width="4%" class=""></td>
</tr>
<?php
@@ -266,11 +318,11 @@ function clearcombo(){
foreach ($a_servers as $server) {
?>
<tr id="tr_view_<?=$counter;?>" name="tr_view_<?=$counter;?>">
- <td class="vtable"><?=$server['name']; ?></td>
- <td class="vtable"><?=$server['address']; ?></td>
- <td class="vtable"><?=$server['port']; ?></td>
- <td class="vtable"><?=$server['weight']; ?></td>
- <td class="vtable"><?=$server['backup']; ?></td>
+ <td class="vtable listlr"><?=$server['name']; ?></td>
+ <td class="vtable listr"><?=$server['address']; ?></td>
+ <td class="vtable listr"><?=$server['port']; ?></td>
+ <td class="vtable listr"><?=$server['weight']; ?></td>
+ <td class="vtable listr"><?=$server['backup']; ?></td>
<td class="list">
<table border="0" cellspacing="0" cellpadding="1"><tr>
<td valign="middle">
@@ -313,6 +365,71 @@ function clearcombo(){
</td>
</tr>
<tr align="left">
+ <td width="22%" valign="top" class="vncellreq">Balance</td>
+ <td width="78%" class="vtable" colspan="2">
+ <table width="100%">
+ <tr>
+ <td width="20%" valign="top">
+ <input type="radio" name="balance" id="balance" value="roundrobin"<?php if($pconfig['balance'] == "roundrobin") echo " CHECKED"; ?>>Round robin</input>
+ </td>
+ <td>
+ Each server is used in turns, according to their weights.
+ This is the smoothest and fairest algorithm when the server's
+ processing time remains equally distributed. This algorithm
+ is dynamic, which means that server weights may be adjusted
+ on the fly for slow starts for instance.
+ </td>
+ </tr>
+ <tr>
+ <td width="20%" valign="top">
+ <input type="radio" name="balance" id="balance" value="static-rr"<?php if($pconfig['balance'] == "static-rr") echo " CHECKED"; ?>>Static Round Robin</input>
+ </td>
+ <td>
+ Each server is used in turns, according to their weights.
+ This algorithm is as similar to roundrobin except that it is
+ static, which means that changing a server's weight on the
+ fly will have no effect. On the other hand, it has no design
+ limitation on the number of servers, and when a server goes
+ up, it is always immediately reintroduced into the farm, once
+ the full map is recomputed. It also uses slightly less CPU to
+ run (around -1%).
+ </td>
+ </tr>
+ <tr>
+ <td width="20%" valign="top">
+ <input type="radio" name="balance" id="balance" value="leastconn"<?php if($pconfig['balance'] == "leastconn") echo " CHECKED"; ?>>Least Connections</input>
+ </td>
+ <td>
+ The server with the lowest number of connections receives the
+ connection. Round-robin is performed within groups of servers
+ of the same load to ensure that all servers will be used. Use
+ of this algorithm is recommended where very long sessions are
+ expected, such as LDAP, SQL, TSE, etc... but is not very well
+ suited for protocols using short sessions such as HTTP. This
+ algorithm is dynamic, which means that server weights may be
+ adjusted on the fly for slow starts for instance.
+ </td>
+ </tr>
+ <tr><td valign="top"><input type="radio" name="balance" id="balance" value="source"<?php if($pconfig['balance'] ==
+"source") echo " CHECKED"; ?>>Source</input></td><td>
+ The source IP address is hashed and divided by the total
+ weight of the running servers to designate which server will
+ receive the request. This ensures that the same client IP
+ address will always reach the same server as long as no
+ server goes down or up. If the hash result changes due to the
+ number of running servers changing, many clients will be
+ directed to a different server. This algorithm is generally
+ used in TCP mode where no cookie may be inserted. It may also
+ be used on the Internet to provide a best-effort stickyness
+ to clients which refuse session cookies. This algorithm is
+ static, which means that changing a server's weight on the
+ fly will have no effect.
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr align="left">
<td width="22%" valign="top" class="vncell">Check freq</td>
<td width="78%" class="vtable" colspan="2">
<input name="checkinter" type="text" <?if(isset($pconfig['checkinter'])) echo "value=\"{$pconfig['checkinter']}\"";?>size="20"> milliseconds
@@ -334,6 +451,106 @@ function clearcombo(){
NOTE: paste text into this box that you would like to pass thru.
</td>
</tr>
+ </table>
+ <br/>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Advanced settings</td>
+ </tr>
+ <tr align="left">
+ <td width="22%" valign="top" class="vncellreq">Connection timeout</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64">
+ <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div>
+ </td>
+ </tr>
+ <tr align="left">
+ <td width="22%" valign="top" class="vncellreq">Server timeout</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64">
+ <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div>
+ </td>
+ </tr>
+ <tr align="left">
+ <td width="22%" valign="top" class="vncell">Retries</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="64">
+ <div>After a connection failure to a server, it is possible to retry, potentially
+on another server. This is useful if health-checks are too rare and you don't
+want the clients to see the failures. The number of attempts to reconnect is
+set by the 'retries' parameter.</div>
+ </td>
+ </tr>
+ </table>
+ <br/>&nbsp;<br/>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Statistics</td>
+ </tr>
+ <tr align="left">
+ <td width="22%" valign="top" class="vncell">Stats Enabled</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();'>
+ </td>
+ </tr>
+ <tr class="haproxy_stats_visible" align="left" id='stats_realm_row' name='stats_realm_row'>
+ <td width="22%" valign="top" class="vncellreq">Stats Realm</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_realm" name="stats_realm" type="text" <?if(isset($pconfig['stats_realm'])) echo "value=\"{$pconfig['stats_realm']}\"";?> size="64"><br/>
+ EXAMPLE: haproxystats
+ </td>
+ </tr>
+ <tr class="haproxy_stats_visible" align="left" id='stats_uri_row' name='stats_uri_row'>
+ <td width="22%" valign="top" class="vncellreq">Stats Uri</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_uri" name="stats_uri" type="text" <?if(isset($pconfig['stats_uri'])) echo "value=\"{$pconfig['stats_uri']}\"";?> size="64"><br/>
+ EXAMPLE: /haproxy?stats
+ </td>
+ </tr>
+ <tr class="haproxy_stats_visible" align="left" id='stats_username_row' name='stats_username_row'>
+ <td width="22%" valign="top" class="vncellreq">Stats Username</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"{$pconfig['stats_username']}\"";?> size="64">
+ </td>
+ </tr>
+
+ <tr class="haproxy_stats_visible" align="left" id='stats_password_row' name='stats_password_row'>
+ <td width="22%" valign="top" class="vncellreq">Stats Password</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_password" name="stats_password" type="password" <?if(isset($pconfig['stats_password'])) echo "value=\"{$pconfig['stats_password']}\"";?> size="64">
+ <br/>
+ </td>
+ </tr>
+ <tr class="haproxy_stats_visible" align="left" id='stats_node_enabled_row' name='stats_node_enabled_row'>
+ <td width="22%" valign="top" class="vncell">Stats Enable Node Name</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_node_enabled" name="stats_node_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_node_enabled']=='yes') echo "checked"; ?>>
+ <br/>
+ </td>
+ </tr>
+ <tr class="haproxy_stats_visible" align="left" id='stats_node_row' name='stats_node_row'>
+ <td width="22%" valign="top" class="vncell">Stats Node</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_node" name="stats_node" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_node']}\"";?> size="64"><br/>
+ The node name is displayed in the stats and helps to differentiate which server in a cluster is actually serving clients.<br/>
+ Leave blank to use the system name.
+ </td>
+ </tr>
+ <tr class="haproxy_stats_visible" align="left" id='stats_desc_row' name='stats_desc_row'>
+ <td width="22%" valign="top" class="vncell">Stats Description</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_desc" name="stats_desc" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_desc']}\"";?> size="64"><br/>
+ </td>
+ </tr>
+ <tr class="haproxy_stats_visible" align="left" id='stats_refresh_row' name='stats_refresh_row'>
+ <td width="22%" valign="top" class="vncell">Stats Refresh</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="stats_refresh" name="stats_refresh" type="text" <?if(isset($pconfig['stats_refresh'])) echo "value=\"{$pconfig['stats_refresh']}\"";?> size="10" maxlength="30"><br/>
+ Specify the refresh rate of the stats page in seconds, or specified time unit (us, ms, s, m, h, d).
+ </td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr align="left">
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
@@ -345,6 +562,7 @@ function clearcombo(){
</td>
</tr>
</table>
+ </div>
</form>
<br>
<?php include("fend.inc"); ?>
diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php
index 52b7650d..bad4bf09 100644
--- a/config/haproxy-devel/haproxy_pools.php
+++ b/config/haproxy-devel/haproxy_pools.php
@@ -100,7 +100,7 @@ include("head.inc");
<tr>
<td>
<div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="30%" class="listhdrr">Name</td>
<td width="10%" class="listhdrr">Servers</td>
@@ -150,6 +150,7 @@ include("head.inc");
</td>
</tr>
<?php $i++; endforeach; ?>
+ <tfoot>
<tr>
<td class="list" colspan="3"></td>
<td class="list">
@@ -160,6 +161,7 @@ include("head.inc");
</table>
</td>
</tr>
+ </tfoot>
</table>
</div>
</table>