diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-01-07 20:22:00 -0500 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-01-07 20:22:00 -0500 |
| commit | a8b5c4c392069ab4c06c19d53d4dccf8c423a9ef (patch) | |
| tree | 7fdb7130a804f0191c22bababa62c44e2b88fb50 /config | |
| parent | 7234111aaac38d620a4e5356d212fa51e2591d8b (diff) | |
| parent | b1962cf93379b0f9f3dfbfa69cd67f19af7c1539 (diff) | |
| download | pfsense-packages-a8b5c4c392069ab4c06c19d53d4dccf8c423a9ef.tar.gz pfsense-packages-a8b5c4c392069ab4c06c19d53d4dccf8c423a9ef.tar.bz2 pfsense-packages-a8b5c4c392069ab4c06c19d53d4dccf8c423a9ef.zip | |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'config')
33 files changed, 2047 insertions, 925 deletions
diff --git a/config/apcupsd/apcupsd.conf.php b/config/apcupsd/apcupsd.conf.php new file mode 100644 index 00000000..6a19b915 --- /dev/null +++ b/config/apcupsd/apcupsd.conf.php @@ -0,0 +1,362 @@ +<?php +/* + apcupsd.conf.php + part of the apcupsd package for pfSense + Copyright (C) 2013 Danilo G. Baio <dbaio@bsd.com.br> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +// create apcupsd.conf +$apcupsdconf=<<<EOF +## apcupsd.conf v1.1 ## +# +# for apcupsd release 3.14.10 (13 September 2011) - freebsd +# +# "apcupsd" POSIX config file + +# +# ========= General configuration parameters ============ +# + +# UPSNAME xxx +# Use this to give your UPS a name in log files and such. This +# is particulary useful if you have multiple UPSes. This does not +# set the EEPROM. It should be 8 characters or less. +UPSNAME {$upsname} + +# UPSCABLE <cable> +# Defines the type of cable connecting the UPS to your computer. +# +# Possible generic choices for <cable> are: +# simple, smart, ether, usb +# +# Or a specific cable model number may be used: +# 940-0119A, 940-0127A, 940-0128A, 940-0020B, +# 940-0020C, 940-0023A, 940-0024B, 940-0024C, +# 940-1524C, 940-0024G, 940-0095A, 940-0095B, +# 940-0095C, M-04-02-2000 +# +UPSCABLE {$upscable} + +# To get apcupsd to work, in addition to defining the cable +# above, you must also define a UPSTYPE, which corresponds to +# the type of UPS you have (see the Description for more details). +# You must also specify a DEVICE, sometimes referred to as a port. +# For USB UPSes, please leave the DEVICE directive blank. For +# other UPS types, you must specify an appropriate port or address. +# +# UPSTYPE DEVICE Description +# apcsmart /dev/tty** Newer serial character device, appropriate for +# SmartUPS models using a serial cable (not USB). +# +# usb <BLANK> Most new UPSes are USB. A blank DEVICE +# setting enables autodetection, which is +# the best choice for most installations. +# +# net hostname:port Network link to a master apcupsd through apcupsd's +# Network Information Server. This is used if the +# UPS powering your computer is connected to a +# different computer for monitoring. +# +# snmp hostname:port:vendor:community +# SNMP network link to an SNMP-enabled UPS device. +# Hostname is the ip address or hostname of the UPS +# on the network. Vendor can be can be "APC" or +# "APC_NOTRAP". "APC_NOTRAP" will disable SNMP trap +# catching; you usually want "APC". Port is usually +# 161. Community is usually "private". +# +# netsnmp hostname:port:vendor:community +# OBSOLETE +# Same as SNMP above but requires use of the +# net-snmp library. Unless you have a specific need +# for this old driver, you should use 'snmp' instead. +# +# dumb /dev/tty** Old serial character device for use with +# simple-signaling UPSes. +# +# pcnet ipaddr:username:passphrase:port +# PowerChute Network Shutdown protocol which can be +# used as an alternative to SNMP with the AP9617 +# family of smart slot cards. ipaddr is the IP +# address of the UPS management card. username and +# passphrase are the credentials for which the card +# has been configured. port is the port number on +# which to listen for messages from the UPS, normally +# 3052. If this parameter is empty or missing, the +# default of 3052 will be used. +# +UPSTYPE {$upstype} + +# POLLTIME <int> +# Interval (in seconds) at which apcupsd polls the UPS for status. This +# setting applies both to directly-attached UPSes (UPSTYPE apcsmart, usb, +# dumb) and networked UPSes (UPSTYPE net, snmp). Lowering this setting +# will improve apcupsd's responsiveness to certain events at the cost of +# higher CPU utilization. The default of 60 is appropriate for most +# situations. +POLLTIME {$polltime} + +# LOCKFILE <path to lockfile> +# Path for device lock file. Not used on Win32. +LOCKFILE /var/spool/lock + +# SCRIPTDIR <path to script directory> +# Directory in which apccontrol and event scripts are located. +SCRIPTDIR /usr/local/etc/apcupsd + +# PWRFAILDIR <path to powerfail directory> +# Directory in which to write the powerfail flag file. This file +# is created when apcupsd initiates a system shutdown and is +# checked in the OS halt scripts to determine if a killpower +# (turning off UPS output power) is required. +PWRFAILDIR /var/run + +# NOLOGINDIR <path to nologin directory> +# Directory in which to write the nologin file. The existence +# of this flag file tells the OS to disallow new logins. +NOLOGINDIR /var/run + + +# +# ======== Configuration parameters used during power failures ========== +# + +# The ONBATTERYDELAY is the time in seconds from when a power failure +# is detected until we react to it with an onbattery event. +# +# This means that, apccontrol will be called with the powerout argument +# immediately when a power failure is detected. However, the +# onbattery argument is passed to apccontrol only after the +# ONBATTERYDELAY time. If you don't want to be annoyed by short +# powerfailures, make sure that apccontrol powerout does nothing +# i.e. comment out the wall. +ONBATTERYDELAY {$onbatterydelay} + +# +# Note: BATTERYLEVEL, MINUTES, and TIMEOUT work in conjunction, so +# the first that occurs will cause the initation of a shutdown. +# + +# If during a power failure, the remaining battery percentage +# (as reported by the UPS) is below or equal to BATTERYLEVEL, +# apcupsd will initiate a system shutdown. +BATTERYLEVEL {$batterylevel} + +# If during a power failure, the remaining runtime in minutes +# (as calculated internally by the UPS) is below or equal to MINUTES, +# apcupsd, will initiate a system shutdown. +MINUTES {$minutes} + +# If during a power failure, the UPS has run on batteries for TIMEOUT +# many seconds or longer, apcupsd will initiate a system shutdown. +# A value of 0 disables this timer. +# +# Note, if you have a Smart UPS, you will most likely want to disable +# this timer by setting it to zero. That way, you UPS will continue +# on batteries until either the % charge remaing drops to or below BATTERYLEVEL, +# or the remaining battery runtime drops to or below MINUTES. Of course, +# if you are testing, setting this to 60 causes a quick system shutdown +# if you pull the power plug. +# If you have an older dumb UPS, you will want to set this to less than +# the time you know you can run on batteries. +TIMEOUT {$timeout} + +# Time in seconds between annoying users to signoff prior to +# system shutdown. 0 disables. +ANNOY {$annoy} + +# Initial delay after power failure before warning users to get +# off the system. +ANNOYDELAY {$annoydelay} + +# The condition which determines when users are prevented from +# logging in during a power failure. +# NOLOGON <string> [ disable | timeout | percent | minutes | always ] +NOLOGON disable + +# If KILLDELAY is non-zero, apcupsd will continue running after a +# shutdown has been requested, and after the specified time in +# seconds attempt to kill the power. This is for use on systems +# where apcupsd cannot regain control after a shutdown. +# KILLDELAY <seconds> 0 disables +KILLDELAY {$killdelay} + +# +# ==== Configuration statements for Network Information Server ==== +# + +# NETSERVER [ on | off ] on enables, off disables the network +# information server. If netstatus is on, a network information +# server process will be started for serving the STATUS and +# EVENT data over the network (used by CGI programs). +NETSERVER {$netserver} + +# NISIP <dotted notation ip address> +# IP address on which NIS server will listen for incoming connections. +# This is useful if your server is multi-homed (has more than one +# network interface and IP address). Default value is 0.0.0.0 which +# means any incoming request will be serviced. Alternatively, you can +# configure this setting to any specific IP address of your server and +# NIS will listen for connections only on that interface. Use the +# loopback address (127.0.0.1) to accept connections only from the +# local machine. +NISIP ${nisip} + +# NISPORT <port> default is 3551 as registered with the IANA +# port to use for sending STATUS and EVENTS data over the network. +# It is not used unless NETSERVER is on. If you change this port, +# you will need to change the corresponding value in the cgi directory +# and rebuild the cgi programs. +NISPORT ${nisport} + +# If you want the last few EVENTS to be available over the network +# by the network information server, you must define an EVENTSFILE. +EVENTSFILE /var/log/apcupsd.events + +# EVENTSFILEMAX <kilobytes> +# By default, the size of the EVENTSFILE will be not be allowed to exceed +# 10 kilobytes. When the file grows beyond this limit, older EVENTS will +# be removed from the beginning of the file (first in first out). The +# parameter EVENTSFILEMAX can be set to a different kilobyte value, or set +# to zero to allow the EVENTSFILE to grow without limit. +EVENTSFILEMAX 10 + +# +# ========== Configuration statements used if sharing ============= +# a UPS with more than one machine + +# +# Remaining items are for ShareUPS (APC expansion card) ONLY +# + +# UPSCLASS [ standalone | shareslave | sharemaster ] +# Normally standalone unless you share an UPS using an APC ShareUPS +# card. +UPSCLASS {$upsclass} + +# UPSMODE [ disable | share ] +# Normally disable unless you share an UPS using an APC ShareUPS card. +UPSMODE {$upsmode} + +# +# ===== Configuration statements to control apcupsd system logging ======== +# + +# Time interval in seconds between writing the STATUS file; 0 disables +STATTIME 0 + +# Location of STATUS file (written to only if STATTIME is non-zero) +STATFILE /var/log/apcupsd.status + +# LOGSTATS [ on | off ] on enables, off disables +# Note! This generates a lot of output, so if +# you turn this on, be sure that the +# file defined in syslog.conf for LOG_NOTICE is a named pipe. +# You probably do not want this on. +LOGSTATS off + +# Time interval in seconds between writing the DATA records to +# the log file. 0 disables. +DATATIME 0 + +# FACILITY defines the logging facility (class) for logging to syslog. +# If not specified, it defaults to "daemon". This is useful +# if you want to separate the data logged by apcupsd from other +# programs. +#FACILITY DAEMON + +# +# ========== Configuration statements used in updating the UPS EPROM ========= +# + +# +# These statements are used only by apctest when choosing "Set EEPROM with conf +# file values" from the EEPROM menu. THESE STATEMENTS HAVE NO EFFECT ON APCUPSD. +# + +# UPS name, max 8 characters +#UPSNAME UPS_IDEN + +# Battery date - 8 characters +#BATTDATE mm/dd/yy + +# Sensitivity to line voltage quality (H cause faster transfer to batteries) +# SENSITIVITY H M L (default = H) +#SENSITIVITY H + +# UPS delay after power return (seconds) +# WAKEUP 000 060 180 300 (default = 0) +#WAKEUP 60 + +# UPS Grace period after request to power off (seconds) +# SLEEP 020 180 300 600 (default = 20) +#SLEEP 180 + +# Low line voltage causing transfer to batteries +# The permitted values depend on your model as defined by last letter +# of FIRMWARE or APCMODEL. Some representative values are: +# D 106 103 100 097 +# M 177 172 168 182 +# A 092 090 088 086 +# I 208 204 200 196 (default = 0 => not valid) +#LOTRANSFER 208 + +# High line voltage causing transfer to batteries +# The permitted values depend on your model as defined by last letter +# of FIRMWARE or APCMODEL. Some representative values are: +# D 127 130 133 136 +# M 229 234 239 224 +# A 108 110 112 114 +# I 253 257 261 265 (default = 0 => not valid) +#HITRANSFER 253 + +# Battery charge needed to restore power +# RETURNCHARGE 00 15 50 90 (default = 15) +#RETURNCHARGE 15 + +# Alarm delay +# 0 = zero delay after pwr fail, T = power fail + 30 sec, L = low battery, N = never +# BEEPSTATE 0 T L N (default = 0) +#BEEPSTATE T + +# Low battery warning delay in minutes +# LOWBATT 02 05 07 10 (default = 02) +#LOWBATT 2 + +# UPS Output voltage when running on batteries +# The permitted values depend on your model as defined by last letter +# of FIRMWARE or APCMODEL. Some representative values are: +# D 115 +# M 208 +# A 100 +# I 230 240 220 225 (default = 0 => not valid) +#OUTPUTVOLTS 230 + +# Self test interval in hours 336=2 weeks, 168=1 week, ON=at power on +# SELFTEST 336 168 ON OFF (default = 336) +#SELFTEST 336 +EOF; +?> diff --git a/config/apcupsd/apcupsd.inc b/config/apcupsd/apcupsd.inc new file mode 100644 index 00000000..9abc23ba --- /dev/null +++ b/config/apcupsd/apcupsd.inc @@ -0,0 +1,191 @@ +<?php +/* $Id$ */ +/* ========================================================================== */ +/* + apcupsd.inc + part of the apcupsd package for pfSense + Copyright (C) 2013 Danilo G. Baio <dbaio@bsd.com.br> + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("globals.inc"); + +function php_install_apcupsd(){ + sync_package_apcupsd(); +} + +function php_deinstall_apcupsd(){ + global $config, $g; + + conf_mount_rw(); + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + if ($pfs_version > 2.0){ + define('APCUPSD_BASE', '/usr/pbi/apcupsd-' . php_uname("m")); + } else { + define('APCUPSD_BASE', '/usr/local'); + } + + exec("/usr/bin/killall apcupsd"); + unlink_if_exists(APCUPSD_BASE . "/etc/rc.d/apcupsd.sh"); + unlink_if_exists(APCUPSD_BASE . "/etc/apcupsd/apcupsd.conf"); + unlink_if_exists("/var/log/apcupsd/apcupsd.log"); + unlink_if_exists("/var/run/apcupsd/apcupsd.pid"); + + if (is_dir("/var/log/apcupsd")) + exec("/bin/rm -r /var/log/apcupsd/"); + if (is_dir("/var/run/apcupsd")) + exec("/bin/rm -r /var/run/apcupsd/"); + + conf_mount_ro(); +} + +function validate_input_apcupsd($post,&$input_errors){ + + if (isset($post['apcupsdenabled'])){ + + if ($post['polltime'] != '' && !is_numericint($post['polltime'])) { + $input_errors[]='Poll Time is not numeric.'; + } + + if ($post['onbatterydelay'] != '' && !is_numericint($post['onbatterydelay'])) { + $input_errors[]='OnBattery Delay is not numeric.'; + } + + if ($post['batterylevel'] != '' && !is_numericint($post['batterylevel'])) { + $input_errors[]='Battery Level is not numeric.'; + } + + if ($post['minutes'] != '' && !is_numericint($post['minutes'])) { + $input_errors[]='Minutes is not numeric.'; + } + + if ($post['timeout'] != '' && !is_numericint($post['timeout'])) { + $input_errors[]='Timeout is not numeric.'; + } + + if ($post['annoy'] != '' && !is_numericint($post['annoy'])) { + $input_errors[]='Annoy is not numeric.'; + } + + if ($post['annoydelay'] != '' && !is_numericint($post['annoydelay'])) { + $input_errors[]='Annoy Delay is not numeric.'; + } + + if ($post['killdelay'] != '' && !is_numericint($post['killdelay'])) { + $input_errors[]='Kill Delay is not numeric.'; + } + + if ($post['nisip'] != '') { + if (!is_ipaddr_configured($post['nisip']) && !preg_match("/(127.0.0.1|0.0.0.0)/",$post['nisip'])) { + $input_errors[]='NIS Ip is not a configured IP address.'; + } + } + + if ($post['nisport'] != '') { + if (!preg_match("/^\d+$/", $post['nisport'])) { + $input_errors[]='NIS Port is not numeric.'; + } + } + + } // apcupsdenabled +} + +function sync_package_apcupsd(){ + global $config, $g; + + conf_mount_rw(); + + // check pfsense version + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + if ($pfs_version > 2.0){ + define('APCUPSD_BASE', '/usr/pbi/apcupsd-' . php_uname("m")); + } + else { + define('APCUPSD_BASE', '/usr/local'); + } + + // check apcupsd settings + if (is_array($config['installedpackages']['apcupsd'])){ + $apcupsd_config = $config['installedpackages']['apcupsd']['config'][0]; + if ($apcupsd_config['apcupsdenabled']=="on"){ + $upsname=$apcupsd_config['upsname']; + $upscable=$apcupsd_config['upscable']; + $upstype=$apcupsd_config['upstype']; + $polltime=($apcupsd_config['polltime'] != ''? $apcupsd_config['polltime'] : "60"); + $onbatterydelay=($apcupsd_config['onbatterydelay'] != ''? $apcupsd_config['onbatterydelay'] : "6"); + $batterylevel=($apcupsd_config['batterylevel'] != ''? $apcupsd_config['batterylevel'] : "5"); + $minutes=($apcupsd_config['minutes'] != ''? $apcupsd_config['minutes'] : "3"); + $timeout=($apcupsd_config['timeout'] != ''? $apcupsd_config['timeout'] : "0"); + $annoy=($apcupsd_config['annoy'] != ''? $apcupsd_config['annoy'] : "300"); + $annoydelay=($apcupsd_config['annoydelay'] != ''? $apcupsd_config['annoydelay'] : "60"); + $killdelay=($apcupsd_config['killdelay'] != ''? $apcupsd_config['killdelay'] : "0"); + $netserver=$apcupsd_config['netserver']; + $nisip=($apcupsd_config['nisip'] != ''? $apcupsd_config['nisip'] : "0.0.0.0"); + $nisport=($apcupsd_config['nisport'] != ''? $apcupsd_config['nisport'] : "3551"); + $upsclass=$apcupsd_config['upsclass']; + $upsmode=$apcupsd_config['upsmode']; + + include("/usr/local/pkg/apcupsd.conf.php"); + file_put_contents(APCUPSD_BASE . "/etc/apcupsd/apcupsd.conf", $apcupsdconf, LOCK_EX); + } + } + + // RC FILE + $apcupsd_rcfile="/usr/local/etc/rc.d/apcupsd.sh"; + if (is_array($apcupsd_config) && $apcupsd_config['apcupsdenabled']=="on"){ + $apcupsd_start = "echo \"Starting APC UPS Daemon...\"\n"; + if ($apcupsd_config['killonpowerfail']=="on"){ + $apcupsd_start .= " " . APCUPSD_BASE . "/sbin/apcupsd --kill-on-powerfail"; + }else{ + $apcupsd_start .= " " . APCUPSD_BASE . "/sbin/apcupsd"; + } + + $apcupsd_stop = "echo \"Stopping APC UPS Daemon...\"\n"; + $apcupsd_stop .= " /usr/bin/killall apcupsd\n"; + $apcupsd_stop .= " /bin/sleep 5"; + + /* write out rc.d start/stop file */ + write_rcfile(array( + "file" => "apcupsd.sh", + "start" => "$apcupsd_start", + "stop" => "$apcupsd_stop" + ) + ); + mwexec("{$apcupsd_rcfile} restart"); + }else{ + if (file_exists($apcupsd_rcfile)){ + mwexec("{$apcupsd_rcfile} stop"); + unlink($apcupsd_rcfile); + } + } + + conf_mount_ro(); +} +?> diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml new file mode 100644 index 00000000..8674af61 --- /dev/null +++ b/config/apcupsd/apcupsd.xml @@ -0,0 +1,333 @@ +<?xml version="1.0" encoding="utf-8"?> +<packagegui> +<copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + apcupsd.xml + part of the apcupsd package for pfSense + Copyright (C) 2013 Danilo G. Baio <dbaio@bsd.com.br> + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <name>Apcupsd</name> + <title>Services: Apcupsd (General)</title> + <category>Monitoring</category> + <version>0.1</version> + <include_file>/usr/local/pkg/apcupsd.inc</include_file> + <addedit_string>Apcupsd has been created/modified.</addedit_string> + <delete_string>Apcupsd has been deleted.</delete_string> + <restart_command>/usr/local/etc/rc.d/apcupsd.sh restart</restart_command> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd_status.php</item> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd.conf.php</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <menu> + <name>Apcupsd</name> + <tooltiptext>Setup Apcupsd specific settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=apcupsd.xml&id=0</url> + </menu> + <service> + <name>apcupsd</name> + <rcfile>apcupsd.sh</rcfile> + <executable>apcupsd</executable> + <description>Apcupsd a daemon for controlling APC UPSes</description> + </service> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=apcupsd.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Status</text> + <url>apcupsd_status.php</url> + </tab> + </tabs> + <fields> + <field> + <name>General configuration parameters</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>apcupsdenabled</fieldname> + <description>Enable APC UPS Daemon service</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>UPS Name</fielddescr> + <fieldname>upsname</fieldname> + <description>Use this to give your UPS a name in log files and such</description> + <type>input</type> + <size>60</size> + <required>true</required> + </field> + <field> + <fielddescr>UPS Cable</fielddescr> + <fieldname>upscable</fieldname> + <description><![CDATA[Defines the type of cable connecting the UPS to your computer.<br> +<br> +Possible generic choices for <cable> are:<br> + simple, smart, ether, usb<br> +<br> +Or a specific cable model number may be used:<br> + 940-0119A, 940-0127A, 940-0128A, 940-0020B,<br> + 940-0020C, 940-0023A, 940-0024B, 940-0024C,<br> + 940-1524C, 940-0024G, 940-0095A, 940-0095B,<br> + 940-0095C, M-04-02-2000 + ]]></description> + <type>input</type> + <size>60</size> + <required>true</required> + </field> + <field> + <fielddescr>UPS Type / Device</fielddescr> + <fieldname>upstype</fieldname> + <description><![CDATA[To get apcupsd to work, in addition to defining the cable +above, you must also define a UPSTYPE, which corresponds to +the type of UPS you have (see the Description for more details). +You must also specify a DEVICE, sometimes referred to as a port. +For USB UPSes, please leave the DEVICE directive blank. For +other UPS types, you must specify an appropriate port or address.<br> +<br> +UPSTYPE DEVICE Description <br> +<br> +<strong>apcsmart /dev/tty**</strong> Newer serial character device, appropriate for + SmartUPS models using a serial cable (not USB).<br> +<br> +<strong>usb BLANK</strong> Most new UPSes are USB. A blank DEVICE + setting enables autodetection, which is + the best choice for most installations.<br> +<br> +<strong>net hostname:port</strong> Network link to a master apcupsd through apcupsd's + Network Information Server. This is used if the + UPS powering your computer is connected to a + different computer for monitoring.<br> +<br> +<strong>snmp hostname:port:vendor:community</strong> + SNMP network link to an SNMP-enabled UPS device. + Hostname is the ip address or hostname of the UPS + on the network. Vendor can be can be "APC" or + "APC_NOTRAP". "APC_NOTRAP" will disable SNMP trap + catching; you usually want "APC". Port is usually + 161. Community is usually "private".<br> +<br> +<strong>netsnmp hostname:port:vendor:community</strong> + OBSOLETE + Same as SNMP above but requires use of the + net-snmp library. Unless you have a specific need + for this old driver, you should use 'snmp' instead.<br> +<br> +<strong>dumb /dev/tty**</strong> Old serial character device for use with + simple-signaling UPSes.<br> +<br> +<strong>pcnet ipaddr:username:passphrase:port</strong> + PowerChute Network Shutdown protocol which can be + used as an alternative to SNMP with the AP9617 + family of smart slot cards. ipaddr is the IP + address of the UPS management card. username and + passphrase are the credentials for which the card + has been configured. port is the port number on + which to listen for messages from the UPS, normally + 3052. If this parameter is empty or missing, the + default of 3052 will be used.<br> +<br> + ]]></description> + <type>input</type> + <size>60</size> + <required>true</required> + </field> + <field> + <fielddescr>Poll Time</fielddescr> + <fieldname>polltime</fieldname> + <description>Interval (in seconds) at which apcupsd polls the UPS for status. Default is 60</description> + <type>input</type> + <size>10</size> + <default_value>60</default_value> + </field> + <field> + <fielddescr>Kill on Power Fail</fielddescr> + <fieldname>killonpowerfail</fieldname> + <description>Hibernate UPS on powerfail</description> + <type>checkbox</type> + </field> + <field> + <name>Configuration parameters used during power failures</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>OnBattery Delay</fielddescr> + <fieldname>onbatterydelay</fieldname> + <description>Time in seconds from when a power failure is detected until we react to it with an onbattery event. Default is 6</description> + <type>input</type> + <size>10</size> + <default_value>6</default_value> + </field> + <field> + <fielddescr>Battery Level</fielddescr> + <fieldname>batterylevel</fieldname> + <description>If during a power failure, the remaining battery percentage (as reported by the UPS) is + below or equal to BATTERYLEVEL, apcupsd will initiate a system shutdown. Default is 5</description> + <type>input</type> + <size>10</size> + <default_value>5</default_value> + </field> + <field> + <fielddescr>Minutes</fielddescr> + <fieldname>minutes</fieldname> + <description>If during a power failure, the remaining runtime in minutes (as calculated internally + by the UPS) is below or equal to MINUTES, apcupsd, will initiate a system shutdown. Default is 3</description> + <type>input</type> + <size>10</size> + <default_value>3</default_value> + </field> + <field> + <fielddescr>Timeout</fielddescr> + <fieldname>timeout</fieldname> + <description>If during a power failure, the UPS has run on batteries for TIMEOUT many seconds + or longer, apcupsd will initiate a system shutdown. A value of 0 (default) disables this timer</description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> + </field> + <field> + <fielddescr>Annoy</fielddescr> + <fieldname>annoy</fieldname> + <description>Time in seconds between annoying users to signoff prior to system shutdown. 0 disables. Default is 300</description> + <type>input</type> + <size>10</size> + <default_value>300</default_value> + </field> + <field> + <fielddescr>Annoy Delay</fielddescr> + <fieldname>annoydelay</fieldname> + <description>Initial delay after power failure before warning users to get off the system. Default is 60</description> + <type>input</type> + <size>10</size> + <default_value>60</default_value> + </field> + <field> + <fielddescr>Kill Delay</fielddescr> + <fieldname>killdelay</fieldname> + <description>If KILLDELAY is non-zero, apcupsd will continue running after a shutdown has been + requested, and after the specified time in seconds attempt to kill the power. This is for use + on systems where apcupsd cannot regain control after a shutdown. 0 disables (default)</description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> + </field> + <field> + <name>Configuration statements for Network Information Server</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Net Server</fielddescr> + <fieldname>netserver</fieldname> + <description>If netstatus is on, a network information server process will be started for serving + the STATUS and EVENT data over the network (used by CGI programs)</description> + <type>select</type> + <default_value>on</default_value> + <options> + <option><name>On</name><value>on</value></option> + <option><name>Off</name><value>off</value></option> + </options> + </field> + <field> + <fielddescr>NIS Ip</fielddescr> + <fieldname>nisip</fieldname> + <description>IP address on which NIS server will listen for incoming connections. Default value is + 0.0.0.0 which means any incoming request will be serviced. Alternatively, you can configure this + setting to any specific IP address of your server and NIS will listen for connections only on that + interface. Use the loopback address (127.0.0.1) to accept connections only from the local machine</description> + <type>input</type> + <size>10</size> + <default_value>0.0.0.0</default_value> + </field> + <field> + <fielddescr>NIS Port</fielddescr> + <fieldname>nisport</fieldname> + <description>Port to use for sending STATUS and EVENTS data over the network. + It is not used unless NETSERVER is on. If you change this port, + you will need to change the corresponding value in the cgi directory + and rebuild the cgi programs. Default is 3551 as registered with the IANA</description> + <type>input</type> + <size>10</size> + <default_value>3551</default_value> + </field> + <field> + <name>Configuration statements used if sharing</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>UPS Class</fielddescr> + <fieldname>upsclass</fieldname> + <description>Normally standalone unless you share an UPS using an APC ShareUPS card</description> + <type>select</type> + <default_value>standalone</default_value> + <options> + <option><name>Standalone</name><value>standalone</value></option> + <option><name>Share Master</name><value>sharemaster</value></option> + <option><name>Share Slave</name><value>shareslave</value></option> + </options> + </field> + <field> + <fielddescr>UPS Mode</fielddescr> + <fieldname>upsmode</fieldname> + <description>Normally disable unless you share an UPS using an APC ShareUPS card</description> + <type>select</type> + <default_value>disable</default_value> + <options> + <option><name>Disable</name><value>disable</value></option> + <option><name>Share</name><value>share</value></option> + </options> + </field> + </fields> + <custom_php_install_command>sync_package_apcupsd();</custom_php_install_command> + <custom_php_command_before_form></custom_php_command_before_form> + <custom_php_after_head_command></custom_php_after_head_command> + <custom_php_after_form_command></custom_php_after_form_command> + <custom_php_validation_command>validate_input_apcupsd($_POST, &$input_errors);</custom_php_validation_command> + <custom_add_php_command></custom_add_php_command> + <custom_php_resync_config_command>sync_package_apcupsd();</custom_php_resync_config_command> + <custom_php_deinstall_command>php_deinstall_apcupsd();</custom_php_deinstall_command> +</packagegui> diff --git a/config/apcupsd/apcupsd_status.php b/config/apcupsd/apcupsd_status.php new file mode 100755 index 00000000..e465f62c --- /dev/null +++ b/config/apcupsd/apcupsd_status.php @@ -0,0 +1,118 @@ +<?php +/* + apcupsd_status.php + part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 Danilo G. Baio <dbaio@bsd.com.br> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); + +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "Services: Apcupsd (Status)"; +include("head.inc"); + +function puts( $arg ) { echo "$arg\n"; } + +?> + +<style> +<!-- + +input { + font-family: courier new, courier; + font-weight: normal; + font-size: 9pt; +} + +pre { + border: 2px solid #435370; + background: #F0F0F0; + padding: 1em; + font-family: courier new, courier; + white-space: pre; + line-height: 10pt; + font-size: 10pt; +} + +.label { + font-family: tahoma, verdana, arial, helvetica; + font-size: 11px; + font-weight: bold; +} + +.button { + font-family: tahoma, verdana, arial, helvetica; + font-weight: bold; + font-size: 11px; +} + +--> +</style> +</head> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + + <?php include("fbegin.inc"); ?> + + <?php if($one_two): ?> + <p class="pgtitle"><?=$pgtitle?></font></p> + <?php endif; ?> + + +<div id="mainlevel"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=apcupsd.xml&id=0"); + $tab_array[] = array(gettext("Status"), true, "/apcupsd_status.php"); + display_top_tabs($tab_array); + ?> + </td></tr> + </table> +</div> + +<div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; "> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tr><td> +<?php + puts("<pre>"); + putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); + $ph = popen('apcaccess 2>&1', "r" ); + while ($line = fgets($ph)) echo htmlspecialchars($line); + pclose($ph); + puts("</pre>"); +?> + </td></tr> + </table> +</div> +<?php +include("fend.inc"); +?> +</body> +</html> diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 1220e033..7cdc8006 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -40,6 +40,10 @@ switch ($pfs_version) { } // End: Check pfSense version +function is_blank($value) { + return empty($value) && !is_numeric($value); +} + function bandwidthd_install_deinstall() { conf_mount_rw(); config_lock(); @@ -66,8 +70,11 @@ function bandwidthd_install_config() { /* user defined values */ $bandwidthd_config = $config['installedpackages']['bandwidthd']['config'][0]; $meta_refresh = $bandwidthd_config['meta_refresh']; - if ($meta_refresh) + if (is_numeric($meta_refresh)) $meta_refresh = "meta_refresh $meta_refresh\n"; + else + $meta_refresh = ""; + $graph = $bandwidthd_config['drawgraphs']; if ($graph) $graph = "graph true\n"; @@ -75,11 +82,17 @@ function bandwidthd_install_config() { $graph = "graph false\n"; $filter_text = $bandwidthd_config['filter']; - if ($filter_text) + if (!is_blank($filter_text)) $filter_text = "filter $filter_text\n"; + else + $filter_text = ""; + $recover_cdf = $bandwidthd_config['recovercdf']; if ($recover_cdf) $recover_cdf = "recover_cdf true\n"; + else + $recover_cdf = ""; + $output_cdf = $bandwidthd_config['outputcdf']; if ($output_cdf) $output_cdf_string = "output_cdf true\n"; @@ -93,15 +106,15 @@ function bandwidthd_install_config() { $postgresql_password = $bandwidthd_config['postgresqlpassword']; $postgresql_string = ""; if ($output_postgresql) { - if ($postgresql_host && $postgresql_username && $postgresql_database && $postgresql_password) + if (!is_blank($postgresql_host) && !is_blank($postgresql_username) && !is_blank($postgresql_database) && !is_blank($postgresql_password)) $postgresql_string = "pgsql_connect_string \"user = $postgresql_username dbname = $postgresql_database password = $postgresql_password host = $postgresql_host\"\n"; else - log_error("You have to specify the postgreSQL Host, Database, Username and Password. Exiting."); + log_error("bandwidthd: You have to specify the postgreSQL Host, Database, Username and Password. postgreSQL details have been ignored."); } $sensor_id = $bandwidthd_config['sensorid']; - if ($sensor_id) + if (!is_blank($sensor_id)) $sensor_id_string = "sensor_id \"$sensor_id\""; else $sensor_id_string = ""; @@ -113,13 +126,20 @@ function bandwidthd_install_config() { $promiscuous = "promiscuous false\n"; $graph_cutoff = $bandwidthd_config['graphcutoff']; - if ($graph_cutoff) + if (!is_blank($graph_cutoff)) $graph_cutoff = "graph_cutoff $graph_cutoff\n"; + else + $graph_cutoff = ""; + $skip_intervals = $bandwidthd_config['skipintervals']; - if ($skip_intervals) + if ($skip_intervals) { $skip_intervals = "skip_intervals $skip_intervals\n"; + } else { + /* Includes the case where 0 is explicitly specified, which is the default anyway. */ + $skip_intervals = ""; + } - if ($bandwidthd_config['active_interface']){ + if (!is_blank($bandwidthd_config['active_interface'])){ $ifdescrs = array($bandwidthd_config['active_interface']); } else { log_error("You should specify an interface for bandwidthd to listen on. Exiting."); diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index 672b5367..44a33bac 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>bandwidthd</name> - <version>2.0.1_5 pkg v.0.2</version> + <version>2.0.1_5 pkg v.0.3</version> <title>Bandwidthd</title> <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/bandwidthd.inc</include_file> diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 8f439d1a..ff3728fb 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -105,10 +105,10 @@ function bind_zone_validate($post, $input_errors){ exec("$rndc_confgen ",$rndc_conf); foreach($rndc_conf as $line) $confgen_file.="$line\n"; - file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsese",$confgen_file); + file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsense",$confgen_file); } - if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsese")){ - $rndc_conf=file(BIND_LOCALBASE."/etc/rndc-confgen.pfsese"); + if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense")){ + $rndc_conf=file(BIND_LOCALBASE."/etc/rndc-confgen.pfsense"); $confgen="rndc.conf"; $rndc_bindconf=""; foreach ($rndc_conf as $line){ diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index f768ef01..5e798dc2 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -1,6 +1,7 @@ <?php /* haproxy.inc + Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef All rights reserved. @@ -37,43 +38,45 @@ require_once("haproxy_xmlrpcsyncclient.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; $a_acltypes = array(); -$a_acltypes[] = array('name' => 'host_starts_with', 'descr' => 'Host starts with', +$a_acltypes["host_starts_with"] = array('name' => 'Host starts with', 'mode' => 'http', 'syntax' => 'hdr_beg(host) -i %1$s'); -$a_acltypes[] = array('name' => 'host_ends_with', 'descr' => 'Host ends with', +$a_acltypes["host_ends_with"] = array('name' => 'Host ends with', 'mode' =>'http', 'syntax' => 'hdr_end(host) -i %1$s'); -$a_acltypes[] = array('name' => 'host_matches', 'descr' => 'Host matches', +$a_acltypes["host_matches"] = array('name' => 'Host matches', 'mode' =>'http', 'syntax' => 'hdr(host) -i %1$s'); -$a_acltypes[] = array('name' => 'host_regex', 'descr' => 'Host regex', +$a_acltypes["host_regex"] = array('name' => 'Host regex', 'mode' =>'http', 'syntax' => 'hdr_reg(host) -i %1$s'); -$a_acltypes[] = array('name' => 'host_contains', 'descr' => 'Host contains', +$a_acltypes["host_contains"] = array('name' => 'Host contains', 'mode' => 'http', 'syntax' => 'hdr_dir(host) -i %1$s'); -$a_acltypes[] = array('name' => 'path_starts_with', 'descr' => 'Path starts with', +$a_acltypes["path_starts_with"] = array('name' => 'Path starts with', 'mode' => 'http', 'syntax' => 'path_beg -i %1$s'); -$a_acltypes[] = array('name' => 'path_ends_with', 'descr' => 'Path ends with', +$a_acltypes["path_ends_with"] = array('name' => 'Path ends with', 'mode' => 'http', 'syntax' => 'path_end -i %1$s'); -$a_acltypes[] = array('name' => 'path_matches', 'descr' => 'Path matches', +$a_acltypes["path_matches"] = array('name' => 'Path matches', 'mode' => 'http', 'syntax' => 'path -i %1$s'); -$a_acltypes[] = array('name' => 'path_regex', 'descr' => 'Path regex', +$a_acltypes["path_regex"] = array('name' => 'Path regex', 'mode' => 'http', 'syntax' => 'path_reg -i %1$s'); -$a_acltypes[] = array('name' => 'path_contains', 'descr' => 'Path contains', +$a_acltypes["path_contains"] = array('name' => 'Path contains', 'mode' => 'http', 'syntax' => 'path_dir -i %1$s'); -$a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP', +$a_acltypes["source_ip"] = array('name' => 'Source IP', 'mode' => '', 'syntax' => 'src %1$s'); -$a_acltypes[] = array('name' => 'backendservercount', 'descr' => 'Minimum count usable servers', +$a_acltypes["backendservercount"] = array('name' => 'Minimum count usable servers', 'mode' => '', 'syntax' => 'nbsrv(%2$s) ge %1$d', 'parameters' => 'value,backendname'); // 'ssl_sni_matches' was added in HAProxy1.5dev17 -$a_acltypes[] = array('name' => 'ssl_sni_matches', 'descr' => 'Server Name Indication TLS extension matches', +$a_acltypes["ssl_sni_matches"] = array('name' => 'Server Name Indication TLS extension matches', 'mode' => 'https', 'syntax' => 'req_ssl_sni -i %1$s', 'advancedoptions' => "tcp-request inspect-delay 5s\n\ttcp-request content accept if { req_ssl_hello_type 1 }"); +$a_checktypes = array(); $a_checktypes['none'] = array('name' => 'none', 'syntax' => '', 'descr' => 'No health checks will be performed.'); $a_checktypes['Basic'] = array('name' => 'Basic', 'syntax' => '', 'descr' => 'Basic socket connection check'); $a_checktypes['HTTP'] = array('name' => 'HTTP', 'syntax' => 'httpchk', 'descr' => 'HTTP protocol to check on the servers health, can also be used for HTTPS servers(requirs checking the SSL box for the servers).', 'parameters' => "uri,method,version"); -// 'Agent' was added in HAProxy1.5dev18 +// 'Agent' was added in HAProxy1.5dev18, and removed in 1.5dev20, in favor of the seperate agent-check option. $a_checktypes['Agent'] = array('name' => 'Agent', 'syntax' => 'lb-agent-chk', 'usedifferenport' => 'yes', - 'descr' => 'Use a TCP connection to read an ASCII string of the form 100%,75%,drain,down (others in haproxy manual)'); + 'descr' => 'Use a TCP connection to read an ASCII string of the form 100%,75%,drain,down (others in haproxy manual)', + deprecated => true); $a_checktypes['LDAP'] = array('name' => 'LDAP', 'syntax' => 'ldap-check', 'descr' => 'Use LDAPv3 health checks for server testing'); $a_checktypes['MySQL'] = array('name' => 'MySQL', 'syntax' => 'mysql-check', @@ -89,6 +92,7 @@ $a_checktypes['ESMTP'] = array('name' => 'ESMTP', 'syntax' => 'smtpchk EHLO', $a_checktypes['SSL'] = array('name' => 'SSL', 'syntax' => 'ssl-hello-chk', 'descr' => 'Use SSLv3 client hello health checks for server testing.'); +$a_httpcheck_method = array(); $a_httpcheck_method['OPTIONS'] = array('name' => 'OPTIONS', 'syntax' => 'OPTIONS'); $a_httpcheck_method['HEAD'] = array('name' => 'HEAD', 'syntax' => 'HEAD'); $a_httpcheck_method['GET'] = array('name' => 'GET', 'syntax' => 'GET'); @@ -97,6 +101,7 @@ $a_httpcheck_method['PUT'] = array('name' => 'PUT', 'syntax' => 'PUT'); $a_httpcheck_method['DELETE'] = array('name' => 'DELETE', 'syntax' => 'DELETE'); $a_httpcheck_method['TRACE'] = array('name' => 'TRACE', 'syntax' => 'TRACE'); +$a_closetypes = array(); $a_closetypes['none'] = array('name' => 'none', 'syntax' => '', 'descr' => 'No close headers will be changed.'); $a_closetypes['httpclose'] = array('name' => 'httpclose', 'syntax' => 'httpclose', @@ -105,6 +110,14 @@ $a_closetypes['http-server-close'] = array('name' => 'http-server-close', 'synta 'descr' => 'By default, when a client communicates with a server, HAProxy will only analyze, log, and process the first request of each connection. Setting "option http-server-close" enables HTTP connection-close mode on the server side while keeping the ability to support HTTP keep-alive and pipelining on the client side. This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side to save server resources.'); $a_closetypes['forceclose'] = array('name' => 'forceclose', 'syntax' => 'forceclose', 'descr' => 'Some HTTP servers do not necessarily close the connections when they receive the "Connection: close" set by "option httpclose", and if the client does not close either, then the connection remains open till the timeout expires. This causes high number of simultaneous connections on the servers and shows high global session times in the logs. Note that this option also enables the parsing of the full request and response, which means we can close the connection to the server very quickly, releasing some resources earlier than with httpclose.'); +$a_closetypes['http-keep-alive'] = array('name' => 'http-keep-alive', 'syntax' => 'http-keep-alive', + 'descr' => 'By default, when a client communicates with a server, HAProxy will only analyze, log, and process the first request of each connection. Setting "option http-keep-alive" enables HTTP keep-alive mode on the client- and server- sides. This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side at the expense of maintaining idle connections to the servers. In general, it is possible with this option to achieve approximately twice the request rate that the "http-server-close" option achieves on small objects. There are mainly two situations where this option may be useful : - when the server is non-HTTP compliant and authenticates the connection instead of requests (eg: NTLM authentication) - when the cost of establishing the connection to the server is significant compared to the cost of retrieving the associated object from the server.'); + +$a_servermodes = array(); +$a_servermodes["active"]['name'] = "active"; +$a_servermodes["backup"]['name'] = "backup"; +$a_servermodes["disabled"]['name'] = "disabled"; +$a_servermodes["inactive"]['name'] = "inactive"; function haproxy_custom_php_deinstall_command() { exec("cd /var/db/pkg && pkg_delete `ls | grep haproxy`"); @@ -120,6 +133,12 @@ function haproxy_custom_php_install_command() { global $g, $config; conf_mount_rw(); + $freebsd_version = substr(trim(`uname -r`), 0, 1); + if(!file_exists("/usr/bin/limits")) { + exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits"); + exec("chmod a+rx /usr/bin/limits"); + } + $haproxy = <<<EOD #!/bin/sh @@ -299,7 +318,7 @@ EOD; write_config("haproxy, update xml config version"); conf_mount_ro(); - + exec("/usr/local/etc/rc.d/haproxy.sh start"); } @@ -351,8 +370,8 @@ function haproxy_install_cron($should_install) { function haproxy_find_acl($name) { global $a_acltypes; if($a_acltypes) { - foreach ($a_acltypes as $acl) { - if ($acl['name'] == $name) + foreach ($a_acltypes as $key => $acl) { + if ($key == $name) return $acl; } } @@ -486,6 +505,10 @@ function write_backend($fd, $name, $pool, $frontend) { else $checkinter = "check inter 1000"; } + + //agent-check requires at least haproxy v1.5dev20 + if ($pool['agent_check']) + $agentcheck = " agent-check agent-inter {$pool['agent_inter']} agent-port {$pool['agent_port']}"; if (is_array($a_servers)) { @@ -505,7 +528,7 @@ function write_backend($fd, $name, $pool, $frontend) { { $ssl = $backend_type == "http" ? ' ssl' : ' check-ssl'; } - fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter$checkport $isbackup weight " . $be['weight'] . "{$advanced_txt} {$be['advanced']}\n"); + fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter$checkport$agentcheck $isbackup weight " . $be['weight'] . "{$advanced_txt} {$be['advanced']}\n"); } } fwrite ($fd, "\n"); @@ -514,15 +537,16 @@ function write_backend($fd, $name, $pool, $frontend) { function haproxy_configure() { global $g; // reload haproxy - haproxy_writeconf("{$g['varetc_path']}/haproxy.cfg"); + haproxy_writeconf("{$g['varetc_path']}/haproxy"); return haproxy_check_run(1); } function haproxy_check_and_run(&$messages, $reload) { global $g; - $configname = "{$g['varetc_path']}/haproxy.cfg"; - haproxy_writeconf("$configname.new"); - $retval = exec("haproxy -c -V -f $configname.new 2>&1", $output, $err); + $configpath = "{$g['varetc_path']}/haproxy"; + $testpath = "{$g['varetc_path']}/haproxy_test"; + haproxy_writeconf($testpath); + $retval = exec("haproxy -c -V -f $testpath/haproxy.cfg 2>&1", $output, $err); $messages = ""; if ($err > 1) $messages = "<h2><strong>FATAL ERROR CODE: $err while starting haproxy</strong></h2>"; @@ -537,25 +561,46 @@ function haproxy_check_and_run(&$messages, $reload) { $ok = strstr($retval, "Configuration file is valid"); if ($ok && $reload) { global $haproxy_run_message; - exec("mv $configname.new $configname"); + haproxy_writeconf($configpath); + rmdir_recursive($testpath); $ok = haproxy_check_run(1) == 0; $messages = $haproxy_run_message; } return $ok; } +function haproxy_write_certificate_file($filename, $certid) { + $cert = lookup_cert($certid); + + $certcontent = base64_decode($cert['crt']); + $certcontent .= "\r\n".base64_decode($cert['prv']); + + $certchaincontent = ca_chain($cert); + if ($certchaincontent != "") { + $certcontent .= "\r\n" . $certchaincontent; + } + unset($certchaincontent); + file_put_contents($filename, $certcontent); + unset($certcontent); + unset($cert); +} -function haproxy_writeconf($configfile) { +function haproxy_writeconf($configpath) { global $config; - $a_global = &$config['installedpackages']['haproxy']; - $a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item']; - $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item']; + $configfile = $configpath . "/haproxy.cfg"; + rmdir_recursive($configpath); + make_dirs($configpath); + + $a_global = &$config['installedpackages']['haproxy']; + $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; + $fd = fopen($configfile, "w"); - if(is_array($a_global)) { fwrite ($fd, "global\n"); - fwrite ($fd, "\tmaxconn\t\t\t".$a_global['maxconn']."\n"); + if ($a_global['maxconn']) + fwrite ($fd, "\tmaxconn\t\t\t".$a_global['maxconn']."\n"); if($a_global['remotesyslog']) fwrite ($fd, "\tlog\t\t\t{$a_global['remotesyslog']}\t{$a_global['logfacility']}\t{$a_global['loglevel']}\n"); fwrite ($fd, "\tstats socket /tmp/haproxy.socket level admin\n"); @@ -586,46 +631,48 @@ function haproxy_writeconf($configfile) { // Try and get a unique array for address:port as frontends can duplicate $a_bind = array(); - if(is_array($a_backends)) { - foreach ($a_backends as $backend) { - if($backend['status'] != 'active') + if(is_array($a_frontends)) { + foreach ($a_frontends as $frontend) { + if($frontend['status'] != 'active') { - unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt"); + unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt"); continue; } - if(!$backend['backend_serverpool']) + if(!$frontend['backend_serverpool']) { - unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt"); + unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt"); continue; } + + $bname = get_frontend_ipport($frontend); //check ssl info - if (strtolower($backend['type']) == "http" && $backend['ssloffload']){ + if (strtolower($frontend['type']) == "http" && $frontend['ssloffload']){ //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem - $ssl_crt=" crt /var/etc/{$backend['name']}.{$backend['port']}.crt"; - $cert = lookup_cert($backend['ssloffloadcert']); - $certcontent = base64_decode($cert['crt'])."\r\n".base64_decode($cert['prv']); - - $certchaincontent = ca_chain($cert); - if ($certchaincontent != "") { - $certcontent .= "\r\n" . $certchaincontent; + $filename = "$configpath/{$frontend['name']}.{$frontend['port']}.pem"; + $ssl_crt = " crt $filename"; + haproxy_write_certificate_file($filename, $frontend['ssloffloadcert']); + $subfolder = "$configpath/{$frontend['name']}.{$frontend['port']}"; + $certs = $frontend['ha_certificates']['item']; + if (is_array($certs)){ + if (count($certs) > 0){ + make_dirs($subfolder); + foreach($certs as $cert){ + haproxy_write_certificate_file("$subfolder/{$cert['ssl_certificate']}.pem", $cert['ssl_certificate']); + } + $ssl_crt .= " crt $subfolder"; + } } - unset($certchaincontent); - - file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent); - unset($certcontent); }else{ $ssl_crt=""; - unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt"); + unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt"); } - - $bname = get_frontend_ipport($backend); if (!is_array($a_bind[$bname])) { $a_bind[$bname] = array(); $a_bind[$bname]['config'] = array(); // Settings which are used only from the primary frontend - $primaryfrontend = get_primaryfrontend($backend); + $primaryfrontend = get_primaryfrontend($frontend); $a_bind[$bname]['name'] = $primaryfrontend['name']; $a_bind[$bname]['extaddr'] = $primaryfrontend['extaddr']; $a_bind[$bname]['port'] = $primaryfrontend['port']; @@ -640,19 +687,19 @@ function haproxy_writeconf($configfile) { } $b = &$a_bind[$bname]; - if (($backend['secondary'] != 'yes') && ($backend['name'] != $b['name'])) { + if (($frontend['secondary'] != 'yes') && ($frontend['name'] != $b['name'])) { // only 1 frontend can be the primary for a set of frontends that share 1 address:port. $input_errors[] = "Multiple primary frondends for $bname"; } if ($ssl_crt != "") { if ($b['ssl_info'] == "") - $b['ssl_info'] = "ssl {$backend['dcertadv']}"; + $b['ssl_info'] = "ssl {$frontend['dcertadv']}"; $b['ssl_info'] .= $ssl_crt; } - // pointer to each backend - $b['config'][] = $backend; + // pointer to each frontend + $b['config'][] = $frontend; } } @@ -736,32 +783,51 @@ function haproxy_writeconf($configfile) { // Combine the rest of the frontend configs $default_backend = ""; $i = 0; - foreach ($bind['config'] as $bconfig) { - $a_acl=&$bconfig['ha_acls']['item']; + foreach ($bind['config'] as $frontend) { + $a_acl=&$frontend['ha_acls']['item']; if(!is_array($a_acl)) $a_acl=array(); - $poolname = $bconfig['backend_serverpool'] . "_" . strtolower($bconfig['type']); + $poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']); // Create different pools if the svrport is set - if ($bconfig['svrport'] > 0) - $poolname .= "_" . $bconfig['svrport']; - - // Write this out once, and must be before any backend config text - if ($default_backend == "" || $bconfig['secondary'] != 'yes') { - $default_backend = $poolname; - } + if ($frontend['svrport'] > 0) + $poolname .= "_" . $frontend['svrport']; if (!isset($a_pendingpl[$poolname])) { $a_pendingpl[$poolname] = array(); $a_pendingpl[$poolname]['name'] = $poolname; - $a_pendingpl[$poolname]['frontend'] = $bconfig; + $a_pendingpl[$poolname]['frontend'] = $frontend; } - if (strtolower($bind['type']) == "http" && $bconfig['ssloffload'] && $bconfig['ssloffloadacl']) { + if (strtolower($bind['type']) == "http" && $frontend['ssloffload']) { $aclname = "SNI_" . $poolname; - $cert_cn = cert_get_cn($bconfig['ssloffloadcert'] ,true); - $a_acl[] = array('name' => $aclname,'expression' => 'host_matches', 'value' => $cert_cn); + if ($frontend['ssloffloadacl']){ + $cert = lookup_cert($frontend['ssloffloadcert']); + $cert_cn = cert_get_cn($cert['crt']); + $descr = haproxy_escape_acl_name($cert['descr']); + $a_acl[] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); + unset($cert); + } + if ($frontend['ssloffloadacladditional']){ + $certs = $frontend['ha_certificates']['item']; + if (is_array($certs)){ + if (count($certs) > 0){ + foreach($certs as $certref){ + $cert = lookup_cert($certref['ssl_certificate']); + $cert_cn = cert_get_cn($cert['crt']); + $descr = haproxy_escape_acl_name($cert['descr']); + $a_acl[] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); + unset($cert); + } + } + } + } + } + + // Write this out once, and must be before any backend config text + if (($default_backend == "" || $frontend['secondary'] != 'yes') && count($a_acl) == 0 ) { + $default_backend = $poolname; } // combine acl's with same name to allow for 'combined checks' to check for example hostname and fileextension together.. @@ -795,7 +861,8 @@ function haproxy_writeconf($configfile) { fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n"); } } - fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n"); + if ($default_backend) + fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n"); foreach($advancedextra as $extra) fwrite ($fd, "\t".$extra."\n"); @@ -803,9 +870,9 @@ function haproxy_writeconf($configfile) { } } // Construct and write out configuration for each "backend" - if (is_array($a_pendingpl) && is_array($a_pools)) { + if (is_array($a_pendingpl) && is_array($a_backends)) { foreach ($a_pendingpl as $pending) { - foreach ($a_pools as $pool) { + foreach ($a_backends as $pool) { if ($pending['frontend']['backend_serverpool'] == $pool['name']) { write_backend($fd, $pending['name'], $pool, $pending['frontend']); } @@ -832,12 +899,6 @@ function haproxy_writeconf($configfile) { haproxy_install_cron(true); else haproxy_install_cron(false); - - $freebsd_version = substr(trim(`uname -r`), 0, 1); - if(!file_exists("/usr/bin/limits")) { - exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits"); - exec("chmod a+rx /usr/bin/limits"); - } } function haproxy_is_running() { @@ -845,7 +906,6 @@ function haproxy_is_running() { return $running; } - function haproxy_load_modules() { // On FreeBSD 8 ipfw is needed to allow 'transparent' proxying (getting reply's to a non-local ip to pass back to the client-socket).. // On FreeBSD 9 it is probably possible to do the same with the pf option "divert-reply" @@ -932,6 +992,7 @@ function haproxy_check_run($reload) { global $config, $g, $haproxy_run_message; $a_global = &$config['installedpackages']['haproxy']; + $configpath = "{$g['varetc_path']}/haproxy"; exec("/usr/bin/limits -n 300014"); @@ -963,9 +1024,9 @@ function haproxy_check_run($reload) { $sf_st = "-st";//terminate old process as soon as the new process is listening else $sf_st = "-sf";//finish serving existing connections exit when done, and the new process is listening - exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid $sf_st `cat /var/run/haproxy.pid` 2>&1", $output, $errcode); + exec("/usr/local/sbin/haproxy -f {$configpath}/haproxy.cfg -p /var/run/haproxy.pid $sf_st `cat /var/run/haproxy.pid` 2>&1", $output, $errcode); } else { - exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D 2>&1", $output, $errcode); + exec("/usr/local/sbin/haproxy -f {$configpath}/haproxy.cfg -p /var/run/haproxy.pid -D 2>&1", $output, $errcode); } foreach($output as $line) $haproxy_run_message .= "<br/>" . htmlspecialchars($line) . "\n"; @@ -1127,7 +1188,7 @@ function get_frontend_acls($frontend) { continue; $acl_item = array(); - $acl_item['descr'] = $acl['descr'] . ": " . $entry['value']; + $acl_item['descr'] = $acl['name'] . ": " . $entry['value']; $acl_item['ref'] = $entry; $result[] = $acl_item; @@ -1153,4 +1214,8 @@ function haproxy_escapestring($configurationsting) { return str_replace('#', '\\#', $result); } +function haproxy_escape_acl_name($aclname) { + return preg_replace_callback('([^A-Za-z0-9\._\-\:])', function($match){return "_".dechex(ord($match[0]));}, $aclname); +} + ?> diff --git a/config/haproxy-devel/haproxy.widget.php b/config/haproxy-devel/haproxy.widget.php index abc5d935..7954e404 100644 --- a/config/haproxy-devel/haproxy.widget.php +++ b/config/haproxy-devel/haproxy.widget.php @@ -1,5 +1,6 @@ <?php /* + Copyright (C) 2013 PiBa-NL Copyright 2011 Thomas Schaefer - Tomschaefer.org Copyright 2011 Marcello Coutinho Part of pfSense widgets (www.pfsense.com) diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml index 803bd978..6b25dd46 100644 --- a/config/haproxy-devel/haproxy.xml +++ b/config/haproxy-devel/haproxy.xml @@ -102,6 +102,11 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_htmllist.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_utils.inc</item> </additional_files_needed> <additional_files_needed> diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index bd1846e2..0a92cde7 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -3,6 +3,7 @@ /* haproxy_global.php part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -52,15 +53,15 @@ if ($_POST) { if ($result) unlink_if_exists($d_haproxyconfdirty_path); } else { - if ($_POST['enable']) { - $reqdfields = explode(" ", "maxconn"); - $reqdfieldsn = explode(",", "Maximum connections"); - } + //if ($_POST['enable']) { + // $reqdfields = explode(" ", "maxconn"); + // $reqdfieldsn = explode(",", "Maximum connections"); + //} if ($_POST['carpdev'] == "disabled") unset($_POST['carpdev']); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + //do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) $input_errors[] = "The maximum number of connections should be numeric."; @@ -126,7 +127,7 @@ include("head.inc"); <script type="text/javascript" src="javascript/scriptaculous/prototype.js"></script> <script type="text/javascript" src="javascript/scriptaculous/scriptaculous.js"></script> <?php include("fbegin.inc"); ?> -<script language="JavaScript"> +<script type="text/javascript"> <!-- function enable_change(enable_change) { var endis; @@ -141,8 +142,8 @@ function enable_change(enable_change) { <form action="haproxy_global.php" method="post" name="iform"> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_haproxyconfdirty_path)): ?><p> -<?php print_info_box_np("The haproxy configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> +<?php if (file_exists($d_haproxyconfdirty_path)): ?> +<?php print_info_box_np("The haproxy configuration has been changed.<br/>You must apply the changes in order for them to take effect.");?><br/> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> @@ -165,8 +166,8 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top" class="vncell"> </td> <td width="78%" class="vtable"> - <input type="hidden" name="calculate_certificate_chain" id="calculate_certificate_chain"> - <input type="button" class="formbtn" value="Recalculate certificate chains" onclick="$('calculate_certificate_chain').value='true';document.iform.submit();"> + <input type="hidden" name="calculate_certificate_chain" id="calculate_certificate_chain" /> + <input type="button" class="formbtn" value="Recalculate certificate chains" onclick="$('calculate_certificate_chain').value='true';document.iform.submit();" /> <br/> This can be required after certificates have been created or imported. As pfSense 2.1.0 currently does not always keep track of these dependencies which might be required to create a proper certificate chain when using SSLoffloading. @@ -179,7 +180,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top" class="vncell"> </td> <td width="78%" class="vtable"> - <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)"> + <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)" /> <strong>Enable HAProxy</strong></td> </tr> <tr> @@ -191,7 +192,7 @@ function enable_change(enable_change) { <table cellpadding="0" cellspacing="0"> <tr> <td> - <input name="maxconn" type="text" class="formfld" id="maxconn" size="5" <?if ($pconfig['enable']!='yes') echo "enabled=\"false\"";?> value="<?=htmlspecialchars($pconfig['maxconn']);?>"> per Backend. + <input name="maxconn" type="text" class="formfld" id="maxconn" size="5" <?if ($pconfig['enable']!='yes') echo "enabled=\"false\"";?> value="<?=htmlspecialchars($pconfig['maxconn']);?>" /> per Backend. </td> </tr> </table> @@ -205,29 +206,29 @@ function enable_change(enable_change) { </td><td> <table style="border: 1px solid #000;"> <tr> - <td><font size=-1>Connections</td> - <td><font size=-1>Memory usage</td> + <td><font size=-1>Connections</font></td> + <td><font size=-1>Memory usage</font></td> </tr> <tr> <td colspan="2"> - <hr noshade style="border: 1px solid #000;"> + <hr noshade style="border: 1px solid #000;"></hr> </td> </tr> <tr> - <td align="right"><font size=-1>999</td> - <td><font size=-1>1888K</td> + <td align="right"><font size=-1>999</font></td> + <td><font size=-1>1888K</font></td> </tr> <tr> - <td align="right"><font size=-1>99999</td> - <td><font size=-1>8032K</td> + <td align="right"><font size=-1>99999</font></td> + <td><font size=-1>8032K</font></td> </tr> <tr> - <td align="right"><font size=-1>999999</td> - <td><font size=-1>50016K</td> + <td align="right"><font size=-1>999999</font></td> + <td><font size=-1>50016K</font></td> </tr> <tr> - <td align="right"><font size=-1>9999999</td> - <td><font size=-1>467M</td> + <td align="right"><font size=-1>9999999</font></td> + <td><font size=-1>467M</font></td> </tr> </table> </td></tr></table> @@ -238,17 +239,17 @@ function enable_change(enable_change) { Number of processes to start </td> <td class="vtable"> - <input name="nbproc" type="text" class="formfld" id="nbproc" size="18" value="<?=htmlspecialchars($pconfig['nbproc']);?>"> + <input name="nbproc" type="text" class="formfld" id="nbproc" size="18" value="<?=htmlspecialchars($pconfig['nbproc']);?>" /> <br/> Defaults to 1 if left blank (<?php echo trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); ?> CPU core(s) detected).<br/> Note : Consider leaving this value empty or 1 because in multi-process mode (nbproc > 1) memory is not shared between the processes, which could result in random behaviours for several options like ACL's, sticky connections and some others.<br/> - For more information about the <b>"nbproc"</b> option please see <b><a href='http://haproxy.1wt.eu/download/1.5/doc/configuration.txt' target='_new'>HAProxy Documentation</a> </b> + For more information about the <b>"nbproc"</b> option please see <b><a href='http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#nbproc' target='_blank'>HAProxy Documentation</a> </b> </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Reload behaviour</td> <td width="78%" class="vtable"> - <input name="terminate_on_reload" type="checkbox" value="yes" <?php if ($pconfig['terminate_on_reload']) echo "checked"; ?>> + <input name="terminate_on_reload" type="checkbox" value="yes" <?php if ($pconfig['terminate_on_reload']) echo "checked"; ?> /> Force immediate stop of old process on reload. (closes existing connections)<br/><br/>Note: when this option is selected connections will be closed when haproxy is restarted. Otherwise the existing connections will be served by the old haproxy process untill they are closed. Checking this option will interupt existing connections on a restart. (which happens when the configuration is applied, @@ -259,7 +260,7 @@ function enable_change(enable_change) { Remote syslog host </td> <td class="vtable"> - <input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>"><br/> + <input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>" /><br/> To log to the local pfSense systemlog fill the host with the value <b>/var/run/log</b>, however if a lot of messages are generated logging is likely to be incomplete. (Also currently no informational logging gets shown in the systemlog.) </td> </tr> @@ -359,7 +360,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top" class="vncell">HAProxy Sync</td> <td width="78%" class="vtable"> - <input name="enablesync" type="checkbox" value="yes" <?php if ($pconfig['enablesync']) echo "checked"; ?>> + <input name="enablesync" type="checkbox" value="yes" <?php if ($pconfig['enablesync']) echo "checked"; ?> /> <strong>Sync HAProxy configuration to backup CARP members via XMLRPC.</strong><br/> Note: remember to also turn on HAProxy Sync on the backup nodes.<br/> The synchronisation host and password are those configured in pfSense main <a href="/system_hasync.php">"System: High Availability Sync"</a> settings. @@ -406,22 +407,20 @@ function enable_change(enable_change) { </tr> <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)"> - </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)" /> </td> </tr> </table> </div> </table> -<?php if(file_exists("/var/etc/haproxy.cfg")): ?> - <p/> +<?php if(file_exists("/var/etc/haproxy/haproxy.cfg")): ?> <div id="configuration" style="display:none; border-style:dashed; padding: 8px;"> - <b><i>/var/etc/haproxy.cfg file contents:</b></i> + <b><i>/var/etc/haproxy.cfg file contents:</i></b> <?php - if(file_exists("/var/etc/haproxy.cfg")) { - echo "<pre>" . trim(file_get_contents("/var/etc/haproxy.cfg")) . "</pre>"; + if(file_exists("/var/etc/haproxy/haproxy.cfg")) { + echo "<pre>" . trim(file_get_contents("/var/etc/haproxy/haproxy.cfg")) . "</pre>"; } ?> </div> @@ -431,7 +430,7 @@ function enable_change(enable_change) { <?php endif; ?> </form> -<script language="JavaScript"> +<script type="text/javascript"> function scroll_after_fade() { scrollTo(0,99999999999); } diff --git a/config/haproxy-devel/haproxy_htmllist.inc b/config/haproxy-devel/haproxy_htmllist.inc new file mode 100644 index 00000000..2e93ca2a --- /dev/null +++ b/config/haproxy-devel/haproxy_htmllist.inc @@ -0,0 +1,246 @@ +<?php +/* + haproxy_htmllist.php + part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 PiBa-NL + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + This file contains functions which are NOT specific to HAProxy and may/could/should + be moved to the general pfSense php library for possible easy use by other parts of pfSense +*/ + +require_once("config.inc"); +require_once("haproxy_utils.inc"); + +function haproxy_htmllist_get_values($html_list){ + $values = array(); + for($x=0; $x<99; $x++) { + $value = array(); + $add_item = false; + foreach($html_list as $item){ + $itemname = $item['name']; + $value[$itemname] = $_POST[$itemname.$x]; + $add_item |= isset($_POST[$itemname.$x]); + } + if ($add_item) + $values[] = $value; + } + return $values; +} + +function haproxy_htmllist($tablename,$values,$items,$editstate=false){ + global $g, $counter; + echo "<table class='' width='100%' cellpadding='0' cellspacing='0' id='$tablename'> + <tr>"; + foreach($items as $item){ + echo "<td width='{$item['colwidth']}' class='listhdrr'>{$item['columnheader']}</td>"; + } + echo "<td width='5%' class=''></td> + </tr>"; + if (is_array($values)){ + foreach($values as $value){ + if (!$editstate) { + echo "<tr id='tr_view_$counter' ondblclick='editRow($counter); return false;' >"; + $leftitem = true; + foreach($items as $item){ + $tdclass = $leftitem ? "vtable listlr" : "vtable listr"; + echo "<td class='$tdclass'>"; + $itemname = $item['name']; + $itemtype = $item['type']; + $itemvalue = $value[$itemname]; + if ($itemtype == "select"){ + echo $item['items'][$itemvalue]['name']; + } else + if ($itemtype == "checkbox"){ + echo $itemvalue=='yes' ? gettext('yes') : gettext('no'); + } else + echo $itemvalue; + echo "</td>"; + $leftitem = false; + } + echo " + <td class='list'> + <table border='0' cellspacing='0' cellpadding='1'><tr> + <td valign='middle'> + <img src='/themes/{$g['theme']}/images/icons/icon_e.gif' title='edit entry' width='17' height='17' border='0' onclick='editRow($counter); return false;' /> + </td> + <td valign='middle'> + <img src='/themes/{$g['theme']}/images/icons/icon_x.gif' title='delete entry' width='17' height='17' border='0' onclick='deleteRow($counter, \"$tablename\"); return false;' /> + </td> + <td valign='middle'> + <img src='/themes/{$g['theme']}/images/icons/icon_plus.gif' title='duplicate entry' width='17' height='17' border='0' onclick='dupRow($counter, \"$tablename\"); return false;' /> + </td></tr></table> + </td>"; + echo "</tr>"; + } + $displaystyle = $editstate ? "" : "display: none;"; + echo "<tr id='tr_edit_$counter' style='$displaystyle'>"; + foreach($items as $item){ + $itemname = $item['name']; + $itemtype = $item['type']; + $itemvalue = $value[$itemname]; + $itemnamenr = $itemname.$counter; + echo "<td class='vtable'>"; + if ($itemtype == "select"){ + echo_html_select($itemnamenr, $item['items'], $itemvalue,"","updatevisibility();", "width:{$item['size']}"); + } else + if ($itemtype == "checkbox"){ + $checked = $itemvalue=='yes' ? " checked" : ""; + echo "<input name='$itemnamenr' id='$itemnamenr' type='checkbox'$checked value='yes' size='{$item['size']}' />"; + + } else + echo "<input name='$itemnamenr' id='$itemnamenr' type='text' value='{$itemvalue}' size='{$item['size']}' />"; + echo "</td>"; + } + echo " + <td class='list'> + <table border='0' cellspacing='0' cellpadding='1'><tr> + <td valign='middle'> + <img src='/themes/{$g['theme']}/images/icons/icon_x.gif' title='delete entry' width='17' height='17' border='0' onclick='removeRow(this); return false;' /> + </td> + <td valign='middle'> + <img src='/themes/{$g['theme']}/images/icons/icon_plus.gif' title='duplicate entry' width='17' height='17' border='0' onclick='dupRow($counter, \"$tablename\"); return false;' /> + </td></tr></table> + </td>"; + echo "</tr>"; + $counter++; + } + } + echo "</table> + <a onclick='javascript:addRowTo(\"$tablename\"); return false;' href='#'> + <img border='0' src='/themes/{$g['theme']}/images/icons/icon_plus.gif' alt='' title='add another entry' /> + </a>"; +} + +function haproxy_htmllist_js(){ +?><script type="text/javascript"> + function htmllist_get_select_items(tableId) { + var items; + var i = tableId.lastIndexOf('_'); + var items_name = "fields_"+tableId.substr(i+1); + items = eval(items_name); + return items; + } + + var addRowTo = (function() { + return (function (tableId) { + var d, tbody, tr, td, bgc, i, ii, j, type, seltext, items; + var btable, btbody, btr, btd; + d = document; + + items = htmllist_get_select_items(tableId); + seltext = htmllist_get_select_options(tableId); + + tbody = d.getElementById(tableId).getElementsByTagName("tbody").item(0); + tr = d.createElement("tr"); + totalrows++; + tr.setAttribute("id","aclrow" + totalrows); + + for (var i in items) { + td = d.createElement("td"); + if(items[i]['type'] == 'textbox') { + td.innerHTML="<input size='" + items[i]['size'] + "' name='" + items[i]['name'] + totalrows + + "' id='" + items[i]['name'] + totalrows + + "'><\/input> "; + } else if(items[i]['type'] == 'select') { + td.innerHTML="<select style='width:" + items[i]['size'] + "' name='" + items[i]['name'] + totalrows + + "' id='" + items[i]['name'] + totalrows + + "'>" + seltext + "<\/select> "; + } else { + td.innerHTML="<input type='checkbox' name='" + items[i]['name'] + totalrows + + "' id='" + items[i]['name'] + totalrows + "' value='yes'><\/input> "; + } + tr.appendChild(td); + } + td = d.createElement("td"); + td.rowSpan = "1"; + td.setAttribute("class","list"); + + // Recreate the button table. + btable = document.createElement("table"); + btable.setAttribute("border", "0"); + btable.setAttribute("cellspacing", "0"); + btable.setAttribute("cellpadding", "1"); + btbody = document.createElement("tbody"); + btr = document.createElement("tr"); + btd = document.createElement("td"); + btd.setAttribute("valign", "middle"); + btd.innerHTML = '<img src="/themes/' + theme + '/images/icons/icon_x.gif" title="delete entry" width="17" height="17" border="0" onclick="removeRow(this); return false;" />'; + btr.appendChild(btd); + btd = document.createElement("td"); + btd.setAttribute("valign", "middle"); + btd.innerHTML = '<img src="/themes/' + theme + "/images/icons/icon_plus.gif\" title=\"duplicate entry\" width=\"17\" height=\"17\" border=\"0\" onclick=\"dupRow(" + totalrows + ", '" + tableId + "'); return false;\" />"; + btr.appendChild(btd); + btbody.appendChild(btr); + btable.appendChild(btbody); + td.appendChild(btable); + tr.appendChild(td); + tbody.appendChild(tr); + }); + })(); + function dupRow(rowId, tableId) { + var dupEl; + var newEl; + addRowTo(tableId); + items = htmllist_get_select_items(tableId); + for (var i in items) { + dupEl = document.getElementById(items[i]['name'] + rowId); + newEl = document.getElementById(items[i]['name'] + totalrows); + if (dupEl && newEl) + if(items[i]['type'] == 'checkbox') + newEl.checked = dupEl.checked; + else + newEl.value = dupEl.value; + } + } + function editRow(num) { + var trview = document.getElementById('tr_view_' + num); + var tredit = document.getElementById('tr_edit_' + num); + trview.style.display='none'; + tredit.style.display=''; + } + function deleteRow(rowId, tableId) { + var view = document.getElementById("tr_view_" + rowId); + var edit = document.getElementById("tr_edit_" + rowId); + view.parentNode.removeChild(view); + edit.parentNode.removeChild(edit); + } + function removeRow(el) { + var cel; + // Break out of one table first + while (el && el.nodeName.toLowerCase() != "table") + el = el.parentNode; + while (el && el.nodeName.toLowerCase() != "tr") + el = el.parentNode; + + if (el && el.parentNode) { + cel = el.getElementsByTagName("td").item(0); + el.parentNode.removeChild(el); + } + } +</script><? +} + +?> diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index d802023c..3ff53cea 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -1,8 +1,9 @@ <?php /* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ /* - haproxy_baclkends.php + haproxy_listeners.php part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -84,16 +85,16 @@ include("head.inc"); <?php endif; ?> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_haproxyconfdirty_path)): ?><p> -<?php print_info_box_np("The haproxy configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> +<?php if (file_exists($d_haproxyconfdirty_path)): ?> +<?php print_info_box_np("The haproxy configuration has been changed.<br/>You must apply the changes in order for them to take effect.");?><br/> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php - /* active tabs */ - $tab_array = array(); + /* active tabs */ + $tab_array = array(); $tab_array[] = array("Settings", false, "haproxy_global.php"); - $tab_array[] = array("Frontend", true, "haproxy_listeners.php"); + $tab_array[] = array("Frontend", true, "haproxy_listeners.php"); $tab_array[] = array("Backend", false, "haproxy_pools.php"); display_top_tabs($tab_array); ?> @@ -139,7 +140,7 @@ include("head.inc"); foreach ($a_frontend_grouped as $a_frontend) { usort($a_frontend,'sort_sharedfrontends'); if (count($a_frontend) > 1 || $last_frontend_shared) { - ?> <tr class="<?=$textgray?>"><td collspan="7"> </td></tr> <? + ?> <tr class="<?=$textgray?>"><td colspan="7"> </td></tr> <? } $last_frontend_shared = count($a_frontend) > 1; foreach ($a_frontend as $frontend) { @@ -154,7 +155,17 @@ include("head.inc"); <? if (strtolower($frontend['type']) == "http" && $frontend['ssloffload']) { $cert = lookup_cert($frontend['ssloffloadcert']); - echo '<img src="'.$img_cert.'" title="SSL offloading cert: '.$cert['descr'].'" alt="SSL offloading" border="0" height="16" width="16" />'; + $descr = htmlspecialchars($cert['descr']); + $certs = $frontend['ha_certificates']['item']; + if (is_array($certs)){ + if (count($certs) > 0){ + foreach($certs as $certitem){ + $cert = lookup_cert($certitem['ssl_certificate']); + $descr .= "\n".htmlspecialchars($cert['descr']); + } + } + } + echo '<img src="'.$img_cert.'" title="SSL offloading cert: '.$descr.'" alt="SSL offloading" border="0" height="16" width="16" />'; } $acls = get_frontend_acls($frontend); @@ -162,14 +173,19 @@ include("head.inc"); foreach ($acls as $acl) { $isaclset .= " " . $acl['descr']; } + if ($frontend['ssloffloadacl']) + $isaclset .= " " . "Certificate ACL"; + if ($frontend['ssloffloadacladditional']) + $isaclset .= " " . "Additional certificate ACLs"; + if ($isaclset) - echo "<img src=\"$img_acl\" title=\"" . gettext("acl's used") . ": {$isaclset}\" border=\"0\">"; + echo "<img src=\"$img_acl\" title=\"" . gettext("acl's used") . ": {$isaclset}\" border=\"0\" />"; $isadvset = ""; if ($frontend['advanced_bind']) $isadvset .= "Advanced bind: {$frontend['advanced_bind']}\r\n"; if ($frontend['advanced']) $isadvset .= "Advanced pass thru setting used\r\n"; if ($isadvset) - echo "<img src=\"$img_adv\" title=\"" . gettext("Advanced settings set") . ": {$isadvset}\" border=\"0\">"; + echo "<img src=\"$img_adv\" title=\"" . gettext("Advanced settings set") . ": {$isadvset}\" border=\"0\" />"; $backend_serverpool = $frontend['backend_serverpool']; $backend = get_backend($backend_serverpool ); @@ -205,9 +221,9 @@ include("head.inc"); <td class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit frontend");?>" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$frontendname;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete frontend");?>" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("clone frontend");?>" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit frontend");?>" width="17" height="17" border="0" /></a></td> + <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$frontendname;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete frontend");?>" width="17" height="17" border="0" /></a></td> + <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("clone frontend");?>" width="17" height="17" border="0" /></a></td> </tr> </table> </td> @@ -220,7 +236,7 @@ include("head.inc"); <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a href="haproxy_listeners_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new frontend");?>" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new frontend");?>" width="17" height="17" border="0" /></a></td> </tr> </table> </td> diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index d5d44e5d..2fd9a6c3 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -33,6 +33,7 @@ $shortcut_section = "haproxy"; require("guiconfig.inc"); require_once("haproxy.inc"); require_once("haproxy_utils.inc"); +require_once("haproxy_htmllist.inc"); /* Compatibility function for pfSense 2.0 */ if (!function_exists("cert_get_purpose")) { @@ -44,76 +45,13 @@ if (!function_exists("cert_get_purpose")) { } /**/ -function get_certificat_usage($refid) { - $usage = array(); - $cert = lookup_cert($refid); - if (is_cert_revoked($cert)) - $usage[] = "Revoked"; - if (is_webgui_cert($refid)) - $usage[] = "webConfigurator"; - if (is_user_cert($refid)) - $usage[] = "User Cert"; - if (is_openvpn_server_cert($refid)) - $usage[] = "OpenVPN Server"; - if (is_openvpn_client_cert($refid)) - $usage[] = "OpenVPN Client"; - if (is_ipsec_cert($cert['refid'])) - $usage[] = "IPsec Tunnel"; - if (function_exists("is_captiveportal_cert")) - if (is_captiveportal_cert($refid)) - $usage[] = "Captive Portal"; - - return $usage; -} - -// This function (is intended to) provides a uniform way to retrieve a list of server certificates -function get_certificates_server($get_includeWebCert=false) { - global $config; - $certificates=array(); - $a_cert = &$config['cert']; - foreach ($a_cert as $cert) - { - if ($get_ca == false && is_webgui_cert($cert['refid'])) - continue; - - $purpose = cert_get_purpose($cert['crt']); - //$certserverpurpose = $purpose['server'] == 'Yes' ? " [Server certificate]" : ""; - $certserverpurpose = ""; - - $selected = ""; - $caname = ""; - $inuse = ""; - $revoked = ""; - $ca = lookup_ca($cert['caref']); - if ($ca) - $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) - $selected = "selected"; - if (cert_in_use($cert['refid'])) - $inuse = " *In Use"; - if (is_cert_revoked($cert)) - $revoked = " *Revoked"; - - $usagestr=""; - $usage = get_certificat_usage($cert['refid']); - foreach($usage as $use){ - $usagestr .= " " . $use; - } - if ($usagestr != "") - $usagestr = " (".trim($usagestr).")"; - - $certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $certserverpurpose . $inuse . $revoked . $usagestr; - } - return $certificates; -} - -function haproxy_acl_select($mode) { +function haproxy_js_acl_select($mode) { global $a_acltypes; $seltext = ''; - foreach ($a_acltypes as $expr) { + foreach ($a_acltypes as $key => $expr) { if ($expr['mode'] == '' || $expr['mode'] == $mode) - $seltext .= "<option value='" . $expr['name'] . "'>" . $expr['descr'] .":</option>"; + $seltext .= "<option value='" . $key . "'>" . $expr['name'] .":<\/option>"; } return $seltext; } @@ -129,7 +67,7 @@ $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item']; global $simplefields; $simplefields = array('name','desc','status','secondary','primary_frontend','type','forwardfor','httpclose','extaddr','backend_serverpool', - 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl','advanced_bind'); + 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl','advanced_bind','ssloffloadacladditional'); if (isset($_POST['id'])) $id = $_POST['id']; @@ -141,10 +79,41 @@ if (isset($_GET['dup'])) $id = get_frontend_id($id); +$servercerts = get_certificates_server(); + +$fields_sslCertificates=array(); +$fields_sslCertificates[0]['name']="ssl_certificate"; +$fields_sslCertificates[0]['columnheader']="Certificates"; +$fields_sslCertificates[0]['colwidth']="95%"; +$fields_sslCertificates[0]['type']="select"; +$fields_sslCertificates[0]['size']="500px"; +$fields_sslCertificates[0]['items']=&$servercerts; + +$fields_aclSelectionList=array(); +$fields_aclSelectionList[0]['name']="name"; +$fields_aclSelectionList[0]['columnheader']="Name"; +$fields_aclSelectionList[0]['colwidth']="30%"; +$fields_aclSelectionList[0]['type']="textbox"; +$fields_aclSelectionList[0]['size']="20"; + +$fields_aclSelectionList[1]['name']="expression"; +$fields_aclSelectionList[1]['columnheader']="Expression"; +$fields_aclSelectionList[1]['colwidth']="30%"; +$fields_aclSelectionList[1]['type']="select"; +$fields_aclSelectionList[1]['size']="10"; +$fields_aclSelectionList[1]['items']=&$a_acltypes; + +$fields_aclSelectionList[2]['name']="value"; +$fields_aclSelectionList[2]['columnheader']="Value"; +$fields_aclSelectionList[2]['colwidth']="35%"; +$fields_aclSelectionList[2]['type']="textbox"; +$fields_aclSelectionList[2]['size']="35"; + + if (isset($id) && $a_backend[$id]) { $pconfig['a_acl']=&$a_backend[$id]['ha_acls']['item']; + $pconfig['a_certificates']=&$a_backend[$id]['ha_certificates']['item']; $pconfig['advanced'] = base64_decode($a_backend[$id]['advanced']); - foreach($simplefields as $stat) $pconfig[$stat] = $a_backend[$id][$stat]; } @@ -163,8 +132,8 @@ if ($_POST) { if ($pconfig['secondary'] != "yes") { - $reqdfields = explode(" ", "name type port max_connections"); - $reqdfieldsn = explode(",", "Name,Type,Port,Max connections"); + $reqdfields = explode(" ", "name type port"); + $reqdfieldsn = explode(",", "Name,Type,Port"); } else { $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); @@ -176,7 +145,7 @@ if ($_POST) { $input_errors[] = "The field 'Name' contains invalid characters."; if ($pconfig['secondary'] != "yes") { - if (!is_numeric($_POST['max_connections'])) + if ($_POST['max_connections'] && !is_numeric($_POST['max_connections'])) $input_errors[] = "The field 'Max connections' value is not a number."; $ports = split(",", $_POST['port'] . ","); @@ -193,36 +162,26 @@ if ($_POST) { if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_backends']['item'][$i]['name']) && ($i != $id)) $input_errors[] = "This frontend name has already been used. Frontend names must be unique. $i != $id"; - $a_acl=array(); - $acl_names=array(); - for($x=0; $x<99; $x++) { - $acl_name=$_POST['acl_name'.$x]; - $acl_expression=$_POST['acl_expression'.$x]; - $acl_value=$_POST['acl_value'.$x]; - - if ($acl_name) { - $acl_names[]=$acl_name; - - $acl=array(); - $acl['name']=$acl_name; - $acl['expression']=$acl_expression; - $acl['value']=$acl_value; - $a_acl[]=$acl; - - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $acl_name)) - $input_errors[] = "The field 'Name' contains invalid characters."; - - if (!preg_match("/.{1,}/", $acl_value)) - $input_errors[] = "The field 'Value' is required."; + $a_certificates = haproxy_htmllist_get_values($fields_sslCertificates); + $pconfig['a_certificates'] = $a_certificates; + + $a_acl = haproxy_htmllist_get_values($fields_aclSelectionList); + $pconfig['a_acl'] = $a_acl; + + foreach($a_acl as $acl) { + $acl_name = $acl['name']; + $acl_value = $acl['value']; + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $acl_name)) + $input_errors[] = "The field 'Name' contains invalid characters."; - if (!preg_match("/.{2,}/", $acl_name)) - $input_errors[] = "The field 'Name' is required."; + if (!preg_match("/.{1,}/", $acl_value)) + $input_errors[] = "The field 'Value' is required."; - } + if (!preg_match("/.{2,}/", $acl_name)) + $input_errors[] = "The field 'Name' is required with at least 2 characters."; } - $pconfig['a_acl']=$a_acl; - if (!$input_errors) { $backend = array(); if(isset($id) && $a_backend[$id]) @@ -242,10 +201,10 @@ if ($_POST) { foreach($simplefields as $stat) update_if_changed($stat, $backend[$stat], $_POST[$stat]); - update_if_changed("advanced", $backend['advanced'], base64_encode($_POST['advanced'])); $backend['ha_acls']['item'] = $a_acl; + $backend['ha_certificates']['item'] = $a_certificates; if (isset($id) && $a_backend[$id]) { $a_backend[$id] = $backend; @@ -273,170 +232,55 @@ if (!$id) $pconfig['ssloffloadacl'] = "yes"; } +$closehead = false; $pgtitle = "HAProxy: Frontend: Edit"; include("head.inc"); $primaryfrontends = get_haproxy_frontends($pconfig['name']); $interfaces = haproxy_get_bindable_interfaces(); -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +?> <style type="text/css"> .haproxy_mode_http{display:none;} .haproxy_ssloffloading_enabled{display:none;} .haproxy_primary{} .haproxy_secondary{display:none;} </style> +</head> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php if($one_two): ?> <script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script> <script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script> <?php endif; ?> -<script type="text/javascript"> - // Global Variables - var rowname = new Array(99); - var rowtype = new Array(99); - var newrow = new Array(99); - var rowsize = new Array(99); - - for (i = 0; i < 99; i++) { - rowname[i] = ''; - rowtype[i] = ''; - newrow[i] = ''; - rowsize[i] = '25'; - } - var field_counter_js = 0; - var loaded = 0; - var is_streaming_progress_bar = 0; - var temp_streaming_text = ""; - - var addRowTo = (function() { - return (function (tableId) { - var d, tbody, tr, td, bgc, i, ii, j, type, seltext; - var btable, btbody, btr, btd; - - d = document; - type = d.getElementById("type").value; - if (type == 'health') - seltext = "<?php echo haproxy_acl_select('health');?>"; - else if (type == 'tcp') - seltext = "<?php echo haproxy_acl_select('tcp');?>"; - else if (type == 'https') - seltext = "<?php echo haproxy_acl_select('https');?>"; - else - seltext = "<?php echo haproxy_acl_select('http');?>"; - if (seltext == '') { - alert("No ACL types available in current frontend type"); - return; - } - tbody = d.getElementById(tableId).getElementsByTagName("tbody").item(0); - tr = d.createElement("tr"); - totalrows++; - tr.setAttribute("id","aclrow" + totalrows); - for (i = 0; i < field_counter_js; i++) { - td = d.createElement("td"); - if(rowtype[i] == 'textbox') { - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + - "'></input><input size='" + rowsize[i] + "' name='" + rowname[i] + totalrows + - "' id='" + rowname[i] + totalrows + - "'></input> "; - } else if(rowtype[i] == 'select') { - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + - "'></input><select name='" + rowname[i] + totalrows + - "' id='" + rowname[i] + totalrows + - "'>" + seltext + "</select> "; - } else { - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + - "'></input><input type='checkbox' name='" + rowname[i] + totalrows + - "' id='" + rowname[i] + totalrows + "'></input> "; - } - tr.appendChild(td); - } - td = d.createElement("td"); - td.rowSpan = "1"; - td.setAttribute("class","list"); - - // Recreate the button table. - btable = document.createElement("table"); - btable.setAttribute("border", "0"); - btable.setAttribute("cellspacing", "0"); - btable.setAttribute("cellpadding", "1"); - btbody = document.createElement("tbody"); - btr = document.createElement("tr"); - btd = document.createElement("td"); - btd.setAttribute("valign", "middle"); - btd.innerHTML = '<img src="/themes/' + theme + '/images/icons/icon_x.gif" title="delete entry" width="17" height="17" border="0" onclick="removeRow(this); return false;">'; - btr.appendChild(btd); - btd = document.createElement("td"); - btd.setAttribute("valign", "middle"); - btd.innerHTML = '<img src="/themes/' + theme + "/images/icons/icon_plus.gif\" title=\"duplicate entry\" width=\"17\" height=\"17\" border=\"0\" onclick=\"dupRow(" + totalrows + ", 'acltable'); return false;\">"; - btr.appendChild(btd); - btbody.appendChild(btr); - btable.appendChild(btbody); - - td.appendChild(btable); - tr.appendChild(td); - tbody.appendChild(tr); - }); - })(); - - function dupRow(rowId, tableId) { - var dupEl; - var newEl; - - addRowTo(tableId); - for (i = 0; i < field_counter_js; i++) { - dupEl = document.getElementById(rowname[i] + rowId); - newEl = document.getElementById(rowname[i] + totalrows); - if (dupEl && newEl) - newEl.value = dupEl.value; +<script type="text/javascript"> + function htmllist_get_select_options(tableId) { + var seltext; + seltext = ""; + var type = d.getElementById("type").value; + if (tableId == 'tableA_acltable'){ + if (type == 'health') + seltext = "<?php echo haproxy_js_acl_select('health');?>"; + else if (type == 'tcp') + seltext = "<?php echo haproxy_js_acl_select('tcp');?>"; + else if (type == 'https') + seltext = "<?php echo haproxy_js_acl_select('https');?>"; + else + seltext = "<?php echo haproxy_js_acl_select('http');?>"; + if (seltext == '') { + alert("No ACL types available in current frontend type"); + return; + } } + if (tableId == 'tableA_sslCertificates'){ + seltext = "<?=haproxy_js_select_options($servercerts);?>"; + } + return seltext; } - function removeRow(el) { - var cel; - // Break out of one table first - while (el && el.nodeName.toLowerCase() != "table") - el = el.parentNode; - while (el && el.nodeName.toLowerCase() != "tr") - el = el.parentNode; - - if (el && el.parentNode) { - cel = el.getElementsByTagName("td").item(0); - el.parentNode.removeChild(el); - } - } - - function find_unique_field_name(field_name) { - // loop through field_name and strip off -NUMBER - var last_found_dash = 0; - for (var i = 0; i < field_name.length; i++) { - // is this a dash, if so, update - // last_found_dash - if (field_name.substr(i,1) == "-" ) - last_found_dash = i; - } - if (last_found_dash < 1) - return field_name; - return(field_name.substr(0,last_found_dash)); - } - - rowname[0] = "acl_name"; - rowtype[0] = "textbox"; - rowsize[0] = "20"; - - rowname[1] = "acl_expression"; - rowtype[1] = "select"; - rowsize[1] = "10"; - - rowname[2] = "acl_value"; - rowtype[2] = "textbox"; - rowsize[2] = "35"; - - function setCSSdisplay(cssID, display) - { + function setCSSdisplay(cssID, display) { var ss = document.styleSheets; for (var i=0; i<ss.length; i++) { var rules = ss[i].cssRules || ss[i].rules; @@ -448,8 +292,7 @@ $interfaces = haproxy_get_bindable_interfaces(); } } - function updatevisibility() - { + function updatevisibility() { d = document; ssloffload = d.getElementById("ssloffload"); type = d.getElementById("type"); @@ -478,8 +321,8 @@ $interfaces = haproxy_get_bindable_interfaces(); function type_change(type) { var d, i, j, el, row; var count = <?=count($a_acltypes);?>; - var acl = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['name']."'," ?> ]; - var mode = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['mode']."'," ?> ]; + var acl = [ <?php foreach ($a_acltypes as $key => $expr) echo "'".$key."'," ?> ]; + var mode = [ <?php foreach ($a_acltypes as $key => $expr) echo "'".$expr['mode']."'," ?> ]; d = document; for (i = 0; i < 99; i++) { @@ -497,6 +340,26 @@ $interfaces = haproxy_get_bindable_interfaces(); } } } + + for (i = 0; i < 99; i++) { + el = d.getElementById("expression" + i); + //row_v = d.getElementById("tr_view_" + i); + row_e = d.getElementById("tr_edit_" + i); + if (!el) + continue; + for (j = 0; j < count; j++) { + if (acl[j] == el.value) { + if (mode[j] != '' && mode[j] != type) { + //Effect.Fade(row_v,{ duration: 1.0 }); + Effect.Fade(row_e,{ duration: 1.0 }); + } else { + //Effect.Appear(row_v,{ duration: 1.0 }); + Effect.Appear(row_e,{ duration: 1.0 }); + } + } + } + } + } </script> <?php include("fbegin.inc"); ?> @@ -526,13 +389,13 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr> <td width="22%" valign="top" class="vncellreq">Name</td> <td width="78%" class="vtable" colspan="2"> - <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="25" maxlength="25"> + <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="25" maxlength="25" /> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Description</td> <td width="78%" class="vtable" colspan="2"> - <input name="desc" type="text" <?if(isset($pconfig['desc'])) echo "value=\"{$pconfig['desc']}\"";?> size="64"> + <input name="desc" type="text" <?if(isset($pconfig['desc'])) echo "value=\"{$pconfig['desc']}\"";?> size="64" /> </td> </tr> <tr align="left"> @@ -550,7 +413,7 @@ $interfaces = haproxy_get_bindable_interfaces(); <?if (count($primaryfrontends)==0){ ?> <b>At least 1 primary frontend is needed.</b><br/><br/> <? } else{ ?> - <input id="secondary" name="secondary" type="checkbox" value="yes" <?php if ($pconfig['secondary']=='yes') echo "checked"; ?> onclick="updatevisibility();"/> + <input id="secondary" name="secondary" type="checkbox" value="yes" <?php if ($pconfig['secondary']=='yes') echo "checked"; ?> onclick="updatevisibility();" /> <? } ?> This can be used to host a second or more website on the same IP:Port combination.<br/> Use this setting to configure multiple backends/accesslists for a single frontend.<br/> @@ -583,14 +446,14 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr class="haproxy_primary" align="left"> <td width="22%" valign="top" class="vncellreq">External port</td> <td width="78%" class="vtable" colspan="2"> - <input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="10" maxlength="500"> + <input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="10" maxlength="500" /> <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div> </td> </tr> <tr class="haproxy_primary" align="left"> - <td width="22%" valign="top" class="vncellreq">Max connections</td> + <td width="22%" valign="top" class="vncell">Max connections</td> <td width="78%" class="vtable" colspan="2"> - <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10"> + <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10" /> </td> </tr> <tr> @@ -628,58 +491,14 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr> <td width="22%" valign="top" class="vncell">Access Control lists</td> <td width="78%" class="vtable" colspan="2" valign="top"> - <table class="" width="100%" cellpadding="0" cellspacing="0" id='acltable'> - <tr> - <td width="35%" class="">Name</td> - <td width="40%" class="">Expression</td> - <td width="20%" class="">Value</td> - <td width="5%" class=""></td> - </tr> - <?php - $a_acl=$pconfig['a_acl']; - - if (!is_array($a_acl)) { - $a_acl=array(); - } - - $counter=0; - foreach ($a_acl as $acl) { - $t = haproxy_find_acl($acl['expression']); - $display = ''; - if (!$t || ($t['mode'] != '' && $t['mode'] != strtolower($pconfig['type']))) - $display = 'style="display: none;"'; - ?> - <tr id="aclrow<?=$counter;?>" <?=$display;?>> - <td><input name="acl_name<?=$counter;?>" id="acl_name<?=$counter;?>" type="text" value="<?=$acl['name']; ?>" size="20"/></td> - <td> - <select name="acl_expression<?=$counter;?>" id="acl_expression<?=$counter;?>"> - <?php - foreach ($a_acltypes as $expr) { ?> - <option value="<?=$expr['name'];?>"<?php if($acl['expression'] == $expr['name']) echo " SELECTED"; ?>><?=$expr['descr'];?>:</option> - <?php } ?> - </select> - </td> - <td><input name="acl_value<?=$counter;?>" id="acl_value<?=$counter;?>" type="text" value="<?=$acl['value']; ?>" size="35"/></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"><tr> - <td valign="middle"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete entry" width="17" height="17" border="0" onclick="removeRow(this); return false;"> - </td> - <td valign="middle"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="duplicate entry" width="17" height="17" border="0" onclick="dupRow(<?=$counter;?>, 'acltable'); return false;"> - </td></tr></table> - </td> - </tr> - <?php - $counter++; - } - ?> - </table> - <a onclick="javascript:addRowTo('acltable'); return false;" href="#"> - <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> - </a><br/> + <? + $counter=0; + $a_acl = $pconfig['a_acl']; + haproxy_htmllist("tableA_acltable", $a_acl, $fields_aclSelectionList, true); + ?> + <br/> acl's with the same name wil be 'combined', acl's with different names will be evaluated seperately.<br/> - For more information about ACL's please see <a href='http://haproxy.1wt.eu/download/1.5/doc/configuration.txt' target='_new'>HAProxy Documentation</a> Section 7 - Using ACL's + For more information about ACL's please see <a href='http://haproxy.1wt.eu/download/1.5/doc/configuration.txt' target='_blank'>HAProxy Documentation</a> Section 7 - Using ACL's </td> </tr> </table> @@ -691,14 +510,14 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr align="left"> <td width="22%" valign="top" class="vncell">Client timeout</td> <td width="78%" class="vtable" colspan="2"> - <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10"> + <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10" /> <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (default 30000).</div> </td> </tr> <tr align="left" class="haproxy_mode_http"> <td width="22%" valign="top" class="vncell">Use 'forwardfor' option</td> <td width="78%" class="vtable" colspan="2"> - <input id="forwardfor" name="forwardfor" type="checkbox" value="yes" <?php if ($pconfig['forwardfor']=='yes') echo "checked"; ?>> + <input id="forwardfor" name="forwardfor" type="checkbox" value="yes" <?php if ($pconfig['forwardfor']=='yes') echo "checked"; ?> /> <br/> The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which contains the client's IP address. This is useful to let the final web server @@ -721,7 +540,7 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr align="left"> <td width="22%" valign="top" class="vncell">Bind pass thru</td> <td width="78%" class="vtable" colspan="2"> - <input name="advanced_bind" type="text" <?if(isset($pconfig['advanced_bind'])) echo "value=\"".htmlspecialchars($pconfig['advanced_bind'])."\"";?> size="64"> + <input name="advanced_bind" type="text" <?if(isset($pconfig['advanced_bind'])) echo "value=\"".htmlspecialchars($pconfig['advanced_bind'])."\"";?> size="64" /> <br/> NOTE: paste text into this box that you would like to pass behind the bind option. </td> @@ -745,11 +564,11 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr align="left"> <td width="22%" valign="top" class="vncell">Use Offloading</td> <td width="78%" class="vtable" colspan="2"> - <input id="ssloffload" name="ssloffload" type="checkbox" value="yes" <?php if ($pconfig['ssloffload']=='yes') echo "checked";?> onclick="updatevisibility();"><strong>Use Offloading</strong></input> + <input id="ssloffload" name="ssloffload" type="checkbox" value="yes" <?php if ($pconfig['ssloffload']=='yes') echo "checked";?> onclick="updatevisibility();" /><strong>Use Offloading</strong> <br/> SSL Offloading will reduce web servers load by maintaining and encrypting connection with users on internet while sending and retrieving data without encrytion to internal servers. Also more ACL rules and http logging may be configured when this option is used. - Certificates can be imported into the <a href="/system_camanager.php" target="_new">pfSense "Certificate Authority Manager"</a> + Certificates can be imported into the <a href="/system_camanager.php" target="_blank">pfSense "Certificate Authority Manager"</a> Please be aware this possibly will not work with all web applications. Some applications will require setting the SSL checkbox on the backend server configurations so the connection to the webserver will also be a encrypted connection, in that case there will be a slight overall performance loss. </td> </tr> @@ -757,25 +576,32 @@ $interfaces = haproxy_get_bindable_interfaces(); <td width="22%" valign="top" class="vncell">Certificate</td> <td width="78%" class="vtable" colspan="2"> <? - $servercerts = get_certificates_server(); echo_html_select("ssloffloadcert", $servercerts, $pconfig['ssloffloadcert'], '<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>.'); ?> <br/> NOTE: choose the cert to use on this frontend. + <br/> + <input id="ssloffloadacl" name="ssloffloadacl" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacl']=='yes') echo "checked";?> onclick="updatevisibility();" />Add ACL for certificate CommonName. </td> </tr> - <tr class="haproxy_ssloffloading_enabled" align="left"> - <td width="22%" valign="top" class="vncell">ACL for certificate CN</td> - <td width="78%" class="vtable" colspan="2"> - <input id="ssloffloadacl" name="ssloffloadacl" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacl']=='yes') echo "checked";?> onclick="updatevisibility();">Add ACL for certificate CommonName.</input> + <tr class="haproxy_ssloffloading_enabled"> + <td width="22%" valign="top" class="vncell">Additional certificates</td> + <td width="78%" class="vtable" colspan="2" valign="top"> + Which of these certificate will be send will be determined by haproxys SNI recognition. If the browser does not send SNI this will not work properly. (IE on XP is one example, possibly also older browsers or mobile devices) + <? + $a_certificates = $pconfig['a_certificates']; + haproxy_htmllist("tableA_sslCertificates", $a_certificates, $fields_sslCertificates); + ?> + <br/> + <input id="ssloffloadacladditional" name="ssloffloadacladditional" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacladditional']=='yes') echo "checked";?> onclick="updatevisibility();" />Add ACL for certificate CommonName. </td> </tr> <tr class="haproxy_ssloffloading_enabled haproxy_primary" align="left"> <td width="22%" valign="top" class="vncell">Advanced ssl options</td> <td width="78%" class="vtable" colspan="2"> - <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64"> + <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> maxlength="64" /> <br/> - NOTE: Paste additional ssl options(without commas) to include on ssl listening options.<br> + NOTE: Paste additional ssl options(without commas) to include on ssl listening options.<br/> some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets </td> </tr> @@ -787,10 +613,10 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr align="left"> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <input name="Submit" type="submit" class="formbtn" value="Save" /> + <input type="button" class="formbtn" value="Cancel" onclick="history.back()" /> <?php if (isset($id) && $a_backend[$id]): ?> - <input name="id" type="hidden" value="<?=$a_backend[$id]['name'];?>"> + <input name="id" type="hidden" value="<?=$a_backend[$id]['name'];?>" /> <?php endif; ?> </td> </tr> @@ -802,23 +628,21 @@ $interfaces = haproxy_get_bindable_interfaces(); </table> </div></td></tr></table> </form> -<br> +<br/> <script type="text/javascript"> <? phparray_to_javascriptarray($primaryfrontends,"primaryfrontends",Array('/*','/*/name','/*/ref','/*/ref/type','/*/ref/ssloffload')); phparray_to_javascriptarray($a_closetypes,"closetypes",Array('/*','/*/name','/*/descr')); - + phparray_to_javascriptarray($fields_sslCertificates,"fields_sslCertificates",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); + phparray_to_javascriptarray($fields_aclSelectionList,"fields_acltable",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); ?> - </script> <script type="text/javascript"> - field_counter_js = 3; - rows = 1; totalrows = <?php echo $counter; ?>; - loaded = <?php echo $counter; ?>; - updatevisibility(); </script> -<?php include("fend.inc"); ?> +<?php +haproxy_htmllist_js(); +include("fend.inc"); ?> </body> </html> diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index b6673a0a..93fa20dc 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -3,6 +3,7 @@ /* haproxy_pool_edit.php part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -32,6 +33,7 @@ $shortcut_section = "haproxy"; require("guiconfig.inc"); require_once("haproxy.inc"); require_once("haproxy_utils.inc"); +require_once("haproxy_htmllist.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; @@ -53,9 +55,48 @@ global $simplefields; $simplefields = array( "name","cookie","balance","transparent_clientip","transparent_interface", "check_type","checkinter","httpcheck_method","monitor_uri","monitor_httpversion","monitor_username","monitor_domain","monitor_agentport", +"agent_check","agent_port","agent_inter", "connection_timeout","server_timeout","retries", "stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_admin","stats_node_enabled","stats_node","stats_desc","stats_refresh"); +$fields_servers=array(); +$fields_servers[0]['name']="name"; +$fields_servers[0]['columnheader']="Name"; +$fields_servers[0]['colwidth']="20%"; +$fields_servers[0]['type']="textbox"; +$fields_servers[0]['size']="30"; +$fields_servers[1]['name']="address"; +$fields_servers[1]['columnheader']="Address"; +$fields_servers[1]['colwidth']="10%"; +$fields_servers[1]['type']="textbox"; +$fields_servers[1]['size']="20"; +$fields_servers[2]['name']="port"; +$fields_servers[2]['columnheader']="Port"; +$fields_servers[2]['colwidth']="5%"; +$fields_servers[2]['type']="textbox"; +$fields_servers[2]['size']="5"; +$fields_servers[3]['name']="ssl"; +$fields_servers[3]['columnheader']="SSL"; +$fields_servers[3]['colwidth']="5%"; +$fields_servers[3]['type']="checkbox"; +$fields_servers[3]['size']="30"; +$fields_servers[4]['name']="weight"; +$fields_servers[4]['columnheader']="Weight"; +$fields_servers[4]['colwidth']="8%"; +$fields_servers[4]['type']="textbox"; +$fields_servers[4]['size']="5"; +$fields_servers[5]['name']="status"; +$fields_servers[5]['columnheader']="Mode"; +$fields_servers[5]['colwidth']="5%"; +$fields_servers[5]['type']="select"; +$fields_servers[5]['size']="5"; +$fields_servers[5]['items']=&$a_servermodes; +$fields_servers[6]['name']="advanced"; +$fields_servers[6]['columnheader']="Advanced"; +$fields_servers[6]['colwidth']="15%"; +$fields_servers[6]['type']="textbox"; +$fields_servers[6]['size']="20"; + if (isset($id) && $a_pools[$id]) { $pconfig['advanced'] = base64_decode($a_pools[$id]['advanced']); $pconfig['advanced_backend'] = base64_decode($a_pools[$id]['advanced_backend']); @@ -115,45 +156,28 @@ if ($_POST) { if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_pools']['item'][$i]['name']) && ($i != $id)) $input_errors[] = "This pool name has already been used. Pool names must be unique."; - $a_servers=array(); - for($x=0; $x<99; $x++) { - $server_name = $_POST['server_name'.$x]; - $server_address = $_POST['server_address'.$x]; - $server_port = $_POST['server_port'.$x]; - $server_ssl = $_POST['server_ssl'.$x]; - $server_weight = $_POST['server_weight'.$x]; - $server_status = $_POST['server_status'.$x]; - $server_advanced = $_POST['server_advanced'.$x]; - - if ($server_address) { - $server = array(); - $server['name'] = $server_name; - $server['address'] = $server_address; - $server['port'] = $server_port; - $server['ssl'] = $server_ssl; - $server['weight'] = $server_weight; - $server['status'] = $server_status; - $server['advanced'] = $server_advanced; - $a_servers[] = $server; - - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name)) - $input_errors[] = "The field 'Name' contains invalid characters."; - if (!is_ipaddr($server_address)) - $input_errors[] = "The field 'Address' contains invalid characters."; - - if (!preg_match("/.{2,}/", $server_name)) - $input_errors[] = "The field 'Name' is required (and must be at least 2 characters)."; - - if (!preg_match("/.{2,}/", $server_address)) - $input_errors[] = "The field 'Address' is required (and must be at least 2 characters)."; - - - if (!is_numeric($server_weight)) - $input_errors[] = "The field 'Weight' value is not a number."; - - if ($server_port && !is_numeric($server_port)) - $input_errors[] = "The field 'Port' value is not a number."; - } + $a_servers = haproxy_htmllist_get_values($fields_servers); + foreach($a_servers as $server){ + $server_name = $server['name']; + $server_address = $server['address']; + $server_port = $server['port']; + $server_weight = $server['weight']; + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name)) + $input_errors[] = "The field 'Name' contains invalid characters."; + if (!is_ipaddr($server_address)) + $input_errors[] = "The field 'Address' is not a valid ip address."; + + if (!preg_match("/.{2,}/", $server_name)) + $input_errors[] = "The field 'Name' is required (and must be at least 2 characters)."; + + if (!preg_match("/.{2,}/", $server_address)) + $input_errors[] = "The field 'Address' is required (and must be at least 2 characters)."; + + if (!is_numeric($server_weight)) + $input_errors[] = "The field 'Weight' value is not a number."; + + if ($server_port && !is_numeric($server_port)) + $input_errors[] = "The field 'Port' value is not a number."; } if (!$input_errors) { @@ -216,20 +240,16 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; +$closehead = false; $pgtitle = "HAProxy: Backend server pool: Edit"; include("head.inc"); -row_helper(); - // 'processing' done, make all simple fields usable in html. foreach($simplefields as $field){ $pconfig[$field] = htmlspecialchars($pconfig[$field]); } -?> - -<input type='hidden' name='address_type' value='textbox' /> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +?> <style type="text/css"> .haproxy_stats_visible{display:none;} .haproxy_check_enabled{display:none;} @@ -238,8 +258,15 @@ foreach($simplefields as $field){ .haproxy_check_smtp{display:none;} .haproxy_transparent_clientip{display:none;} .haproxy_check_agent{display:none;} + .haproxy_agent_check{display:none;} </style> -<script language="javascript"> +</head> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<script type="text/javascript"> + function htmllist_get_select_options(tableId) { + return "<?=haproxy_js_select_options($a_servermodes);?>"; + } + function clearcombo(){ for (var i=document.iform.serversSelect.options.length-1; i>=0; i--){ document.iform.serversSelect.options[i] = null; @@ -273,6 +300,8 @@ foreach($simplefields as $field){ setCSSdisplay(".haproxy_check_username", check_type == 'MySQL' || check_type == 'PostgreSQL'); setCSSdisplay(".haproxy_check_smtp", check_type == 'SMTP' || check_type == 'ESMTP'); setCSSdisplay(".haproxy_check_agent", check_type == 'Agent'); + + setCSSdisplay(".haproxy_agent_check", agent_check.checked); transparent_clientip = d.getElementById("transparent_clientip"); setCSSdisplay(".haproxy_transparent_clientip", transparent_clientip.checked); @@ -285,31 +314,6 @@ foreach($simplefields as $field){ sqlcheckusername.innerText = monitor_username.value; } } - - -</script> -<script type="text/javascript"> - rowname[0] = "server_name"; - rowtype[0] = "textbox"; - rowsize[0] = "30"; - rowname[1] = "server_address"; - rowtype[1] = "textbox"; - rowsize[1] = "20"; - rowname[2] = "server_port"; - rowtype[2] = "textbox"; - rowsize[2] = "5"; - rowname[3] = "server_ssl"; - rowtype[3] = "checkbox"; - rowsize[3] = "5"; - rowname[4] = "server_weight"; - rowtype[4] = "textbox"; - rowsize[4] = "5"; - rowname[5] = "server_status"; - rowtype[5] = "select"; - rowsize[5] = "1"; - rowname[6] = "server_advanced"; - rowtype[6] = "textbox"; - rowsize[6] = "20"; </script> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> @@ -339,13 +343,13 @@ foreach($simplefields as $field){ <tr align="left"> <td width="22%" valign="top" class="vncellreq">Name</td> <td width="78%" class="vtable" colspan="2"> - <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="16" maxlength="16"> + <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="16" maxlength="16" /> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Cookie</td> <td width="78%" class="vtable" colspan="2"> - <input name="cookie" type="text" <?if(isset($pconfig['cookie'])) echo "value=\"{$pconfig['cookie']}\"";?>size="64"><br/> + <input name="cookie" type="text" <?if(isset($pconfig['cookie'])) echo "value=\"{$pconfig['cookie']}\"";?>size="64" /><br/> This value will be checked in incoming requests, and the first operational pool possessing the same value will be selected. In return, in cookie insertion or rewrite modes, this value will be assigned to the cookie @@ -357,88 +361,11 @@ foreach($simplefields as $field){ </tr> <tr align="left"> <td class="vncell" colspan="3"><strong>Server list</strong> - - <table class="" width="100%" cellpadding="0" cellspacing="0" id='servertable'> - <tr> - <td width="20%" class="listhdrr">Name</td> - <td width="10%" class="listhdrr">Address</td> - <td width="5%" class="listhdrr">Port</td> - <td width="5%" class="listhdrr">SSL</td> - <td width="8%" class="listhdrr">Weight</td> - <td width="5%" class="listhdrr">Mode</td> - <td width="15%" class="listhdr">Advanced</td> - <td width="4%" class=""></td> - </tr> - <?php - $a_servers=$pconfig['a_servers']; - - if (!is_array($a_servers)) { - $a_servers=array(); - } - + <? $counter=0; - foreach ($a_servers as $server) { - ?> - <tr id="tr_view_<?=$counter;?>" name="tr_view_<?=$counter;?>" ondblclick="editRow(<?=$counter;?>); return false;" > - <td class="vtable listlr"><?=$server['name']; ?></td> - <td class="vtable listr"><?=$server['address']; ?></td> - <td class="vtable listr"><?=$server['port']; ?></td> - <td class="vtable listr"><?=$server['ssl']=='yes'?'yes':'no'; ?></td> - <td class="vtable listr"><?=$server['weight']; ?></td> - <td class="vtable listr"><?=$server['status']; ?></td> - <td class="vtable listr"><?=htmlspecialchars($server['advanced']); ?></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"><tr> - <td valign="middle"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit entry" width="17" height="17" border="0" onclick="editRow(<?=$counter;?>); return false;"> - </td> - <td valign="middle"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete entry" width="17" height="17" border="0" onclick="deleteRow(<?=$counter;?>, 'servertable'); return false;"> - </td> - <td valign="middle"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="duplicate entry" width="17" height="17" border="0" onclick="dupRow(<?=$counter;?>, 'servertable'); return false;"> - </td></tr></table> - </td> - </tr> - <tr id="tr_edit_<?=$counter;?>" name="tr_edit_<?=$counter;?>" style="display: none;"> - <td class="vtable"> - <input name="server_name<?=$counter;?>" id="server_name<?=$counter;?>" type="text" value="<?=$server['name']; ?>" size="30"/></td> - <td class="vtable"> - <input name="server_address<?=$counter;?>" id="server_address<?=$counter;?>" type="text" value="<?=$server['address']; ?>" size="20"/></td> - <td class="vtable"> - <input name="server_port<?=$counter;?>" id="server_port<?=$counter;?>" type="text" value="<?=$server['port']; ?>" size="5"/></td> - <td class="vtable"> - <input name="server_ssl<?=$counter;?>" id="server_ssl<?=$counter;?>" type="checkbox" value="yes" <?=$server['ssl']=='yes'?"checked":""; ?> size="5"/></td> - <td class="vtable"> - <input name="server_weight<?=$counter;?>" id="server_weight<?=$counter;?>" type="text" value="<?=$server['weight']; ?>" size="5"/></td> - <td class="vtable"> - <select name="server_status<?=$counter;?>" id="server_status<?=$counter;?>"> - <option value="active" <?php if($server['status']=='active') echo "SELECTED";?>>active</option> - <option value="backup" <?php if($server['status']=='backup') echo "SELECTED";?>>backup</option> - <option value="disabled" <?php if($server['status']=='disabled') echo "SELECTED";?>>disabled</option> - <option value="inactive" <?php if($server['status']=='inactive') echo "SELECTED";?>>inactive</option> - </select> - </td> - <td class="vtable"> - <input name="server_advanced<?=$counter;?>" id="server_advanced<?=$counter;?>" type="text" value="<?=htmlspecialchars($server['advanced']); ?>" size="20"/></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"><tr> - <td valign="middle"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete entry" width="17" height="17" border="0" onclick="removeRow(this); return false;"> - </td> - <td valign="middle"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="duplicate entry" width="17" height="17" border="0" onclick="dupRow(<?=$counter;?>, 'servertable'); return false;"> - </td></tr></table> - </td> - </tr> - <?php - $counter++; - } + $a_servers = $pconfig['a_servers']; + haproxy_htmllist("tableA_servers", $a_servers, $fields_servers); ?> - </table> - <a onclick="javascript:addRowTo('servertable'); return false;" href="#"> - <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> - </a> </td> </tr> <tr align="left"> @@ -447,7 +374,7 @@ foreach($simplefields as $field){ <table width="100%"> <tr> <td width="25%" valign="top"> - <input type="radio" name="balance" id="balance" value="roundrobin"<?php if($pconfig['balance'] == "roundrobin") echo " CHECKED"; ?>>Round robin</input> + <input type="radio" name="balance" value="roundrobin"<?php if($pconfig['balance'] == "roundrobin") echo " CHECKED"; ?> />Round robin </td> <td> Each server is used in turns, according to their weights. @@ -459,7 +386,7 @@ foreach($simplefields as $field){ </tr> <tr> <td width="25%" valign="top"> - <input type="radio" name="balance" id="balance" value="static-rr"<?php if($pconfig['balance'] == "static-rr") echo " CHECKED"; ?>>Static Round Robin</input> + <input type="radio" name="balance" value="static-rr"<?php if($pconfig['balance'] == "static-rr") echo " CHECKED"; ?> />Static Round Robin </td> <td> Each server is used in turns, according to their weights. @@ -474,7 +401,7 @@ foreach($simplefields as $field){ </tr> <tr> <td width="25%" valign="top"> - <input type="radio" name="balance" id="balance" value="leastconn"<?php if($pconfig['balance'] == "leastconn") echo " CHECKED"; ?>>Least Connections</input> + <input type="radio" name="balance" value="leastconn"<?php if($pconfig['balance'] == "leastconn") echo " CHECKED"; ?> />Least Connections </td> <td> The server with the lowest number of connections receives the @@ -487,8 +414,9 @@ foreach($simplefields as $field){ adjusted on the fly for slow starts for instance. </td> </tr> - <tr><td valign="top"><input type="radio" name="balance" id="balance" value="source"<?php if($pconfig['balance'] == -"source") echo " CHECKED"; ?>>Source</input></td><td> + <tr><td valign="top"><input type="radio" name="balance" value="source"<?php if($pconfig['balance'] == "source") echo " CHECKED"; ?> />Source + </td> + <td> The source IP address is hashed and divided by the total weight of the running servers to designate which server will receive the request. This ensures that the same client IP @@ -509,7 +437,7 @@ foreach($simplefields as $field){ <tr align="left"> <td width="22%" valign="top" class="vncell">Transparent ClientIP</td> <td width="78%" class="vtable" colspan="2"> - <input id="transparent_clientip" name="transparent_clientip" type="checkbox" value="yes" <?php if ($pconfig['transparent_clientip']=='yes') echo "checked"; ?> onclick='updatevisibility();'> + <input id="transparent_clientip" name="transparent_clientip" type="checkbox" value="yes" <?php if ($pconfig['transparent_clientip']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> Use Client-IP to connect to backend servers. <div class="haproxy_transparent_clientip"> @@ -535,7 +463,7 @@ foreach($simplefields as $field){ <tr align="left"> <td width="22%" valign="top" class="vncell">Per server pass thru</td> <td width="78%" class="vtable" colspan="2"> - <input type="text" name='advanced' id='advanced' value='<?php echo $pconfig['advanced']; ?>' size="64"> + <input type="text" name='advanced' id='advanced' value='<?php echo $pconfig['advanced']; ?>' size="64" /> <br/> NOTE: paste text into this box that you would like to pass thru. Applied to each 'server' line. </td> @@ -565,7 +493,7 @@ foreach($simplefields as $field){ <tr align="left" class="haproxy_check_enabled"> <td width="22%" valign="top" class="vncell">Check frequency</td> <td width="78%" class="vtable" colspan="2"> - <input name="checkinter" type="text" <?if(isset($pconfig['checkinter'])) echo "value=\"{$pconfig['checkinter']}\"";?>size="20"> milliseconds + <input name="checkinter" type="text" <?if(isset($pconfig['checkinter'])) echo "value=\"{$pconfig['checkinter']}\"";?> size="20" /> milliseconds <br/>For HTTP/HTTPS defaults to 1000 if left blank. For TCP no check will be performed if left empty. </td> </tr> @@ -581,14 +509,14 @@ foreach($simplefields as $field){ <tr align="left" class="haproxy_check_http"> <td width="22%" valign="top" class="vncell">Http check URI</td> <td width="78%" class="vtable" colspan="2"> - <input name="monitor_uri" type="text" <?if(isset($pconfig['monitor_uri'])) echo "value=\"{$pconfig['monitor_uri']}\"";?>size="64"> + <input name="monitor_uri" type="text" <?if(isset($pconfig['monitor_uri'])) echo "value=\"{$pconfig['monitor_uri']}\"";?>size="64" /> <br/>Defaults to / if left blank. </td> </tr> <tr align="left" class="haproxy_check_http"> <td width="22%" valign="top" class="vncell">Http check version</td> <td width="78%" class="vtable" colspan="2"> - <input name="monitor_httpversion" type="text" <?if(isset($pconfig['monitor_httpversion'])) echo "value=\"{$pconfig['monitor_httpversion']}\"";?>size="64"> + <input name="monitor_httpversion" type="text" <?if(isset($pconfig['monitor_httpversion'])) echo "value=\"{$pconfig['monitor_httpversion']}\"";?> size="64" /> <br/>Defaults to "HTTP/1.0" if left blank. Note that the Host field is mandatory in HTTP/1.1, and as a trick, it is possible to pass it after "\r\n" following the version string like this:<br/> @@ -600,29 +528,56 @@ foreach($simplefields as $field){ <tr align="left" class="haproxy_check_username"> <td width="22%" valign="top" class="vncell">Check with Username</td> <td width="78%" class="vtable" colspan="2"> - <input name="monitor_username" id="monitor_username" type="text" <?if(isset($pconfig['monitor_username'])) echo "value=\"{$pconfig['monitor_username']}\"";?>size="64" onchange="updatevisibility();" onkeyup="updatevisibility();"> + <input name="monitor_username" id="monitor_username" type="text" <?if(isset($pconfig['monitor_username'])) echo "value=\"{$pconfig['monitor_username']}\"";?>size="64" onchange="updatevisibility();" onkeyup="updatevisibility();" /> <br/> This is the username which will be used when connecting to MySQL/PostgreSQL server. <pre> USE mysql; -CREATE USER '<span id="sqlcheckusername" name="sqlcheckusername"></span>'@'<pfSenseIP>'; +CREATE USER '<span id="sqlcheckusername"></span>'@'<pfSenseIP>'; FLUSH PRIVILEGES;</pre> </td> </tr> <tr align="left" class="haproxy_check_smtp"> <td width="22%" valign="top" class="vncell">Domain</td> <td width="78%" class="vtable" colspan="2"> - <input name="monitor_domain" type="text" <?if(isset($pconfig['monitor_domain'])) echo "value=\"{$pconfig['monitor_domain']}\"";?>size="64"> + <input name="monitor_domain" type="text" <?if(isset($pconfig['monitor_domain'])) echo "value=\"{$pconfig['monitor_domain']}\"";?> size="64" /> </td> </tr> <tr align="left" class="haproxy_check_agent"> <td width="22%" valign="top" class="vncell">Agentport</td> <td width="78%" class="vtable" colspan="2"> - <input name="monitor_agentport" type="text" <?if(isset($pconfig['monitor_agentport'])) echo "value=\"{$pconfig['monitor_agentport']}\"";?>size="64"> + <input name="monitor_agentport" type="text" <?if(isset($pconfig['monitor_agentport'])) echo "value=\"{$pconfig['monitor_agentport']}\"";?> size="64" /> + <br/> + Fill in the TCP portnumber the healthcheck should be performed on. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Agent checks</td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Use agent checks</td> + <td width="78%" class="vtable" colspan="2"> + <input id="agent_check" name="agent_check" type="checkbox" value="yes" <?php if ($pconfig['agent_check']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + Use a TCP connection to read an ASCII string of the form 100%,75%,drain,down (more about this in the <a href='http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#agent-check' target='_blank'>haproxy manual</a>) + </td> + </tr> + <tr align="left" class="haproxy_agent_check"> + <td width="22%" valign="top" class="vncell">Agent port</td> + <td width="78%" class="vtable" colspan="2"> + <input name="agent_port" type="text" <?if(isset($pconfig['agent_port'])) echo "value=\"{$pconfig['agent_port']}\"";?> size="64" /> <br/> Fill in the TCP portnumber the healthcheck should be performed on. </td> </tr> + <tr align="left" class="haproxy_agent_check"> + <td width="22%" valign="top" class="vncell">Agent interval</td> + <td width="78%" class="vtable" colspan="2"> + <input name="agent_inter" type="text" <?if(isset($pconfig['agent_inter'])) echo "value=\"{$pconfig['agent_inter']}\"";?> size="64" /> + <br/> + Interval between two agent checks, defaults to 2000 ms. + </td> + </tr> <tr><td> </td></tr> <tr> <td colspan="2" valign="top" class="listtopic">Advanced settings</td> @@ -630,21 +585,21 @@ FLUSH PRIVILEGES;</pre> <tr align="left"> <td width="22%" valign="top" class="vncell">Connection timeout</td> <td width="78%" class="vtable" colspan="2"> - <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="20"> + <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="20" /> <div>the time (in milliseconds) we give up if the connection does not complete within (default 30000).</div> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Server timeout</td> <td width="78%" class="vtable" colspan="2"> - <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="20"> + <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="20" /> <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (default 30000).</div> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Retries</td> <td width="78%" class="vtable" colspan="2"> - <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="20"> + <input name="retries" type="text" <?if(isset($pconfig['retries'])) echo "value=\"{$pconfig['retries']}\"";?> size="20" /> <div>After a connection failure to a server, it is possible to retry, potentially on another server. This is useful if health-checks are too rare and you don't want the clients to see the failures. The number of attempts to reconnect is @@ -658,72 +613,72 @@ set by the 'retries' parameter.</div> <tr align="left"> <td width="22%" valign="top" class="vncell">Stats Enabled</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();'> + <input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_realm_row' name='stats_realm_row'> + <tr class="haproxy_stats_visible" align="left" id='stats_realm_row'> <td width="22%" valign="top" class="vncellreq">Stats Realm</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_realm" name="stats_realm" type="text" <?if(isset($pconfig['stats_realm'])) echo "value=\"{$pconfig['stats_realm']}\"";?> size="64"><br/> + <input id="stats_realm" name="stats_realm" type="text" <?if(isset($pconfig['stats_realm'])) echo "value=\"{$pconfig['stats_realm']}\"";?> size="64" /><br/> EXAMPLE: haproxystats </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_uri_row' name='stats_uri_row'> + <tr class="haproxy_stats_visible" align="left" id='stats_uri_row'> <td width="22%" valign="top" class="vncellreq">Stats Uri</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_uri" name="stats_uri" type="text" <?if(isset($pconfig['stats_uri'])) echo "value=\"{$pconfig['stats_uri']}\"";?> size="64"><br/> + <input id="stats_uri" name="stats_uri" type="text" <?if(isset($pconfig['stats_uri'])) echo "value=\"{$pconfig['stats_uri']}\"";?> size="64" /><br/> EXAMPLE: /haproxy?stats </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_username_row' name='stats_username_row'> + <tr class="haproxy_stats_visible" align="left" id='stats_username_row'> <td width="22%" valign="top" class="vncellreq">Stats Username</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"".$pconfig['stats_username']."\"";?> size="64"> + <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"".$pconfig['stats_username']."\"";?> size="64" /> </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_password_row' name='stats_password_row'> + <tr class="haproxy_stats_visible" align="left" id='stats_password_row'> <td width="22%" valign="top" class="vncellreq">Stats Password</td> <td width="78%" class="vtable" colspan="2"> <input id="stats_password" name="stats_password" type="password" <? if(isset($pconfig['stats_password'])) echo "value=\"".$pconfig['stats_password']."\""; - ?> size="64"> + ?> size="64" /> <br/> </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_node_admin_row' name='stats_node_enabled_row'> + <tr class="haproxy_stats_visible" align="left" id='stats_node_admin_row'> <td width="22%" valign="top" class="vncell">Stats Admin</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_admin" name="stats_admin" type="checkbox" value="yes" <?php if ($pconfig['stats_admin']=='yes') echo "checked"; ?>> + <input id="stats_admin" name="stats_admin" type="checkbox" value="yes" <?php if ($pconfig['stats_admin']=='yes') echo "checked"; ?> /> <br/> </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_node_enabled_row' name='stats_node_enabled_row'> + <tr class="haproxy_stats_visible" align="left" id='stats_node_enabled_row'> <td width="22%" valign="top" class="vncell">Stats Enable Node Name</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_node_enabled" name="stats_node_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_node_enabled']=='yes') echo "checked"; ?>> + <input id="stats_node_enabled" name="stats_node_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_node_enabled']=='yes') echo "checked"; ?> /> <br/> </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_node_row' name='stats_node_row'> + <tr class="haproxy_stats_visible" align="left" id='stats_node_row'> <td width="22%" valign="top" class="vncell">Stats Node</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_node" name="stats_node" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_node']}\"";?> size="64"><br/> + <input id="stats_node" name="stats_node" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_node']}\"";?> size="64" /><br/> The node name is displayed in the stats and helps to differentiate which server in a cluster is actually serving clients.<br/> Leave blank to use the system name. </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_desc_row' name='stats_desc_row'> + <tr class="haproxy_stats_visible" align="left" id='stats_desc_row'> <td width="22%" valign="top" class="vncell">Stats Description</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_desc" name="stats_desc" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_desc']}\"";?> size="64"><br/> + <input id="stats_desc" name="stats_desc" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_desc']}\"";?> size="64" /><br/> </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_refresh_row' name='stats_refresh_row'> + <tr class="haproxy_stats_visible" align="left" id='stats_refresh_row'> <td width="22%" valign="top" class="vncell">Stats Refresh</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_refresh" name="stats_refresh" type="text" <?if(isset($pconfig['stats_refresh'])) echo "value=\"{$pconfig['stats_refresh']}\"";?> size="10" maxlength="30"><br/> + <input id="stats_refresh" name="stats_refresh" type="text" <?if(isset($pconfig['stats_refresh'])) echo "value=\"{$pconfig['stats_refresh']}\"";?> size="10" maxlength="30" /><br/> Specify the refresh rate of the stats page in seconds, or specified time unit (us, ms, s, m, h, d). </td> </tr> @@ -731,10 +686,10 @@ set by the 'retries' parameter.</div> <tr align="left"> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <input name="Submit" type="submit" class="formbtn" value="Save" /> + <input type="button" class="formbtn" value="Cancel" onclick="history.back()" /> <?php if (isset($id) && $a_pools[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> </td> </tr> @@ -742,170 +697,19 @@ set by the 'retries' parameter.</div> </div> </td></tr></table> </form> -<br> -<?php include("fend.inc"); ?> +<br/> <script type="text/javascript"> <? + phparray_to_javascriptarray($fields_servers,"fields_servers",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); phparray_to_javascriptarray($a_checktypes,"checktypes",Array('/*','/*/name','/*/descr')); ?> browser_InnerText_support = (document.getElementsByTagName("body")[0].innerText != undefined) ? true : false; - field_counter_js = 7; - rows = 1; totalrows = <?php echo $counter; ?>; - loaded = <?php echo $counter; ?>; updatevisibility(); </script> +<?php +haproxy_htmllist_js(); +include("fend.inc"); ?> </body> </html> - -<?php - -function row_helper() { - $options = <<<EOD - <option value='active' SELECTED>active</option>"+ -" <option value='backup'>backup</option>"+ -" <option value='disabled'>disabled</option>"+ -" <option value='inactive'>inactive</option> -EOD; - - echo <<<EOF -<script type="text/javascript"> -// Global Variables -var rowname = new Array(99); -var rowtype = new Array(99); -var newrow = new Array(99); -var rowsize = new Array(99); - -for (i = 0; i < 99; i++) { - rowname[i] = ''; - rowtype[i] = ''; - newrow[i] = ''; - rowsize[i] = '25'; -} - -var field_counter_js = 0; -var loaded = 0; -var is_streaming_progress_bar = 0; -var temp_streaming_text = ""; - -var addRowTo = (function() { - return (function (tableId) { - var d, tbody, tr, td, bgc, i, ii, j; - var btable, btbody, btr, btd; - - d = document; - tbody = d.getElementById(tableId).getElementsByTagName("tbody").item(0); - tr = d.createElement("tr"); - totalrows++; - for (i = 0; i < field_counter_js; i++) { - td = d.createElement("td"); - if(rowtype[i] == 'textbox') { - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + - "'></input><input size='" + rowsize[i] + "' name='" + rowname[i] + totalrows + - "' id='" + rowname[i] + totalrows + "'></input> "; - } else if(rowtype[i] == 'select') { - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + - "'></input><select size='" + rowsize[i] + "' name='" + rowname[i] + totalrows + - "' id='" + rowname[i] + totalrows + "'>$options</select> "; - } else { - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + - "'></input><input type='checkbox' name='" + rowname[i] + totalrows + - "' id='" + rowname[i] + totalrows + "' value='yes'></input> "; - } - td.setAttribute("class","vtable"); - tr.appendChild(td); - } - td = d.createElement("td"); - td.rowSpan = "1"; - td.setAttribute("class","list"); - - // Recreate the button table. - btable = document.createElement("table"); - btable.setAttribute("border", "0"); - btable.setAttribute("cellspacing", "0"); - btable.setAttribute("cellpadding", "1"); - btbody = document.createElement("tbody"); - btr = document.createElement("tr"); - btd = document.createElement("td"); - btd.setAttribute("valign", "middle"); - btd.innerHTML = '<img src="/themes/' + theme + '/images/icons/icon_x.gif" title="delete entry" width="17" height="17" border="0" onclick="removeRow(this); return false;">'; - btr.appendChild(btd); - btd = document.createElement("td"); - btd.setAttribute("valign", "middle"); - btd.innerHTML = '<img src="/themes/' + theme + "/images/icons/icon_plus.gif\" title=\"duplicate entry\" width=\"17\" height=\"17\" border=\"0\" onclick=\"dupRow(" + totalrows + ", 'servertable'); return false;\">"; - btr.appendChild(btd); - btbody.appendChild(btr); - btable.appendChild(btbody); - - td.appendChild(btable); - tr.appendChild(td); - tbody.appendChild(tr); - }); -})(); - -function dupRow(rowId, tableId) { - var dupEl; - var newEl; - - addRowTo(tableId); - for (i = 0; i < field_counter_js; i++) { - dupEl = document.getElementById(rowname[i] + rowId); - newEl = document.getElementById(rowname[i] + totalrows); - if (dupEl && newEl) - if(rowtype[i] == 'checkbox') - newEl.checked = dupEl.checked; - else - newEl.value = dupEl.value; - } -} - -function deleteRow(rowId, tableId) { - var view = document.getElementById("tr_view_" + rowId); - var edit = document.getElementById("tr_edit_" + rowId); - - view.parentNode.removeChild(view); - edit.parentNode.removeChild(edit); -} - -function removeRow(el) { - var cel; - // Break out of one table first - while (el && el.nodeName.toLowerCase() != "table") - el = el.parentNode; - while (el && el.nodeName.toLowerCase() != "tr") - el = el.parentNode; - - if (el && el.parentNode) { - cel = el.getElementsByTagName("td").item(0); - el.parentNode.removeChild(el); - } -} -function editRow(num) { - var trview = document.getElementById('tr_view_' + num); - var tredit = document.getElementById('tr_edit_' + num); - - trview.style.display='none'; - tredit.style.display=''; -} - -function find_unique_field_name(field_name) { - // loop through field_name and strip off -NUMBER - var last_found_dash = 0; - for (var i = 0; i < field_name.length; i++) { - // is this a dash, if so, update - // last_found_dash - if (field_name.substr(i,1) == "-" ) - last_found_dash = i; - } - if (last_found_dash < 1) - return field_name; - return(field_name.substr(0,last_found_dash)); -} -</script> - -EOF; - -} - -?> diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php index faffa810..39009633 100644 --- a/config/haproxy-devel/haproxy_pools.php +++ b/config/haproxy-devel/haproxy_pools.php @@ -3,6 +3,7 @@ /* haproxy_pools.php part of pfSense (http://www.pfsense.com/) + Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -79,8 +80,8 @@ include("head.inc"); <form action="haproxy_pools.php" method="post"> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_haproxyconfdirty_path)): ?><p> -<?php print_info_box_np("The haproxy configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> +<?php if (file_exists($d_haproxyconfdirty_path)): ?> +<?php print_info_box_np("The haproxy configuration has been changed.<br/>You must apply the changes in order for them to take effect.");?><br/> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> @@ -128,13 +129,13 @@ include("head.inc"); <td class="listlr" ondblclick="document.location='haproxy_pool_edit.php?id=<?=$i;?>';"> <? if ($pool['stats_enabled']=='yes'){ - echo "<img src=\"./themes/{$g['theme']}/images/icons/icon_log_s.gif\"" . ' title="stats enabled" width="11" height="15" border="0">'; + echo "<img src=\"./themes/{$g['theme']}/images/icons/icon_log_s.gif\"" . ' title="stats enabled" width="11" height="15" border="0" />'; } $isadvset = ""; if ($pool['advanced']) $isadvset .= "Per server pass thru\r\n"; if ($pool['advanced_backend']) $isadvset .= "Backend pass thru\r\n"; if ($isadvset) - echo "<img src=\"$img_adv\" title=\"" . gettext("advanced settings set") . ": {$isadvset}\" border=\"0\">"; + echo "<img src=\"$img_adv\" title=\"" . gettext("advanced settings set") . ": {$isadvset}\" border=\"0\" />"; ?> </td> <td class="listlr" ondblclick="document.location='haproxy_pool_edit.php?id=<?=$i;?>';"> @@ -152,9 +153,9 @@ include("head.inc"); <td class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a href="haproxy_pool_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit backend");?>" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_pools.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete backend");?>" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_pool_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("clone backend");?>" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_pool_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit backend");?>" width="17" height="17" border="0" /></a></td> + <td valign="middle"><a href="haproxy_pools.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete backend");?>" width="17" height="17" border="0" /></a></td> + <td valign="middle"><a href="haproxy_pool_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("clone backend");?>" width="17" height="17" border="0" /></a></td> </tr> </table> </td> @@ -169,7 +170,7 @@ include("head.inc"); <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a href="haproxy_pool_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new backend");?>" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_pool_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new backend");?>" width="17" height="17" border="0" /></a></td> </tr> </table> </td> diff --git a/config/haproxy-devel/haproxy_socketinfo.inc b/config/haproxy-devel/haproxy_socketinfo.inc index 5b31afeb..eeaba8b6 100644 --- a/config/haproxy-devel/haproxy_socketinfo.inc +++ b/config/haproxy-devel/haproxy_socketinfo.inc @@ -1,5 +1,6 @@ <?php /* + Copyright (C) 2013 PiBa-NL Copyright 2011 Thomas Schaefer - Tomschaefer.org Copyright 2011 Marcello Coutinho Part of pfSense widgets (www.pfsense.com) diff --git a/config/haproxy-devel/haproxy_utils.inc b/config/haproxy-devel/haproxy_utils.inc index f4df2433..058efc98 100644 --- a/config/haproxy-devel/haproxy_utils.inc +++ b/config/haproxy-devel/haproxy_utils.inc @@ -41,6 +41,7 @@ function haproxy_interface_ip($interfacebindname,$userfriendly=false){ $result = $item['name']; return $result; } + function haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="any,localhost,real,carp,ipalias"){ // returns a list of ALL interface/IPs that can be used to bind a service to. // filtered by the conditions given in the two filter parameters. @@ -73,9 +74,18 @@ function haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="any,l continue; if (!isset($ifdetail['ipaddr'])) continue; + $descr = $ifdetail['descr']; + if (!$descr){ + if ($if == "wan" && !$ifdetail['descr']) + $descr = "WAN"; + else if ($if == "lan" && !$ifdetail['descr']) + $descr = "LAN"; + else + $descr = $if; + } $item = array(); - $item[ip] = get_interface_ip($if); - $item[name] = $ifdetail['descr'].' address (IPv4)'; + $item['ip'] = get_interface_ip($if); + $item['name'] = "$descr address (IPv4)"; $bindable[$if.'_ipv4'] = $item; } } @@ -103,6 +113,9 @@ function haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="any,l } } } + if (!isset($config['system']['ipv6allow'])) + return $bindable;// skip adding the IPv6 addresses if those are not 'allowed' + if (in_array("ipv6",$ipverions)){ if (in_array('any',$interfacetypes)){ $item = array(); @@ -122,9 +135,18 @@ function haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="any,l continue; if (!isset($ifdetail['ipaddrv6'])) continue; + $descr = $ifdetail['descr']; + if (!$descr){ + if ($if == "wan" && !$ifdetail['descr']) + $descr = "WAN"; + else if ($if == "lan" && !$ifdetail['descr']) + $descr = "LAN"; + else + $descr = $if; + } $item = array(); - $item[ip] = get_interface_ipv6($if); - $item[name] = $ifdetail['descr'].' address (IPv6)'; + $item['ip'] = get_interface_ipv6($if); + $item['name'] = "$descr address (IPv6)"; $bindable[$if.'_ipv6'] = $item; } } @@ -225,6 +247,69 @@ function haproxy_recalculate_certifcate_chain(){ return $items_recalculated; } +function get_certificat_usage($refid) { + $usage = array(); + $cert = lookup_cert($refid); + if (is_cert_revoked($cert)) + $usage[] = "Revoked"; + if (is_webgui_cert($refid)) + $usage[] = "webConfigurator"; + if (is_user_cert($refid)) + $usage[] = "User Cert"; + if (is_openvpn_server_cert($refid)) + $usage[] = "OpenVPN Server"; + if (is_openvpn_client_cert($refid)) + $usage[] = "OpenVPN Client"; + if (is_ipsec_cert($cert['refid'])) + $usage[] = "IPsec Tunnel"; + if (function_exists("is_captiveportal_cert")) + if (is_captiveportal_cert($refid)) + $usage[] = "Captive Portal"; + + return $usage; +} +function get_certificates_server($get_includeWebCert=false) { + // This function (is intended to) provide a uniform way to retrieve a list of server certificates + global $config; + $certificates=array(); + $a_cert = &$config['cert']; + foreach ($a_cert as $cert) + { + if ($get_ca == false && is_webgui_cert($cert['refid'])) + continue; + + $purpose = cert_get_purpose($cert['crt']); + //$certserverpurpose = $purpose['server'] == 'Yes' ? " [Server certificate]" : ""; + $certserverpurpose = ""; + + $selected = ""; + $caname = ""; + $inuse = ""; + $revoked = ""; + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = " (CA: {$ca['descr']})"; + if ($pconfig['certref'] == $cert['refid']) + $selected = "selected"; + if (cert_in_use($cert['refid'])) + $inuse = " *In Use"; + if (is_cert_revoked($cert)) + $revoked = " *Revoked"; + + $usagestr=""; + $usage = get_certificat_usage($cert['refid']); + foreach($usage as $use){ + $usagestr .= " " . $use; + } + if ($usagestr != "") + $usagestr = " (".trim($usagestr).")"; + + $certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $certserverpurpose . $inuse . $revoked . $usagestr; + } + return $certificates; +} + + function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) { $offset = str_repeat(' ',$nestID); $itemName = "item$nestID"; @@ -241,25 +326,51 @@ function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName $subNodeName = "item$nestID"; phparray_to_javascriptarray_recursive($nestID+1, $subpath, $items[$key], $subNodeName, $includeitems); echo "{$offset}{$nodeName}['{$key}'] = $itemName;\n"; - } else - echo "{$offset}{$nodeName}['$key'] = '$item';\n"; + } else { + $item = json_encode($item); + echo "{$offset}{$nodeName}['$key'] = $item;\n"; + } } } } function phparray_to_javascriptarray($items, $javaMapName, $includeitems) { - phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); + phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); +} + +function haproxy_html_select_options($keyvaluelist, $selected="") { + $result = ""; + foreach($keyvaluelist as $key => $desc){ + $selectedhtml = $key == $selected ? "selected" : ""; + if ($desc['deprecated'] && $key != $selected){ + continue; + } + $name = htmlspecialchars($desc['name']); + $result .= "<option value='{$key}' {$selectedhtml}>{$name}</option>"; + } + return $result; } -function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="") { +function haproxy_js_select_options($keyvaluelist, $selected="") { + $result = ""; + foreach($keyvaluelist as $key => $desc){ + $selectedhtml = $key == $selected ? "selected" : ""; + if ($desc['deprecated'] && $key != $selected){ + continue; + } + $name = htmlspecialchars($desc['name']); + $result .= "<option value='{$key}' {$selectedhtml}>{$name}<\/option>"; + } + return $result; +} + +function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="", $style="") { if (count($keyvaluelist)>0){ if ($onchangeEvent != "") - $onchangeEvent .= " onchange=$onchangeEvent"; - echo "<select name=\"$name\" id=\"$name\" class=\"formselect\"$onchangeEvent>"; - foreach($keyvaluelist as $key => $desc){ - $selectedhtml = $key == $selected ? "selected" : ""; - $name = htmlspecialchars($desc['name']); - echo "<option value=\"{$key}\" {$selectedhtml}>{$name}</option>"; - } + $onchangeEvent = " onchange='$onchangeEvent'"; + if ($style != "") + $style = " style='$style'"; + echo "<select name=\"$name\" id=\"$name\" class=\"formselect\"$onchangeEvent$style>"; + echo haproxy_html_select_options($keyvaluelist, $selected); echo "</select>"; } else { echo $listEmptyMessage; diff --git a/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc b/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc index 781b7544..699dffd1 100644 --- a/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc +++ b/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc @@ -1,6 +1,7 @@ <?php /* haproxy_xmlrpcsyncclient.inc + Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef All rights reserved. diff --git a/config/lcdproc-dev/lcdproc_client.php b/config/lcdproc-dev/lcdproc_client.php index 22713b98..3337052c 100644 --- a/config/lcdproc-dev/lcdproc_client.php +++ b/config/lcdproc-dev/lcdproc_client.php @@ -468,6 +468,8 @@ { if ($value && $lcdproc_config['driver'] == "CFontz633") {return true;} + else if ($value && $lcdproc_config['driver'] == "CFontzPacket") + {return true;} else {return false;} } @@ -773,31 +775,35 @@ $led_output_value = 0; /* LED 1: Interface status */ if (substr_count(get_interfaces_stats(), "Down") > 0 ) - {$led_output_value = $led_output_value + pow(2, 0);} - else {$led_output_value = $led_output_value + pow(2, 4);} + else + {$led_output_value = $led_output_value + pow(2, 0);} /* LED 2: CARP status */ switch (outputled_carp()) { case -1:/* CARP disabled */ + break; case 0: /* CARP on Backup */ - {$led_output_value = $led_output_value + pow(2, 1);} + $led_output_value = $led_output_value + pow(2, 1); + break; case 1: /* CARP on Master */ - {$led_output_value = $led_output_value + pow(2, 5);} + $led_output_value = $led_output_value + pow(2, 5); } /* LED 3: CPU Usage */ if (cpu_usage() > 50) - {$led_output_value = $led_output_value + pow(2, 2);} - else {$led_output_value = $led_output_value + pow(2, 6);} + else + {$led_output_value = $led_output_value + pow(2, 2);} /* LED 4: Gateway status */ switch (outputled_gateway()) { case -1:/* Gateways not configured */ + break; case 0: /* Gateway down or with issues */ - {$led_output_value = $led_output_value + 2 ^ 3;} + $led_output_value = $led_output_value + pow(2, 7); + break; case 1: /* All Gateways up */ - {$led_output_value = $led_output_value + 2 ^ 7;} + $led_output_value = $led_output_value + pow(2, 3); } /* Sends the command to the panel */ $lcd_cmds[] = "output {$led_output_value}"; @@ -922,4 +928,4 @@ { lcdproc_warn("Too many errors, the client ends."); } -?>
\ No newline at end of file +?> diff --git a/config/mailreport/status_mail_report.php b/config/mailreport/status_mail_report.php index b1705fac..e08a7272 100644 --- a/config/mailreport/status_mail_report.php +++ b/config/mailreport/status_mail_report.php @@ -1,9 +1,9 @@ <?php /* $Id$ */ /* - status_rrd_graph.php + status_mail_report.php Part of pfSense - Copyright (C) 2011 Jim Pingle <jimp@pfsense.org> + Copyright (C) 2011-2014 Jim Pingle <jimp@pfsense.org> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,20 +32,15 @@ */ ##|+PRIV -##|*IDENT=page-status-rrdgraphs -##|*NAME=Status: RRD Graphs page -##|*DESCR=Allow access to the 'Status: RRD Graphs' page. -##|*MATCH=status_rrd_graph.php* +##|*IDENT=page-status-mailreports +##|*NAME=Status: E-Mail Reports page +##|*DESCR=Allow access to the 'Status: E-Mail Reports' page. +##|*MATCH=status_mail_report.php* ##|-PRIV require("guiconfig.inc"); require_once("mail_reports.inc"); -/* if the rrd graphs are not enabled redirect to settings page */ -if(! isset($config['rrd']['enable'])) { - header("Location: status_rrd_graph_settings.php"); -} - if (!is_array($config['mailreports']['schedule'])) $config['mailreports']['schedule'] = array(); diff --git a/config/mailreport/status_mail_report_add_cmd.php b/config/mailreport/status_mail_report_add_cmd.php index 7693f7a4..b4527584 100644 --- a/config/mailreport/status_mail_report_add_cmd.php +++ b/config/mailreport/status_mail_report_add_cmd.php @@ -1,9 +1,9 @@ <?php /* $Id$ */ /* - status_rrd_graph.php + status_mail_report_add_cmd.php Part of pfSense - Copyright (C) 2011 Jim Pingle <jimp@pfsense.org> + Copyright (C) 2011-2014 Jim Pingle <jimp@pfsense.org> Portions Copyright (C) 2007-2011 Seth Mos <seth.mos@dds.nl> All rights reserved. @@ -33,10 +33,10 @@ */ ##|+PRIV -##|*IDENT=page-status-rrdgraphs -##|*NAME=Status: RRD Graphs page -##|*DESCR=Allow access to the 'Status: RRD Graphs' page. -##|*MATCH=status_rrd_graph.php* +##|*IDENT=page-status-mailreportsaddcmd +##|*NAME=Status: E-Mail Reports: Add Command page +##|*DESCR=Allow access to the 'Status: E-Mail Reports: Add Command' page. +##|*MATCH=status_mail_report_add_cmd.php* ##|-PRIV require("guiconfig.inc"); diff --git a/config/mailreport/status_mail_report_add_graph.php b/config/mailreport/status_mail_report_add_graph.php index 165124f3..663d8f9b 100644 --- a/config/mailreport/status_mail_report_add_graph.php +++ b/config/mailreport/status_mail_report_add_graph.php @@ -1,9 +1,9 @@ <?php /* $Id$ */ /* - status_rrd_graph.php + status_mail_report_add_graph.php Part of pfSense - Copyright (C) 2011 Jim Pingle <jimp@pfsense.org> + Copyright (C) 2011-2014 Jim Pingle <jimp@pfsense.org> Portions Copyright (C) 2007-2011 Seth Mos <seth.mos@dds.nl> All rights reserved. @@ -33,10 +33,10 @@ */ ##|+PRIV -##|*IDENT=page-status-rrdgraphs -##|*NAME=Status: RRD Graphs page -##|*DESCR=Allow access to the 'Status: RRD Graphs' page. -##|*MATCH=status_rrd_graph.php* +##|*IDENT=page-status-mailreportsaddgraph +##|*NAME=Status: E-Mail Reports: Add Graph page +##|*DESCR=Allow access to the 'Status: E-Mail Reports: Add Graph' page. +##|*MATCH=status_mail_report_add_graph.php* ##|-PRIV require("guiconfig.inc"); diff --git a/config/mailreport/status_mail_report_add_log.php b/config/mailreport/status_mail_report_add_log.php index 75d092b5..0b140723 100644 --- a/config/mailreport/status_mail_report_add_log.php +++ b/config/mailreport/status_mail_report_add_log.php @@ -1,9 +1,9 @@ <?php /* $Id$ */ /* - status_rrd_graph.php + status_mail_report_add_log.php Part of pfSense - Copyright (C) 2011 Jim Pingle <jimp@pfsense.org> + Copyright (C) 2011-2014 Jim Pingle <jimp@pfsense.org> Portions Copyright (C) 2007-2011 Seth Mos <seth.mos@dds.nl> All rights reserved. @@ -33,10 +33,10 @@ */ ##|+PRIV -##|*IDENT=page-status-rrdgraphs -##|*NAME=Status: RRD Graphs page -##|*DESCR=Allow access to the 'Status: RRD Graphs' page. -##|*MATCH=status_rrd_graph.php* +##|*IDENT=page-status-mailreportsaddlog +##|*NAME=Status: E-Mail Reports: Add Log page +##|*DESCR=Allow access to the 'Status: E-Mail Reports: Add Log' page. +##|*MATCH=status_mail_report_add_log.php* ##|-PRIV require("guiconfig.inc"); diff --git a/config/mailreport/status_mail_report_edit.php b/config/mailreport/status_mail_report_edit.php index dcfa6d98..9e6bb071 100644 --- a/config/mailreport/status_mail_report_edit.php +++ b/config/mailreport/status_mail_report_edit.php @@ -1,9 +1,9 @@ <?php /* $Id$ */ /* - status_rrd_graph.php + status_mail_report_edit.php Part of pfSense - Copyright (C) 2011 Jim Pingle <jimp@pfsense.org> + Copyright (C) 2011-2014 Jim Pingle <jimp@pfsense.org> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,21 +32,15 @@ */ ##|+PRIV -##|*IDENT=page-status-rrdgraphs -##|*NAME=Status: RRD Graphs page -##|*DESCR=Allow access to the 'Status: RRD Graphs' page. -##|*MATCH=status_rrd_graph.php* +##|*IDENT=page-status-mailreportsedit +##|*NAME=Status: E-Mail Reports: Edit Report page +##|*DESCR=Allow access to the 'Status: E-Mail Reports: Edit Report' page. +##|*MATCH=status_mail_report_edit.php* ##|-PRIV require("guiconfig.inc"); require_once("mail_reports.inc"); -/* if the rrd graphs are not enabled redirect to settings page */ -if(! isset($config['rrd']['enable'])) { - header("Location: status_rrd_graph_settings.php"); - return; -} - $cmdid = $_REQUEST['cmdid']; $logid = $_REQUEST['logid']; $graphid = $_REQUEST['graphid']; diff --git a/config/mailscanner/mailscanner.inc b/config/mailscanner/mailscanner.inc index f15f7c61..9f5fd11d 100644 --- a/config/mailscanner/mailscanner.inc +++ b/config/mailscanner/mailscanner.inc @@ -442,15 +442,21 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } if (preg_match('/use_pyzor/',$antispam['safeatures'])){ $pattern[]='/#pyzor_path/'; + $pattern[]="/\S+yzor_disabled/"; $pattern[]='/usr.bin.pyzor/'; - $pattern[]='/\nuse_pyzor\s+0/'; + $pattern[]='/use_pyzor/'; + $pattern[]="/\S+o_not_use_pyzor/"; + $replacement[]="pyzor_path"; $replacement[]="pyzor_path"; $replacement[]="usr/local/bin/pyzor"; - $replacement[]="\n".'# use_pyzor 0'; + $replacement[]="use_pyzor"; + $replacement[]="use_pyzor"; } else{ - $pattern[]='/\n#\s+use_pyzor\s+0/'; - $replacement[]="\n".'# use_pyzor 0'; + $pattern[]='/use_pyzor/'; + $pattern[]='/pyzor_path/'; + $replacement[]="#do_not_use_pyzor"; + $replacement[]="#pyzor_disabled"; } if (preg_match('/use_auto_learn_bayes/',$antispam['safeatures'])){ $pattern[]='/\nbayes_auto_learn\s+0/'; @@ -677,23 +683,23 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf #fix MIME::ToolUtils deprecated function and usecure dependency calls in /usr/local/sbin/mailscanner $cconf=MAILSCANNER_LOCALBASE. "/sbin/mailscanner"; if (file_exists($cconf)){ - #check perl's version - $perl_bin="perl"; - $perl_version_file=MAILSCANNER_LOCALBASE . '/etc/perl5_version'; - if (file_exists($perl_version_file)) { - $perl_version = trim(`/usr/bin/grep 'PERL_VERSION=' $perl_version_file | /usr/bin/cut -f2 -d'='`); - $perl_bin .= $perl_version; + + $perl_bin="perl_mailscanner"; + if(file_exists(MAILSCANNER_LOCALBASE . '/bin/perl') && !file_exists(MAILSCANNER_LOCALBASE . "/bin/{$perl_bin}")){ + link(MAILSCANNER_LOCALBASE . '/bin/perl',MAILSCANNER_LOCALBASE . '/bin/perl_mailscanner'); } - - $cconf_file=file_get_contents($cconf); - $pattern2[0]='@#!/usr\S+bin/perl.*I@'; - $pattern2[1]='/\smy .current = config MIME::ToolUtils/'; - $replacement2[0]='#!'.MAILSCANNER_LOCALBASE. "/bin/{$perl_bin} -U -I"; - $replacement2[1]=' #my $current = config MIME::ToolUtils'; - if (preg_match('@#!/usr\S+bin/perl.*I@',$cconf_file)){ - $cconf_file=preg_replace($pattern2,$replacement2,$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - } + if (file_exists(MAILSCANNER_LOCALBASE . "/bin/{$perl_bin}")){ + $cconf_file=file_get_contents($cconf); + $pattern2[0]='@#!/usr\S+bin/perl.*I@'; + //$pattern2[1]='/\smy .current = config MIME::ToolUtils/'; + $replacement2[0]='#!'.MAILSCANNER_LOCALBASE. "/bin/{$perl_bin} -U -I"; + //$replacement2[1]=' #my $current = config MIME::ToolUtils'; + if (preg_match('@#!/usr\S+bin/perl.*I@',$cconf_file)){ + $cconf_file=preg_replace($pattern2,$replacement2,$cconf_file); + file_put_contents($cconf, $cconf_file, LOCK_EX); + } + } + } #check spam assassin rules diff --git a/config/mailscanner/mailscanner.xml b/config/mailscanner/mailscanner.xml index 87be2421..2f97fcec 100644 --- a/config/mailscanner/mailscanner.xml +++ b/config/mailscanner/mailscanner.xml @@ -54,7 +54,7 @@ <service> <name>mailscanner</name> <rcfile>mailscanner</rcfile> - <executable>perl5.16.3</executable> + <executable>perl_mailscanner</executable> <description>MailScanner</description> </service> <additional_files_needed> diff --git a/config/mailscanner/mailscanner_antispam.xml b/config/mailscanner/mailscanner_antispam.xml index 7f989765..26295059 100644 --- a/config/mailscanner/mailscanner_antispam.xml +++ b/config/mailscanner/mailscanner_antispam.xml @@ -169,7 +169,7 @@ <option><name>Spam Score (yes)</name><value>spam_score</value></option> <option><name>Cache SpamAssassin Results (yes)</name><value>cache_spamassassin_results</value></option> <option><name>Wait During Bayes Rebuild (no)</name><value>wait_during_bayes_rebuild</value></option> - <option><name>Use Pyzor plugin (yes)</name><value>use_pyzor</value></option> + <option><name>Use Pyzor plugin (no)</name><value>use_pyzor</value></option> <option><name>Use Razor plugin (yes)</name><value>use_razor</value></option> <option><name>Use DCC plugin (yes)</name><value>use_dcc</value></option> <option><name>Use Bayes (yes)</name><value>use_bayes</value></option> diff --git a/config/tinc/tinc.inc b/config/tinc/tinc.inc index cdfb23e5..944cb846 100644 --- a/config/tinc/tinc.inc +++ b/config/tinc/tinc.inc @@ -42,6 +42,22 @@ function tinc_save() { } fwrite($fout, base64_decode($tincconf['extra'])."\n"); fclose($fout); + + // Check if we need to generate a new RSA key pair. + if ($tincconf['gen_rsa']) + { + safe_mkdir("/usr/local/etc/tinc/tmp"); + exec("/usr/local/sbin/tincd -c /usr/local/etc/tinc/tmp -K"); + $tincconf['cert_pub'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.pub')); + $tincconf['cert_key'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.priv')); + $tincconf['gen_rsa'] = false; + $config['installedpackages']['tinc']['config'][0]['cert_pub'] = $tincconf['cert_pub']; + $config['installedpackages']['tinc']['config'][0]['cert_key'] = $tincconf['cert_key']; + $config['installedpackages']['tinc']['config'][0]['gen_rsa'] = $tincconf['gen_rsa']; + rmdir_recursive("/usr/local/etc/tinc/tmp"); + write_config(); + } + $_output = "Subnet=" . $tincconf['localsubnet'] . "\n"; $_output .= base64_decode($tincconf['host_extra']) . "\n"; $_output .= base64_decode($tincconf['cert_pub']) . "\n"; @@ -86,6 +102,7 @@ function tinc_save() { } system("/usr/local/etc/rc.d/tinc.sh restart 2>/dev/null"); rmdir_recursive("/usr/local/etc/tinc.old"); + conf_mount_ro(); config_unlock(); } diff --git a/config/tinc/tinc_config.xml b/config/tinc/tinc_config.xml index 3878450f..d6ee9c26 100644 --- a/config/tinc/tinc_config.xml +++ b/config/tinc/tinc_config.xml @@ -122,6 +122,12 @@ <cols>65</cols> </field> <field> + <fielddescr>Generate RSA key pair</fielddescr> + <fieldname>gen_rsa</fieldname> + <description>This will generate a new RSA key pair in the fields above.</description> + <type>checkbox</type> + </field> + <field> <fielddescr>Extra Tinc Parameters</fielddescr> <fieldname>extra</fieldname> <description>Anything entered here will be added at the end of the tinc.conf configuration file. <br></description> diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index 0169e11f..3f8e84db 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -41,7 +41,7 @@ <name>zabbixagent</name> <title>Services: Zabbix-2 Agent</title> <category>Monitoring</category> - <version>0.7_1</version> + <version>0.8_0</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Agent has been created/modified.</addedit_string> <delete_string>Zabbix Agent has been deleted.</delete_string> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index c687c5ba..c857bec1 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -41,7 +41,7 @@ <name>zabbixproxy</name> <title>Services: Zabbix-2 Proxy</title> <category>Monitoring</category> - <version>0.7_1</version> + <version>0.8_0</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> <delete_string>Zabbix Proxy has been deleted.</delete_string> diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2.inc index 0a1c12be..92aad309 100644 --- a/config/zabbix2/zabbix2.inc +++ b/config/zabbix2/zabbix2.inc @@ -48,14 +48,14 @@ function php_deinstall_zabbix2_agent(){ conf_mount_rw(); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); if ($pfs_version > 2.0){ - define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix2-agent-' . php_uname("m")); + define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m")); } else { define('ZABBIX_AGENT_BASE', '/usr/local'); } exec("/usr/bin/killall zabbix_agentd"); unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix2_agentd.sh"); - unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix2/zabbix_agentd.conf"); + unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf"); unlink_if_exists("/var/log/zabbix2/zabbix2_agentd.log"); unlink_if_exists("/var/run/zabbix2/zabbix2_agentd.pid"); @@ -75,14 +75,14 @@ function php_deinstall_zabbix2_proxy(){ conf_mount_rw(); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); if ($pfs_version > 2.0){ - define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix2-proxy-' . php_uname("m")); + define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m")); } else { define('ZABBIX_PROXY_BASE', '/usr/local'); } exec("/usr/bin/killall zabbix_proxy"); unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix2_proxy.sh"); - unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix2/zabbix_proxy.conf"); + unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf"); unlink_if_exists("/var/log/zabbix2/zabbix_proxy.log"); unlink_if_exists("/var/run/zabbix2/zabbix2_proxy.pid"); @@ -180,8 +180,8 @@ function sync_package_zabbix2(){ #check pfsense version $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); if ($pfs_version > 2.0){ - define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix2-agent-' . php_uname("m")); - define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix2-proxy-' . php_uname("m")); + define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m")); + define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m")); } else { define('ZABBIX_AGENT_BASE', '/usr/local'); @@ -208,7 +208,7 @@ Fping6Location=/usr/local/sbin/fping6 ProxyMode={$Mode} EOF; - file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix2/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => ""))); + file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => ""))); } } /* check zabbix agent settings*/ @@ -242,7 +242,7 @@ StartAgents={$StartAgents} {$UserParams} EOF; - file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix2/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => ""))); + file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => ""))); } } $want_sysctls = array( @@ -291,8 +291,8 @@ EOF; /*check startup script files*/ /* create a few directories and ensure the sample files are in place */ - if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix2")) - exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix2"); + if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix22")) + exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix22"); $dir_checks = <<< EOF if [ ! -d /var/log/zabbix2 ] |