aboutsummaryrefslogtreecommitdiffstats
path: root/config/haproxy-devel/haproxy_pool_edit.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/haproxy-devel/haproxy_pool_edit.php')
-rw-r--r--config/haproxy-devel/haproxy_pool_edit.php177
1 files changed, 137 insertions, 40 deletions
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index cabc6e52..aa1fa5da 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -46,6 +46,10 @@ if (isset($_POST['id']))
$id = $_POST['id'];
else
$id = $_GET['id'];
+
+$tmp = get_backend_id($id);
+if (is_numeric($tmp))
+ $id = $tmp;
if (isset($_GET['dup']))
$id = $_GET['dup'];
@@ -53,57 +57,120 @@ if (isset($_GET['dup']))
global $simplefields;
$simplefields = array(
"name","balance","transparent_clientip","transparent_interface",
-"check_type","checkinter","httpcheck_method","monitor_uri","monitor_httpversion","monitor_username","monitor_domain","monitor_agentport",
+"check_type","checkinter","log-health-checks","httpcheck_method","monitor_uri","monitor_httpversion","monitor_username","monitor_domain","monitor_agentport",
"agent_check","agent_port","agent_inter",
"connection_timeout","server_timeout","retries",
"stats_enabled","stats_username","stats_password","stats_uri","stats_scope","stats_realm","stats_admin","stats_node","stats_desc","stats_refresh",
"persist_stick_expire","persist_stick_tablesize","persist_stick_length","persist_stick_cookiename","persist_sticky_type",
"persist_cookie_enabled","persist_cookie_name","persist_cookie_mode","persist_cookie_cachable",
-"strict_transport_security"
+"strict_transport_security","cookie_attribute_secure"
);
+$primaryfrontends = get_haproxy_frontends();
+$none = array();
+$none['']['name']="Address+Port:";
+$primaryfrontends = $none + $primaryfrontends;
+
$fields_servers=array();
$fields_servers[0]['name']="status";
$fields_servers[0]['columnheader']="Mode";
$fields_servers[0]['colwidth']="5%";
$fields_servers[0]['type']="select";
-$fields_servers[0]['size']="5";
+$fields_servers[0]['size']="70px";
$fields_servers[0]['items']=&$a_servermodes;
$fields_servers[1]['name']="name";
$fields_servers[1]['columnheader']="Name";
$fields_servers[1]['colwidth']="20%";
$fields_servers[1]['type']="textbox";
$fields_servers[1]['size']="30";
-$fields_servers[2]['name']="address";
-$fields_servers[2]['columnheader']="Address";
-$fields_servers[2]['colwidth']="10%";
-$fields_servers[2]['type']="textbox";
-$fields_servers[2]['size']="20";
-$fields_servers[3]['name']="port";
-$fields_servers[3]['columnheader']="Port";
-$fields_servers[3]['colwidth']="5%";
+$fields_servers[2]['name']="forwardto";
+$fields_servers[2]['columnheader']="Forwardto";
+$fields_servers[2]['colwidth']="15%";
+$fields_servers[2]['type']="select";
+$fields_servers[2]['size']="100px";
+$fields_servers[2]['items']=&$primaryfrontends;
+$fields_servers[3]['name']="address";
+$fields_servers[3]['columnheader']="Address";
+$fields_servers[3]['colwidth']="10%";
$fields_servers[3]['type']="textbox";
-$fields_servers[3]['size']="5";
-$fields_servers[4]['name']="ssl";
-$fields_servers[4]['columnheader']="SSL";
+$fields_servers[3]['size']="20";
+$fields_servers[4]['name']="port";
+$fields_servers[4]['columnheader']="Port";
$fields_servers[4]['colwidth']="5%";
-$fields_servers[4]['type']="checkbox";
-$fields_servers[4]['size']="30";
-$fields_servers[5]['name']="weight";
-$fields_servers[5]['columnheader']="Weight";
-$fields_servers[5]['colwidth']="8%";
-$fields_servers[5]['type']="textbox";
-$fields_servers[5]['size']="5";
-$fields_servers[6]['name']="cookie";
-$fields_servers[6]['columnheader']="Cookie";
-$fields_servers[6]['colwidth']="10%";
+$fields_servers[4]['type']="textbox";
+$fields_servers[4]['size']="5";
+$fields_servers[5]['name']="ssl";
+$fields_servers[5]['columnheader']="SSL";
+$fields_servers[5]['colwidth']="5%";
+$fields_servers[5]['type']="checkbox";
+$fields_servers[5]['size']="30";
+$fields_servers[6]['name']="weight";
+$fields_servers[6]['columnheader']="Weight";
+$fields_servers[6]['colwidth']="8%";
$fields_servers[6]['type']="textbox";
-$fields_servers[6]['size']="10";
-$fields_servers[7]['name']="advanced";
-$fields_servers[7]['columnheader']="Advanced";
-$fields_servers[7]['colwidth']="15%";
-$fields_servers[7]['type']="textbox";
-$fields_servers[7]['size']="20";
+$fields_servers[6]['size']="5";
+
+$listitem_none['']['name']="None";
+
+$certs_ca = haproxy_get_certificates('ca');
+$certs_ca = $listitem_none + $certs_ca;
+$certs_client = haproxy_get_certificates('server,user');
+$certs_client = $listitem_none + $certs_client;
+$certs_crl = haproxy_get_crls();
+$certs_crl = $listitem_none + $certs_crl;
+
+$fields_servers_details=array();
+$fields_servers_details[0]['name']="sslserververify";
+$fields_servers_details[0]['columnheader']="Check certificate";
+$fields_servers_details[0]['description']="SSL servers only, The server certificate will be verified against the CA and CRL certificate configured below.";
+$fields_servers_details[0]['colwidth']="5%";
+$fields_servers_details[0]['type']="checkbox";
+$fields_servers_details[0]['size']="5";
+$fields_servers_details[1]['name']="verifyhost";
+$fields_servers_details[1]['columnheader']="Certificate check CN";
+$fields_servers_details[1]['description']="SSL servers only, when set, must match the hostnames in the subject and subjectAlternateNames of the certificate provided by the server.";
+$fields_servers_details[1]['colwidth']="5%";
+$fields_servers_details[1]['type']="textbox";
+$fields_servers_details[1]['size']="50";
+$fields_servers_details[2]['name']="ssl-server-ca";
+$fields_servers_details[2]['columnheader']="CA";
+$fields_servers_details[2]['description']="SSL servers only, Select the CA authority to check the server certificate against.";
+$fields_servers_details[2]['colwidth']="15%";
+$fields_servers_details[2]['type']="select";
+$fields_servers_details[2]['size']="200px";
+$fields_servers_details[2]['items']=$certs_ca;
+$fields_servers_details[3]['name']="ssl-server-crl";
+$fields_servers_details[3]['columnheader']="CRL";
+$fields_servers_details[3]['description']="SSL servers only, Select the CRL to check revoked certificates.";
+$fields_servers_details[3]['colwidth']="15%";
+$fields_servers_details[3]['type']="select";
+$fields_servers_details[3]['size']="200px";
+$fields_servers_details[3]['items']=$certs_crl;
+$fields_servers_details[4]['name']="ssl-server-clientcert";
+$fields_servers_details[4]['columnheader']="Client certificate";
+$fields_servers_details[4]['description']="SSL servers only, This certificate will be sent if the server send a client certificate request.";
+$fields_servers_details[4]['colwidth']="15%";
+$fields_servers_details[4]['type']="select";
+$fields_servers_details[4]['size']="200px";
+$fields_servers_details[4]['items']=$certs_client;
+$fields_servers_details[5]['name']="cookie";
+$fields_servers_details[5]['columnheader']="Cookie";
+$fields_servers_details[5]['description']="Persistence only, Used to identify server when cookie persistence is configured for the backend.";
+$fields_servers_details[5]['colwidth']="10%";
+$fields_servers_details[5]['type']="textbox";
+$fields_servers_details[5]['size']="10";
+$fields_servers_details[6]['name']="maxconn";
+$fields_servers_details[6]['columnheader']="Max conn";
+$fields_servers_details[6]['description']="Tuning, If the number of incoming concurrent requests goes higher than this value, they will be queued";
+$fields_servers_details[6]['colwidth']="15%";
+$fields_servers_details[6]['type']="textbox";
+$fields_servers_details[6]['size']="10";
+$fields_servers_details[7]['name']="advanced";
+$fields_servers_details[7]['columnheader']="Advanced";
+$fields_servers_details[7]['description']="Advanced, Allows for adding custom HAProxy settings to the server. These are passed as written, use escaping where needed.";
+$fields_servers_details[7]['colwidth']="15%";
+$fields_servers_details[7]['type']="textbox";
+$fields_servers_details[7]['size']="80";
if (isset($id) && $a_pools[$id]) {
$pconfig['advanced'] = base64_decode($a_pools[$id]['advanced']);
@@ -183,7 +250,7 @@ if ($_POST) {
if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_pools']['item'][$i]['name']) && ($i != $id))
$input_errors[] = "This pool name has already been used. Pool names must be unique.";
- $a_servers = haproxy_htmllist_get_values($fields_servers);
+ $a_servers = haproxy_htmllist_get_values(array_merge($fields_servers,$fields_servers_details));
foreach($a_servers as $server){
$server_name = $server['name'];
$server_address = $server['address'];
@@ -193,8 +260,14 @@ if ($_POST) {
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name))
$input_errors[] = "The field 'Name' contains invalid characters.";
- if (!is_ipaddr($server_address) && !is_hostname($server_address))
- $input_errors[] = "The field 'Address' is not a valid ip address or hostname.";
+ if (!isset($server['forwardto']) || $server['forwardto'] == "") {
+ if (!is_ipaddr($server_address) && !is_hostname($server_address) && !haproxy_is_frontendname($server_address))
+ $input_errors[] = "The field 'Address' for server $server_name is not a valid ip address or hostname." . $server_address;
+ } else {
+ if ( ($server_address && $server_address != "") || ($server_port && !is_numeric($server_port))) {
+ $input_errors[] = "'Address' and 'port' should be empty when a 'Forwardto' frontend is chosen other than 'Address+Port'.";
+ }
+ }
if (!preg_match("/.{2,}/", $server_name))
$input_errors[] = "The field 'Name' is required (and must be at least 2 characters).";
@@ -209,7 +282,7 @@ if ($_POST) {
if ($_POST['strict_transport_security'] !== "" && !is_numeric($_POST['strict_transport_security']))
$input_errors[] = "The field 'Strict-Transport-Security' is not empty or a number.";
- if (!$input_errors) {
+// if (!$input_errors) {
$pool = array();
if(isset($id) && $a_pools[$id])
$pool = $a_pools[$id];
@@ -244,7 +317,7 @@ if ($_POST) {
} else {
$a_pools[] = $pool;
}
-
+ if (!$input_errors) {
if ($changecount > 0) {
touch($d_haproxyconfdirty_path);
write_config($changedesc);
@@ -276,6 +349,7 @@ foreach($simplefields as $field){
?>
<style type="text/css">
+ .tableA_servers_details_visible{display:none;}
.haproxy_stats_visible{display:none;}
.haproxy_check_enabled{display:none;}
.haproxy_check_http{display:none;}
@@ -292,8 +366,11 @@ foreach($simplefields as $field){
</head>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<script type="text/javascript">
- function htmllist_get_select_options(tableId) {
- return "<?=haproxy_js_select_options($a_servermodes);?>";
+ function htmllist_get_select_options(tableId, fieldname) {
+ if (fieldname == 'forwardto')
+ return "<?=haproxy_js_select_options($primaryfrontends);?>";
+ else
+ return "<?=haproxy_js_select_options($a_servermodes);?>";
}
function clearcombo(){
@@ -331,6 +408,7 @@ foreach($simplefields as $field){
function updatevisibility()
{
d = document;
+ setCSSdisplay(".tableA_servers_details_visible", server_advanced_options_visible.checked);
setCSSdisplay(".haproxy_stats_visible", stats_enabled.checked);
setCSSdisplay(".haproxy_cookie_visible", persist_cookie_enabled.checked);
@@ -401,14 +479,14 @@ foreach($simplefields as $field){
</td>
</tr>
<tr align="left">
- <td class="vncell" colspan="3"><strong>Server list</strong>
+ <td class="vncell" colspan="3"><strong>Server list</strong><input id="server_advanced_options_visible" name="server_advanced_options_visible" type='checkbox' onclick="updatevisibility();">Show advanced options(servers need to first be saved to configure these settings)</input>
<span style="float:right;">
Toggle serverlist help. <a onclick="toggleCSSdisplay('.haproxy_help_serverlist');" title="<?php echo gettext("Help"); ?>"><img style="vertical-align:middle" src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_help.gif" border="0" alt="help" /></a>
</span>
<?
$counter=0;
$a_servers = $pconfig['a_servers'];
- haproxy_htmllist("tableA_servers", $a_servers, $fields_servers);
+ haproxy_htmllist("tableA_servers", $a_servers, $fields_servers, null, $fields_servers_details);
?>
<table class="haproxy_help_serverlist" style="border:1px dashed green" cellspacing="0">
<tr><td class="vncell">
@@ -565,6 +643,15 @@ foreach($simplefields as $field){
<br/>For HTTP/HTTPS defaults to 1000 if left blank. For TCP no check will be performed if left empty.
</td>
</tr>
+ <tr align="left" class="haproxy_check_enabled">
+ <td width="22%" valign="top" class="vncell">Log checks</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="log-health-checks" name="log-health-checks" type="checkbox" value="yes" <?php if ($pconfig['log-health-checks']=='yes') echo "checked"; ?> onclick='updatevisibility();' />
+ When this option is enabled, any change of the health check status or to the server's health will be logged.
+ <br/>
+ By default, failed health check are logged if server is UP and successful health checks are logged if server is DOWN, so the amount of additional information is limited.
+ </td>
+ </tr>
<tr align="left" class="haproxy_check_http">
<td width="22%" valign="top" class="vncell">Http check method</td>
<td width="78%" class="vtable" colspan="2">
@@ -774,6 +861,7 @@ set by the 'retries' parameter.</div>
<td width="22%" valign="top" class="vncell">Stats Enabled</td>
<td width="78%" class="vtable" colspan="2">
<input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();' />
+ Enables the haproxy statistics page (only used on 'http' frontends)
</td>
</tr>
<tr class="haproxy_stats_visible" align="left" id='stats_uri_row'>
@@ -853,7 +941,7 @@ set by the 'retries' parameter.</div>
<tr class="" align="left" id='Strict-Transport-Security'>
<td width="22%" valign="top" class="vncell">Strict-Transport-Security</td>
<td width="78%" class="vtable" colspan="2">
- When configured enables "HTTP Strict Transport Security" leave empty to disable.<br/>
+ When configured enables "HTTP Strict Transport Security" leave empty to disable. (only used on 'http' frontends)<br/>
<b>WARNING! the domain will only work over https with a valid certificate!</b><br/>
<input id="strict_transport_security" name="strict_transport_security" type="text" <?if(isset($pconfig['strict_transport_security'])) echo "value=\"{$pconfig['strict_transport_security']}\"";?> size="20" /> Seconds<br/>
If configured clients that requested the page with this setting active will not be able to visit this domain over a unencrypted http connection.
@@ -861,6 +949,14 @@ set by the 'retries' parameter.</div>
EXAMPLE: 60 for testing if you are absolutely sure you want this 31536000 (12 months) would be good for production.
</td>
</tr>
+ <tr class="" align="left">
+ <td width="22%" valign="top" class="vncell">Cookie protection.</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="cookie_attribute_secure" name="cookie_attribute_secure" type="checkbox" value="yes" <?php if ($pconfig['cookie_attribute_secure']=='yes') echo "checked"; ?> onclick='updatevisibility();' />
+ Set 'secure' attribure on cookies (only used on 'http' frontends)<br/>
+ This configuration option sets up the Secure attribute on cookies if it has not been setup by the application server while the client was browsing the application over a ciphered connection.
+ </td>
+ </tr>
<tr><td>&nbsp;</td></tr>
<tr align="left">
<td width="22%" valign="top">&nbsp;</td>
@@ -880,6 +976,7 @@ set by the 'retries' parameter.</div>
<script type="text/javascript">
<?
phparray_to_javascriptarray($fields_servers,"fields_servers",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name'));
+ phparray_to_javascriptarray($fields_servers_details,"fields_details_servers",Array('/*','/*/name','/*/type'));
phparray_to_javascriptarray($a_checktypes,"checktypes",Array('/*','/*/name','/*/descr'));
phparray_to_javascriptarray($a_cookiemode,"cookiemode",Array('/*','/*/name','/*/descr'));
phparray_to_javascriptarray($a_sticky_type,"sticky_type",Array('/*','/*/descr','/*/cookiedescr'));
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 13:49:12 +0000