aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/apache_mod_security-dev/apache_balancer.template4
-rw-r--r--config/apache_mod_security-dev/apache_mod_security.inc2
-rw-r--r--config/bandwidthd/bandwidthd.inc25
-rw-r--r--config/bandwidthd/bandwidthd.xml26
-rw-r--r--config/haproxy-devel/haproxy.inc249
-rwxr-xr-xconfig/haproxy-devel/haproxy_global.php10
-rw-r--r--config/haproxy-devel/haproxy_listeners.php178
-rw-r--r--config/haproxy-devel/haproxy_listeners_edit.php195
-rw-r--r--config/haproxy-devel/haproxy_pool_edit.php67
-rw-r--r--config/haproxy-devel/haproxy_pools.php10
-rw-r--r--config/openbgpd/openbgpd_neighbors.xml4
-rw-r--r--config/systempatches/patches.inc4
12 files changed, 551 insertions, 223 deletions
diff --git a/config/apache_mod_security-dev/apache_balancer.template b/config/apache_mod_security-dev/apache_balancer.template
index 361a5ed4..06422125 100644
--- a/config/apache_mod_security-dev/apache_balancer.template
+++ b/config/apache_mod_security-dev/apache_balancer.template
@@ -6,7 +6,7 @@ $balancer_config= <<<EOF
# then edit /usr/local/pkg/apache_* files. #
# #
# And don't forget to submit your changes to: #
-# https://github.com/bsdperimeter/pfsense-packages #
+# https://github.com/pfsense/pfsense-packages #
##################################################################################
SetOutputFilter DEFLATE
SetInputFilter DEFLATE
@@ -37,4 +37,4 @@ Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_
EOF;
-?> \ No newline at end of file
+?>
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index cdee4f6b..57f5407b 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -321,7 +321,7 @@ function generate_apache_configuration() {
# then edit /usr/local/pkg/apache_* files. #
# #
# And don't forget to submit your changes to: #
-# https://github.com/bsdperimeter/pfsense-packages #
+# https://github.com/pfsense/pfsense-packages #
##################################################################################
diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc
index 8821ac76..4e0107eb 100644
--- a/config/bandwidthd/bandwidthd.inc
+++ b/config/bandwidthd/bandwidthd.inc
@@ -46,6 +46,8 @@ function bandwidthd_install_deinstall() {
exec("rm -f /usr/local/etc/rc.d/bandwidthd*");
exec("rm -rf " . PKG_BANDWIDTHD_BASE . "/htdocs");
exec("rm -f /usr/local/www/bandwidthd");
+ // Remove the cron job, if it is there
+ install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false);
conf_mount_ro();
config_unlock();
}
@@ -79,7 +81,9 @@ function bandwidthd_install_config() {
$recover_cdf = "recover_cdf true\n";
$output_cdf = $config['installedpackages']['bandwidthd']['config'][0]['outputcdf'];
if($output_cdf)
- $output_cdf = "output_cdf true\n";
+ $output_cdf_string = "output_cdf true\n";
+ else
+ $output_cdf_string = "";
$promiscuous = $config['installedpackages']['bandwidthd']['config'][0]['promiscuous'];
if($promiscuous)
$promiscuous = "promiscuous true\n";
@@ -180,7 +184,7 @@ $graph_cutoff
$promiscuous
#Log data to cdf file htdocs/log.cdf
-$output_cdf
+$output_cdf_string
#Read back the cdf file on startup
$recover_cdf
@@ -252,7 +256,12 @@ if [ ! -L "{$bandwidthd_nano_dir}/etc" ] ; then
fi
/bin/ln -s {$bandwidthd_config_dir} {$bandwidthd_nano_dir}/etc
fi
-
+if [ ! -f "{$bandwidthd_htdocs_dir}/legend.gif" ] ; then
+ /bin/cp {$bandwidthd_base_dir}/htdocs/legend.gif {$bandwidthd_htdocs_dir}
+fi
+if [ ! -f "{$bandwidthd_htdocs_dir}/logo.gif" ] ; then
+ /bin/cp {$bandwidthd_base_dir}/htdocs/logo.gif {$bandwidthd_htdocs_dir}
+fi
cd {$bandwidthd_nano_dir}
{$bandwidthd_nano_dir}/bandwidthd
cd -
@@ -292,6 +301,16 @@ EOD;
if (!file_exists($bandwidthd_index_file)) {
exec("echo \"Please start bandwidthd to populate this directory.\" > " . $bandwidthd_index_file);
}
+
+ if($output_cdf) {
+ // Use cron job to rotate logs every day at 00:01
+ install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", true, "1", "0");
+ }
+ else
+ {
+ // Remove the cron job, if it is there
+ install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false);
+ }
conf_mount_ro();
config_unlock();
stop_service("bandwidthd");
diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml
index f82ac69d..161280cf 100644
--- a/config/bandwidthd/bandwidthd.xml
+++ b/config/bandwidthd/bandwidthd.xml
@@ -96,7 +96,7 @@
<field>
<fielddescr>Skip intervals</fielddescr>
<fieldname>skipintervals</fieldname>
- <description>Number of intervals (2.5 minute) to skip between graphing. Default 0.</description>
+ <description>Number of intervals to skip between graphing. Default 0. Each interval is 200 seconds = 3 min 20 sec.</description>
<type>input</type>
</field>
<field>
@@ -108,19 +108,20 @@
<field>
<fielddescr>Promiscuous</fielddescr>
<fieldname>promiscuous</fieldname>
- <description>Put interface in promiscuous mode to score to traffic that may not be routing through the host machine.</description>
+ <description>Put interface in promiscuous mode to see traffic that may not be routing through the host machine.&lt;br&gt;
+ Note: If the interface is connected to a switch then the interface will only see the traffic on its port.</description>
<type>checkbox</type>
</field>
<field>
<fielddescr>output_cdf</fielddescr>
<fieldname>outputcdf</fieldname>
- <description>Log data to cdf file htdocs/log.cdf</description>
+ <description>Log data to cdf files log*.cdf</description>
<type>checkbox</type>
</field>
<field>
<fielddescr>recover_cdf</fielddescr>
<fieldname>recovercdf</fieldname>
- <description>Read back the cdf file on startup</description>
+ <description>Read back the cdf files on startup</description>
<type>checkbox</type>
</field>
<field>
@@ -139,9 +140,24 @@
<field>
<fielddescr>Meta Refresh</fielddescr>
<fieldname>meta_refresh</fieldname>
- <description>Set META REFRESH seconds (default 150, use 0 to disable).</description>
+ <description>Sets the interval (seconds) at which the browser graph display refreshes (default 150, use 0 to disable).</description>
<type>input</type>
</field>
+ <field>
+ <fielddescr>Graph and Log Info</fielddescr>
+ <fieldname>graph_log_info</fieldname>
+ <description>If draw graphs is on, then the daily report and graph html data is regenerated every (skip intervals + 1) * 200 seconds. The data volumes in the report are for the same period as the span of the graph.&lt;br&gt;
+ If output_cdf is on, then a cron job is added to rotate the log files at 00:01 each day. 6 log files are kept for each log frequency (daily, weekly, monthly, yearly). At the respective rotation intervals, the oldest log is deleted, the others are shuffled back and a new log is created.&lt;br&gt;
+ &lt;table cellpadding=1 cellspacing=0 style=&quot;text-align: left;&quot;&gt; &lt;tbody&gt;
+ &lt;tr&gt;&lt;th&gt; &lt;/th&gt;&lt;th&gt; Data Interval &lt;/th&gt;&lt;th&gt; Graph Span &lt;/th&gt;&lt;th&gt; Log Rotation &lt;/th&gt;&lt;th&gt; Log File Name &lt;/th&gt;&lt;/tr&gt;
+ &lt;tr&gt;&lt;th&gt; Daily &lt;/th&gt;&lt;td&gt; 200 seconds &lt;/td&gt;&lt;td&gt; 2 days &lt;/td&gt;&lt;td&gt; 1 day &lt;/td&gt;&lt;td&gt; log.1.[0-5].cdf &lt;/td&gt;&lt;/tr&gt;
+ &lt;tr&gt;&lt;th&gt; Weekly &lt;/th&gt;&lt;td&gt; 10 minutes &lt;/td&gt;&lt;td&gt; 7 days &lt;/td&gt;&lt;td&gt; 7 days &lt;/td&gt;&lt;td&gt; log.2.[0-5].cdf &lt;/td&gt;&lt;/tr&gt;
+ &lt;tr&gt;&lt;th&gt; Monthly &lt;/th&gt;&lt;td&gt; 1 hour &lt;/td&gt;&lt;td&gt; 35 days &lt;/td&gt;&lt;td&gt; 35 days &lt;/td&gt;&lt;td&gt; log.3.[0-5].cdf &lt;/td&gt;&lt;/tr&gt;
+ &lt;tr&gt;&lt;th&gt; Yearly &lt;/th&gt;&lt;td&gt; 12 hours &lt;/td&gt;&lt;td&gt; 412.5 days &lt;/td&gt;&lt;td&gt; 412.5 days &lt;/td&gt;&lt;td&gt; log.4.[0-5].cdf &lt;/td&gt;&lt;/tr&gt;
+ &lt;/tbody&gt; &lt;/table&gt;
+ </description>
+ <type>info</type>
+ </field>
</fields>
<custom_php_resync_config_command>
bandwidthd_install_config();
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index 559788c7..a03bf219 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -63,7 +63,7 @@ $a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP',
'mode' => '', 'syntax' => 'src');
if ($haproxy_sni_ssloffloading) {
$a_acltypes[] = array('name' => 'ssl_sni_matches', 'descr' => 'Server Name Indication TLS extension matches',
- 'mode' => 'https', 'syntax' => 'req_ssl_sni -i', 'advancedoptions' => "tcp-request inspect-delay 5s\r\ntcp-request content accept if { req_ssl_hello_type 1 }");
+ 'mode' => 'https', 'syntax' => 'req_ssl_sni -i', 'advancedoptions' => "tcp-request inspect-delay 5s\n\ttcp-request content accept if { req_ssl_hello_type 1 }");
}
function haproxy_custom_php_deinstall_command() {
@@ -322,9 +322,22 @@ function haproxy_find_acl($name) {
}
function write_backend($fd, $name, $pool, $frontend) {
- if(!is_array($pool['ha_servers']['item']))
+ if(!is_array($pool['ha_servers']['item']) && !$pool['stats_enabled']=='yes')
return;
+
+ $a_servers = &$pool['ha_servers']['item'];
+ unset($sslserverpresent);
+ if (is_array($a_servers))
+ {
+ foreach($a_servers as $be) {
+ if (!$be['status'] == "inactive")
+ continue;
+ if ($be['ssl'])
+ $sslserverpresent = true;
+ }
+ }
+
fwrite ($fd, "backend " . $name . "\n");
if($pool['cookie_name'] && strtolower($frontend['type']) == "http")
fwrite ($fd, "\tcookie\t\t\t" . $pool['cookie_name'] . " insert indirect\n");
@@ -333,24 +346,30 @@ function write_backend($fd, $name, $pool, $frontend) {
if(strtolower($frontend['type']) == "https") {
$backend_type = "tcp";
$httpchk = "ssl-hello-chk";
- } else {
+ } else {
$backend_type = $frontend['type'];
- $httpchk = "httpchk";
+ if(strtolower($frontend['type']) == "http")
+ $httpchk = "httpchk";
+ else
+ unset($httpchk);
}
-
+
fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n");
if($pool['balance'])
fwrite ($fd, "\tbalance\t\t\t" . $pool['balance'] . "\n");
- if($pool['connection_timeout'])
- fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n");
+ if(!$pool['connection_timeout'])
+ $pool['connection_timeout'] = 30000;
+ fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n");
- if($pool['server_timeout'])
- fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n");
+ if(!$pool['server_timeout'])
+ $pool['server_timeout'] = 30000;
+ fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n");
- if($pool['retries'])
- fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n");
+ if(!$pool['retries'])
+ $pool['retries'] = 3;
+ fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n");
if($pool['stats_enabled']=='yes') {
fwrite ($fd, "\tstats\t\t\tenable\n");
@@ -375,7 +394,9 @@ function write_backend($fd, $name, $pool, $frontend) {
$uri = $pool['monitor_uri'];
else
$uri = "/";
- fwrite ($fd, "\toption\t\t\t{$httpchk} HEAD " . $uri . " HTTP/1.0\n");
+
+ if ($httpchk)
+ fwrite ($fd, "\toption\t\t\t{$httpchk} HEAD " . $uri . " HTTP/1.0\n");
if ($pool['advanced_backend']) {
$adv_be = explode("\n", base64_decode($pool['advanced_backend']));
@@ -404,16 +425,22 @@ function write_backend($fd, $name, $pool, $frontend) {
else
$checkinter = "";
- $a_servers = &$pool['ha_servers']['item'];
- foreach($a_servers as $be) {
- if (!$be['name'])
- $be['name'] = $be['address'];
- if($be['backup']) {
- $isbackup = "backup";
- } else {
- $isbackup = "";
+ if (is_array($a_servers))
+ {
+ foreach($a_servers as $be) {
+ if (!$be['status'] == "inactive")
+ continue;
+
+ if (!$be['name'])
+ $be['name'] = $be['address'];
+ if(!$be['status'] || $be['status'] != 'active') {
+ $isbackup = $be['status'];
+ } else {
+ $isbackup = "";
+ }
+ $ssl = ($backend_type == "http" && $be['ssl'] == 'yes') ? ' ssl' : "";
+ fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter $isbackup weight " . $be['weight'] . "{$advanced_txt}\n");
}
- fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . " $cookie " . " $checkinter $isbackup weight " . $be['weight'] . "{$advanced_txt}\n");
}
fwrite ($fd, "\n");
}
@@ -424,6 +451,14 @@ function haproxy_configure() {
return haproxy_check_run(1);
}
+function haproxy_check_writtenconfig_error() {
+ $configcheckoutput = shell_exec("haproxy -c -V -f /var/etc/haproxy.cfg 2>&1");
+ if (!strstr($configcheckoutput, "Configuration file is valid"))
+ return str_replace("\n","<br/>\n", $configcheckoutput);
+ else
+ return false;
+}
+
function haproxy_writeconf() {
global $config, $g;
@@ -469,17 +504,20 @@ function haproxy_writeconf() {
}
//check ssl info
- if ($backend['ssloffload']){
+ if (strtolower($backend['type']) == "http" && $backend['ssloffload']){
//ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem
- $ssl_info="ssl crt /var/etc/{$backend['name']}.{$backend['port']}.crt {$backend['dcertadv']}";
+ $ssl_crt=" crt /var/etc/{$backend['name']}.{$backend['port']}.crt";
$cert = lookup_cert($backend['ssloffloadcert']);
$certcontent = base64_decode($cert['crt']).base64_decode($cert['prv']);
file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent);
unset($certcontent);
}else{
- $ssl_info="";
+ $ssl_crt="";
unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt");
}
+
+ if ($backend['extaddr']=='localhost')
+ $backend['extaddr'] = "127.0.0.1";
$bname = $backend['extaddr'] . ":" . $backend['port'];
if (!is_array($a_bind[$bname])) {
@@ -493,13 +531,22 @@ function haproxy_writeconf() {
$b = &$a_bind[$bname];
// Overwrite ?
- $b['type'] = $backend['type'];
- $b['forwardfor'] = $backend['forwardfor'];
- $b['httpclose'] = $backend['httpclose'];
- $b['max_connections'] = $backend['max_connections'];
- $b['client_timeout'] = $backend['client_timeout'];
- $b['advanced'] = $backend['advanced'];
- $b['ssl_info'] = $ssl_info;
+ if ($backend['secondary'] != 'yes') {
+ if (isset($b['type']))
+ $input_errors[] = "Multiple primary frondends for $bname";
+ $b['type'] = $backend['type'];
+ $b['forwardfor'] = $backend['forwardfor'];
+ $b['httpclose'] = $backend['httpclose'];
+ $b['max_connections'] = $backend['max_connections'];
+ $b['client_timeout'] = $backend['client_timeout'];
+ $b['advanced'] = $backend['advanced'];
+ }
+
+ if ($ssl_crt != "") {
+ if ($b['ssl_info'] == "")
+ $b['ssl_info'] = "ssl {$backend['dcertadv']}";
+ $b['ssl_info'] .= $ssl_crt;
+ }
// pointer to each backend
$b['config'][] = $backend;
@@ -508,7 +555,7 @@ function haproxy_writeconf() {
$a_pendingpl = array();
- // Construct and write out configuration file
+ // Construct and write out configuration for each "frontend"
if(is_array($a_bind)) {
foreach ($a_bind as $bind) {
if (count($bind['config']) > 1)
@@ -516,6 +563,8 @@ function haproxy_writeconf() {
else
$frontendinfo = "frontend {$bind['name']}\n";
+ $advancedextra = array();
+
// Prepare ports for processing by splitting
$portss = "{$bind['port']},";
$ports = split(",", $portss);
@@ -543,14 +592,12 @@ function haproxy_writeconf() {
$advanced = base64_decode($bind['advanced']);
fwrite($fd, "\t" . $advanced . "\n");
}
-
+
// https is an alias for tcp for clarity purpouses
if(strtolower($bind['type']) == "https") {
$backend_type = "tcp";
- $httpchk = "ssl-hello-chk";
- } else {
+ } else {
$backend_type = $bind['type'];
- $httpchk = "httpchk";
}
fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n");
@@ -560,14 +607,18 @@ function haproxy_writeconf() {
if($bind['httpclose'])
fwrite ($fd, "\toption\t\t\thttpclose\n");
- if($bind['forwardfor'])
+ if($bind['forwardfor']) {
fwrite ($fd, "\toption\t\t\tforwardfor\n");
+ fwrite ($fd, "\treqadd X-Forwarded-Proto:\ https\tif { ssl_fc }\n");
+ }
if($bind['max_connections'])
fwrite ($fd, "\tmaxconn\t\t\t" . $bind['max_connections'] . "\n");
- if($bind['client_timeout'])
- fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n");
+ if(!$bind['client_timeout'])
+ $bind['client_timeout'] = 30000;
+
+ fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n");
// Combine the rest of the listener configs
@@ -596,6 +647,15 @@ function haproxy_writeconf() {
$a_pendingpl[$poolname]['frontend'] = $bconfig;
}
+ if (strtolower($bind['type']) == "http" && $bconfig['ssloffload'] && $bconfig['ssloffloadacl']) {
+ $aclname = "SNI_" . $poolname;
+ $cert_cn = cert_get_cn($bconfig['ssloffloadcert'] ,true);
+ //$expr = "req_ssl_sni -i $cert_cn";
+ $expr = "hdr(host) -i $cert_cn";
+ fwrite ($fd, "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n");
+ fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclname . "\n");
+ }
+
foreach ($a_acl as $entry) {
$acl = haproxy_find_acl($entry['expression']);
if (!$acl)
@@ -613,13 +673,19 @@ function haproxy_writeconf() {
$aclname = $i . "_" . $entry['name'];
fwrite ($fd, "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n");
fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclname . "\n");
+
+ if ($acl['advancedoptions'] != '')
+ $advancedextra[$acl['syntax']] = $acl['advancedoptions']."\n";
$i++;
}
}
+ foreach($advancedextra as $extra)
+ fwrite ($fd, "\t".$extra."\n");
fwrite ($fd, "\n");
}
}
+ // Construct and write out configuration for each "backend"
if (is_array($a_pendingpl) && is_array($a_pools)) {
foreach ($a_pendingpl as $pending) {
foreach ($a_pools as $pool) {
@@ -650,6 +716,9 @@ function haproxy_writeconf() {
// create config file
fclose($fd);
+ if ($input_errors)
+ print_input_errors($input_errors);
+
if (isset($a_global['carpdev']))
haproxy_install_cron(true);
else
@@ -820,4 +889,106 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) {
}
}
+function get_frontend_id($name) {
+ global $a_backend;
+ $i = 0;
+ foreach($a_backend as $backend)
+ {
+ if ($backend['name'] == $name)
+ return $i;
+ $i++;
+ }
+ return null;
+}
+
+function get_frontend_ipport($fontend) {
+ global $a_backend;
+ if ($fontend['secondary'] == 'yes')
+ $mainfontend = $a_backend[get_frontend_id($fontend['primary_frontend'])];
+ else
+ $mainfontend = $fontend;
+ if($mainfontend['extaddr'] == "any")
+ $result = "0.0.0.0";
+ elseif($mainfontend['extaddr'])
+ $result = $mainfontend['extaddr'];
+ else
+ $result = get_current_wan_address('wan');
+ return $result . ":" . $mainfontend['port'];
+ return 'abc';
+}
+
+function haproxy_check_config() {
+ global $config;
+ $a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item'];
+ $result = false;
+ $activefrontends = array();
+ $issues = array();
+
+ foreach($a_backends as $frontend) {
+ if (($frontend['status'] != 'active') || ($frontend['secondary'] == 'yes'))
+ continue;
+ $ipport = get_frontend_ipport($frontend);
+ if (isset($activefrontends[$ipport]))
+ $issues['P_'.$ipport] = "Multiple primary frontends with IP:Port \"$ipport\"";
+ else
+ $activefrontends[$ipport] = true;
+ }
+ foreach($a_backends as $frontend) {
+ if (($frontend['status'] != 'active') || ($frontend['secondary'] != 'yes'))
+ continue;
+ $ipport = get_frontend_ipport($frontend);
+ if (!isset($activefrontends[$ipport]))
+ $issues['S_'.$frontend['name']] = "Secondary frontend \"{$frontend['name']}\" without active primary frontend.";
+ }
+ foreach ($issues as $item)
+ $result .= ($result == false ? "" : "<br/>") . $item;
+ return $result;
+}
+
+function get_haproxy_frontends($excludeitem="") {
+ global $config;
+ $a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item'];
+ $result = array();
+ foreach($a_frontend as &$frontend)
+ {
+ if ($frontend['secondary'])
+ continue;
+ if ($frontend['name'] == $excludeitem)
+ continue;
+
+ $serveradress = "{$frontend['extaddr']}:{$frontend['port']}";
+ $result[$frontend['name']]['name'] = "{$frontend['name']} - {$frontend['type']} ({$serveradress})";
+ $result[$frontend['name']]['ref'] = &$frontend;
+ }
+ asort($result, SORT_STRING);
+ return $result;
+}
+
+function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) {
+ $offset = str_repeat(' ',$nestID);
+ $itemName = "item$nestID";
+ echo "{$offset}$nodeName = {};\n";
+ if (is_array($items))
+ foreach ($items as $key => $item)
+ {
+ if (in_array($path.'/'.$key, $includeitems))
+ $subpath = $path.'/'.$key;
+ else
+ $subpath = $path.'/*';
+ if (in_array($subpath, $includeitems) || in_array($path.'/*', $includeitems)) {
+ if (is_array($item)) {
+ $subNodeName = "item$nestID";
+ phparray_to_javascriptarray_recursive($nestID+1, $subpath, $items[$key], $subNodeName, $includeitems);
+ echo "{$offset}{$nodeName}['{$key}'] = $itemName;\n";
+ } else
+ echo "{$offset}{$nodeName}['$key'] = '$item';\n";
+ }
+ }
+}
+
+function phparray_to_javascriptarray($items, $javaMapName, $includeitems)
+{
+ phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems);
+}
+
?>
diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php
index 340c578b..61c654cf 100755
--- a/config/haproxy-devel/haproxy_global.php
+++ b/config/haproxy-devel/haproxy_global.php
@@ -48,8 +48,14 @@ if ($_POST) {
config_lock();
$retval = haproxy_configure();
config_unlock();
- $savemsg = get_std_save_message($retval);
- unlink_if_exists($d_haproxyconfdirty_path);
+
+ $result = haproxy_check_writtenconfig_error();
+ if ($result)
+ $savemsg = gettext($result);
+ else {
+ $savemsg = get_std_save_message($retval);
+ unlink_if_exists($d_haproxyconfdirty_path);
+ }
} else {
if ($_POST['enable']) {
$reqdfields = explode(" ", "maxconn");
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php
index c5c41714..7b4cf3da 100644
--- a/config/haproxy-devel/haproxy_listeners.php
+++ b/config/haproxy-devel/haproxy_listeners.php
@@ -34,6 +34,7 @@ require_once("guiconfig.inc");
$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty";
require_once("haproxy.inc");
+require_once("certs.inc");
if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) {
$config['installedpackages']['haproxy']['ha_backends']['item'] = array();
@@ -48,15 +49,28 @@ if ($_POST) {
config_lock();
$retval = haproxy_configure();
config_unlock();
- $savemsg = get_std_save_message($retval);
- unlink_if_exists($d_haproxyconfdirty_path);
+
+ $result = haproxy_check_writtenconfig_error();
+ if ($result)
+ $savemsg = gettext($result);
+ else {
+ $savemsg = get_std_save_message($retval);
+ unlink_if_exists($d_haproxyconfdirty_path);
+ }
}
+} else {
+ $result = haproxy_check_config($retval);
+ if ($result)
+ $savemsg = gettext($result);
}
+$id = $_GET['id'];
+$id = get_frontend_id($id);
+
if ($_GET['act'] == "del") {
- if (isset($a_backend[$_GET['id']])) {
+ if (isset($a_backend[$id])) {
if (!$input_errors) {
- unset($a_backend[$_GET['id']]);
+ unset($a_backend[$id]);
write_config();
touch($d_haproxyconfdirty_path);
}
@@ -98,77 +112,101 @@ include("head.inc");
<tr>
<td>
<div id="mainarea">
- <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="20%" class="listhdrr">Name</td>
- <td width="30%" class="listhdrr">Description</td>
- <td width="20%" class="listhdrr">Address</td>
- <td width="10%" class="listhdrr">Type</td>
- <td width="10%" class="listhdrr">Server&nbsp;pool</td>
- <td width="5%" class="list"></td>
+ <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="5%" class="listhdrr">Primary</td>
+ <td width="20%" class="listhdrr">Advanced</td>
+ <td width="20%" class="listhdrr">Name</td>
+ <td width="30%" class="listhdrr">Description</td>
+ <td width="20%" class="listhdrr">Address</td>
+ <td width="5%" class="listhdrr">Type</td>
+ <td width="10%" class="listhdrr">Server&nbsp;pool</td>
+ <td width="20%" class="listhdrr">Parent</td>
+ <td width="5%" class="list"></td>
</tr>
<?php
- $i = 0;
- foreach ($a_backend as $backend):
- $textss = $textse = "";
- if ($backend['status'] != 'active') {
- $textss = "<span class=\"gray\">";
- $textse = "</span>";
+
+ function sort_backends(&$a, &$b) {
+ if ($a['ipport'] != $b['ipport'])
+ return $a['ipport'] > $b['ipport'] ? 1 : -1;
+ if ($a['secondary'] != $b['secondary'])
+ return $a['secondary'] > $b['secondary'] ? 1 : -1;
+ if ($a['name'] != $b['name'])
+ return $a['name'] > $b['name'] ? 1 : -1;
+ return 0;
}
-?>
- <tr>
- <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';">
- <?=$textss . $backend['name'] . $textse;?>
- </td>
- <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';">
- <?=$textss . $backend['desc'] . $textse;?>
- </td>
- <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';">
-<?php
- echo $textss;
- if($backend['extaddr'] == "any")
- echo "0.0.0.0";
- elseif($backend['extaddr'])
- echo $backend['extaddr'];
- else
- echo get_current_wan_address('wan');
- echo ":" . $backend['port'];
- echo $textse;
-?>
- </td>
- <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';">
- <?=$textss . $backend['type'] . $textse;?>
- </td>
- <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';">
- <?=$textss . $backend['backend_serverpool'] . $textse;?>
- </td>
- <td class="list" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
- <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
- <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i++; endforeach; ?>
- <tfoot>
- <tr>
- <td class="list" colspan="5"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="haproxy_listeners_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- </tfoot>
- </table>
+ foreach($a_backend as &$backend2) {
+ $backend2['ipport'] = get_frontend_ipport($backend2);
+ }
+ usort($a_backend,'sort_backends');
+
+ $certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
+ unset($ipport_previous);
+ foreach ($a_backend as $backend):
+ $backendname = $backend['name'];
+ $textgray = $backend['status'] != 'active' ? " gray" : "";
+ if (isset($ipport_previous ) && $backend['ipport'] != $ipport_previous):
+ ?>
+ <tr class="<?=$textgray?>"><td collspan="7">&nbsp;</td></tr>
+ <?
+ endif;
+ $ipport_previous = $backend['ipport'];
+ ?>
+ <tr class="<?=$textgray?>">
+ <td class="listlr" style="<?=$backend['secondary']=='yes'?"visibility:hidden;":""?>" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';">
+ <?=$backend['secondary']!='yes'?"yes":"no";?>
+ </td>
+ <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';">
+ <? if (strtolower($backend['type']) == "http" && $backend['ssloffload']):
+ $cert = lookup_cert($backend['ssloffloadcert']);?>
+ <img src="<?=$certimg;?>" alt="SSL offloading" title="SSL offloading cert: '<?=$cert['descr'];?>'" border="0" height="16" width="16" />
+ <? endif;?>
+ </td>
+ <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';">
+ <?=$backend['name'];?>
+ </td>
+ <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';">
+ <?=$backend['desc'];?>
+ </td>
+ <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';">
+ <?=$backend['ipport'];?>
+ </td>
+ <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';">
+ <?=$backend['type']?>
+ </td>
+ <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';">
+ <?=$backend['backend_serverpool']?>
+ </td>
+ <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';">
+ <?=$backend['secondary'] == 'yes' ? $backend['primary_frontend'] : "";?>
+ </td>
+ <td class="list" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$backendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$backendname;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$backendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ <tfoot>
+ <tr>
+ <td class="list" colspan="8"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="haproxy_listeners_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </tfoot>
+ </table>
</div>
</table>
- </form>
+ </form>
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php
index 4a802ef2..0826010c 100644
--- a/config/haproxy-devel/haproxy_listeners_edit.php
+++ b/config/haproxy-devel/haproxy_listeners_edit.php
@@ -33,6 +33,16 @@
require("guiconfig.inc");
require_once("haproxy.inc");
+/* Compatibility function for pfSense 2.0 */
+if (!function_exists("cert_get_purpose")) {
+ function cert_get_purpose(){
+ $result = array();
+ $result['server'] = "Yes";
+ return $result;
+ }
+}
+/**/
+
function get_certificat_usage($refid) {
$usage = array();
$cert = lookup_cert($refid);
@@ -48,13 +58,14 @@ function get_certificat_usage($refid) {
$usage[] = "OpenVPN Client";
if (is_ipsec_cert($cert['refid']))
$usage[] = "IPsec Tunnel";
- if (is_captiveportal_cert($refid))
- $usage[] = "Captive Portal";
+ if (function_exists("is_captiveportal_cert"))
+ if (is_captiveportal_cert($refid))
+ $usage[] = "Captive Portal";
return $usage;
}
-/// This function (is intendet to) provides a uniform way to retrieve a list of use selectable certificates
+// This function (is intended to) provides a uniform way to retrieve a list of server certificates
function get_certificates_server($get_includeWebCert=false) {
global $config;
$certificates=array();
@@ -64,6 +75,10 @@ function get_certificates_server($get_includeWebCert=false) {
if ($get_ca == false && is_webgui_cert($cert['refid']))
continue;
+ $purpose = cert_get_purpose($cert['crt']);
+ if ($purpose['server'] != 'Yes')
+ continue;
+
$selected = "";
$caname = "";
$inuse = "";
@@ -86,18 +101,20 @@ function get_certificates_server($get_includeWebCert=false) {
if ($usagestr != "")
$usagestr = " (".trim($usagestr).")";
- $certificates[$cert['refid']] = $cert['descr'] . $caname . $inuse . $revoked . $usagestr;
+ $certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $inuse . $revoked . $usagestr;
}
return $certificates;
}
-function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="")
+function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="")
{
- if (count($keyvaluelist)>0){
- echo "<select name=\"$name\" class=\"formselect\">";
+ if (count($keyvaluelist)>0){
+ if ($onchangeEvent != "")
+ $onchangeEvent .= " onchange=$onchangeEvent";
+ echo "<select name=\"$name\" id=\"$name\" class=\"formselect\"$onchangeEvent>";
foreach($keyvaluelist as $key => $desc){
$selectedhtml = $key == $selected ? "selected" : "";
- echo "<option value=\"{$key}\" {$selectedhtml}>{$desc}</option>";
+ echo "<option value=\"{$key}\" {$selectedhtml}>{$desc['name']}</option>";
}
echo "</select>";
} else {
@@ -125,6 +142,9 @@ if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) {
$a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item'];
$a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item'];
+global $simplefields;
+$simplefields = array('name','desc','status','secondary','primary_frontend','type','forwardfor','httpclose','extaddr','backend_serverpool',
+ 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl');
if (isset($_POST['id']))
$id = $_POST['id'];
@@ -134,27 +154,14 @@ else
if (isset($_GET['dup']))
$id = $_GET['dup'];
-if (isset($id) && $a_backend[$id]) {
- $pconfig['name'] = $a_backend[$id]['name'];
- $pconfig['desc'] = $a_backend[$id]['desc'];
- $pconfig['status'] = $a_backend[$id]['status'];
-
- $pconfig['type'] = $a_backend[$id]['type'];
+$id = get_frontend_id($id);
- $pconfig['forwardfor'] = $a_backend[$id]['forwardfor'];
- $pconfig['httpclose'] = $a_backend[$id]['httpclose'];
-
- $pconfig['type'] = $a_backend[$id]['type'];
- $pconfig['extaddr'] = $a_backend[$id]['extaddr'];
- $pconfig['backend_serverpool'] = $a_backend[$id]['backend_serverpool'];
- $pconfig['max_connections'] = $a_backend[$id]['max_connections'];
- $pconfig['client_timeout'] = $a_backend[$id]['client_timeout'];
- $pconfig['port'] = $a_backend[$id]['port'];
+if (isset($id) && $a_backend[$id]) {
$pconfig['a_acl']=&$a_backend[$id]['ha_acls']['item'];
$pconfig['advanced'] = base64_decode($a_backend[$id]['advanced']);
- $pconfig['ssloffloadcert'] = $a_backend[$id]['ssloffloadcert'];
- $pconfig['dcertadv'] = $a_backend[$id]['dcertadv'];
- $pconfig['ssloffload'] = $a_backend[$id]['ssloffload'];
+
+ foreach($simplefields as $stat)
+ $pconfig[$stat] = $a_backend[$id][$stat];
}
if (isset($_GET['dup']))
@@ -184,13 +191,13 @@ if ($_POST) {
if ($port && !is_numeric($port))
$input_errors[] = "The field 'Port' value is not a number.";
- if (!is_numeric($_POST['client_timeout']))
+ if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout']))
$input_errors[] = "The field 'Client timeout' value is not a number.";
/* Ensure that our pool names are unique */
for ($i=0; isset($config['installedpackages']['haproxy']['ha_backends']['item'][$i]); $i++)
if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_backends']['item'][$i]['name']) && ($i != $id))
- $input_errors[] = "This frontend name has already been used. Frontend names must be unique.";
+ $input_errors[] = "This frontend name has already been used. Frontend names must be unique. $i != $id";
$a_acl=array();
$acl_names=array();
@@ -235,24 +242,11 @@ if ($_POST) {
if($backend['name'] != "")
$changedesc .= " modified '{$backend['name']}' pool:";
+ foreach($simplefields as $stat)
+ update_if_changed($stat, $backend[$stat], $_POST[$stat]);
- update_if_changed("name", $backend['name'], $_POST['name']);
- update_if_changed("description", $backend['desc'], $_POST['desc']);
- update_if_changed("status", $backend['status'], $_POST['status']);
- update_if_changed("type", $backend['type'], $_POST['type']);
- update_if_changed("cookie_name", $backend['cookie_name'], $_POST['cookie_name']);
- update_if_changed("forwardfor", $backend['forwardfor'], $_POST['forwardfor']);
- update_if_changed("httpclose", $backend['httpclose'], $_POST['httpclose']);
- update_if_changed("type", $backend['type'], $_POST['type']);
- update_if_changed("port", $backend['port'], $_POST['port']);
- update_if_changed("extaddr", $backend['extaddr'], $_POST['extaddr']);
- update_if_changed("backend_serverpool", $backend['backend_serverpool'], $_POST['backend_serverpool']);
- update_if_changed("max_connections", $backend['max_connections'], $_POST['max_connections']);
- update_if_changed("client_timeout", $backend['client_timeout'], $_POST['client_timeout']);
+
update_if_changed("advanced", $backend['advanced'], base64_encode($_POST['advanced']));
- update_if_changed("ssloffloadcert", $backend['ssloffloadcert'], $_POST['ssloffloadcert']);
- update_if_changed("dcertadv", $backend['dcertadv'], $_POST['dcertadv']);
- update_if_changed("ssloffload", $backend['ssloffload'], $_POST['ssloffload']);
$backend['ha_acls']['item'] = $a_acl;
if (isset($id) && $a_backend[$id]) {
@@ -275,15 +269,22 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
if(strstr($pfSversion, "1.2"))
$one_two = true;
+if (!$id)
+{
+ //default value for new items.
+ $pconfig['ssloffloadacl'] = "yes";
+}
+
$pgtitle = "HAProxy: Frontend: Edit";
include("head.inc");
-
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()">
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<style type="text/css">
.haproxy_mode_http{display:none;}
.haproxy_ssloffloading_enabled{display:none;}
+ .haproxy_primary{}
+ .haproxy_secondary{display:none;}
</style>
<?php if($one_two): ?>
@@ -448,20 +449,32 @@ include("head.inc");
function updatevisibility()
{
+ d = document;
+ ssloffload = d.getElementById("ssloffload");
+ type = d.getElementById("type");
+ secondary = d.getElementById("secondary");
+ primary_frontend = d.getElementById("primary_frontend");
+
+ if (secondary.checked)
+ type = primaryfrontends[primary_frontend.value]['ref']['type'];
+ else
+ type = d.getElementById("type").value;
+
setCSSdisplay(".haproxy_ssloffloading_enabled", ssloffload.checked);
- setCSSdisplay(".haproxy_mode_http", type.value == "http");
+ setCSSdisplay(".haproxy_mode_http", type == "http");
+ setCSSdisplay(".haproxy_primary", !secondary.checked);
+ setCSSdisplay(".haproxy_secondary", secondary.checked);
+
+ type_change(type);
}
- function type_change() {
- var type, d, i, j, el, row;
+ function type_change(type) {
+ var d, i, j, el, row;
var count = <?=count($a_acltypes);?>;
var acl = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['name']."'," ?> ];
var mode = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['mode']."'," ?> ];
d = document;
- type = d.getElementById("type").value;
-
-
for (i = 0; i < 99; i++) {
el = d.getElementById("acl_expression" + i);
row = d.getElementById("aclrow" + i);
@@ -477,7 +490,6 @@ include("head.inc");
}
}
}
- updatevisibility();
}
</script>
<?php include("fbegin.inc"); ?>
@@ -512,11 +524,30 @@ include("head.inc");
</select>
</td>
</tr>
- <tr>
+ <tr align="left">
+ <td width="22%" valign="top" class="vncell">Shared Frontend</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="secondary" name="secondary" type="checkbox" value="yes" <?php if ($pconfig['secondary']=='yes') echo "checked"; ?> onclick="updatevisibility();"/>
+ Use this setting to configure multiple backends/accesslists for a single frontend.<br/>
+ All settings of which only 1 can exist will be hidden.<br/>
+ The frontend settings will be merged into 1 set of frontend configuration.
+ </td>
+ </tr>
+ <tr class="haproxy_secondary" align="left">
+ <td width="22%" valign="top" class="vncellreq">Primary frontend</td>
+ <td width="78%" class="vtable" colspan="2">
+ <?
+ $primaryfrontends = get_haproxy_frontends($pconfig['name']);
+ echo_html_select('primary_frontend',$primaryfrontends, $pconfig['primary_frontend'],"You must first create a 'primary' frontend.","updatevisibility();");
+ ?>
+ </td>
+ </tr>
+ <tr class="haproxy_primary">
<td width="22%" valign="top" class="vncellreq">External address</td>
<td width="78%" class="vtable">
<select name="extaddr" class="formfld">
<option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option>
+ <option value="localhost" <?php if ('localhost' == $pconfig['extaddr']) echo "selected"; ?>>Localhost</option>
<?php
if (is_array($config['virtualip']['vip'])):
foreach ($config['virtualip']['vip'] as $sn):
@@ -538,13 +569,19 @@ include("head.inc");
</span>
</td>
</tr>
- <tr align="left">
+ <tr class="haproxy_primary" align="left">
<td width="22%" valign="top" class="vncellreq">External port</td>
<td width="78%" class="vtable" colspan="2">
<input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="30" maxlength="500">
<div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div>
</td>
</tr>
+ <tr class="haproxy_primary" align="left">
+ <td width="22%" valign="top" class="vncellreq">Max connections</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10">
+ </td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Backend server pool</td>
<td width="78%" class="vtable">
@@ -562,17 +599,17 @@ include("head.inc");
}
?>
</select>
- <tr align="left">
+ <tr class="haproxy_primary" align="left">
<td width="22%" valign="top" class="vncellreq">Type</td>
<td width="78%" class="vtable" colspan="2">
- <select name="type" id="type" onchange="type_change();">
+ <select name="type" id="type" onchange="updatevisibility();">
<option value="http"<?php if($pconfig['type'] == "http") echo " SELECTED"; ?>>HTTP</option>
<option value="https"<?php if($pconfig['type'] == "https") echo " SELECTED"; ?>>HTTPS</option>
<option value="tcp"<?php if($pconfig['type'] == "tcp") echo " SELECTED"; ?>>TCP</option>
<option value="health"<?php if($pconfig['type'] == "health") echo " SELECTED"; ?>>Health</option>
</select>
</td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell">Access Control lists</td>
<td width="78%" class="vtable" colspan="2" valign="top">
@@ -631,21 +668,15 @@ include("head.inc");
</tr>
</table>
<br/>&nbsp;<br/>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table class="haproxy_primary" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="top" class="listtopic">Advanced settings</td>
</tr>
<tr align="left">
- <td width="22%" valign="top" class="vncellreq">Max connections</td>
- <td width="78%" class="vtable" colspan="2">
- <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10">
- </td>
- </tr>
- <tr align="left">
- <td width="22%" valign="top" class="vncellreq">Client timeout</td>
+ <td width="22%" valign="top" class="vncell">Client timeout</td>
<td width="78%" class="vtable" colspan="2">
<input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10">
- <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div>
+ <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (default 30000).</div>
</td>
</tr>
<tr align="left">
@@ -655,7 +686,11 @@ include("head.inc");
<br/>
The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which
contains the client's IP address. This is useful to let the final web server
- know what the client address was (eg for statistics on domains)
+ know what the client address was. (eg for statistics on domains)<br/>
+ <br/>
+ It is important to note that as long as HAProxy does not support keep-alive connections,
+ only the first request of a connection will receive the header. For this reason,
+ it is important to ensure that option httpclose is set when using this option.
</td>
</tr>
<tr align="left">
@@ -676,8 +711,10 @@ include("head.inc");
NOTE: paste text into this box that you would like to pass thru.
</td>
</tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
</table>
- <br/>&nbsp;<br/>
<?
global $haproxy_sni_ssloffloading;
if ($haproxy_sni_ssloffloading):
@@ -698,14 +735,20 @@ include("head.inc");
<td width="22%" valign="top" class="vncell">Certificate</td>
<td width="78%" class="vtable" colspan="2">
<?
- //$servercerts = get_certificates_server();
- //echo_html_select("ssloffloadcert", $servercerts, $pconfig['ssloffloadcert'], '<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a>.');
+ $servercerts = get_certificates_server();
+ echo_html_select("ssloffloadcert", $servercerts, $pconfig['ssloffloadcert'], '<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a>.');
?>
<br/>
NOTE: choose the cert to use on this frontend.
</td>
</tr>
<tr class="haproxy_ssloffloading_enabled" align="left">
+ <td width="22%" valign="top" class="vncell">ACL for certificate CN</td>
+ <td width="78%" class="vtable" colspan="2">
+ <input id="ssloffloadacl" name="ssloffloadacl" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacl']=='yes') echo "checked";?> onclick="updatevisibility();">Add ACL for certificate CommonName.</input>
+ </td>
+ </tr>
+ <tr class="haproxy_ssloffloading_enabled" align="left">
<td width="22%" valign="top" class="vncell">Advanced ssl options</td>
<td width="78%" class="vtable" colspan="2">
<input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64">
@@ -728,7 +771,7 @@ include("head.inc");
<input name="Submit" type="submit" class="formbtn" value="Save">
<input type="button" class="formbtn" value="Cancel" onclick="history.back()">
<?php if (isset($id) && $a_backend[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=$a_backend[$id]['name'];?>">
<?php endif; ?>
</td>
</tr>
@@ -742,10 +785,18 @@ include("head.inc");
</form>
<br>
<script type="text/javascript">
+<?
+ phparray_to_javascriptarray($primaryfrontends,"primaryfrontends",Array('/*','/*/name','/*/ref','/*/ref/type','/*/ref/ssloffload'));
+?>
+
+</script>
+<script type="text/javascript">
field_counter_js = 3;
rows = 1;
totalrows = <?php echo $counter; ?>;
loaded = <?php echo $counter; ?>;
+
+ updatevisibility();
</script>
<?php include("fend.inc"); ?>
</body>
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index fa46efb2..2ee880a2 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -88,13 +88,13 @@ if ($_POST) {
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name']))
$input_errors[] = "The field 'Name' contains invalid characters.";
- if (!is_numeric($_POST['connection_timeout']))
+ if ($_POST['connection_timeout'] !== "" && !is_numeric($_POST['connection_timeout']))
$input_errors[] = "The field 'Connection timeout' value is not a number.";
- if (!is_numeric($_POST['server_timeout']))
+ if ($_POST['server_timeout'] !== "" && !is_numeric($_POST['server_timeout']))
$input_errors[] = "The field 'Server timeout' value is not a number.";
- if (!$_POST['retries'] && is_numeric($_POST['retries']))
+ if ($_POST['retries'] !== "" && !is_numeric($_POST['retries']))
$input_errors[] = "The field 'Retries' value is not a number.";
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username']))
@@ -113,8 +113,9 @@ if ($_POST) {
$server_name=$_POST['server_name'.$x];
$server_address=$_POST['server_address'.$x];
$server_port=$_POST['server_port'.$x];
+ $server_ssl=$_POST['server_ssl'.$x];
$server_weight=$_POST['server_weight'.$x];
- $server_backup=$_POST['server_backup'.$x];
+ $server_status=$_POST['server_status'.$x];
if ($server_address) {
@@ -122,8 +123,9 @@ if ($_POST) {
$server['name']=$server_name;
$server['address']=$server_address;
$server['port']=$server_port;
+ $server['ssl']=$server_ssl;
$server['weight']=$server_weight;
- $server['backup']=$server_backup;
+ $server['status']=$server_status;
$a_servers[]=$server;
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name))
@@ -215,7 +217,7 @@ row_helper();
<input type='hidden' name='address_type' value='textbox' />
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()">
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC"">
<style type="text/css">
.haproxy_stats_visible{display:none;}
</style>
@@ -257,12 +259,15 @@ row_helper();
rowname[2] = "server_port";
rowtype[2] = "textbox";
rowsize[2] = "5";
- rowname[3] = "server_weight";
- rowtype[3] = "textbox";
+ rowname[3] = "server_ssl";
+ rowtype[3] = "checkbox";
rowsize[3] = "5";
- rowname[4] = "server_backup";
- rowtype[4] = "checkbox";
+ rowname[4] = "server_weight";
+ rowtype[4] = "textbox";
rowsize[4] = "5";
+ rowname[5] = "server_status";
+ rowtype[5] = "select";
+ rowsize[5] = "1";
</script>
<?php include("fbegin.inc"); ?>
<?php if ($input_errors) print_input_errors($input_errors); ?>
@@ -295,16 +300,15 @@ row_helper();
</td>
</tr>
<tr align="left">
- <td class="vncellreq" colspan="3">Server list</td>
- </tr>
- <tr>
- <td width="78%" class="vtable" colspan="2" valign="top">
+ <td class="vncell" colspan="3"><strong>Server list</strong>
+
<table class="" width="100%" cellpadding="0" cellspacing="0" id='servertable'>
<tr>
<td width="30%" class="listhdrr">Name</td>
<td width="30%" class="listhdrr">Address</td>
<td width="18%" class="listhdrr">Port</td>
- <td width="18%" class="listhdrr">Weight</td>
+ <td width="5%" class="listhdrr">SSL</td>
+ <td width="8%" class="listhdrr">Weight</td>
<td width="5%" class="listhdr">Backup</td>
<td width="4%" class=""></td>
</tr>
@@ -322,8 +326,9 @@ row_helper();
<td class="vtable listlr"><?=$server['name']; ?></td>
<td class="vtable listr"><?=$server['address']; ?></td>
<td class="vtable listr"><?=$server['port']; ?></td>
+ <td class="vtable listr"><?=$server['ssl']=='yes'?'yes':'no'; ?></td>
<td class="vtable listr"><?=$server['weight']; ?></td>
- <td class="vtable listr"><?=$server['backup']; ?></td>
+ <td class="vtable listr"><?=$server['status']; ?></td>
<td class="list">
<table border="0" cellspacing="0" cellpadding="1"><tr>
<td valign="middle">
@@ -345,9 +350,17 @@ row_helper();
<td class="vtable">
<input name="server_port<?=$counter;?>" id="server_port<?=$counter;?>" type="text" value="<?=$server['port']; ?>" size="5"/></td>
<td class="vtable">
+ <input name="server_ssl<?=$counter;?>" id="server_ssl<?=$counter;?>" type="checkbox" value="yes" <?=$server['ssl']=='yes'?"checked":""; ?> size="5"/></td>
+ <td class="vtable">
<input name="server_weight<?=$counter;?>" id="server_weight<?=$counter;?>" type="text" value="<?=$server['weight']; ?>" size="5"/></td>
<td class="vtable">
- <input name="server_backup<?=$counter;?>" id="server_backup<?=$counter;?>" type="checkbox" value="yes" <?php if ($server['backup']=='yes') echo "checked"; ?>/></td>
+ <select name="server_status<?=$counter;?>" id="server_status<?=$counter;?>">
+ <option value="active" <?php if($server['status']=='active') echo "SELECTED";?>>active</option>
+ <option value="backup" <?php if($server['status']=='backup') echo "SELECTED";?>>backup</option>
+ <option value="disabled" <?php if($server['status']=='disabled') echo "SELECTED";?>>disabled</option>
+ <option value="inactive" <?php if($server['status']=='inactive') echo "SELECTED";?>>inactive</option>
+ </select>
+ </td>
<td class="list">
<table border="0" cellspacing="0" cellpadding="1"><tr>
<td valign="middle">
@@ -437,7 +450,7 @@ row_helper();
<td width="22%" valign="top" class="vncell">Check freq</td>
<td width="78%" class="vtable" colspan="2">
<input name="checkinter" type="text" <?if(isset($pconfig['checkinter'])) echo "value=\"{$pconfig['checkinter']}\"";?>size="20"> milliseconds
- <br/>Defaults to 1000 if left blank.
+ <br/>For HTTP/HTTPS defaults to 1000 if left blank. For TCP no check will be performed if left empty.
</td>
</tr>
<tr align="left">
@@ -473,17 +486,17 @@ row_helper();
<td colspan="2" valign="top" class="listtopic">Advanced settings</td>
</tr>
<tr align="left">
- <td width="22%" valign="top" class="vncellreq">Connection timeout</td>
+ <td width="22%" valign="top" class="vncell">Connection timeout</td>
<td width="78%" class="vtable" colspan="2">
<input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64">
- <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div>
+ <div>the time (in milliseconds) we give up if the connection does not complete within (default 30000).</div>
</td>
</tr>
<tr align="left">
- <td width="22%" valign="top" class="vncellreq">Server timeout</td>
+ <td width="22%" valign="top" class="vncell">Server timeout</td>
<td width="78%" class="vtable" colspan="2">
<input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64">
- <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div>
+ <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (default 30000).</div>
</td>
</tr>
<tr align="left">
@@ -582,10 +595,11 @@ set by the 'retries' parameter.</div>
<br>
<?php include("fend.inc"); ?>
<script type="text/javascript">
- field_counter_js = 5;
+ field_counter_js = 6;
rows = 1;
totalrows = <?php echo $counter; ?>;
loaded = <?php echo $counter; ?>;
+ updatevisibility();
</script>
</body>
</html>
@@ -593,6 +607,13 @@ set by the 'retries' parameter.</div>
<?php
function row_helper() {
+ $options = <<<EOD
+ <option value='active' SELECTED>active</option>"+
+" <option value='backup'>backup</option>"+
+" <option value='disabled'>disabled</option>"+
+" <option value='inactive'>inactive</option>
+EOD;
+
echo <<<EOF
<script type="text/javascript">
// Global Variables
diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php
index bad4bf09..07e7d106 100644
--- a/config/haproxy-devel/haproxy_pools.php
+++ b/config/haproxy-devel/haproxy_pools.php
@@ -52,8 +52,14 @@ if ($_POST) {
config_lock();
$retval = haproxy_configure();
config_unlock();
- $savemsg = get_std_save_message($retval);
- unlink_if_exists($d_haproxyconfdirty_path);
+
+ $result = haproxy_check_writtenconfig_error();
+ if ($result)
+ $savemsg = gettext($result);
+ else {
+ $savemsg = get_std_save_message($retval);
+ unlink_if_exists($d_haproxyconfdirty_path);
+ }
}
}
diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml
index efa82384..e45baa1a 100644
--- a/config/openbgpd/openbgpd_neighbors.xml
+++ b/config/openbgpd/openbgpd_neighbors.xml
@@ -100,13 +100,13 @@
<field>
<fielddescr>TCP-MD5 key</fielddescr>
<fieldname>md5sigkey</fieldname>
- <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers.</description>
+ <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers. You need the Local Addr option to be set.</description>
<type>input</type>
</field>
<field>
<fielddescr>TCP-MD5 password</fielddescr>
<fieldname>md5sigpass</fieldname>
- <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router.</description>
+ <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router. You need the Local Addr option to be set.</description>
<type>input</type>
</field>
<field>
diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc
index 89610565..e9bd2814 100644
--- a/config/systempatches/patches.inc
+++ b/config/systempatches/patches.inc
@@ -29,7 +29,7 @@
require_once("globals.inc");
require_once("util.inc");
-$git_root_url = "http://github.com/bsdperimeter/pfsense/commit/";
+$git_root_url = "http://github.com/pfsense/pfsense/commit/";
$patch_suffix = ".patch";
$patch_dir = "/var/patches";
$patch_cmd = "/usr/bin/patch";
@@ -139,4 +139,4 @@ function is_github_url($url) {
$urlbits = explode("/", $url);
return (substr($urlbits[2], -10) == "github.com");
}
-?> \ No newline at end of file
+?>