diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/apache_mod_security-dev/apache_balancer.template | 4 | ||||
-rw-r--r-- | config/apache_mod_security-dev/apache_mod_security.inc | 2 | ||||
-rw-r--r-- | config/bandwidthd/bandwidthd.inc | 25 | ||||
-rw-r--r-- | config/bandwidthd/bandwidthd.xml | 26 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy.inc | 249 | ||||
-rwxr-xr-x | config/haproxy-devel/haproxy_global.php | 10 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_listeners.php | 178 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_listeners_edit.php | 195 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_pool_edit.php | 67 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_pools.php | 10 | ||||
-rw-r--r-- | config/openbgpd/openbgpd_neighbors.xml | 4 | ||||
-rw-r--r-- | config/systempatches/patches.inc | 4 |
12 files changed, 551 insertions, 223 deletions
diff --git a/config/apache_mod_security-dev/apache_balancer.template b/config/apache_mod_security-dev/apache_balancer.template index 361a5ed4..06422125 100644 --- a/config/apache_mod_security-dev/apache_balancer.template +++ b/config/apache_mod_security-dev/apache_balancer.template @@ -6,7 +6,7 @@ $balancer_config= <<<EOF # then edit /usr/local/pkg/apache_* files. # # # # And don't forget to submit your changes to: # -# https://github.com/bsdperimeter/pfsense-packages # +# https://github.com/pfsense/pfsense-packages # ################################################################################## SetOutputFilter DEFLATE SetInputFilter DEFLATE @@ -37,4 +37,4 @@ Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ EOF; -?>
\ No newline at end of file +?> diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index cdee4f6b..57f5407b 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -321,7 +321,7 @@ function generate_apache_configuration() { # then edit /usr/local/pkg/apache_* files. # # # # And don't forget to submit your changes to: # -# https://github.com/bsdperimeter/pfsense-packages # +# https://github.com/pfsense/pfsense-packages # ################################################################################## diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 8821ac76..4e0107eb 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -46,6 +46,8 @@ function bandwidthd_install_deinstall() { exec("rm -f /usr/local/etc/rc.d/bandwidthd*"); exec("rm -rf " . PKG_BANDWIDTHD_BASE . "/htdocs"); exec("rm -f /usr/local/www/bandwidthd"); + // Remove the cron job, if it is there + install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false); conf_mount_ro(); config_unlock(); } @@ -79,7 +81,9 @@ function bandwidthd_install_config() { $recover_cdf = "recover_cdf true\n"; $output_cdf = $config['installedpackages']['bandwidthd']['config'][0]['outputcdf']; if($output_cdf) - $output_cdf = "output_cdf true\n"; + $output_cdf_string = "output_cdf true\n"; + else + $output_cdf_string = ""; $promiscuous = $config['installedpackages']['bandwidthd']['config'][0]['promiscuous']; if($promiscuous) $promiscuous = "promiscuous true\n"; @@ -180,7 +184,7 @@ $graph_cutoff $promiscuous #Log data to cdf file htdocs/log.cdf -$output_cdf +$output_cdf_string #Read back the cdf file on startup $recover_cdf @@ -252,7 +256,12 @@ if [ ! -L "{$bandwidthd_nano_dir}/etc" ] ; then fi /bin/ln -s {$bandwidthd_config_dir} {$bandwidthd_nano_dir}/etc fi - +if [ ! -f "{$bandwidthd_htdocs_dir}/legend.gif" ] ; then + /bin/cp {$bandwidthd_base_dir}/htdocs/legend.gif {$bandwidthd_htdocs_dir} +fi +if [ ! -f "{$bandwidthd_htdocs_dir}/logo.gif" ] ; then + /bin/cp {$bandwidthd_base_dir}/htdocs/logo.gif {$bandwidthd_htdocs_dir} +fi cd {$bandwidthd_nano_dir} {$bandwidthd_nano_dir}/bandwidthd cd - @@ -292,6 +301,16 @@ EOD; if (!file_exists($bandwidthd_index_file)) { exec("echo \"Please start bandwidthd to populate this directory.\" > " . $bandwidthd_index_file); } + + if($output_cdf) { + // Use cron job to rotate logs every day at 00:01 + install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", true, "1", "0"); + } + else + { + // Remove the cron job, if it is there + install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false); + } conf_mount_ro(); config_unlock(); stop_service("bandwidthd"); diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index f82ac69d..161280cf 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -96,7 +96,7 @@ <field> <fielddescr>Skip intervals</fielddescr> <fieldname>skipintervals</fieldname> - <description>Number of intervals (2.5 minute) to skip between graphing. Default 0.</description> + <description>Number of intervals to skip between graphing. Default 0. Each interval is 200 seconds = 3 min 20 sec.</description> <type>input</type> </field> <field> @@ -108,19 +108,20 @@ <field> <fielddescr>Promiscuous</fielddescr> <fieldname>promiscuous</fieldname> - <description>Put interface in promiscuous mode to score to traffic that may not be routing through the host machine.</description> + <description>Put interface in promiscuous mode to see traffic that may not be routing through the host machine.<br> + Note: If the interface is connected to a switch then the interface will only see the traffic on its port.</description> <type>checkbox</type> </field> <field> <fielddescr>output_cdf</fielddescr> <fieldname>outputcdf</fieldname> - <description>Log data to cdf file htdocs/log.cdf</description> + <description>Log data to cdf files log*.cdf</description> <type>checkbox</type> </field> <field> <fielddescr>recover_cdf</fielddescr> <fieldname>recovercdf</fieldname> - <description>Read back the cdf file on startup</description> + <description>Read back the cdf files on startup</description> <type>checkbox</type> </field> <field> @@ -139,9 +140,24 @@ <field> <fielddescr>Meta Refresh</fielddescr> <fieldname>meta_refresh</fieldname> - <description>Set META REFRESH seconds (default 150, use 0 to disable).</description> + <description>Sets the interval (seconds) at which the browser graph display refreshes (default 150, use 0 to disable).</description> <type>input</type> </field> + <field> + <fielddescr>Graph and Log Info</fielddescr> + <fieldname>graph_log_info</fieldname> + <description>If draw graphs is on, then the daily report and graph html data is regenerated every (skip intervals + 1) * 200 seconds. The data volumes in the report are for the same period as the span of the graph.<br> + If output_cdf is on, then a cron job is added to rotate the log files at 00:01 each day. 6 log files are kept for each log frequency (daily, weekly, monthly, yearly). At the respective rotation intervals, the oldest log is deleted, the others are shuffled back and a new log is created.<br> + <table cellpadding=1 cellspacing=0 style="text-align: left;"> <tbody> + <tr><th> </th><th> Data Interval </th><th> Graph Span </th><th> Log Rotation </th><th> Log File Name </th></tr> + <tr><th> Daily </th><td> 200 seconds </td><td> 2 days </td><td> 1 day </td><td> log.1.[0-5].cdf </td></tr> + <tr><th> Weekly </th><td> 10 minutes </td><td> 7 days </td><td> 7 days </td><td> log.2.[0-5].cdf </td></tr> + <tr><th> Monthly </th><td> 1 hour </td><td> 35 days </td><td> 35 days </td><td> log.3.[0-5].cdf </td></tr> + <tr><th> Yearly </th><td> 12 hours </td><td> 412.5 days </td><td> 412.5 days </td><td> log.4.[0-5].cdf </td></tr> + </tbody> </table> + </description> + <type>info</type> + </field> </fields> <custom_php_resync_config_command> bandwidthd_install_config(); diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 559788c7..a03bf219 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -63,7 +63,7 @@ $a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP', 'mode' => '', 'syntax' => 'src'); if ($haproxy_sni_ssloffloading) { $a_acltypes[] = array('name' => 'ssl_sni_matches', 'descr' => 'Server Name Indication TLS extension matches', - 'mode' => 'https', 'syntax' => 'req_ssl_sni -i', 'advancedoptions' => "tcp-request inspect-delay 5s\r\ntcp-request content accept if { req_ssl_hello_type 1 }"); + 'mode' => 'https', 'syntax' => 'req_ssl_sni -i', 'advancedoptions' => "tcp-request inspect-delay 5s\n\ttcp-request content accept if { req_ssl_hello_type 1 }"); } function haproxy_custom_php_deinstall_command() { @@ -322,9 +322,22 @@ function haproxy_find_acl($name) { } function write_backend($fd, $name, $pool, $frontend) { - if(!is_array($pool['ha_servers']['item'])) + if(!is_array($pool['ha_servers']['item']) && !$pool['stats_enabled']=='yes') return; + + $a_servers = &$pool['ha_servers']['item']; + unset($sslserverpresent); + if (is_array($a_servers)) + { + foreach($a_servers as $be) { + if (!$be['status'] == "inactive") + continue; + if ($be['ssl']) + $sslserverpresent = true; + } + } + fwrite ($fd, "backend " . $name . "\n"); if($pool['cookie_name'] && strtolower($frontend['type']) == "http") fwrite ($fd, "\tcookie\t\t\t" . $pool['cookie_name'] . " insert indirect\n"); @@ -333,24 +346,30 @@ function write_backend($fd, $name, $pool, $frontend) { if(strtolower($frontend['type']) == "https") { $backend_type = "tcp"; $httpchk = "ssl-hello-chk"; - } else { + } else { $backend_type = $frontend['type']; - $httpchk = "httpchk"; + if(strtolower($frontend['type']) == "http") + $httpchk = "httpchk"; + else + unset($httpchk); } - + fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n"); if($pool['balance']) fwrite ($fd, "\tbalance\t\t\t" . $pool['balance'] . "\n"); - if($pool['connection_timeout']) - fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); + if(!$pool['connection_timeout']) + $pool['connection_timeout'] = 30000; + fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); - if($pool['server_timeout']) - fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); + if(!$pool['server_timeout']) + $pool['server_timeout'] = 30000; + fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); - if($pool['retries']) - fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n"); + if(!$pool['retries']) + $pool['retries'] = 3; + fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n"); if($pool['stats_enabled']=='yes') { fwrite ($fd, "\tstats\t\t\tenable\n"); @@ -375,7 +394,9 @@ function write_backend($fd, $name, $pool, $frontend) { $uri = $pool['monitor_uri']; else $uri = "/"; - fwrite ($fd, "\toption\t\t\t{$httpchk} HEAD " . $uri . " HTTP/1.0\n"); + + if ($httpchk) + fwrite ($fd, "\toption\t\t\t{$httpchk} HEAD " . $uri . " HTTP/1.0\n"); if ($pool['advanced_backend']) { $adv_be = explode("\n", base64_decode($pool['advanced_backend'])); @@ -404,16 +425,22 @@ function write_backend($fd, $name, $pool, $frontend) { else $checkinter = ""; - $a_servers = &$pool['ha_servers']['item']; - foreach($a_servers as $be) { - if (!$be['name']) - $be['name'] = $be['address']; - if($be['backup']) { - $isbackup = "backup"; - } else { - $isbackup = ""; + if (is_array($a_servers)) + { + foreach($a_servers as $be) { + if (!$be['status'] == "inactive") + continue; + + if (!$be['name']) + $be['name'] = $be['address']; + if(!$be['status'] || $be['status'] != 'active') { + $isbackup = $be['status']; + } else { + $isbackup = ""; + } + $ssl = ($backend_type == "http" && $be['ssl'] == 'yes') ? ' ssl' : ""; + fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter $isbackup weight " . $be['weight'] . "{$advanced_txt}\n"); } - fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . " $cookie " . " $checkinter $isbackup weight " . $be['weight'] . "{$advanced_txt}\n"); } fwrite ($fd, "\n"); } @@ -424,6 +451,14 @@ function haproxy_configure() { return haproxy_check_run(1); } +function haproxy_check_writtenconfig_error() { + $configcheckoutput = shell_exec("haproxy -c -V -f /var/etc/haproxy.cfg 2>&1"); + if (!strstr($configcheckoutput, "Configuration file is valid")) + return str_replace("\n","<br/>\n", $configcheckoutput); + else + return false; +} + function haproxy_writeconf() { global $config, $g; @@ -469,17 +504,20 @@ function haproxy_writeconf() { } //check ssl info - if ($backend['ssloffload']){ + if (strtolower($backend['type']) == "http" && $backend['ssloffload']){ //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem - $ssl_info="ssl crt /var/etc/{$backend['name']}.{$backend['port']}.crt {$backend['dcertadv']}"; + $ssl_crt=" crt /var/etc/{$backend['name']}.{$backend['port']}.crt"; $cert = lookup_cert($backend['ssloffloadcert']); $certcontent = base64_decode($cert['crt']).base64_decode($cert['prv']); file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent); unset($certcontent); }else{ - $ssl_info=""; + $ssl_crt=""; unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt"); } + + if ($backend['extaddr']=='localhost') + $backend['extaddr'] = "127.0.0.1"; $bname = $backend['extaddr'] . ":" . $backend['port']; if (!is_array($a_bind[$bname])) { @@ -493,13 +531,22 @@ function haproxy_writeconf() { $b = &$a_bind[$bname]; // Overwrite ? - $b['type'] = $backend['type']; - $b['forwardfor'] = $backend['forwardfor']; - $b['httpclose'] = $backend['httpclose']; - $b['max_connections'] = $backend['max_connections']; - $b['client_timeout'] = $backend['client_timeout']; - $b['advanced'] = $backend['advanced']; - $b['ssl_info'] = $ssl_info; + if ($backend['secondary'] != 'yes') { + if (isset($b['type'])) + $input_errors[] = "Multiple primary frondends for $bname"; + $b['type'] = $backend['type']; + $b['forwardfor'] = $backend['forwardfor']; + $b['httpclose'] = $backend['httpclose']; + $b['max_connections'] = $backend['max_connections']; + $b['client_timeout'] = $backend['client_timeout']; + $b['advanced'] = $backend['advanced']; + } + + if ($ssl_crt != "") { + if ($b['ssl_info'] == "") + $b['ssl_info'] = "ssl {$backend['dcertadv']}"; + $b['ssl_info'] .= $ssl_crt; + } // pointer to each backend $b['config'][] = $backend; @@ -508,7 +555,7 @@ function haproxy_writeconf() { $a_pendingpl = array(); - // Construct and write out configuration file + // Construct and write out configuration for each "frontend" if(is_array($a_bind)) { foreach ($a_bind as $bind) { if (count($bind['config']) > 1) @@ -516,6 +563,8 @@ function haproxy_writeconf() { else $frontendinfo = "frontend {$bind['name']}\n"; + $advancedextra = array(); + // Prepare ports for processing by splitting $portss = "{$bind['port']},"; $ports = split(",", $portss); @@ -543,14 +592,12 @@ function haproxy_writeconf() { $advanced = base64_decode($bind['advanced']); fwrite($fd, "\t" . $advanced . "\n"); } - + // https is an alias for tcp for clarity purpouses if(strtolower($bind['type']) == "https") { $backend_type = "tcp"; - $httpchk = "ssl-hello-chk"; - } else { + } else { $backend_type = $bind['type']; - $httpchk = "httpchk"; } fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n"); @@ -560,14 +607,18 @@ function haproxy_writeconf() { if($bind['httpclose']) fwrite ($fd, "\toption\t\t\thttpclose\n"); - if($bind['forwardfor']) + if($bind['forwardfor']) { fwrite ($fd, "\toption\t\t\tforwardfor\n"); + fwrite ($fd, "\treqadd X-Forwarded-Proto:\ https\tif { ssl_fc }\n"); + } if($bind['max_connections']) fwrite ($fd, "\tmaxconn\t\t\t" . $bind['max_connections'] . "\n"); - if($bind['client_timeout']) - fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); + if(!$bind['client_timeout']) + $bind['client_timeout'] = 30000; + + fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); // Combine the rest of the listener configs @@ -596,6 +647,15 @@ function haproxy_writeconf() { $a_pendingpl[$poolname]['frontend'] = $bconfig; } + if (strtolower($bind['type']) == "http" && $bconfig['ssloffload'] && $bconfig['ssloffloadacl']) { + $aclname = "SNI_" . $poolname; + $cert_cn = cert_get_cn($bconfig['ssloffloadcert'] ,true); + //$expr = "req_ssl_sni -i $cert_cn"; + $expr = "hdr(host) -i $cert_cn"; + fwrite ($fd, "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n"); + fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclname . "\n"); + } + foreach ($a_acl as $entry) { $acl = haproxy_find_acl($entry['expression']); if (!$acl) @@ -613,13 +673,19 @@ function haproxy_writeconf() { $aclname = $i . "_" . $entry['name']; fwrite ($fd, "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n"); fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclname . "\n"); + + if ($acl['advancedoptions'] != '') + $advancedextra[$acl['syntax']] = $acl['advancedoptions']."\n"; $i++; } } + foreach($advancedextra as $extra) + fwrite ($fd, "\t".$extra."\n"); fwrite ($fd, "\n"); } } + // Construct and write out configuration for each "backend" if (is_array($a_pendingpl) && is_array($a_pools)) { foreach ($a_pendingpl as $pending) { foreach ($a_pools as $pool) { @@ -650,6 +716,9 @@ function haproxy_writeconf() { // create config file fclose($fd); + if ($input_errors) + print_input_errors($input_errors); + if (isset($a_global['carpdev'])) haproxy_install_cron(true); else @@ -820,4 +889,106 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { } } +function get_frontend_id($name) { + global $a_backend; + $i = 0; + foreach($a_backend as $backend) + { + if ($backend['name'] == $name) + return $i; + $i++; + } + return null; +} + +function get_frontend_ipport($fontend) { + global $a_backend; + if ($fontend['secondary'] == 'yes') + $mainfontend = $a_backend[get_frontend_id($fontend['primary_frontend'])]; + else + $mainfontend = $fontend; + if($mainfontend['extaddr'] == "any") + $result = "0.0.0.0"; + elseif($mainfontend['extaddr']) + $result = $mainfontend['extaddr']; + else + $result = get_current_wan_address('wan'); + return $result . ":" . $mainfontend['port']; + return 'abc'; +} + +function haproxy_check_config() { + global $config; + $a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $result = false; + $activefrontends = array(); + $issues = array(); + + foreach($a_backends as $frontend) { + if (($frontend['status'] != 'active') || ($frontend['secondary'] == 'yes')) + continue; + $ipport = get_frontend_ipport($frontend); + if (isset($activefrontends[$ipport])) + $issues['P_'.$ipport] = "Multiple primary frontends with IP:Port \"$ipport\""; + else + $activefrontends[$ipport] = true; + } + foreach($a_backends as $frontend) { + if (($frontend['status'] != 'active') || ($frontend['secondary'] != 'yes')) + continue; + $ipport = get_frontend_ipport($frontend); + if (!isset($activefrontends[$ipport])) + $issues['S_'.$frontend['name']] = "Secondary frontend \"{$frontend['name']}\" without active primary frontend."; + } + foreach ($issues as $item) + $result .= ($result == false ? "" : "<br/>") . $item; + return $result; +} + +function get_haproxy_frontends($excludeitem="") { + global $config; + $a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $result = array(); + foreach($a_frontend as &$frontend) + { + if ($frontend['secondary']) + continue; + if ($frontend['name'] == $excludeitem) + continue; + + $serveradress = "{$frontend['extaddr']}:{$frontend['port']}"; + $result[$frontend['name']]['name'] = "{$frontend['name']} - {$frontend['type']} ({$serveradress})"; + $result[$frontend['name']]['ref'] = &$frontend; + } + asort($result, SORT_STRING); + return $result; +} + +function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) { + $offset = str_repeat(' ',$nestID); + $itemName = "item$nestID"; + echo "{$offset}$nodeName = {};\n"; + if (is_array($items)) + foreach ($items as $key => $item) + { + if (in_array($path.'/'.$key, $includeitems)) + $subpath = $path.'/'.$key; + else + $subpath = $path.'/*'; + if (in_array($subpath, $includeitems) || in_array($path.'/*', $includeitems)) { + if (is_array($item)) { + $subNodeName = "item$nestID"; + phparray_to_javascriptarray_recursive($nestID+1, $subpath, $items[$key], $subNodeName, $includeitems); + echo "{$offset}{$nodeName}['{$key}'] = $itemName;\n"; + } else + echo "{$offset}{$nodeName}['$key'] = '$item';\n"; + } + } +} + +function phparray_to_javascriptarray($items, $javaMapName, $includeitems) +{ + phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); +} + ?> diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index 340c578b..61c654cf 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -48,8 +48,14 @@ if ($_POST) { config_lock(); $retval = haproxy_configure(); config_unlock(); - $savemsg = get_std_save_message($retval); - unlink_if_exists($d_haproxyconfdirty_path); + + $result = haproxy_check_writtenconfig_error(); + if ($result) + $savemsg = gettext($result); + else { + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } } else { if ($_POST['enable']) { $reqdfields = explode(" ", "maxconn"); diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index c5c41714..7b4cf3da 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -34,6 +34,7 @@ require_once("guiconfig.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; require_once("haproxy.inc"); +require_once("certs.inc"); if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); @@ -48,15 +49,28 @@ if ($_POST) { config_lock(); $retval = haproxy_configure(); config_unlock(); - $savemsg = get_std_save_message($retval); - unlink_if_exists($d_haproxyconfdirty_path); + + $result = haproxy_check_writtenconfig_error(); + if ($result) + $savemsg = gettext($result); + else { + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } } +} else { + $result = haproxy_check_config($retval); + if ($result) + $savemsg = gettext($result); } +$id = $_GET['id']; +$id = get_frontend_id($id); + if ($_GET['act'] == "del") { - if (isset($a_backend[$_GET['id']])) { + if (isset($a_backend[$id])) { if (!$input_errors) { - unset($a_backend[$_GET['id']]); + unset($a_backend[$id]); write_config(); touch($d_haproxyconfdirty_path); } @@ -98,77 +112,101 @@ include("head.inc"); <tr> <td> <div id="mainarea"> - <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Name</td> - <td width="30%" class="listhdrr">Description</td> - <td width="20%" class="listhdrr">Address</td> - <td width="10%" class="listhdrr">Type</td> - <td width="10%" class="listhdrr">Server pool</td> - <td width="5%" class="list"></td> + <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="5%" class="listhdrr">Primary</td> + <td width="20%" class="listhdrr">Advanced</td> + <td width="20%" class="listhdrr">Name</td> + <td width="30%" class="listhdrr">Description</td> + <td width="20%" class="listhdrr">Address</td> + <td width="5%" class="listhdrr">Type</td> + <td width="10%" class="listhdrr">Server pool</td> + <td width="20%" class="listhdrr">Parent</td> + <td width="5%" class="list"></td> </tr> <?php - $i = 0; - foreach ($a_backend as $backend): - $textss = $textse = ""; - if ($backend['status'] != 'active') { - $textss = "<span class=\"gray\">"; - $textse = "</span>"; + + function sort_backends(&$a, &$b) { + if ($a['ipport'] != $b['ipport']) + return $a['ipport'] > $b['ipport'] ? 1 : -1; + if ($a['secondary'] != $b['secondary']) + return $a['secondary'] > $b['secondary'] ? 1 : -1; + if ($a['name'] != $b['name']) + return $a['name'] > $b['name'] ? 1 : -1; + return 0; } -?> - <tr> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';"> - <?=$textss . $backend['name'] . $textse;?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';"> - <?=$textss . $backend['desc'] . $textse;?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';"> -<?php - echo $textss; - if($backend['extaddr'] == "any") - echo "0.0.0.0"; - elseif($backend['extaddr']) - echo $backend['extaddr']; - else - echo get_current_wan_address('wan'); - echo ":" . $backend['port']; - echo $textse; -?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';"> - <?=$textss . $backend['type'] . $textse;?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$i;?>';"> - <?=$textss . $backend['backend_serverpool'] . $textse;?> - </td> - <td class="list" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tfoot> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="haproxy_listeners_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - </tfoot> - </table> + foreach($a_backend as &$backend2) { + $backend2['ipport'] = get_frontend_ipport($backend2); + } + usort($a_backend,'sort_backends'); + + $certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; + unset($ipport_previous); + foreach ($a_backend as $backend): + $backendname = $backend['name']; + $textgray = $backend['status'] != 'active' ? " gray" : ""; + if (isset($ipport_previous ) && $backend['ipport'] != $ipport_previous): + ?> + <tr class="<?=$textgray?>"><td collspan="7"> </td></tr> + <? + endif; + $ipport_previous = $backend['ipport']; + ?> + <tr class="<?=$textgray?>"> + <td class="listlr" style="<?=$backend['secondary']=='yes'?"visibility:hidden;":""?>" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> + <?=$backend['secondary']!='yes'?"yes":"no";?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> + <? if (strtolower($backend['type']) == "http" && $backend['ssloffload']): + $cert = lookup_cert($backend['ssloffloadcert']);?> + <img src="<?=$certimg;?>" alt="SSL offloading" title="SSL offloading cert: '<?=$cert['descr'];?>'" border="0" height="16" width="16" /> + <? endif;?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> + <?=$backend['name'];?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> + <?=$backend['desc'];?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> + <?=$backend['ipport'];?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> + <?=$backend['type']?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> + <?=$backend['backend_serverpool']?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> + <?=$backend['secondary'] == 'yes' ? $backend['primary_frontend'] : "";?> + </td> + <td class="list" nowrap> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$backendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$backendname;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$backendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + <?php endforeach; ?> + <tfoot> + <tr> + <td class="list" colspan="8"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="haproxy_listeners_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </tfoot> + </table> </div> </table> - </form> + </form> <?php include("fend.inc"); ?> </body> </html> diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index 4a802ef2..0826010c 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -33,6 +33,16 @@ require("guiconfig.inc"); require_once("haproxy.inc"); +/* Compatibility function for pfSense 2.0 */ +if (!function_exists("cert_get_purpose")) { + function cert_get_purpose(){ + $result = array(); + $result['server'] = "Yes"; + return $result; + } +} +/**/ + function get_certificat_usage($refid) { $usage = array(); $cert = lookup_cert($refid); @@ -48,13 +58,14 @@ function get_certificat_usage($refid) { $usage[] = "OpenVPN Client"; if (is_ipsec_cert($cert['refid'])) $usage[] = "IPsec Tunnel"; - if (is_captiveportal_cert($refid)) - $usage[] = "Captive Portal"; + if (function_exists("is_captiveportal_cert")) + if (is_captiveportal_cert($refid)) + $usage[] = "Captive Portal"; return $usage; } -/// This function (is intendet to) provides a uniform way to retrieve a list of use selectable certificates +// This function (is intended to) provides a uniform way to retrieve a list of server certificates function get_certificates_server($get_includeWebCert=false) { global $config; $certificates=array(); @@ -64,6 +75,10 @@ function get_certificates_server($get_includeWebCert=false) { if ($get_ca == false && is_webgui_cert($cert['refid'])) continue; + $purpose = cert_get_purpose($cert['crt']); + if ($purpose['server'] != 'Yes') + continue; + $selected = ""; $caname = ""; $inuse = ""; @@ -86,18 +101,20 @@ function get_certificates_server($get_includeWebCert=false) { if ($usagestr != "") $usagestr = " (".trim($usagestr).")"; - $certificates[$cert['refid']] = $cert['descr'] . $caname . $inuse . $revoked . $usagestr; + $certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $inuse . $revoked . $usagestr; } return $certificates; } -function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="") +function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="") { - if (count($keyvaluelist)>0){ - echo "<select name=\"$name\" class=\"formselect\">"; + if (count($keyvaluelist)>0){ + if ($onchangeEvent != "") + $onchangeEvent .= " onchange=$onchangeEvent"; + echo "<select name=\"$name\" id=\"$name\" class=\"formselect\"$onchangeEvent>"; foreach($keyvaluelist as $key => $desc){ $selectedhtml = $key == $selected ? "selected" : ""; - echo "<option value=\"{$key}\" {$selectedhtml}>{$desc}</option>"; + echo "<option value=\"{$key}\" {$selectedhtml}>{$desc['name']}</option>"; } echo "</select>"; } else { @@ -125,6 +142,9 @@ if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { $a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item']; $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item']; +global $simplefields; +$simplefields = array('name','desc','status','secondary','primary_frontend','type','forwardfor','httpclose','extaddr','backend_serverpool', + 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl'); if (isset($_POST['id'])) $id = $_POST['id']; @@ -134,27 +154,14 @@ else if (isset($_GET['dup'])) $id = $_GET['dup']; -if (isset($id) && $a_backend[$id]) { - $pconfig['name'] = $a_backend[$id]['name']; - $pconfig['desc'] = $a_backend[$id]['desc']; - $pconfig['status'] = $a_backend[$id]['status']; - - $pconfig['type'] = $a_backend[$id]['type']; +$id = get_frontend_id($id); - $pconfig['forwardfor'] = $a_backend[$id]['forwardfor']; - $pconfig['httpclose'] = $a_backend[$id]['httpclose']; - - $pconfig['type'] = $a_backend[$id]['type']; - $pconfig['extaddr'] = $a_backend[$id]['extaddr']; - $pconfig['backend_serverpool'] = $a_backend[$id]['backend_serverpool']; - $pconfig['max_connections'] = $a_backend[$id]['max_connections']; - $pconfig['client_timeout'] = $a_backend[$id]['client_timeout']; - $pconfig['port'] = $a_backend[$id]['port']; +if (isset($id) && $a_backend[$id]) { $pconfig['a_acl']=&$a_backend[$id]['ha_acls']['item']; $pconfig['advanced'] = base64_decode($a_backend[$id]['advanced']); - $pconfig['ssloffloadcert'] = $a_backend[$id]['ssloffloadcert']; - $pconfig['dcertadv'] = $a_backend[$id]['dcertadv']; - $pconfig['ssloffload'] = $a_backend[$id]['ssloffload']; + + foreach($simplefields as $stat) + $pconfig[$stat] = $a_backend[$id][$stat]; } if (isset($_GET['dup'])) @@ -184,13 +191,13 @@ if ($_POST) { if ($port && !is_numeric($port)) $input_errors[] = "The field 'Port' value is not a number."; - if (!is_numeric($_POST['client_timeout'])) + if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout'])) $input_errors[] = "The field 'Client timeout' value is not a number."; /* Ensure that our pool names are unique */ for ($i=0; isset($config['installedpackages']['haproxy']['ha_backends']['item'][$i]); $i++) if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_backends']['item'][$i]['name']) && ($i != $id)) - $input_errors[] = "This frontend name has already been used. Frontend names must be unique."; + $input_errors[] = "This frontend name has already been used. Frontend names must be unique. $i != $id"; $a_acl=array(); $acl_names=array(); @@ -235,24 +242,11 @@ if ($_POST) { if($backend['name'] != "") $changedesc .= " modified '{$backend['name']}' pool:"; + foreach($simplefields as $stat) + update_if_changed($stat, $backend[$stat], $_POST[$stat]); - update_if_changed("name", $backend['name'], $_POST['name']); - update_if_changed("description", $backend['desc'], $_POST['desc']); - update_if_changed("status", $backend['status'], $_POST['status']); - update_if_changed("type", $backend['type'], $_POST['type']); - update_if_changed("cookie_name", $backend['cookie_name'], $_POST['cookie_name']); - update_if_changed("forwardfor", $backend['forwardfor'], $_POST['forwardfor']); - update_if_changed("httpclose", $backend['httpclose'], $_POST['httpclose']); - update_if_changed("type", $backend['type'], $_POST['type']); - update_if_changed("port", $backend['port'], $_POST['port']); - update_if_changed("extaddr", $backend['extaddr'], $_POST['extaddr']); - update_if_changed("backend_serverpool", $backend['backend_serverpool'], $_POST['backend_serverpool']); - update_if_changed("max_connections", $backend['max_connections'], $_POST['max_connections']); - update_if_changed("client_timeout", $backend['client_timeout'], $_POST['client_timeout']); + update_if_changed("advanced", $backend['advanced'], base64_encode($_POST['advanced'])); - update_if_changed("ssloffloadcert", $backend['ssloffloadcert'], $_POST['ssloffloadcert']); - update_if_changed("dcertadv", $backend['dcertadv'], $_POST['dcertadv']); - update_if_changed("ssloffload", $backend['ssloffload'], $_POST['ssloffload']); $backend['ha_acls']['item'] = $a_acl; if (isset($id) && $a_backend[$id]) { @@ -275,15 +269,22 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; +if (!$id) +{ + //default value for new items. + $pconfig['ssloffloadacl'] = "yes"; +} + $pgtitle = "HAProxy: Frontend: Edit"; include("head.inc"); - ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()"> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <style type="text/css"> .haproxy_mode_http{display:none;} .haproxy_ssloffloading_enabled{display:none;} + .haproxy_primary{} + .haproxy_secondary{display:none;} </style> <?php if($one_two): ?> @@ -448,20 +449,32 @@ include("head.inc"); function updatevisibility() { + d = document; + ssloffload = d.getElementById("ssloffload"); + type = d.getElementById("type"); + secondary = d.getElementById("secondary"); + primary_frontend = d.getElementById("primary_frontend"); + + if (secondary.checked) + type = primaryfrontends[primary_frontend.value]['ref']['type']; + else + type = d.getElementById("type").value; + setCSSdisplay(".haproxy_ssloffloading_enabled", ssloffload.checked); - setCSSdisplay(".haproxy_mode_http", type.value == "http"); + setCSSdisplay(".haproxy_mode_http", type == "http"); + setCSSdisplay(".haproxy_primary", !secondary.checked); + setCSSdisplay(".haproxy_secondary", secondary.checked); + + type_change(type); } - function type_change() { - var type, d, i, j, el, row; + function type_change(type) { + var d, i, j, el, row; var count = <?=count($a_acltypes);?>; var acl = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['name']."'," ?> ]; var mode = [ <?php foreach ($a_acltypes as $expr) echo "'".$expr['mode']."'," ?> ]; d = document; - type = d.getElementById("type").value; - - for (i = 0; i < 99; i++) { el = d.getElementById("acl_expression" + i); row = d.getElementById("aclrow" + i); @@ -477,7 +490,6 @@ include("head.inc"); } } } - updatevisibility(); } </script> <?php include("fbegin.inc"); ?> @@ -512,11 +524,30 @@ include("head.inc"); </select> </td> </tr> - <tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Shared Frontend</td> + <td width="78%" class="vtable" colspan="2"> + <input id="secondary" name="secondary" type="checkbox" value="yes" <?php if ($pconfig['secondary']=='yes') echo "checked"; ?> onclick="updatevisibility();"/> + Use this setting to configure multiple backends/accesslists for a single frontend.<br/> + All settings of which only 1 can exist will be hidden.<br/> + The frontend settings will be merged into 1 set of frontend configuration. + </td> + </tr> + <tr class="haproxy_secondary" align="left"> + <td width="22%" valign="top" class="vncellreq">Primary frontend</td> + <td width="78%" class="vtable" colspan="2"> + <? + $primaryfrontends = get_haproxy_frontends($pconfig['name']); + echo_html_select('primary_frontend',$primaryfrontends, $pconfig['primary_frontend'],"You must first create a 'primary' frontend.","updatevisibility();"); + ?> + </td> + </tr> + <tr class="haproxy_primary"> <td width="22%" valign="top" class="vncellreq">External address</td> <td width="78%" class="vtable"> <select name="extaddr" class="formfld"> <option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option> + <option value="localhost" <?php if ('localhost' == $pconfig['extaddr']) echo "selected"; ?>>Localhost</option> <?php if (is_array($config['virtualip']['vip'])): foreach ($config['virtualip']['vip'] as $sn): @@ -538,13 +569,19 @@ include("head.inc"); </span> </td> </tr> - <tr align="left"> + <tr class="haproxy_primary" align="left"> <td width="22%" valign="top" class="vncellreq">External port</td> <td width="78%" class="vtable" colspan="2"> <input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="30" maxlength="500"> <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div> </td> </tr> + <tr class="haproxy_primary" align="left"> + <td width="22%" valign="top" class="vncellreq">Max connections</td> + <td width="78%" class="vtable" colspan="2"> + <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10"> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq">Backend server pool</td> <td width="78%" class="vtable"> @@ -562,17 +599,17 @@ include("head.inc"); } ?> </select> - <tr align="left"> + <tr class="haproxy_primary" align="left"> <td width="22%" valign="top" class="vncellreq">Type</td> <td width="78%" class="vtable" colspan="2"> - <select name="type" id="type" onchange="type_change();"> + <select name="type" id="type" onchange="updatevisibility();"> <option value="http"<?php if($pconfig['type'] == "http") echo " SELECTED"; ?>>HTTP</option> <option value="https"<?php if($pconfig['type'] == "https") echo " SELECTED"; ?>>HTTPS</option> <option value="tcp"<?php if($pconfig['type'] == "tcp") echo " SELECTED"; ?>>TCP</option> <option value="health"<?php if($pconfig['type'] == "health") echo " SELECTED"; ?>>Health</option> </select> </td> - </tr> + </tr> <tr> <td width="22%" valign="top" class="vncell">Access Control lists</td> <td width="78%" class="vtable" colspan="2" valign="top"> @@ -631,21 +668,15 @@ include("head.inc"); </tr> </table> <br/> <br/> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table class="haproxy_primary" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td colspan="2" valign="top" class="listtopic">Advanced settings</td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Max connections</td> - <td width="78%" class="vtable" colspan="2"> - <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10"> - </td> - </tr> - <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Client timeout</td> + <td width="22%" valign="top" class="vncell">Client timeout</td> <td width="78%" class="vtable" colspan="2"> <input name="client_timeout" type="text" <?if(isset($pconfig['client_timeout'])) echo "value=\"{$pconfig['client_timeout']}\"";?> size="10" maxlength="10"> - <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).</div> + <div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (default 30000).</div> </td> </tr> <tr align="left"> @@ -655,7 +686,11 @@ include("head.inc"); <br/> The 'forwardfor' option creates an HTTP 'X-Forwarded-For' header which contains the client's IP address. This is useful to let the final web server - know what the client address was (eg for statistics on domains) + know what the client address was. (eg for statistics on domains)<br/> + <br/> + It is important to note that as long as HAProxy does not support keep-alive connections, + only the first request of a connection will receive the header. For this reason, + it is important to ensure that option httpclose is set when using this option. </td> </tr> <tr align="left"> @@ -676,8 +711,10 @@ include("head.inc"); NOTE: paste text into this box that you would like to pass thru. </td> </tr> + <tr> + <td> </td> + </tr> </table> - <br/> <br/> <? global $haproxy_sni_ssloffloading; if ($haproxy_sni_ssloffloading): @@ -698,14 +735,20 @@ include("head.inc"); <td width="22%" valign="top" class="vncell">Certificate</td> <td width="78%" class="vtable" colspan="2"> <? - //$servercerts = get_certificates_server(); - //echo_html_select("ssloffloadcert", $servercerts, $pconfig['ssloffloadcert'], '<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>.'); + $servercerts = get_certificates_server(); + echo_html_select("ssloffloadcert", $servercerts, $pconfig['ssloffloadcert'], '<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>.'); ?> <br/> NOTE: choose the cert to use on this frontend. </td> </tr> <tr class="haproxy_ssloffloading_enabled" align="left"> + <td width="22%" valign="top" class="vncell">ACL for certificate CN</td> + <td width="78%" class="vtable" colspan="2"> + <input id="ssloffloadacl" name="ssloffloadacl" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacl']=='yes') echo "checked";?> onclick="updatevisibility();">Add ACL for certificate CommonName.</input> + </td> + </tr> + <tr class="haproxy_ssloffloading_enabled" align="left"> <td width="22%" valign="top" class="vncell">Advanced ssl options</td> <td width="78%" class="vtable" colspan="2"> <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64"> @@ -728,7 +771,7 @@ include("head.inc"); <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> <?php if (isset($id) && $a_backend[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=$a_backend[$id]['name'];?>"> <?php endif; ?> </td> </tr> @@ -742,10 +785,18 @@ include("head.inc"); </form> <br> <script type="text/javascript"> +<? + phparray_to_javascriptarray($primaryfrontends,"primaryfrontends",Array('/*','/*/name','/*/ref','/*/ref/type','/*/ref/ssloffload')); +?> + +</script> +<script type="text/javascript"> field_counter_js = 3; rows = 1; totalrows = <?php echo $counter; ?>; loaded = <?php echo $counter; ?>; + + updatevisibility(); </script> <?php include("fend.inc"); ?> </body> diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index fa46efb2..2ee880a2 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -88,13 +88,13 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; - if (!is_numeric($_POST['connection_timeout'])) + if ($_POST['connection_timeout'] !== "" && !is_numeric($_POST['connection_timeout'])) $input_errors[] = "The field 'Connection timeout' value is not a number."; - if (!is_numeric($_POST['server_timeout'])) + if ($_POST['server_timeout'] !== "" && !is_numeric($_POST['server_timeout'])) $input_errors[] = "The field 'Server timeout' value is not a number."; - if (!$_POST['retries'] && is_numeric($_POST['retries'])) + if ($_POST['retries'] !== "" && !is_numeric($_POST['retries'])) $input_errors[] = "The field 'Retries' value is not a number."; if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) @@ -113,8 +113,9 @@ if ($_POST) { $server_name=$_POST['server_name'.$x]; $server_address=$_POST['server_address'.$x]; $server_port=$_POST['server_port'.$x]; + $server_ssl=$_POST['server_ssl'.$x]; $server_weight=$_POST['server_weight'.$x]; - $server_backup=$_POST['server_backup'.$x]; + $server_status=$_POST['server_status'.$x]; if ($server_address) { @@ -122,8 +123,9 @@ if ($_POST) { $server['name']=$server_name; $server['address']=$server_address; $server['port']=$server_port; + $server['ssl']=$server_ssl; $server['weight']=$server_weight; - $server['backup']=$server_backup; + $server['status']=$server_status; $a_servers[]=$server; if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name)) @@ -215,7 +217,7 @@ row_helper(); <input type='hidden' name='address_type' value='textbox' /> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="updatevisibility()"> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC""> <style type="text/css"> .haproxy_stats_visible{display:none;} </style> @@ -257,12 +259,15 @@ row_helper(); rowname[2] = "server_port"; rowtype[2] = "textbox"; rowsize[2] = "5"; - rowname[3] = "server_weight"; - rowtype[3] = "textbox"; + rowname[3] = "server_ssl"; + rowtype[3] = "checkbox"; rowsize[3] = "5"; - rowname[4] = "server_backup"; - rowtype[4] = "checkbox"; + rowname[4] = "server_weight"; + rowtype[4] = "textbox"; rowsize[4] = "5"; + rowname[5] = "server_status"; + rowtype[5] = "select"; + rowsize[5] = "1"; </script> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> @@ -295,16 +300,15 @@ row_helper(); </td> </tr> <tr align="left"> - <td class="vncellreq" colspan="3">Server list</td> - </tr> - <tr> - <td width="78%" class="vtable" colspan="2" valign="top"> + <td class="vncell" colspan="3"><strong>Server list</strong> + <table class="" width="100%" cellpadding="0" cellspacing="0" id='servertable'> <tr> <td width="30%" class="listhdrr">Name</td> <td width="30%" class="listhdrr">Address</td> <td width="18%" class="listhdrr">Port</td> - <td width="18%" class="listhdrr">Weight</td> + <td width="5%" class="listhdrr">SSL</td> + <td width="8%" class="listhdrr">Weight</td> <td width="5%" class="listhdr">Backup</td> <td width="4%" class=""></td> </tr> @@ -322,8 +326,9 @@ row_helper(); <td class="vtable listlr"><?=$server['name']; ?></td> <td class="vtable listr"><?=$server['address']; ?></td> <td class="vtable listr"><?=$server['port']; ?></td> + <td class="vtable listr"><?=$server['ssl']=='yes'?'yes':'no'; ?></td> <td class="vtable listr"><?=$server['weight']; ?></td> - <td class="vtable listr"><?=$server['backup']; ?></td> + <td class="vtable listr"><?=$server['status']; ?></td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"><tr> <td valign="middle"> @@ -345,9 +350,17 @@ row_helper(); <td class="vtable"> <input name="server_port<?=$counter;?>" id="server_port<?=$counter;?>" type="text" value="<?=$server['port']; ?>" size="5"/></td> <td class="vtable"> + <input name="server_ssl<?=$counter;?>" id="server_ssl<?=$counter;?>" type="checkbox" value="yes" <?=$server['ssl']=='yes'?"checked":""; ?> size="5"/></td> + <td class="vtable"> <input name="server_weight<?=$counter;?>" id="server_weight<?=$counter;?>" type="text" value="<?=$server['weight']; ?>" size="5"/></td> <td class="vtable"> - <input name="server_backup<?=$counter;?>" id="server_backup<?=$counter;?>" type="checkbox" value="yes" <?php if ($server['backup']=='yes') echo "checked"; ?>/></td> + <select name="server_status<?=$counter;?>" id="server_status<?=$counter;?>"> + <option value="active" <?php if($server['status']=='active') echo "SELECTED";?>>active</option> + <option value="backup" <?php if($server['status']=='backup') echo "SELECTED";?>>backup</option> + <option value="disabled" <?php if($server['status']=='disabled') echo "SELECTED";?>>disabled</option> + <option value="inactive" <?php if($server['status']=='inactive') echo "SELECTED";?>>inactive</option> + </select> + </td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"><tr> <td valign="middle"> @@ -437,7 +450,7 @@ row_helper(); <td width="22%" valign="top" class="vncell">Check freq</td> <td width="78%" class="vtable" colspan="2"> <input name="checkinter" type="text" <?if(isset($pconfig['checkinter'])) echo "value=\"{$pconfig['checkinter']}\"";?>size="20"> milliseconds - <br/>Defaults to 1000 if left blank. + <br/>For HTTP/HTTPS defaults to 1000 if left blank. For TCP no check will be performed if left empty. </td> </tr> <tr align="left"> @@ -473,17 +486,17 @@ row_helper(); <td colspan="2" valign="top" class="listtopic">Advanced settings</td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Connection timeout</td> + <td width="22%" valign="top" class="vncell">Connection timeout</td> <td width="78%" class="vtable" colspan="2"> <input name="connection_timeout" type="text" <?if(isset($pconfig['connection_timeout'])) echo "value=\"{$pconfig['connection_timeout']}\"";?> size="64"> - <div>the time (in milliseconds) we give up if the connection does not complete within (30000).</div> + <div>the time (in milliseconds) we give up if the connection does not complete within (default 30000).</div> </td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncellreq">Server timeout</td> + <td width="22%" valign="top" class="vncell">Server timeout</td> <td width="78%" class="vtable" colspan="2"> <input name="server_timeout" type="text" <?if(isset($pconfig['server_timeout'])) echo "value=\"{$pconfig['server_timeout']}\"";?> size="64"> - <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).</div> + <div>the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (default 30000).</div> </td> </tr> <tr align="left"> @@ -582,10 +595,11 @@ set by the 'retries' parameter.</div> <br> <?php include("fend.inc"); ?> <script type="text/javascript"> - field_counter_js = 5; + field_counter_js = 6; rows = 1; totalrows = <?php echo $counter; ?>; loaded = <?php echo $counter; ?>; + updatevisibility(); </script> </body> </html> @@ -593,6 +607,13 @@ set by the 'retries' parameter.</div> <?php function row_helper() { + $options = <<<EOD + <option value='active' SELECTED>active</option>"+ +" <option value='backup'>backup</option>"+ +" <option value='disabled'>disabled</option>"+ +" <option value='inactive'>inactive</option> +EOD; + echo <<<EOF <script type="text/javascript"> // Global Variables diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php index bad4bf09..07e7d106 100644 --- a/config/haproxy-devel/haproxy_pools.php +++ b/config/haproxy-devel/haproxy_pools.php @@ -52,8 +52,14 @@ if ($_POST) { config_lock(); $retval = haproxy_configure(); config_unlock(); - $savemsg = get_std_save_message($retval); - unlink_if_exists($d_haproxyconfdirty_path); + + $result = haproxy_check_writtenconfig_error(); + if ($result) + $savemsg = gettext($result); + else { + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } } } diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml index efa82384..e45baa1a 100644 --- a/config/openbgpd/openbgpd_neighbors.xml +++ b/config/openbgpd/openbgpd_neighbors.xml @@ -100,13 +100,13 @@ <field> <fielddescr>TCP-MD5 key</fielddescr> <fieldname>md5sigkey</fieldname> - <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers.</description> + <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers. You need the Local Addr option to be set.</description> <type>input</type> </field> <field> <fielddescr>TCP-MD5 password</fielddescr> <fieldname>md5sigpass</fieldname> - <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router.</description> + <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router. You need the Local Addr option to be set.</description> <type>input</type> </field> <field> diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc index 89610565..e9bd2814 100644 --- a/config/systempatches/patches.inc +++ b/config/systempatches/patches.inc @@ -29,7 +29,7 @@ require_once("globals.inc"); require_once("util.inc"); -$git_root_url = "http://github.com/bsdperimeter/pfsense/commit/"; +$git_root_url = "http://github.com/pfsense/pfsense/commit/"; $patch_suffix = ".patch"; $patch_dir = "/var/patches"; $patch_cmd = "/usr/bin/patch"; @@ -139,4 +139,4 @@ function is_github_url($url) { $urlbits = explode("/", $url); return (substr($urlbits[2], -10) == "github.com"); } -?>
\ No newline at end of file +?> |