From 826b152e5d25978f8b9306f90450197ce4f4827b Mon Sep 17 00:00:00 2001
From: PiBa-NL <pba_2k3@yahoo.com>
Date: Sat, 16 Mar 2013 21:19:40 +0100
Subject: haproxy-devel -allow advanced configuration like a cookie per
 backend-server -show if ACLs have been used in the overview -fixed global
 advanced option saving -show all certificates, as filtering server certs
 didn't work properly..

---
 config/haproxy-devel/haproxy.inc                | 70 +++++++++++++++++++------
 config/haproxy-devel/haproxy_global.php         | 13 ++---
 config/haproxy-devel/haproxy_listeners.php      | 18 ++++---
 config/haproxy-devel/haproxy_listeners_edit.php | 16 +++---
 config/haproxy-devel/haproxy_pool_edit.php      | 53 ++++++++++---------
 config/haproxy-devel/haproxy_pools.php          |  9 ++--
 6 files changed, 114 insertions(+), 65 deletions(-)

diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index a03bf219..a8fc1497 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -32,7 +32,6 @@ require_once("functions.inc");
 require_once("pkg-utils.inc");
 require_once("notices.inc");
 
-
 global $haproxy_sni_ssloffloading;
 $haproxy_sni_ssloffloading=true;// can only be used with recent 1.5-dev17 builds.
 
@@ -439,7 +438,7 @@ function write_backend($fd, $name, $pool, $frontend) {
 				$isbackup = "";
 			}
 			$ssl = ($backend_type == "http" && $be['ssl'] == 'yes') ? ' ssl' : "";
-			fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter $isbackup weight " . $be['weight'] . "{$advanced_txt}\n");
+			fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter $isbackup weight " . $be['weight'] . "{$advanced_txt} {$be['advanced']}\n");
 		}
 	}
 	fwrite ($fd, "\n");
@@ -451,12 +450,20 @@ function haproxy_configure() {
 	return haproxy_check_run(1);
 }
 
-function haproxy_check_writtenconfig_error() {
-	$configcheckoutput = shell_exec("haproxy -c -V -f /var/etc/haproxy.cfg 2>&1");
-	if (!strstr($configcheckoutput, "Configuration file is valid"))
-		return str_replace("\n","<br/>\n", $configcheckoutput);
-	else
-		return false;
+function haproxy_check_writtenconfig_error(&$messages) {
+	$retval = exec("haproxy -c -V -f /var/etc/haproxy.cfg 2>&1", $output, $err);
+	$messages = "";
+	if ($err > 1)
+		$messages = "<h2><strong>FATAL ERROR CODE: $err while starting haproxy</strong></h2>";
+	elseif ($err == 1)
+		$messages = "Errors found while starting haproxy";
+		
+	if ((count($output) > 1) && $output[0] != "Configuration file is valid")
+	{
+		foreach($output as $line)
+			$messages .= "<br/>" . htmlspecialchars($line) . "\n";
+	}
+	return (strstr($retval, "Configuration file is valid"));
 }
 
 function haproxy_writeconf() {
@@ -540,6 +547,7 @@ function haproxy_writeconf() {
 				$b['max_connections'] = $backend['max_connections'];
 				$b['client_timeout'] = $backend['client_timeout'];
 				$b['advanced'] = $backend['advanced'];
+				$b['ssloffload'] = $backend['ssloffload'];
 			}
 			
 			if ($ssl_crt != "") {
@@ -594,7 +602,7 @@ function haproxy_writeconf() {
 			}
 
 			// https is an alias for tcp for clarity purpouses
-			if(strtolower($bind['type']) == "https") {
+			if($bind['type'] == "https") {
 				$backend_type = "tcp";
 			} else {
 				$backend_type = $bind['type'];
@@ -604,12 +612,18 @@ function haproxy_writeconf() {
 			fwrite ($fd, "\tlog\t\t\tglobal\n");
 			fwrite ($fd, "\toption\t\t\tdontlognull\n");
 
-			if($bind['httpclose']) 
-				fwrite ($fd, "\toption\t\t\thttpclose\n");
+			if ($backend_type == 'http')
+			{
+				if($bind['httpclose']) 
+					fwrite ($fd, "\toption\t\t\thttpclose\n");
 
-			if($bind['forwardfor']) {
-				fwrite ($fd, "\toption\t\t\tforwardfor\n");
-				fwrite ($fd, "\treqadd X-Forwarded-Proto:\ https\tif { ssl_fc }\n");
+				if($bind['forwardfor']) {
+					fwrite ($fd, "\toption\t\t\tforwardfor\n");
+					if($bind['ssloffload'] == "yes")
+						fwrite ($fd, "\treqadd X-Forwarded-Proto:\ https\n");
+					else
+						fwrite ($fd, "\treqadd X-Forwarded-Proto:\ http\n");
+				}
 			}
 
 			if($bind['max_connections'])
@@ -678,7 +692,6 @@ function haproxy_writeconf() {
 						$advancedextra[$acl['syntax']] = $acl['advancedoptions']."\n";
 					$i++;
 				}
-
 			}
 			foreach($advancedextra as $extra)
 				fwrite ($fd, "\t".$extra."\n");
@@ -717,7 +730,10 @@ function haproxy_writeconf() {
 	fclose($fd);
 
 	if ($input_errors)
+	{
+		require_once("guiconfig.inc");
 		print_input_errors($input_errors);
+	}
 	
 	if (isset($a_global['carpdev']))
 		haproxy_install_cron(true);
@@ -964,6 +980,30 @@ function get_haproxy_frontends($excludeitem="") {
 	return $result;
 }
 
+function get_frontent_acls($frontend) {
+	$result = array();
+	$a_acl = &$frontend['ha_acls']['item'];
+	if (is_array($a_acl))
+	{
+		foreach ($a_acl as $entry) {
+			$acl = haproxy_find_acl($entry['expression']);
+			if (!$acl)
+				continue;
+
+			// Filter out acls for different modes
+			if ($acl['mode'] != '' && $acl['mode'] != strtolower($frontend['type']))
+				continue;
+			
+			$acl_item = array();
+			$acl_item['descr'] = $acl['descr'] . " " . $entry['value'];
+			$acl_item['ref'] = $entry;
+			
+			$result[] = $acl_item;
+		}
+	}
+	return $result;
+}
+
 function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) {
 	$offset = str_repeat('  ',$nestID);
 	$itemName = "item$nestID";
diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php
index 61c654cf..8e2949fd 100755
--- a/config/haproxy-devel/haproxy_global.php
+++ b/config/haproxy-devel/haproxy_global.php
@@ -49,13 +49,10 @@ if ($_POST) {
 		$retval = haproxy_configure();
 		config_unlock();
 
-		$result = haproxy_check_writtenconfig_error();
+		$result = haproxy_check_writtenconfig_error($messages);
+		$savemsg = $messages;
 		if ($result)
-			$savemsg = gettext($result);
-		else {
-			$savemsg = get_std_save_message($retval);
 			unlink_if_exists($d_haproxyconfdirty_path);
-		}
 	} else {
 		if ($_POST['enable']) {
 			$reqdfields = explode(" ", "maxconn");
@@ -89,7 +86,7 @@ if ($_POST) {
 			$config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false;
 			$config['installedpackages']['haproxy']['carpdev'] = $_POST['carpdev'] ? $_POST['carpdev'] : false;
 			$config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false;
-			$config['installedpackages']['haproxy']['advanced'] = base64_encode($_POST['advanced']) ? $_POST['advanced'] : false;
+			$config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false;
 			$config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false;			
 			touch($d_haproxyconfdirty_path);
 			write_config();
@@ -146,7 +143,7 @@ function enable_change(enable_change) {
 <?php if ($input_errors) print_input_errors($input_errors); ?>
 <?php if ($savemsg) print_info_box($savemsg); ?>
 <?php if (file_exists($d_haproxyconfdirty_path)): ?><p>
-<?php print_info_box_np("The load balancer configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
+<?php print_info_box_np("The haproxy configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
 <?php endif; ?>
 <table width="100%" border="0" cellpadding="0" cellspacing="0">
 	<tr><td class="tabnavtbl">
@@ -344,7 +341,7 @@ function enable_change(enable_change) {
 			<tr>
 				<td width="22%" valign="top" class="vncell">Synchronization password</td>
 				<td width="78%" class="vtable">
-					<input name="syncpassword" type="password" value="<?=$pconfig['syncpassword'];?>">
+					<input name="syncpassword" type="password" autocomplete="off" value="<?=$pconfig['syncpassword'];?>">
 					<br/>
 					<strong>Enter the password that will be used during configuration synchronization.  This is generally the remote webConfigurator password.</strong>
 				</td>
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php
index 7b4cf3da..6f8e5142 100644
--- a/config/haproxy-devel/haproxy_listeners.php
+++ b/config/haproxy-devel/haproxy_listeners.php
@@ -50,13 +50,10 @@ if ($_POST) {
 		$retval = haproxy_configure();
 		config_unlock();
 
-		$result = haproxy_check_writtenconfig_error();
+		$result = haproxy_check_writtenconfig_error($messages);
+		$savemsg = $messages;
 		if ($result)
-			$savemsg = gettext($result);
-		else {
-			$savemsg = get_std_save_message($retval);
 			unlink_if_exists($d_haproxyconfdirty_path);
-		}
 	}
 } else {
 	$result = haproxy_check_config($retval);
@@ -96,7 +93,7 @@ include("head.inc");
 <?php if ($input_errors) print_input_errors($input_errors); ?>
 <?php if ($savemsg) print_info_box($savemsg); ?>
 <?php if (file_exists($d_haproxyconfdirty_path)): ?><p>
-<?php print_info_box_np("The virtual server configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
+<?php print_info_box_np("The haproxy configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
 <?php endif; ?>
 <table width="100%" border="0" cellpadding="0" cellspacing="0">
   <tr><td class="tabnavtbl">
@@ -161,6 +158,15 @@ include("head.inc");
 					$cert = lookup_cert($backend['ssloffloadcert']);?>
 					<img src="<?=$certimg;?>" alt="SSL offloading" title="SSL offloading cert: '<?=$cert['descr'];?>'" border="0" height="16" width="16" />
 				<? endif;?>
+				<?
+				$acls = get_frontent_acls($backend);
+				$isadvset = "";
+				foreach ($acls as $acl) {
+					$isadvset .= "&#10;" . $acl['descr'];
+				}
+				if ($isadvset) 
+					echo "<img src=\"./themes/{$g['theme']}/images/icons/icon_advanced.gif\" title=\"" . gettext("advanced settings set") . ": {$isadvset}\" border=\"0\">";
+				?>
 			  </td>
 			  <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';">
 				<?=$backend['name'];?>
diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php
index 0826010c..afd424c7 100644
--- a/config/haproxy-devel/haproxy_listeners_edit.php
+++ b/config/haproxy-devel/haproxy_listeners_edit.php
@@ -76,8 +76,8 @@ function get_certificates_server($get_includeWebCert=false) {
 			continue;
 
 		$purpose = cert_get_purpose($cert['crt']);
-		if ($purpose['server'] != 'Yes')
-			continue;
+		//$certserverpurpose = $purpose['server'] == 'Yes' ? " [Server certificate]" : "";
+		$certserverpurpose = "";
 
 		$selected = "";
 		$caname = "";
@@ -101,7 +101,7 @@ function get_certificates_server($get_includeWebCert=false) {
 		if ($usagestr != "")
 			$usagestr = " (".trim($usagestr).")";
 		
-		$certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $inuse . $revoked . $usagestr;
+		$certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $certserverpurpose . $inuse . $revoked . $usagestr;
 	}
 	return $certificates;
 }
@@ -607,7 +607,11 @@ include("head.inc");
 					<option value="https"<?php if($pconfig['type'] == "https") echo " SELECTED"; ?>>HTTPS</option>
 					<option value="tcp"<?php if($pconfig['type'] == "tcp") echo " SELECTED"; ?>>TCP</option>
 					<option value="health"<?php if($pconfig['type'] == "health") echo " SELECTED"; ?>>Health</option>
-				</select>
+				</select><br/>
+				<span class="vexpl">
+					This defines the processing type of HAProxy, and will determine the availabe options for acl checks and also several other options.<br/>
+					Please note that for https encryption/decryption on HAProxy with a certificate the processing type needs to be set to 'http'.
+				</span>
 			</td>
 		</tr>
 		<tr>
@@ -679,7 +683,7 @@ include("head.inc");
 				<div>the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (default 30000).</div>
 			</td>
 		</tr>
-		<tr align="left">
+		<tr align="left" class="haproxy_mode_http">
 			<td width="22%" valign="top" class="vncell">Use 'forwardfor' option</td>
 			<td width="78%" class="vtable" colspan="2">
 				<input id="forwardfor" name="forwardfor" type="checkbox" value="yes" <?php if ($pconfig['forwardfor']=='yes') echo "checked"; ?>>
@@ -693,7 +697,7 @@ include("head.inc");
 				it is important to ensure that option httpclose is set when using this option.
 			</td>
 		</tr>
-		<tr align="left">
+		<tr align="left" class="haproxy_mode_http">
 			<td width="22%" valign="top" class="vncell">Use 'httpclose' option</td>
 			<td width="78%" class="vtable" colspan="2">
 				<input id="httpclose" name="httpclose" type="checkbox" value="yes" <?php if ($pconfig['httpclose']=='yes') echo "checked"; ?>>
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index 2ee880a2..446c8e35 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -110,23 +110,24 @@ if ($_POST) {
 
 	$a_servers=array();			
 	for($x=0; $x<99; $x++) {
-		$server_name=$_POST['server_name'.$x];
-		$server_address=$_POST['server_address'.$x];
-		$server_port=$_POST['server_port'.$x];
-		$server_ssl=$_POST['server_ssl'.$x];
-		$server_weight=$_POST['server_weight'.$x];
-		$server_status=$_POST['server_status'.$x];
+		$server_name     = $_POST['server_name'.$x];
+		$server_address  = $_POST['server_address'.$x];
+		$server_port     = $_POST['server_port'.$x];
+		$server_ssl      = $_POST['server_ssl'.$x];
+		$server_weight   = $_POST['server_weight'.$x];
+		$server_status   = $_POST['server_status'.$x];
+		$server_advanced = $_POST['server_advanced'.$x];
 
 		if ($server_address) {
-
-			$server=array();
-			$server['name']=$server_name;
-			$server['address']=$server_address;
-			$server['port']=$server_port;
-			$server['ssl']=$server_ssl;
-			$server['weight']=$server_weight;
-			$server['status']=$server_status;
-			$a_servers[]=$server;
+			$server = array();
+			$server['name']     = $server_name;
+			$server['address']  = $server_address;
+			$server['port']     = $server_port;
+			$server['ssl']      = $server_ssl;
+			$server['weight']   = $server_weight;
+			$server['status']   = $server_status;
+			$server['advanced'] = $server_advanced;
+			$a_servers[] = $server;
 
 			if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name))
 				$input_errors[] = "The field 'Name' contains invalid characters.";
@@ -134,10 +135,10 @@ if ($_POST) {
 				$input_errors[] = "The field 'Address' contains invalid characters.";
 
 			if (!preg_match("/.{2,}/", $server_name))
-				$input_errors[] = "The field 'Name' is required.";
+				$input_errors[] = "The field 'Name' is required (and must be at least 2 characters).";
 
 			if (!preg_match("/.{2,}/", $server_address))
-				$input_errors[] = "The field 'Address' is required.";
+				$input_errors[] = "The field 'Address' is required (and must be at least 2 characters).";
 
 
 			if (!is_numeric($server_weight))
@@ -167,7 +168,7 @@ if ($_POST) {
 		}
 
 		if($pool['name'] != "")
-			$changedesc .= " modified '{$pool['name']}' pool:";
+			$changedesc .= " modified pool: '{$pool['name']}'";
 
 		$pool['ha_servers']['item']=$a_servers;
 
@@ -304,12 +305,13 @@ row_helper();
 			
 			<table class="" width="100%" cellpadding="0" cellspacing="0" id='servertable'>
 	                <tr>
-	                  <td width="30%" class="listhdrr">Name</td>
-	                  <td width="30%" class="listhdrr">Address</td>
-	                  <td width="18%" class="listhdrr">Port</td>
+	                  <td width="20%" class="listhdrr">Name</td>
+	                  <td width="10%" class="listhdrr">Address</td>
+	                  <td width="5%" class="listhdrr">Port</td>
 	                  <td width="5%" class="listhdrr">SSL</td>
 	                  <td width="8%" class="listhdrr">Weight</td>
 	                  <td width="5%" class="listhdr">Backup</td>
+	                  <td width="15%" class="listhdr">Advanced</td>
 	                  <td width="4%" class=""></td>
 			</tr>
 			<?php 
@@ -322,13 +324,14 @@ row_helper();
 			$counter=0;
 			foreach ($a_servers as $server) {
 			?>
-			<tr id="tr_view_<?=$counter;?>" name="tr_view_<?=$counter;?>">
+			<tr id="tr_view_<?=$counter;?>" name="tr_view_<?=$counter;?>" ondblclick="editRow(<?=$counter;?>); return false;" >
 			<td class="vtable listlr"><?=$server['name']; ?></td>
 			<td class="vtable listr"><?=$server['address']; ?></td>
 			<td class="vtable listr"><?=$server['port']; ?></td>
 			<td class="vtable listr"><?=$server['ssl']=='yes'?'yes':'no'; ?></td>
 			<td class="vtable listr"><?=$server['weight']; ?></td>
 			<td class="vtable listr"><?=$server['status']; ?></td>
+			<td class="vtable listr"><?=htmlspecialchars($server['advanced']); ?></td>
 			<td class="list">
 			  <table border="0" cellspacing="0" cellpadding="1"><tr>
 			  <td valign="middle">
@@ -346,7 +349,7 @@ row_helper();
 				<td class="vtable">
 				  <input name="server_name<?=$counter;?>" id="server_name<?=$counter;?>" type="text" value="<?=$server['name']; ?>" size="30"/></td>
 				<td class="vtable">
-				  <input name="server_address<?=$counter;?>" id="server_address<?=$counter;?>" type="text" value="<?=$server['address']; ?>" size="30"/></td>
+				  <input name="server_address<?=$counter;?>" id="server_address<?=$counter;?>" type="text" value="<?=$server['address']; ?>" size="20"/></td>
 				<td class="vtable">
 				  <input name="server_port<?=$counter;?>" id="server_port<?=$counter;?>" type="text" value="<?=$server['port']; ?>" size="5"/></td>
 				<td class="vtable">
@@ -355,12 +358,14 @@ row_helper();
 				  <input name="server_weight<?=$counter;?>" id="server_weight<?=$counter;?>" type="text" value="<?=$server['weight']; ?>" size="5"/></td>
 				<td class="vtable">
 				<select name="server_status<?=$counter;?>" id="server_status<?=$counter;?>">
-				  <option value="active"  <?php if($server['status']=='active') echo "SELECTED";?>>active</option>
+				  <option value="active" <?php if($server['status']=='active') echo "SELECTED";?>>active</option>
 				  <option value="backup" <?php  if($server['status']=='backup') echo "SELECTED";?>>backup</option>
 				  <option value="disabled" <?php  if($server['status']=='disabled') echo "SELECTED";?>>disabled</option>
 				  <option value="inactive" <?php  if($server['status']=='inactive') echo "SELECTED";?>>inactive</option>
 				</select>
 				</td>
+				<td class="vtable">
+				  <input name="server_advanced<?=$counter;?>" id="server_advanced<?=$counter;?>" type="text" value="<?=htmlspecialchars($server['advanced']); ?>" size="20"/></td>
 				<td class="list">
 			         <table border="0" cellspacing="0" cellpadding="1"><tr>
 			         <td valign="middle">
diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php
index 07e7d106..57b056b3 100644
--- a/config/haproxy-devel/haproxy_pools.php
+++ b/config/haproxy-devel/haproxy_pools.php
@@ -53,13 +53,10 @@ if ($_POST) {
 		$retval = haproxy_configure();
 		config_unlock();
 
-		$result = haproxy_check_writtenconfig_error();
+		$result = haproxy_check_writtenconfig_error($messages);
+		$savemsg = $messages;
 		if ($result)
-			$savemsg = gettext($result);
-		else {
-			$savemsg = get_std_save_message($retval);
 			unlink_if_exists($d_haproxyconfdirty_path);
-		}
 	}
 }
 
@@ -90,7 +87,7 @@ include("head.inc");
 <?php if ($input_errors) print_input_errors($input_errors); ?>
 <?php if ($savemsg) print_info_box($savemsg); ?>
 <?php if (file_exists($d_haproxyconfdirty_path)): ?><p>
-<?php print_info_box_np("The virtual pool configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
+<?php print_info_box_np("The haproxy configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
 <?php endif; ?>
 <table width="100%" border="0" cellpadding="0" cellspacing="0">
   <tr><td class="tabnavtbl">
-- 
cgit v1.2.3