netbird/plugins
0
0
Fork 0
mirror of https://github.com/netbirdio/plugins.git synced 2026-05-22 18:44:07 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #483 from fraenki/haproxy_240

Browse Source 
net/haproxy: Release 2.4
This commit is contained in:
Frank Wall
2018-01-17 00:26:12 +01:00
committed by GitHub
parent 605fd5e51a 75ce8a5487
commit 3edbe48ce6
11 changed files with 1028 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/haproxy/Makefile
+2 -2
View File
@@ -1,7 +1,7 @@
PLUGIN_NAME= haproxy
PLUGIN_VERSION= 2.3
PLUGIN_VERSION= 2.4
PLUGIN_COMMENT= Reliable, high performance TCP/HTTP load balancer
PLUGIN_DEPENDS= haproxy
PLUGIN_DEPENDS= haproxy-devel
PLUGIN_MAINTAINER= opnsense@moov.de
.include "../../Mk/plugins.mk"
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/ServiceController.php
+6 -119
View File
@@ -29,7 +29,7 @@
*/
namespace OPNsense\HAProxy\Api;
use \OPNsense\Base\ApiControllerBase;
use \OPNsense\Base\ApiMutableServiceControllerBase;
use \OPNsense\Core\Backend;
use \OPNsense\HAProxy\HAProxy;
@@ -37,125 +37,12 @@ use \OPNsense\HAProxy\HAProxy;
* Class ServiceController
* @package OPNsense\HAProxy
*/
class ServiceController extends ApiControllerBase
class ServiceController extends ApiMutableServiceControllerBase
{
/**
* start haproxy service (in background)
* @return array
*/
public function startAction()
{
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$backend = new Backend();
$response = $backend->configdRun("haproxy start");
return array("response" => $response);
} else {
return array("response" => array());
}
}
/**
* stop haproxy service
* @return array
*/
public function stopAction()
{
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$backend = new Backend();
$response = $backend->configdRun("haproxy stop");
return array("response" => $response);
} else {
return array("response" => array());
}
}
/**
* restart haproxy service
* @return array
*/
public function restartAction()
{
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$backend = new Backend();
$response = $backend->configdRun("haproxy restart");
return array("response" => $response);
} else {
return array("response" => array());
}
}
/**
* retrieve status of haproxy service
* @return array
* @throws \Exception
*/
public function statusAction()
{
$backend = new Backend();
$mdlProxy = new HAProxy();
$response = $backend->configdRun("haproxy status");
if (strpos($response, "not running") > 0) {
if ($mdlProxy->general->enabled->__toString() == 1) {
$status = "stopped";
} else {
$status = "disabled";
}
} elseif (strpos($response, "is running") > 0) {
$status = "running";
} elseif ($mdlProxy->general->enabled->__toString() == 0) {
$status = "disabled";
} else {
$status = "unkown";
}
return array("status" => $status);
}
/**
* reconfigure haproxy, generate config and reload
*/
public function reconfigureAction()
{
if ($this->request->isPost()) {
$force_restart = false;
// close session for long running action
$this->sessionClose();
$mdlProxy = new HAProxy();
$backend = new Backend();
$runStatus = $this->statusAction();
// stop haproxy when disabled
if ($runStatus['status'] == "running" &&
($mdlProxy->general->enabled->__toString() == 0 || $force_restart)) {
$this->stopAction();
}
// generate template
$backend->configdRun('template reload OPNsense/HAProxy');
// (res)start daemon
if ($mdlProxy->general->enabled->__toString() == 1) {
if ($runStatus['status'] == "running" && !$force_restart) {
$backend->configdRun("haproxy reload");
} else {
$this->startAction();
}
}
return array("status" => "ok");
} else {
return array("status" => "failed");
}
}
static protected $internalServiceClass = '\OPNsense\HAProxy\HAProxy';
static protected $internalServiceTemplate = 'OPNsense/Haproxy';
static protected $internalServiceEnabled = 'general.enabled';
static protected $internalServiceName = 'haproxy';
/**
* run syntax check for haproxy configuration
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
+208
View File
@@ -198,6 +198,214 @@
<type>text</type>
<help><![CDATA[Verify the source IPv4 address of the client of the session matches the specified IPv4 or IPv6 address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_bytes_in_rate</style>
</field>
<field>
<id>acl.src_bytes_in_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_bytes_in_rate</id>
<label>Incoming bytes rate</label>
<type>text</type>
<help><![CDATA[The average bytes rate from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_bytes_out_rate</style>
</field>
<field>
<id>acl.src_bytes_out_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_bytes_out_rate</id>
<label>Outgoing bytes rate</label>
<type>text</type>
<help><![CDATA[The average bytes rate to the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_conn_cnt</style>
</field>
<field>
<id>acl.src_conn_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_conn_cnt</id>
<label>Connections count</label>
<type>text</type>
<help><![CDATA[The cumulative number of connections initiated from the current incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_conn_cur</style>
</field>
<field>
<id>acl.src_conn_cur_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_conn_cur</id>
<label>Concurrent connections</label>
<type>text</type>
<help><![CDATA[The current amount of concurrent connections initiated from the current incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_conn_rate</style>
</field>
<field>
<id>acl.src_conn_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_conn_rate</id>
<label>Connection rate</label>
<type>text</type>
<help><![CDATA[The average connection rate from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_err_cnt</style>
</field>
<field>
<id>acl.src_http_err_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_err_cnt</id>
<label>HTTP error count</label>
<type>text</type>
<help><![CDATA[The cumulative number of HTTP errors from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_err_rate</style>
</field>
<field>
<id>acl.src_http_err_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_err_rate</id>
<label>HTTP error rate</label>
<type>text</type>
<help><![CDATA[The average rate of HTTP errors from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_req_cnt</style>
</field>
<field>
<id>acl.src_http_req_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_req_cnt</id>
<label>HTTP request count</label>
<type>text</type>
<help><![CDATA[The cumulative number of HTTP requests from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_req_rate</style>
</field>
<field>
<id>acl.src_http_req_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_req_rate</id>
<label>HTTP request rate</label>
<type>text</type>
<help><![CDATA[The average rate of HTTP requests from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_kbytes_in</style>
</field>
<field>
<id>acl.src_kbytes_in_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_kbytes_in</id>
<label>Data received</label>
<type>text</type>
<help><![CDATA[The total amount of data received from the incoming connection's source address (in kilobytes).]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_kbytes_out</style>
</field>
<field>
<id>acl.src_kbytes_out_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_kbytes_out</id>
<label>Data sent</label>
<type>text</type>
<help><![CDATA[The total amount of data sent to the incoming connection's source address (in kilobytes).]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_port</style>
</field>
<field>
<id>acl.src_port_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_port</id>
<label>Source port</label>
<type>text</type>
<help><![CDATA[An integer value corresponding to the TCP source port of the connection on the client side, which is the port the client connected from.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_sess_cnt</style>
</field>
<field>
<id>acl.src_sess_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_sess_cnt</id>
<label>Session count</label>
<type>text</type>
<help><![CDATA[The cumulative number of connections initiated from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
+5 -5
View File
@@ -90,7 +90,7 @@
<id>action.http_request_redirect</id>
<label>HTTP Redirect</label>
<type>text</type>
<help><![CDATA[Use HAProxy's redirect function to return a HTTP redirection. See <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
<help><![CDATA[Use HAProxy's redirect function to return a HTTP redirection. See <a href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#redirect">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
@@ -129,7 +129,7 @@
<id>action.http_request_add_header_content</id>
<label>Header Content</label>
<type>text</type>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it is possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it is possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
@@ -146,7 +146,7 @@
<id>action.http_request_set_header_content</id>
<label>Header Content</label>
<type>text</type>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
@@ -219,7 +219,7 @@
<id>action.http_response_add_header_content</id>
<label>Header Content</label>
<type>text</type>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
@@ -236,7 +236,7 @@
<id>action.http_response_set_header_content</id>
<label>Header Content</label>
<type>text</type>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
<help><![CDATA[The value that should be set for the specified HTTP header. Note that it's possible to use pre-defined variables, see <a href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#8.2.4">HAProxy's documentation</a> for further details and examples.]]></help>
</field>
<field>
<label>Parameters</label>
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
+51 -2
View File
@@ -28,7 +28,7 @@
<id>backend.algorithm</id>
<label>Balancing Algorithm</label>
<type>dropdown</type>
<help><![CDATA[Define the load balancing algorithm to be used in a Backend Pool. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#balance">HAProxy documentation</a> for a full description.]]></help>
<help><![CDATA[Define the load balancing algorithm to be used in a Backend Pool. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#balance">HAProxy documentation</a> for a full description.]]></help>
<hint>Choose a load balancing algorithm.</hint>
</field>
<field>
@@ -78,9 +78,16 @@
<id>backend.stickiness_pattern</id>
<label>Table type</label>
<type>dropdown</type>
<help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
<help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
<hint>Choose a persistence type.</hint>
</field>
<field>
<id>backend.stickiness_dataTypes</id>
<label>Stored data types</label>
<type>select_multiple</type>
<style>tokenize</style>
<help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
</field>
<field>
<id>backend.stickiness_expire</id>
<label>Expiration time</label>
@@ -107,6 +114,48 @@
<type>text</type>
<help><![CDATA[The maximum number of characters that will be stored in the stick table (if appropiate table type is selected).]]></help>
</field>
<field>
<id>backend.stickiness_connRatePeriod</id>
<label>Connection rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average incoming connection rate over that period, in connections per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>backend.stickiness_sessRatePeriod</id>
<label>Session rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average incoming session rate over that period, in sessions per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>backend.stickiness_httpReqRatePeriod</id>
<label>HTTP request rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average HTTP request rate over that period, in requests per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>backend.stickiness_httpErrRatePeriod</id>
<label>HTTP error rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average HTTP request error rate over that period, in requests per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>backend.stickiness_bytesInRatePeriod</id>
<label>Bytes in rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average incoming bytes rate over that period, in bytes per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>backend.stickiness_bytesOutRatePeriod</id>
<label>Bytes out rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average outgoing bytes rate over that period, in bytes per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<label>Tuning Options</label>
<type>header</type>
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
+121
View File
@@ -110,6 +110,18 @@
<type>checkbox</type>
<help><![CDATA[Enable HTTP Strict Transport Security.]]></help>
</field>
<field>
<id>frontend.ssl_hstsIncludeSubDomains</id>
<label>HSTS includeSubDomains</label>
<type>checkbox</type>
<help><![CDATA[Enable if all present and future subdomains will be HTTPS.]]></help>
</field>
<field>
<id>frontend.ssl_hstsPreload</id>
<label>HSTS preload</label>
<type>checkbox</type>
<help><![CDATA[Enable if you like this domain to be included in the HSTS preload list.]]></help>
</field>
<field>
<id>frontend.ssl_hstsMaxAge</id>
<label>HSTS max-age</label>
@@ -133,6 +145,20 @@
<help><![CDATA[Set the maximum inactivity time on the client side. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.tuning_timeoutHttpReq</id>
<label>HTTP Request Timeout</label>
<type>text</type>
<help><![CDATA[Set the maximum allowed time to wait for a complete HTTP request. In order to offer DoS protection, it may be required to lower the maximum accepted time to receive a complete HTTP request without affecting the client timeout. This helps protecting against established connections on which nothing is sent. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.tuning_timeoutHttpKeepAlive</id>
<label>HTTP Keep-Alive Timeout</label>
<type>text</type>
<help><![CDATA[Set the maximum allowed time to wait for a new HTTP request to appear. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<label>Logging Options</label>
<type>header</type>
@@ -182,6 +208,101 @@
<type>checkbox</type>
<help><![CDATA[Enable insertion of the X-Forwarded-For header to requests sent to servers.]]></help>
</field>
<field>
<label>Stickiness table</label>
<type>header</type>
</field>
<field>
<id>frontend.stickiness_pattern</id>
<label>Table type</label>
<type>dropdown</type>
<help><![CDATA[Choose the type of data that should be stored in this stick-table. Note that this stick-table cannot be used for session persistence, it is only used to store additional per-connection data (select below). See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#stick-table">HAProxy documentation</a> for further information.]]></help>
<hint>Choose a stick-table type.</hint>
</field>
<field>
<id>frontend.stickiness_dataTypes</id>
<label>Stored data types</label>
<type>select_multiple</type>
<style>tokenize</style>
<help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
</field>
<field>
<id>frontend.stickiness_expire</id>
<label>Expiration time</label>
<type>text</type>
<help><![CDATA[Enter a number followed by one of the supported suffixes "d" (days), "h" (hour), "m" (minute), "s" (seconds), "ms" (miliseconds). This configures the maximum duration of an entry in the stick-table since it was last created, refreshed or matched. The maximum duration is slightly above 24 days.]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_size</id>
<label>Size</label>
<type>text</type>
<help><![CDATA[Enter a number followed by one of the supported suffixes "k", "m", "g". This configures the maximum number of entries that can fit in the table. This value directly impacts memory usage. Count approximately 50 bytes per entry, plus the size of a string if any.]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_counter</id>
<label>Enable sticky counters</label>
<type>checkbox</type>
<help><![CDATA[Enable to be able to retrieve values from sticky counters. If disabled, all values will return 0, rendering many conditions useless.]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_counter_key</id>
<label>Sticky counter key</label>
<type>text</type>
<help><![CDATA[It describes what elements of the incoming request or connection will be analyzed, extracted, combined, and used to select which table entry to update the counters. Defaults to "src" to track elements of the source IP. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#tcp-request connection">HAProxy documentation</a> for a full description.]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_length</id>
<label>Max. data length</label>
<type>text</type>
<help><![CDATA[Specify the maximum length for a value in the stick-table. If the value is larger than this value it will be truncated before being stored. Depending on the stick-table type this repesents either characters or bytes.]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_connRatePeriod</id>
<label>Connection rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average incoming connection rate over that period, in connections per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_sessRatePeriod</id>
<label>Session rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average incoming session rate over that period, in sessions per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_httpReqRatePeriod</id>
<label>HTTP request rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average HTTP request rate over that period, in requests per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_httpErrRatePeriod</id>
<label>HTTP error rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average HTTP request error rate over that period, in requests per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_bytesInRatePeriod</id>
<label>Bytes in rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average incoming bytes rate over that period, in bytes per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<id>frontend.stickiness_bytesOutRatePeriod</id>
<label>Bytes out rate period</label>
<type>text</type>
<help><![CDATA[The length of the period over which the average is measured. It reports the average outgoing bytes rate over that period, in bytes per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
<advanced>true</advanced>
</field>
<field>
<label>Advanced settings</label>
<type>header</type>
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
+52
View File
@@ -20,6 +20,58 @@
<help><![CDATA[Uncheck to hide all additional introduction pages. Requires a manual page reload for the change to take effect.]]></help>
</field>
</subtab>
<subtab id="haproxy-general-peers" description="Peers / Session Sync">
<field>
<id>haproxy.general.peers.enabled</id>
<label>Enable peers</label>
<type>checkbox</type>
<help><![CDATA[Enable or disable HAProxy peers. This will propagate entries of any data-types in stick-tables between several HAProxy instances over TCP connections in a multi-master fashion.]]></help>
</field>
<field>
<label>Peer 1</label>
<type>header</type>
</field>
<field>
<id>haproxy.general.peers.name1</id>
<label>Peer name (FQDN)</label>
<type>text</type>
<help><![CDATA[The name of the peer. This is usually the full hostname to make it possible for HAProxy to recognize the local peer. If HAProxy is unable to find the local peer it will fail to start.]]></help>
</field>
<field>
<id>haproxy.general.peers.listen1</id>
<label>Listen address (IP)</label>
<type>text</type>
<help><![CDATA[The listen address of the local peer or the address of the remote peer.]]></help>
</field>
<field>
<id>haproxy.general.peers.port1</id>
<label>TCP Port</label>
<type>text</type>
<help><![CDATA[The TCP port that should be used for connections to this peer. It must not be used by any other service.]]></help>
</field>
<field>
<label>Peer 2</label>
<type>header</type>
</field>
<field>
<id>haproxy.general.peers.name2</id>
<label>Peer name (FQDN)</label>
<type>text</type>
<help><![CDATA[The name of the peer. This is usually the full hostname to make it possible for HAProxy to recognize the local peer. If HAProxy is unable to find the local peer it will fail to start.]]></help>
</field>
<field>
<id>haproxy.general.peers.listen2</id>
<label>Listen address (IP)</label>
<type>text</type>
<help><![CDATA[The listen address of the local peer or the address of the remote peer.]]></help>
</field>
<field>
<id>haproxy.general.peers.port2</id>
<label>TCP Port</label>
<type>text</type>
<help><![CDATA[The TCP port that should be used for connections to this peer. It must not be used by any other service.]]></help>
</field>
</subtab>
<subtab id="haproxy-general-global" description="Global Parameters">
<field>
<label>NOTE: Define global parameters for the HAProxy service. They cannot be overriden.</label>
net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+422 -10
View File
File diff suppressed because it is too large Load Diff
net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Menu/Menu.xml
+1
View File
@@ -3,6 +3,7 @@
<HAProxy VisibleName="HAProxy" cssClass="fa fa-truck fa-fw">
<Settings order="10" url="/ui/haproxy/">
<GeneralSettings VisibleName="Service Settings" url="/ui/haproxy/#subtab_haproxy-general-settings"/>
<PeerSync VisibleName="Peers / Session Sync" url="/ui/haproxy/#subtab_haproxy-general-peers"/>
<GlobalParameters VisibleName="Global Parameters" url="/ui/haproxy/#subtab_haproxy-general-global"/>
<DefaultParameters VisibleName="Detault Parameters" url="/ui/haproxy/#subtab_haproxy-general-defaults"/>
<LoggingConfiguration VisibleName="Logging Configuration" url="/ui/haproxy/#subtab_haproxy-general-logging"/>
net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+3 -3
View File
@@ -472,7 +472,7 @@ POSSIBILITY OF SUCH DAMAGE.
<li>{{ lang._('Lastly, enable HAProxy using the %sService Settings%s.') | format('<b>', '</b>') }}</li>
</ul>
<p>{{ lang._('Please be aware that you need to %smanually%s add the required firewall rules for all configured services.') | format('<b>', '</b>') }}</p>
<p>{{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('<a href="https://docs.opnsense.org/manual/how-tos/haproxy.html" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html" target="_blank">', '</a>', '<a href="https://github.com/opnsense/plugins/issues/" target="_blank">', '</a>') }}</p>
<p>{{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('<a href="https://docs.opnsense.org/manual/how-tos/haproxy.html" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html" target="_blank">', '</a>', '<a href="https://github.com/opnsense/plugins/issues/" target="_blank">', '</a>') }}</p>
<br/>
</div>
</div>
@@ -514,7 +514,7 @@ POSSIBILITY OF SUCH DAMAGE.
<li>{{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in multiple Rules.') | format('<b>', '</b>') }}</li>
<li>{{ lang._('%sRules:%s Perform a large set of actions if one or more %sConditions%s match. These Rules may be used in %sBackend Pools%s as well as %sPublic Services%s.') | format('<b>', '</b>', '<b>', '</b>', '<b>', '</b>', '<b>', '</b>') }}</li>
</ul>
<p>{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7" target="_blank">', '</a>') }}</p>
<p>{{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('<b>', '</b>', '<a href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7" target="_blank">', '</a>') }}</p>
<p>{{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('<b>', '</b>') }}</p>
<br/>
</div>
@@ -528,7 +528,7 @@ POSSIBILITY OF SUCH DAMAGE.
<li>{{ lang._("%sError Messages:%s Return a custom message instead of errors generated by HAProxy. Useful to overwrite HAProxy's internal error messages. The message must represent the full HTTP response and include required HTTP headers.") | format('<b>', '</b>') }}</li>
<li>{{ lang._("%sLua scripts:%s Include your own Lua code/scripts to extend HAProxy's functionality. The Lua code can be used in certain %sRules%s, for example.") | format('<b>', '</b>', '<b>', '</b>') }}</li>
</ul>
<p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s and the %sLua Script%s features.") | format('<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#lua-load" target="_blank">', '</a>') }}</p>
<p>{{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s and the %sLua Script%s features.") | format('<a href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-errorfile" target="_blank">', '</a>', '<a href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#lua-load" target="_blank">', '</a>') }}</p>
<br/>
</div>
</div>
net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+157 -19
View File
@@ -3,6 +3,15 @@
# Do not edit this file manually.
{% if helpers.exists('OPNsense.HAProxy') %}
{# ############################### #}
{# GLOBAL VARIABLES #}
{# ############################### #}
{%- if helpers.exists('OPNsense.HAProxy.general.peers') and OPNsense.HAProxy.general.peers.enabled|default("") == "1" -%}
{% set peers_enabled = True %}
{% set peers_name = 'opnsense-haproxy-peers' %}
{%- endif -%}
{# ############################### #}
{# MACROS #}
{# ############################### #}
@@ -172,6 +181,36 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_is_local' %}
{% do acl_options.append('src_is_local') %}
{% elif acl_data.expression == 'src_bytes_in_rate' %}
{% do acl_options.append('src_bytes_in_rate ' ~ acl_data.src_bytes_in_rate_comparison ~ ' ' ~ acl_data.src_bytes_in_rate) %}
{% elif acl_data.expression == 'src_bytes_out_rate' %}
{% do acl_options.append('src_bytes_out_rate ' ~ acl_data.src_bytes_out_rate_comparison ~ ' ' ~ acl_data.src_bytes_out_rate) %}
{% elif acl_data.expression == 'src_conn_cnt' %}
{% do acl_options.append('src_conn_cnt ' ~ acl_data.src_conn_cnt_comparison ~ ' ' ~ acl_data.src_conn_cnt) %}
{% elif acl_data.expression == 'src_conn_cur' %}
{% do acl_options.append('src_conn_cur ' ~ acl_data.src_conn_cur_comparison ~ ' ' ~ acl_data.src_conn_cur) %}
{% elif acl_data.expression == 'src_conn_rate' %}
{% do acl_options.append('src_conn_rate ' ~ acl_data.src_conn_rate_comparison ~ ' ' ~ acl_data.src_conn_rate) %}
{% elif acl_data.expression == 'src_http_err_cnt' %}
{% do acl_options.append('src_http_err_cnt ' ~ acl_data.src_http_err_cnt_comparison ~ ' ' ~ acl_data.src_http_err_cnt) %}
{% elif acl_data.expression == 'src_http_err_rate' %}
{% do acl_options.append('src_http_err_rate ' ~ acl_data.src_http_err_rate_comparison ~ ' ' ~ acl_data.src_http_err_rate) %}
{% elif acl_data.expression == 'src_http_req_cnt' %}
{% do acl_options.append('src_http_req_cnt ' ~ acl_data.src_http_req_cnt_comparison ~ ' ' ~ acl_data.src_http_req_cnt) %}
{% elif acl_data.expression == 'src_http_req_rate' %}
{% do acl_options.append('src_http_req_rate ' ~ acl_data.src_http_req_rate_comparison ~ ' ' ~ acl_data.src_http_req_rate) %}
{% elif acl_data.expression == 'src_kbytes_in' %}
{% do acl_options.append('src_kbytes_in ' ~ acl_data.src_kbytes_in_comparison ~ ' ' ~ acl_data.src_kbytes_in) %}
{% elif acl_data.expression == 'src_kbytes_out' %}
{% do acl_options.append('src_kbytes_out ' ~ acl_data.src_kbytes_out_comparison ~ ' ' ~ acl_data.src_kbytes_out) %}
{% elif acl_data.expression == 'src_port' %}
{% do acl_options.append('src_port ' ~ acl_data.src_port_comparison ~ ' ' ~ acl_data.src_port) %}
{% elif acl_data.expression == 'src_sess_cnt' %}
{% do acl_options.append('src_sess_cnt' ~ acl_data.src_sess_cnt_comparison ~ ' ' ~ acl_data.src_sess_cnt) %}
{% elif acl_data.expression == 'src_sess_rate' %}
{% do acl_options.append('src_sess_rate ' ~ acl_data.src_sess_rate_comparison ~ ' ' ~ acl_data.src_sess_rate) %}
{% elif acl_data.expression == 'nbsrv' %}
{% do acl_options.append('') %}
{% if acl_data.nbsrv|default("") != "" %}
@@ -455,6 +494,87 @@
{% endif %}
{%- endmacro %}
{# Macro expects a backend or frontend object. #}
{% macro StickTableConfig(proxy, backend=False) -%}
{% if proxy is defined %}
{# # check if stickiness is disabled (set to "None") #}
{% if proxy.stickiness_pattern|default("") != "" %}
# stickiness
{# # check if additional data types are configured #}
{% if proxy.stickiness_dataTypes|default("") != "" %}
{% set stickiness_datatypes = [] %}
{% for datatype in proxy.stickiness_dataTypes.split(",") %}
{# # add time period to all types where this is required #}
{% if datatype == 'conn_rate' %}
{% do stickiness_datatypes.append(datatype ~ '(' ~ proxy.stickiness_connRatePeriod ~ ')') %}
{% elif datatype == 'sess_rate' %}
{% do stickiness_datatypes.append(datatype ~ '(' ~ proxy.stickiness_sessRatePeriod ~ ')') %}
{% elif datatype == 'http_req_rate' %}
{% do stickiness_datatypes.append(datatype ~ '(' ~ proxy.stickiness_httpReqRatePeriod ~ ')') %}
{% elif datatype == 'http_err_rate' %}
{% do stickiness_datatypes.append(datatype ~ '(' ~ proxy.stickiness_httpErrRatePeriod ~ ')') %}
{% elif datatype == 'bytes_in_rate' %}
{% do stickiness_datatypes.append(datatype ~ '(' ~ proxy.stickiness_bytesInRatePeriod ~ ')') %}
{% elif datatype == 'bytes_out_rate' %}
{% do stickiness_datatypes.append(datatype ~ '(' ~ proxy.stickiness_bytesOutRatePeriod ~ ')') %}
{% else %}
{% do stickiness_datatypes.append(datatype) %}
{% endif %}
{% endfor %}
{% set stickiness_store = 'store ' ~ stickiness_datatypes|join(',') %}
{% endif %}
{# # check stick-table type #}
{% if proxy.stickiness_pattern == "sourceipv4" or proxy.stickiness_pattern == "ipv4" %}
{% set table_type = 'ip' %}
{% elif proxy.stickiness_pattern == "sourceipv6" or proxy.stickiness_pattern == "ipv6" %}
{% set table_type = 'ipv6' %}
{% elif proxy.stickiness_pattern == "cookievalue" or proxy.stickiness_pattern == "string" %}
{% set table_type = 'string' %}
{% set add_length = True %}
{% elif proxy.stickiness_pattern == "rdpcookie" or proxy.stickiness_pattern == "binary" %}
{% set table_type = 'binary' %}
{% set add_length = True %}
{% elif proxy.stickiness_pattern == "integer" %}
{% set table_type = 'integer' %}
{% endif %}
{# # check data length #}
{% if add_length is defined %}
{% if proxy.stickiness_cookielength is defined %}
{% set data_length = proxy.stickiness_cookielength %}
{% elif proxy.stickiness_length is defined %}
{% set data_length = proxy.stickiness_length %}
{% else %}
{% set data_length = '32' %}
{% endif %}
{% endif %}
{# # add stick-table #}
{% if table_type is defined %}
stick-table type {{table_type}} {%if add_length is defined %}len {{data_length}} {% endif %}size {{proxy.stickiness_size}} expire {{proxy.stickiness_expire}} {{stickiness_store}} {% if peers_enabled is defined %}{{'peers ' ~ peers_name}}{% endif %}
{% endif %}
{# # sticky counters (frontends only) #}
{%- if backend == False -%}
{%- if proxy.stickiness_counter|default("0") == "1" and proxy.stickiness_counter_key != '' %}
tcp-request connection track-sc0 {{proxy.stickiness_counter_key}}
{%- endif -%}
{%- endif -%}
{# # stick-table persistence (backends only) #}
{%- if backend == True -%}
{%- if proxy.stickiness_pattern == "cookievalue" %}
stick store-response res.cook({{proxy.stickiness_cookiename}})
stick on req.cook({{proxy.stickiness_cookiename}})
{%- elif proxy.stickiness_pattern == "rdpcookie" %}
stick on req.rdp_cookie(mstshash)
{%- elif proxy.stickiness_pattern != '' %}
stick on src
{%- endif -%}
{%- endif -%}
{% endif %}
{% else %}
# ERROR: StickTableConfig called with empty data
{% endif %}
{%- endmacro -%}
{% if not (helpers.exists('OPNsense.HAProxy.general') and OPNsense.HAProxy.general.enabled|default("0") == "1") %}
#
# NOTE: HAProxy is currently DISABLED
@@ -608,7 +728,15 @@ frontend {{frontend.name}}
{% endif %}
{# # HSTS #}
{% if frontend.ssl_hstsEnabled|default("") == '1' and frontend.mode == 'http' %}
http-response set-header Strict-Transport-Security max-age={{frontend.ssl_hstsMaxAge}}
{% set hsts_options = [] %}
{% do hsts_options.append('max-age=' ~ frontend.ssl_hstsMaxAge) %}
{% if frontend.ssl_hstsIncludeSubDomains|default("") == '1' %}
{% do hsts_options.append('; includeSubDomains') %}
{% endif %}
{% if frontend.ssl_hstsPreload|default("") == '1' %}
{% do hsts_options.append('; preload') %}
{% endif %}
http-response set-header Strict-Transport-Security "{{ hsts_options|join('') }}"
{% endif %}
{% endif %}
{% endif %}
@@ -644,6 +772,14 @@ frontend {{frontend.name}}
{% elif OPNsense.HAProxy.general.defaults.timeoutClient is defined %}
timeout client {{OPNsense.HAProxy.general.defaults.timeoutClient}}
{% endif %}
{% if frontend.tuning_timeoutHttpReq|default("") != "" and frontend.mode == 'http' %}
timeout http-request {{frontend.tuning_timeoutHttpReq}}
{% endif %}
{% if frontend.tuning_timeoutHttpKeepAlive|default("") != "" and frontend.mode == 'http' %}
timeout http-keep-alive {{frontend.tuning_timeoutHttpKeepAlive}}
{% endif %}
{# # call macro to evaluate stickiness config #}
{{ StickTableConfig(frontend) }}
# logging options
{% if frontend.logging_dontLogNull=='1' %}
option dontlognull
@@ -802,24 +938,8 @@ backend {{backend.name}}
{# # (redundant) GUI option for this. #}
mode {{backend.mode}}
balance {{backend.algorithm}}
{# # ignore if stickiness is disabled (set to "None") #}
{% if backend.stickiness_pattern|default("") != "" %}
# stickiness
{% if backend.stickiness_pattern == "sourceipv4" %}
stick-table type ip size {{backend.stickiness_size}} expire {{backend.stickiness_expire}}
stick on src
{% elif backend.stickiness_pattern == "sourceipv6" %}
stick-table type ipv6 size {{backend.stickiness_size}} expire {{backend.stickiness_expire}}
stick on src
{% elif backend.stickiness_pattern == "cookievalue" %}
stick-table type string len {{backend.stickiness_cookielength}} size {{backend.stickiness_size}} expire {{backend.stickiness_expire}}
stick store-response res.cook({{backend.stickiness_cookiename}})
stick on req.cook({{backend.stickiness_cookiename}})
{% elif backend.stickiness_pattern == "rdpcookie" %}
stick-table type binary len {{backend.stickiness_cookielength}} size {{backend.stickiness_size}} expire {{backend.stickiness_expire}}
stick on req.rdp_cookie(mstshash)
{% endif %}
{% endif %}
{# # call macro to evaluate stickiness config #}
{{ StickTableConfig(backend,true) }}
# tuning options
{% if backend.tuning_timeoutConnect|default("") != "" %}
timeout connect {{backend.tuning_timeoutConnect}}
@@ -948,6 +1068,24 @@ backend {{backend.name}}
{% endfor %}
{% endif %}
{# ############################### #}
{# PEERS #}
{# ############################### #}
{% if helpers.exists('OPNsense.HAProxy.general.peers') and OPNsense.HAProxy.general.peers.enabled|default("") == "1" %}
{# # ensure that no value is missing #}
{% if OPNsense.HAProxy.general.peers.name1|default("") != '' and
OPNsense.HAProxy.general.peers.listen1|default("") != '' and
OPNsense.HAProxy.general.peers.port1|default("") != '' and
OPNsense.HAProxy.general.peers.name2|default("") != '' and
OPNsense.HAProxy.general.peers.listen2|default("") != '' and
OPNsense.HAProxy.general.peers.port2|default("") != '' %}
peers {{peers_name}}
peer {{OPNsense.HAProxy.general.peers.name1}} {{OPNsense.HAProxy.general.peers.listen1}}:{{OPNsense.HAProxy.general.peers.port1}}
peer {{OPNsense.HAProxy.general.peers.name2}} {{OPNsense.HAProxy.general.peers.listen2}}:{{OPNsense.HAProxy.general.peers.port2}}
{% endif %}
{% endif %}
{# ############################### #}
{# STATISTICS #}
{# ############################### #}