-
Notifications
You must be signed in to change notification settings - Fork 583
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix bugs & add feature #19
Changes from 10 commits
b3be108
d5bc5f6
991b856
a8d7589
9478304
6b9cada
6ed7455
661646c
90e7224
75bcb37
4ef2cb7
2e641cf
e64babd
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -51,4 +51,11 @@ | |
<help><![CDATA[Sets the interval (in milliseconds) for running health checks on the server.]]></help> | ||
<advanced>true</advanced> | ||
</field> | ||
<field> | ||
<id>server.checkport</id> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nice addition. |
||
<label>Port to check</label> | ||
<type>text</type> | ||
<help><![CDATA[Provide the TCP communication port to use during check, i.e. 80 or 443.]]></help> | ||
<advanced>true</advanced> | ||
</field> | ||
</form> |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -114,6 +114,9 @@ | |
<x-3>redispatch on the 3rd retry prior to the last retry</x-3> | ||
</OptionValues> | ||
</redispatch> | ||
<customOptions type="TextField"> | ||
<Required>N</Required> | ||
</customOptions> | ||
</defaults> | ||
<logging> | ||
<host type="TextField"> | ||
|
@@ -208,6 +211,9 @@ | |
<mask>/^((([0-9a-zA-Z._\-]+:[0-9a-zA-Z._\-]+)([,]){0,1}))*/u</mask> | ||
<ValidationMessage>Please provide a valid user and password, i.e. user:secret123.</ValidationMessage> | ||
</users> | ||
<customOptions type="TextField"> | ||
<Required>N</Required> | ||
</customOptions> | ||
</stats> | ||
</general> | ||
<frontends> | ||
|
@@ -233,9 +239,9 @@ | |
<Required>Y</Required> | ||
<multiple>Y</multiple> | ||
<!-- <default>localhost:8080</default> --> | ||
<mask>/^((([0-9a-zA-Z._\-\*]+:[0-9]+)([,]){0,1}))*/u</mask> | ||
<mask>/^((([0-9a-zA-Z._\-\*]+:[0-9]+(-[0-9]+)?)([,]){0,1}))*/u</mask> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Very useful! Of course port ranges should be supported. |
||
<ChangeCase>lower</ChangeCase> | ||
<ValidationMessage>Please provide a valid listen address, i.e. 127.0.0.1:8080 or www.example.com:443.</ValidationMessage> | ||
<ValidationMessage>Please provide a valid listen address, i.e. 127.0.0.1:8080 or www.example.com:443. Port range as start-end, i.e. 127.0.0.1:1220-1240.</ValidationMessage> | ||
</bind> | ||
<mode type="OptionField"> | ||
<Required>Y</Required> | ||
|
@@ -476,6 +482,13 @@ | |
<customOptions type="TextField"> | ||
<Required>N</Required> | ||
</customOptions> | ||
<tuning_defaultserver type="TextField"> | ||
<Required>N</Required> | ||
</tuning_defaultserver> | ||
<tuning_noport type="BooleanField"> | ||
<default>0</default> | ||
<Required>Y</Required> | ||
</tuning_noport> | ||
<linkedActions type="ModelRelationField"> | ||
<Model> | ||
<template> | ||
|
@@ -526,6 +539,13 @@ | |
<ValidationMessage>Please specify a value between 1 and 65535.</ValidationMessage> | ||
<Required>Y</Required> | ||
</port> | ||
<checkport type="IntegerField"> | ||
<default>80</default> | ||
<MinimumValue>1</MinimumValue> | ||
<MaximumValue>65535</MaximumValue> | ||
<ValidationMessage>Please specify a value between 1 and 65535.</ValidationMessage> | ||
<Required>N</Required> | ||
</checkport> | ||
<mode type="OptionField"> | ||
<Required>Y</Required> | ||
<default>active</default> | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -441,7 +441,7 @@ | |
{# ############################### #} | ||
|
||
global | ||
uid 80 | ||
#uid 80 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please don't do this. HAProxy should NOT run as root in the default configuration. |
||
gid 80 | ||
{% if OPNsense.HAProxy.general.tuning.chroot == "1" %} | ||
# NOTE: chroot prevents (most) local logging, you need to enable remote | ||
|
@@ -491,7 +491,12 @@ global | |
{% endif %} | ||
{% endfor %} | ||
{% endif %} | ||
|
||
{% if OPNsense.HAProxy.general.tuning.customOptions|default("") != "" %} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good catch! :) |
||
# WARNING: pass through options below this line | ||
{% for customOpt in OPNsense.HAProxy.general.tuning.customOptions.split("\n") %} | ||
{{customOpt}} | ||
{% endfor %} | ||
{% endif %} | ||
|
||
{# ############################### #} | ||
{# DEFAULTS #} | ||
|
@@ -518,6 +523,12 @@ defaults | |
{% if OPNsense.HAProxy.general.defaults.retries|default("") != "" %} | ||
retries {{OPNsense.HAProxy.general.defaults.retries}} | ||
{% endif %} | ||
{% if OPNsense.HAProxy.general.defaults.customOptions|default("") != "" %} | ||
# WARNING: pass through options below this line | ||
{% for customOpt in OPNsense.HAProxy.general.defaults.customOptions.split("\n") %} | ||
{{customOpt}} | ||
{% endfor %} | ||
{% endif %} | ||
{% endif %} | ||
|
||
{# ############################### #} | ||
|
@@ -526,30 +537,34 @@ defaults | |
|
||
{% if helpers.exists('OPNsense.HAProxy.frontends') %} | ||
{% for frontend in helpers.toList('OPNsense.HAProxy.frontends.frontend') %} | ||
{% if frontend.enabled=='1' %} | ||
{% if frontend.enabled == '1' %} | ||
# Frontend: {{frontend.name}} ({{frontend.description}}) | ||
frontend {{frontend.name}} | ||
{# # collect ssl certs (if configured) #} | ||
{% if frontend.ssl_certificates|default("") != "" %} | ||
{% set ssl_certs = [] %} | ||
{% for cert in frontend.ssl_certificates.split(",") %} | ||
{% do ssl_certs.append('crt /var/etc/haproxy/ssl/' ~ cert ~ '.pem') %} | ||
{% endfor %} | ||
{% endif %} | ||
{# # advanced ssl options #} | ||
{% if frontend.ssl_customOptions|default("") != "" %} | ||
{# # add a space to separate it from other ssl params #} | ||
{% set ssl_options = frontend.ssl_customOptions ~ ' ' %} | ||
{% if frontend.ssl_enabled == '1' %} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think a better fix would be to... |
||
{# # collect ssl certs (if configured) #} | ||
{% if frontend.ssl_certificates|default("") != "" %} | ||
{% set ssl_certs = [] %} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ...move this "set ssl_certs = []" outside of the "if frontend.ssl_enabled" clause to always reset it's value, even if SSL is not configured. |
||
{% for cert in frontend.ssl_certificates.split(",") %} | ||
{% do ssl_certs.append('crt /var/etc/haproxy/ssl/' ~ cert ~ '.pem') %} | ||
{% endfor %} | ||
{% endif %} | ||
{# # advanced ssl options #} | ||
{% if frontend.ssl_customOptions|default("") != "" %} | ||
{# # add a space to separate it from other ssl params #} | ||
{% set ssl_options = frontend.ssl_customOptions ~ ' ' %} | ||
{% endif %} | ||
{% endif %} | ||
{# # bind/listen configuration #} | ||
{% if frontend.bind|default("") != "" %} | ||
{% for bind in frontend.bind.split(",") %} | ||
bind {{bind}} name {{bind}} {% if ssl_certs|default("") != "" %}ssl {{ ssl_options }}{{ssl_certs|join(' ')}}{% endif %} | ||
bind {{bind}} name {{bind}} {% if frontend.ssl_enabled == '1' and ssl_certs|default("") != "" %}ssl {{ ssl_options }}{{ssl_certs|join(' ')}} {% endif %} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This new check looks good, we should keep it. |
||
|
||
{% endfor %} | ||
{% endif %} | ||
mode {{frontend.mode}} | ||
{% if frontend.mode != "tcp" %} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good catch! This will prevent many configuration errors. |
||
option {{frontend.connectionBehaviour}} | ||
{% endif %} | ||
{# # select backend #} | ||
{% if frontend.defaultBackend|default("") != "" %} | ||
{% set backend_data = helpers.getUUID(frontend.defaultBackend) %} | ||
|
@@ -688,23 +703,6 @@ backend {{backend.name}} | |
# health checking is DISABLED | ||
{% set healthcheck_enabled = '0' %} | ||
{% endif %} | ||
{% for server in backend.linkedServers.split(",") %} | ||
{% set server_data = helpers.getUUID(server) %} | ||
{# # collect optional server parameters #} | ||
{% set server_options = [] %} | ||
{# # check if health check is enabled #} | ||
{% if healthcheck_enabled == '1' %} | ||
{% do server_options.append('check') %} | ||
{% do server_options.append('inter ' ~ server_data.checkInterval) %} | ||
{# # add all additions from healthchecks here #} | ||
{% do server_options.append(healthcheck_additions|join(' ')) if healthcheck_additions.length != '0' %} | ||
{% endif %} | ||
{# # server weight #} | ||
{% do server_options.append('weight ' ~ server_data.weight) if server_data.weight|default("") != "" %} | ||
{# # server role/mode #} | ||
{% do server_options.append(server_data.mode) if server_data.mode|default("") != "active" %} | ||
server {{server_data.name}} {{server_data.address}}:{{server_data.port}} {{server_options|join(' ')}} | ||
{% endfor %} | ||
{# # XXX: Usually the frontend and the backend are in the same mode, #} | ||
{# # but we have no way to know what frontend uses this backend. #} | ||
{# # Hence we can't automatically set the mode and thus need a #} | ||
|
@@ -759,6 +757,27 @@ backend {{backend.name}} | |
{{customOpt}} | ||
{% endfor %} | ||
{% endif %} | ||
{% if backend.tuning_defaultserver|default("") != "" %} | ||
default-server {{backend.tuning_defaultserver}} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Useful addition. |
||
{% endif %} | ||
|
||
{% for server in backend.linkedServers.split(",") %} | ||
{% set server_data = helpers.getUUID(server) %} | ||
{# # collect optional server parameters #} | ||
{% set server_options = [] %} | ||
{# if# check if health check is enabled #}("") != "" %} | ||
{% if healthcheck_enabled == '1' %} | ||
{% do server_options.append('check') %} | ||
{% do server_options.append('inter ' ~ server_data.checkInterval) %} | ||
{# # add all additions from healthchecks here #} | ||
{% do server_options.append(healthcheck_additions|join(' ')) if healthcheck_additions.length != '0' %} | ||
{% endif %} | ||
{# # server weight #} | ||
{% do server_options.append('weight ' ~ server_data.weight) if server_data.weight|default("") != "" %} | ||
{# # server role/mode #} | ||
{% do server_options.append(server_data.mode) if server_data.mode|default("") != "active" %} | ||
server {{server_data.name}} {{server_data.address}}:{% if backend.tuning_noport != '1' %}{{server_data.port}}{% endif %}{% if server_data.checkport|default("") != "" %} port {{server_data.checkport}}{% endif %} {{server_options|join(' ')}} | ||
{% endfor %} | ||
|
||
{% else %} | ||
# Backend (DISABLED): {{backend.description}} | ||
|
@@ -779,6 +798,12 @@ listen local_statistics | |
stats uri /haproxy?stats | ||
stats realm HAProxy\ statistics | ||
stats admin if TRUE | ||
{% if OPNsense.HAProxy.general.stats.customOptions|default("") != "" %} | ||
# WARNING: pass through options below this line | ||
{% for customOpt in OPNsense.HAProxy.general.stats.customOptions.split("\n") %} | ||
{{customOpt}} | ||
{% endfor %} | ||
{% endif %} | ||
|
||
{# # remote stats are optional #} | ||
{% if OPNsense.HAProxy.general.stats.remoteEnabled|default("") == "1" %} | ||
|
@@ -799,9 +824,15 @@ listen remote_statistics | |
{% endfor %} | ||
{% endif %} | ||
{% endif %} | ||
{% else %} | ||
{% if OPNsense.HAProxy.general.stats.customOptions|default("") != "" %} | ||
# WARNING: pass through options below this line | ||
{% for customOpt in OPNsense.HAProxy.general.stats.customOptions.split("\n") %} | ||
{{customOpt}} | ||
{% endfor %} | ||
{% endif %} | ||
{% else %} | ||
# ERROR: remote statistics disabled, because no listen address was specified | ||
{% endif %} | ||
{% endif %} | ||
{% endif %} | ||
{% else %} | ||
# statistics are DISABLED | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer a shorter "label". What about "Use Frontend port" instead?
The help text does provide a good explanation, so we should keep labels short.