1<form> 2 <field> 3 <id>frontend.enabled</id> 4 <label>Enabled</label> 5 <type>checkbox</type> 6 <help>Enable this Public Service.</help> 7 </field> 8 <field> 9 <id>frontend.name</id> 10 <label>Name</label> 11 <type>text</type> 12 <help>Name to identify this Public Service.</help> 13 </field> 14 <field> 15 <id>frontend.description</id> 16 <label>Description</label> 17 <type>text</type> 18 <help>Description for this Public Service.</help> 19 </field> 20 <field> 21 <id>frontend.bind</id> 22 <label>Listen Addresses</label> 23 <type>select_multiple</type> 24 <style>tokenize</style> 25 <allownew>true</allownew> 26 <help><![CDATA[Configure listen addresses for this Public Service, i.e. 127.0.0.1:8080 or www.example.com:443. Use TAB key to complete typing a listen address.]]></help> 27 <hint>Enter address:port here. Finish with TAB.</hint> 28 </field> 29 <field> 30 <id>frontend.bindOptions</id> 31 <label>Bind option pass-through</label> 32 <type>text</type> 33 <help><![CDATA[A list of parameters that will be appended to every Listen Address line.<br/>Example: accept-proxy npn http/1.1<br/>]]></help> 34 <advanced>true</advanced> 35 </field> 36 <field> 37 <id>frontend.mode</id> 38 <label>Type</label> 39 <type>dropdown</type> 40 <help><![CDATA[Set the running mode or protocol for this Public Service.]]></help> 41 </field> 42 <field> 43 <id>frontend.defaultBackend</id> 44 <label>Default Backend Pool</label> 45 <type>dropdown</type> 46 <help><![CDATA[Set the default Backend Pool to use for this Public Service.]]></help> 47 </field> 48 <field> 49 <id>frontend.ssl_enabled</id> 50 <label>Enable SSL offloading</label> 51 <type>checkbox</type> 52 <help>Enable SSL offloading</help> 53 </field> 54 <field> 55 <label>SSL Offloading</label> 56 <type>header</type> 57 <style>mode_table table_http table_ssl table_ssl_true</style> 58 </field> 59 <field> 60 <id>frontend.ssl_certificates</id> 61 <label>Certificates</label> 62 <type>select_multiple</type> 63 <style>tokenize</style> 64 <allownew>true</allownew> 65 <help><![CDATA[Select certificates to use for SSL offloading. HAProxy's SNI recognition will determine the correct certificate automatically. If no SNI is provided by the client then the first certificate will be presented.<br/>To import additional certificates, go to <a href="/system_certmanager.php">Certificate Manager</a>.]]></help> 66 <hint>Type certificate name or choose from list.</hint> 67 </field> 68 <field> 69 <id>frontend.ssl_default_certificate</id> 70 <label>Default certificate</label> 71 <type>dropdown</type> 72 <help><![CDATA[This certificate will be presented if no SNI is provided by the client or if the client provides an SNI hostname which does not match any certificate. This parameter is optional to enforce a certain sort order for certificates.]]></help> 73 </field> 74 <field> 75 <id>frontend.ssl_customOptions</id> 76 <label>SSL option pass-through</label> 77 <type>text</type> 78 <help><![CDATA[Pass additional SSL parameters to the HAProxy configuration.]]></help> 79 <advanced>true</advanced> 80 </field> 81 <field> 82 <id>frontend.ssl_advancedEnabled</id> 83 <label>Enable Advanced settings</label> 84 <type>checkbox</type> 85 <help><![CDATA[Enable advanced SSL settings.]]></help> 86 </field> 87 <field> 88 <label>Advanced SSL settings</label> 89 <type>header</type> 90 <style>mode_table table_http table_ssl table_ssl_advanced table_ssl_advanced_true</style> 91 </field> 92 <field> 93 <id>frontend.ssl_minVersion</id> 94 <label>Minimum SSL Version</label> 95 <type>dropdown</type> 96 <help><![CDATA[This option enforces use of the specified version (or higher) on SSL connections.]]></help> 97 </field> 98 <field> 99 <id>frontend.ssl_maxVersion</id> 100 <label>Maximum SSL Version</label> 101 <type>dropdown</type> 102 <help><![CDATA[This option enforces use of the specified version (or lower) on SSL connections.]]></help> 103 </field> 104 <field> 105 <id>frontend.ssl_cipherList</id> 106 <label>Cipher List</label> 107 <type>text</type> 108 <help><![CDATA[It sets the default string describing the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake up to TLSv1.2.]]></help> 109 </field> 110 <field> 111 <id>frontend.ssl_cipherSuites</id> 112 <label>Cipher Suites</label> 113 <type>text</type> 114 <help><![CDATA[It sets the default string describing the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake for TLSv1.3.]]></help> 115 </field> 116 <field> 117 <id>frontend.ssl_hstsEnabled</id> 118 <label>Enable HSTS</label> 119 <type>checkbox</type> 120 <help><![CDATA[Enable HTTP Strict Transport Security.]]></help> 121 </field> 122 <field> 123 <id>frontend.ssl_hstsIncludeSubDomains</id> 124 <label>HSTS includeSubDomains</label> 125 <type>checkbox</type> 126 <help><![CDATA[Enable if all present and future subdomains will be HTTPS.]]></help> 127 </field> 128 <field> 129 <id>frontend.ssl_hstsPreload</id> 130 <label>HSTS preload</label> 131 <type>checkbox</type> 132 <help><![CDATA[Enable if you like this domain to be included in the HSTS preload list.]]></help> 133 </field> 134 <field> 135 <id>frontend.ssl_hstsMaxAge</id> 136 <label>HSTS max-age</label> 137 <type>text</type> 138 <help><![CDATA[Future requests to the domain should use only HTTPS for the specified time (in seconds): 15768000 = 6 months]]></help> 139 </field> 140 <field> 141 <id>frontend.ssl_bindOptions</id> 142 <label>Bind options</label> 143 <type>select_multiple</type> 144 <style>tokenize</style> 145 <allownew>true</allownew> 146 <sortable>true</sortable> 147 <help><![CDATA[Used to enforce or disable certain SSL options.]]></help> 148 </field> 149 <field> 150 <label>Client Certificate Auth</label> 151 <type>header</type> 152 <style>mode_table table_http table_ssl table_ssl_true</style> 153 </field> 154 <field> 155 <id>frontend.ssl_clientAuthEnabled</id> 156 <label>Enable</label> 157 <type>checkbox</type> 158 <help><![CDATA[Enable Client Certificate Authentication.]]></help> 159 </field> 160 <field> 161 <id>frontend.ssl_clientAuthVerify</id> 162 <label>Verification</label> 163 <type>dropdown</type> 164 <help><![CDATA[If set to 'optional' or 'required', client certificate is requested.]]></help> 165 </field> 166 <field> 167 <id>frontend.ssl_clientAuthCAs</id> 168 <label>Certificate Authorities</label> 169 <type>select_multiple</type> 170 <allownew>true</allownew> 171 <help><![CDATA[Select CA certificates to use for client certificate authentication. <br/>To import additional CAs, go to <a href="/system_camanager.php">CA Manager</a>.]]></help> 172 <hint>Type CA name or choose from list.</hint> 173 </field> 174 <field> 175 <id>frontend.ssl_clientAuthCRLs</id> 176 <label>Certificate Revocation Lists</label> 177 <type>select_multiple</type> 178 <allownew>true</allownew> 179 <help><![CDATA[Select CRLs to use for client certificate authentication. <br/>To import additional CRLs, go to <a href="/system_crlmanager.php">CRL Manager</a>.]]></help> 180 <hint>Type CRL name or choose from list.</hint> 181 </field> 182 <field> 183 <label>HTTP(S) settings</label> 184 <type>header</type> 185 <style>mode_table table_http</style> 186 </field> 187 <field> 188 <id>frontend.http2Enabled</id> 189 <label>Enable HTTP/2</label> 190 <type>checkbox</type> 191 <help><![CDATA[Enable support for HTTP/2.]]></help> 192 </field> 193 <field> 194 <id>frontend.http2Enabled_nontls</id> 195 <label>HTTP/2 without TLS</label> 196 <type>checkbox</type> 197 <help><![CDATA[Enable support for HTTP/2 even if TLS (SSL offloading) is not enabled.]]></help> 198 </field> 199 <field> 200 <id>frontend.advertised_protocols</id> 201 <label>Advertise Protocols (ALPN)</label> 202 <type>select_multiple</type> 203 <style>tokenize</style> 204 <allownew>true</allownew> 205 <sortable>true</sortable> 206 <help><![CDATA[When using the TLS ALPN extension, HAProxy advertises the specified protocol list as supported on top of ALPN. SSL offloading must be enabled.]]></help> 207 </field> 208 <field> 209 <id>frontend.forwardFor</id> 210 <label>X-Forwarded-For header</label> 211 <type>checkbox</type> 212 <help><![CDATA[Enable insertion of the X-Forwarded-For header to requests sent to servers.]]></help> 213 </field> 214 <field> 215 <label>Basic Authentication</label> 216 <type>header</type> 217 <style>mode_table table_http</style> 218 </field> 219 <field> 220 <id>frontend.basicAuthEnabled</id> 221 <label>Enable</label> 222 <type>checkbox</type> 223 <help><![CDATA[Enable HTTP Basic Authentication.]]></help> 224 </field> 225 <field> 226 <id>frontend.basicAuthUsers</id> 227 <label>Allowed Users</label> 228 <type>select_multiple</type> 229 <allownew>true</allownew> 230 <hint>Type username or choose from list.</hint> 231 </field> 232 <field> 233 <id>frontend.basicAuthGroups</id> 234 <label>Allowed Groups</label> 235 <type>select_multiple</type> 236 <allownew>true</allownew> 237 <hint>Type group or choose from list.</hint> 238 </field> 239 <field> 240 <label>Tuning Options</label> 241 <type>header</type> 242 </field> 243 <field> 244 <id>frontend.tuning_maxConnections</id> 245 <label>Max. Connections</label> 246 <type>text</type> 247 <help><![CDATA[Set the maximum number of concurrent connections for this Public Service.]]></help> 248 </field> 249 <field> 250 <id>frontend.tuning_timeoutClient</id> 251 <label>Client Timeout</label> 252 <type>text</type> 253 <help><![CDATA[Set the maximum inactivity time on the client side. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help> 254 <advanced>true</advanced> 255 </field> 256 <field> 257 <id>frontend.tuning_timeoutHttpReq</id> 258 <label>HTTP Request Timeout</label> 259 <type>text</type> 260 <help><![CDATA[Set the maximum allowed time to wait for a complete HTTP request. In order to offer DoS protection, it may be required to lower the maximum accepted time to receive a complete HTTP request without affecting the client timeout. This helps protecting against established connections on which nothing is sent. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help> 261 <advanced>true</advanced> 262 </field> 263 <field> 264 <id>frontend.tuning_timeoutHttpKeepAlive</id> 265 <label>HTTP Keep-Alive Timeout</label> 266 <type>text</type> 267 <help><![CDATA[Set the maximum allowed time to wait for a new HTTP request to appear. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help> 268 <advanced>true</advanced> 269 </field> 270 <field> 271 <id>frontend.linkedCpuAffinityRules</id> 272 <label>CPU Affinity Rules</label> 273 <type>select_multiple</type> 274 <allownew>true</allownew> 275 <help><![CDATA[Choose CPU affinity rules that should be applied to this Public Service.]]></help> 276 <hint>Choose CPU affinity rules.</hint> 277 <advanced>true</advanced> 278 </field> 279 <field> 280 <label>Logging Options</label> 281 <type>header</type> 282 </field> 283 <field> 284 <id>frontend.logging_dontLogNull</id> 285 <label>Don't log null</label> 286 <type>checkbox</type> 287 <help><![CDATA[Enable or disable logging of connections with no data.]]></help> 288 <advanced>true</advanced> 289 </field> 290 <field> 291 <id>frontend.logging_dontLogNormal</id> 292 <label>Don't log normal</label> 293 <type>checkbox</type> 294 <help><![CDATA[Enable or disable logging of normal, successful connections.]]></help> 295 <advanced>true</advanced> 296 </field> 297 <field> 298 <id>frontend.logging_logSeparateErrors</id> 299 <label>Raise Log Level</label> 300 <type>checkbox</type> 301 <help><![CDATA[Allow HAProxy to automatically raise log level for non-completely successful connections to aid debugging.]]></help> 302 <advanced>true</advanced> 303 </field> 304 <field> 305 <id>frontend.logging_detailedLog</id> 306 <label>Detailed Logging</label> 307 <type>checkbox</type> 308 <help><![CDATA[Enable or disable verbose logging. Each log line turns into a much richer format.]]></help> 309 </field> 310 <field> 311 <id>frontend.logging_socketStats</id> 312 <label>Separate Statistics</label> 313 <type>checkbox</type> 314 <help><![CDATA[Enable or disable collecting & providing separate statistics for each socket.]]></help> 315 <advanced>true</advanced> 316 </field> 317 <field> 318 <label>Stickiness table</label> 319 <type>header</type> 320 </field> 321 <field> 322 <id>frontend.stickiness_pattern</id> 323 <label>Table type</label> 324 <type>dropdown</type> 325 <help><![CDATA[Choose the type of data that should be stored in this stick-table. Note that this stick-table cannot be used for session persistence, it is only used to store additional per-connection data (select below). See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.2/configuration.html#stick-table">HAProxy documentation</a> for further information.]]></help> 326 <hint>Choose a stick-table type.</hint> 327 </field> 328 <field> 329 <id>frontend.stickiness_dataTypes</id> 330 <label>Stored data types</label> 331 <type>select_multiple</type> 332 <help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.2/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help> 333 </field> 334 <field> 335 <id>frontend.stickiness_expire</id> 336 <label>Expiration time</label> 337 <type>text</type> 338 <help><![CDATA[Enter a number followed by one of the supported suffixes "d" (days), "h" (hour), "m" (minute), "s" (seconds), "ms" (miliseconds). This configures the maximum duration of an entry in the stick-table since it was last created, refreshed or matched. The maximum duration is slightly above 24 days.]]></help> 339 <advanced>true</advanced> 340 </field> 341 <field> 342 <id>frontend.stickiness_size</id> 343 <label>Size</label> 344 <type>text</type> 345 <help><![CDATA[Enter a number followed by one of the supported suffixes "k", "m", "g". This configures the maximum number of entries that can fit in the table. This value directly impacts memory usage. Count approximately 50 bytes per entry, plus the size of a string if any.]]></help> 346 <advanced>true</advanced> 347 </field> 348 <field> 349 <id>frontend.stickiness_counter</id> 350 <label>Enable sticky counters</label> 351 <type>checkbox</type> 352 <help><![CDATA[Enable to be able to retrieve values from sticky counters. If disabled, all values will return 0, rendering many conditions useless.]]></help> 353 <advanced>true</advanced> 354 </field> 355 <field> 356 <id>frontend.stickiness_counter_key</id> 357 <label>Sticky counter key</label> 358 <type>text</type> 359 <help><![CDATA[It describes what elements of the incoming request or connection will be analyzed, extracted, combined, and used to select which table entry to update the counters. Defaults to "src" to track elements of the source IP. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/2.2/configuration.html#tcp-request connection">HAProxy documentation</a> for a full description.]]></help> 360 <advanced>true</advanced> 361 </field> 362 <field> 363 <id>frontend.stickiness_length</id> 364 <label>Max. data length</label> 365 <type>text</type> 366 <help><![CDATA[Specify the maximum length for a value in the stick-table. If the value is larger than this value it will be truncated before being stored. Depending on the stick-table type this repesents either characters or bytes.]]></help> 367 <advanced>true</advanced> 368 </field> 369 <field> 370 <id>frontend.stickiness_connRatePeriod</id> 371 <label>Connection rate period</label> 372 <type>text</type> 373 <help><![CDATA[The length of the period over which the average is measured. It reports the average incoming connection rate over that period, in connections per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help> 374 <advanced>true</advanced> 375 </field> 376 <field> 377 <id>frontend.stickiness_sessRatePeriod</id> 378 <label>Session rate period</label> 379 <type>text</type> 380 <help><![CDATA[The length of the period over which the average is measured. It reports the average incoming session rate over that period, in sessions per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help> 381 <advanced>true</advanced> 382 </field> 383 <field> 384 <id>frontend.stickiness_httpReqRatePeriod</id> 385 <label>HTTP request rate period</label> 386 <type>text</type> 387 <help><![CDATA[The length of the period over which the average is measured. It reports the average HTTP request rate over that period, in requests per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help> 388 <advanced>true</advanced> 389 </field> 390 <field> 391 <id>frontend.stickiness_httpErrRatePeriod</id> 392 <label>HTTP error rate period</label> 393 <type>text</type> 394 <help><![CDATA[The length of the period over which the average is measured. It reports the average HTTP request error rate over that period, in requests per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help> 395 <advanced>true</advanced> 396 </field> 397 <field> 398 <id>frontend.stickiness_bytesInRatePeriod</id> 399 <label>Bytes in rate period</label> 400 <type>text</type> 401 <help><![CDATA[The length of the period over which the average is measured. It reports the average incoming bytes rate over that period, in bytes per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help> 402 <advanced>true</advanced> 403 </field> 404 <field> 405 <id>frontend.stickiness_bytesOutRatePeriod</id> 406 <label>Bytes out rate period</label> 407 <type>text</type> 408 <help><![CDATA[The length of the period over which the average is measured. It reports the average outgoing bytes rate over that period, in bytes per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help> 409 <advanced>true</advanced> 410 </field> 411 <field> 412 <label>Advanced settings</label> 413 <type>header</type> 414 </field> 415 <field> 416 <id>frontend.connectionBehaviour</id> 417 <label>Type</label> 418 <type>dropdown</type> 419 <help><![CDATA[By default HAProxy operates in <b>keep-alive</b> mode with regards to persistent connections. Option <b>"http-tunnel"</b> disables any HTTP processing past the first request and the first response. Option <b>"httpclose"</b> configures HAProxy to work in HTTP tunnel mode and check if a "Connection: close" header is already set in each direction, and will add one if missing. Option <b>"http-server-close"</b> enables HTTP connection-close mode on the server side while keeping the ability to support HTTP keep-alive and pipelining on the client side. With Option <b>"forceclose"</b> HAProxy will actively close the outgoing server channel as soon as the server has finished to respond and release some resources earlier.]]></help> 420 <advanced>true</advanced> 421 </field> 422 <field> 423 <id>frontend.customOptions</id> 424 <label>Option pass-through</label> 425 <type>textbox</type> 426 <help><![CDATA[These lines will be added to the HAProxy frontend configuration.]]></help> 427 <advanced>true</advanced> 428 </field> 429 <field> 430 <label>Rules</label> 431 <type>header</type> 432 </field> 433 <field> 434 <label>fieldShouldBeSkipped</label> 435 <type>fieldShouldBeSkipped</type> 436 <style>fieldShouldBeSkipped</style> 437 <sortable>true</sortable> 438 <help><![CDATA[Choose rules to be included in this Public Service.]]></help> 439 <hint>Choose rules.</hint> 440 </field> 441 <field> 442 <id>frontend.linkedActions</id> 443 <label>Select Rules</label> 444 <type>select_multiple</type> 445 <style>tokenize</style> 446 <sortable>true</sortable> 447 <help><![CDATA[Choose rules to be included in this Public Service.]]></help> 448 <hint>Choose rules.</hint> 449 </field> 450 <field> 451 <label>Error Messages</label> 452 <type>header</type> 453 </field> 454 <field> 455 <id>frontend.linkedErrorfiles</id> 456 <label>Select Error Messages</label> 457 <type>select_multiple</type> 458 <help><![CDATA[Choose error messages to be included in this Public Service.]]></help> 459 <hint>Choose error messages.</hint> 460 </field> 461</form> 462