change haproxy pathing from /usr/share/etc to /etc

2025-05-09 02:05:37 +00:00 · 2021-11-25 18:16:07 +11:00
parent 0a6b21f93b
commit 48382434c4
7 changed files with 16 additions and 15 deletions
--- a/README.MD
+++ b/README.MD
@ -38,9 +38,9 @@ Before installing the tool, ensure that HaProxy is built with Lua support.
 - Copy haproxy config and make sure that `lua-load` directive contains absolute path to [register.lua](src/scripts/register.lua)
 - Copy [libs](src/libs) to a path where Lua looks for modules.
 - Copy [ddos-cli](src/cli/ddos-cli) to any convenient path.
- Create `/usr/local/etc/haproxy/domains_under_ddos.txt` with write permissions for HaProxy (feel free to change the map file path, update the HaProxy config correspondingly)
+- Create `/etc/haproxy/domains_under_ddos.txt` with write permissions for HaProxy (feel free to change the map file path, update the HaProxy config correspondingly)

-#### CLI (not maintained)
+#### CLI
 The system comes with CLI. It can be used to manage global and per-domain protection.
 Ensure that stat socket is configured in HaProxy for CLI support.
 ```bash
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -7,9 +7,9 @@ services:
    ports:
      - 80:80
    volumes:
-      - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
-      - ./src/scripts/:/usr/local/etc/haproxy/scripts/
-      - ./src/libs/:/usr/local/etc/haproxy/libs/
+      - ./haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
+      - ./src/scripts/:/etc/haproxy/scripts/
+      - ./src/libs/:/etc/haproxy/libs/
    environment:
      - HCAPTCHA_SECRET=
      - HCAPTCHA_SITEKEY=
--- a/haproxy/Dockerfile
+++ b/haproxy/Dockerfile
@ -68,8 +68,8 @@ RUN set -eux; \
 	eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \
 	eval "make -C /usr/src/haproxy install-bin $makeOpts"; \
 	\
-	mkdir -p /usr/local/etc/haproxy; \
-	cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \
+	mkdir -p /etc/haproxy; \
+	cp -R /usr/src/haproxy/examples/errorfiles /etc/haproxy/errors; \
 	rm -rf /usr/src/haproxy; \
 	\
 	apt-mark auto '.*' > /dev/null; \
@ -102,4 +102,4 @@ RUN apt-get update && apt-get install socat dnsutils -y
 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]

 # no USER for backwards compatibility (to try to avoid breaking existing users)
-CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
+CMD ["haproxy", "-f", "/etc/haproxy/haproxy.cfg"]
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@ -2,7 +2,7 @@ global
    daemon
    maxconn 256
    log stdout  format raw  local0  debug
-    lua-load /usr/local/etc/haproxy/scripts/register.lua
+    lua-load /etc/haproxy/scripts/register.lua
    stats socket /var/run/haproxy.sock mode 666 level admin

 defaults
@ -16,12 +16,12 @@ frontend http-in

 	# acl for ddos_mode_enabled = global enabled OR domain enabled
 	acl ddos_mode_enabled hdr_cnt(xr3la1rfFc) eq 0
-    acl ddos_mode_enabled hdr(host) -i -f /usr/local/etc/haproxy/ddos.map
+    acl ddos_mode_enabled hdr(host) -i -f /etc/haproxy/ddos.map
    #TODO: add ORs here for auto enable on traffic pattern

 	# check captcha cookie, separate map allows to disable captcha (still keeping POW)
    acl captcha_passed var(txn.captcha_passed) -m bool
-    acl captcha_passed hdr(host),map_str(/usr/local/etc/haproxy/no_captcha.map) -m found
+    acl captcha_passed hdr(host),map_str(/etc/haproxy/no_captcha.map) -m found

 	# check proof of work cookie
 	acl pow_passed var(txn.pow_passed) -m bool
--- a/src/cli/ddos-cli
+++ b/src/cli/ddos-cli
@ -1,7 +1,7 @@
 #!/usr/bin/env bash

-HAPROXY_DDOS_DOMAINS_FILE="/usr/local/etc/haproxy/ddos.map"
-HAPROXY_NOCAPTCHA_DOMAINS_FILE="/usr/local/etc/haproxy/no_captcha.map"
+HAPROXY_DDOS_DOMAINS_FILE="/etc/haproxy/ddos.map"
+HAPROXY_NOCAPTCHA_DOMAINS_FILE="/etc/haproxy/no_captcha.map"
 HAPROXY_GLOBAL_ACL="hdr_cnt"
 HAPROXY_SOCKET="/var/run/haproxy.sock"
 SOCAT="$(which socat)"
--- a/src/scripts/hcaptcha.lua
+++ b/src/scripts/hcaptcha.lua
@ -14,7 +14,7 @@ local pow_cookie_secret = os.getenv("POW_COOKIE_SECRET")

 local captcha_provider_domain = "hcaptcha.com"

-local captcha_map = Map.new("/usr/local/etc/haproxy/no_captcha.map", Map._dom);
+local captcha_map = Map.new("/etc/haproxy/no_captcha.map", Map._dom);

 -- main page template
 local body_template = [[
@ -152,6 +152,7 @@ function _M.check_pow_status(txn)
 	    local iterations = parsed_request_cookies["z_ddos_pow"]
 	    local completed_work = sha.sha1(generated_work .. iterations)
 		local challenge_offset = tonumber(generated_work:sub(1,1),16) * 2
+		--core.Debug(completed_work:sub(challenge_offset+1, challenge_offset+4))
 	    if completed_work:sub(challenge_offset+1, challenge_offset+4) == 'b00b' then -- i dont know lua properly :^)
 	        return txn:set_var("txn.pow_passed", true)
 	    end
--- a/src/scripts/register.lua
+++ b/src/scripts/register.lua
@ -1,4 +1,4 @@
-package.path = package.path  .. "./?.lua;/usr/local/etc/haproxy/scripts/?.lua;/usr/local/etc/haproxy/libs/?.lua"
+package.path = package.path  .. "./?.lua;/etc/haproxy/scripts/?.lua;/etc/haproxy/libs/?.lua"

 local hcaptcha = require("hcaptcha")