From 875e9e5eddd1726dc125b1ae7cdce976ae1b7a91 Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Sun, 12 Feb 2023 13:17:03 +1100 Subject: [PATCH] Add back dataplaneapi in anticipation of using it to control haproxy rather than haproxy-sdk runtime socket --- docker-compose.yml | 3 +++ haproxy/Dockerfile | 8 +++++++- haproxy/dataplaneapi.hcl | 27 +++++++++++++++++++++++++++ haproxy/haproxy.cfg | 26 +++++++++++++++----------- haproxy/map/ddos.map | 2 +- 5 files changed, 53 insertions(+), 13 deletions(-) create mode 100644 haproxy/dataplaneapi.hcl diff --git a/docker-compose.yml b/docker-compose.yml index 768642d..2b98432 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,11 +5,14 @@ services: network_mode: host ports: - 80:80 + # - 2000:2000 #runtime api + # - 2001:2001 #dataplaneapi build: context: ./ dockerfile: haproxy/Dockerfile volumes: - ./haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg + - ./haproxy/dataplaneapi.hcl:/etc/haproxy/dataplaneapi.hcl - ./haproxy/map/:/etc/haproxy/map/ - ./haproxy/template/:/etc/haproxy/template/ - ./src/lua/scripts/:/etc/haproxy/scripts/ diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile index 6b56813..be78e05 100644 --- a/haproxy/Dockerfile +++ b/haproxy/Dockerfile @@ -17,7 +17,8 @@ RUN set -eux; \ --uid 99 \ haproxy -ENV HAPROXY_URL http://www.haproxy.org/download/2.6/src/snapshot/haproxy-ss-LATEST.tar.gz +ENV HAPROXY_URL http://www.haproxy.org/download/2.7/src/snapshot/haproxy-ss-LATEST.tar.gz +ENV DATAPLANEAPI_URL https://github.com/haproxytech/dataplaneapi/releases/download/v2.7.2/dataplaneapi_2.7.2_Linux_x86_64.tar.gz # see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments RUN set -eux; \ @@ -37,6 +38,11 @@ RUN set -eux; \ ; \ rm -rf /var/lib/apt/lists/*; \ \ + wget -O dataplaneapi_Linux_x86_64.tar.gz "$DATAPLANEAPI_URL"; \ + tar -zxvf dataplaneapi_Linux_x86_64.tar.gz; \ + chmod +x build/dataplaneapi; \ + cp build/dataplaneapi /usr/local/bin/; \ + \ wget -O haproxy.tar.gz "$HAPROXY_URL"; \ # echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \ mkdir -p /usr/src/haproxy; \ diff --git a/haproxy/dataplaneapi.hcl b/haproxy/dataplaneapi.hcl new file mode 100644 index 0000000..5ab0f82 --- /dev/null +++ b/haproxy/dataplaneapi.hcl @@ -0,0 +1,27 @@ +config_version = 2 +name = "basedflare" +mode = "single" + +dataplaneapi { + host = "127.0.0.1" + port = 2001 + user "admin" { + insecure = true + password = "admin" + } + transaction { + transaction_dir = "/tmp/haproxy" + } + advertised {} +} + +haproxy { + config_file = "/etc/haproxy/haproxy.cfg" + haproxy_bin = "/usr/local/sbin/haproxy" + reload { + reload_delay = 5 + reload_cmd = "service haproxy reload" + restart_cmd = "service haproxy restart" + reload_strategy = "custom" + } +} diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg index f302c1b..daeb518 100644 --- a/haproxy/haproxy.cfg +++ b/haproxy/haproxy.cfg @@ -18,17 +18,21 @@ defaults timeout server 50000ms timeout tarpit 5000ms -#frontend stats-frontend -# bind *:2000 -# option tcplog -# mode tcp -# acl white_list src xxx.xxx.xxx.xxx -# tcp-request connection reject unless white_list -# default_backend stats-backend - -#backend stats-backend -# mode tcp -# server stats-localhost 127.0.0.1:1999 +# program api + # command dataplaneapi -f /etc/haproxy/dataplaneapi.hcl --update-map-files + # no option start-on-reload +# +# frontend stats-frontend + # bind *:2000 + # option tcplog + # mode tcp + # acl white_list src 127.0.0.1 + # tcp-request connection reject unless white_list + # default_backend stats-backend +# +# backend stats-backend + # mode tcp + # server stats-localhost 127.0.0.1:1999 frontend http-in diff --git a/haproxy/map/ddos.map b/haproxy/map/ddos.map index 49766ca..4baa168 100644 --- a/haproxy/map/ddos.map +++ b/haproxy/map/ddos.map @@ -1,2 +1,2 @@ localhost 1 -localhost/captcha 2 +localhost/test 2