update, dynamic backends based on hostname ,can be updated live control panel/management socket

2025-05-09 02:05:37 +00:00 · 2021-12-26 23:56:15 +11:00
parent 6f52ee8977
commit 9557c06aa1
9 changed files with 41 additions and 5 deletions
--- a/README.MD
+++ b/README.MD
@ -31,6 +31,8 @@ Add some env vars to docker-compose file:
 - POW_COOKIE_SECRET - different random string, a salt for pow cookies
 - RAY_ID - string to identify the haproxy node by
 - BUCKET_DURATION - how long between bucket changes, invalidating cookies
+- BACKEND_NAME - name of backend to build from hosts.map
+- SERVER_PREFIX - prefix of server names i.e. <prefix>n where n is the number, in server-template

 Run docker compose:
 ```bash
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,6 +5,7 @@ services:
 #      context: ./
 #      dockerfile: tor/Dockerfile
  haproxy:
+    network_mode: "host"
    build:
      context: ./
      dockerfile: haproxy/Dockerfile
@ -15,6 +16,8 @@ services:
      - ./haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
      - ./haproxy/ddos.map:/etc/haproxy/ddos.map
      - ./haproxy/hosts.map:/etc/haproxy/hosts.map
+      - ./haproxy/backends.map:/etc/haproxy/backends.map
+      - ./haproxy/blocked.map:/etc/haproxy/blocked.map
      - ./src/scripts/:/etc/haproxy/scripts/
      - ./src/libs/:/etc/haproxy/libs/
      - ./haproxy/js/:/var/www/js/
@ -25,7 +28,11 @@ services:
      - POW_COOKIE_SECRET=
      - RAY_ID=
      - BUCKET_DURATION=43200
+      - BACKEND_NAME="servers"
+      - SERVER_PREFIX="websrv"
  nginx:
+    ports:
+      - 81:80
    image: "nginx:latest"
    volumes:
      - ./nginx:/usr/share/nginx/html
--- a/haproxy/backends.map
+++ b/haproxy/backends.map
--- a/haproxy/blocked.map
+++ b/haproxy/blocked.map
--- a/haproxy/ddos.map
+++ b/haproxy/ddos.map
@ -1 +0,0 @@
-localhost 1
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@ -4,7 +4,7 @@ global
 	log stdout  format raw  local0  debug
 	lua-load /etc/haproxy/scripts/register.lua
 	stats socket /var/run/haproxy.sock mode 666 level admin
-	stats socket *:2000 level operator
+	stats socket *:2000 level admin

 defaults
 	mode http
@ -13,11 +13,17 @@ defaults
 	timeout server 50000ms

 frontend http-in
+	option httplog
 	bind *:80
+	bind *:443

 	acl is_existing_vhost hdr(host),lower,map_str(/etc/haproxy/hosts.map) -m found
 	http-request silent-drop unless is_existing_vhost

+	# acl for blocked IPs/subnets
+	acl blocked_ip_or_subnet src,map_ip(/etc/haproxy/blocked.map) -m found
+	http-request deny deny_status 403 if blocked_ip_or_subnet
+
 	# acl ORs for when ddos_mode_enabled
 	acl ddos_mode_enabled_override hdr_cnt(xr3la1rfFc) eq 0 # note: global only enables POW not captcha atm until
 	acl ddos_mode_enabled hdr(host),lower,map(/etc/haproxy/ddos.map) -m bool
@ -47,7 +53,10 @@ frontend http-in
 	default_backend servers

 backend servers
-	server server1 nginx:80 maxconn 32
+	mode http
+    server-template websrv 1-100 0.0.0.0:80 check disabled
+	use-server %[req.hdr(host),lower,map(/etc/haproxy/backends.map)] if TRUE
+	#server  default 127.0.0.1:80

 backend hcaptcha
 	mode http
--- a/haproxy/hosts.map
+++ b/haproxy/hosts.map
@ -1 +0,0 @@
-localhost
--- a/src/scripts/hcaptcha.lua
+++ b/src/scripts/hcaptcha.lua
@ -14,9 +14,28 @@ local pow_cookie_secret = os.getenv("POW_COOKIE_SECRET")
 local ray_id = os.getenv("RAY_ID")

 local captcha_provider_domain = "hcaptcha.com"
-
 local captcha_map = Map.new("/etc/haproxy/ddos.map", Map._str);

+function _M.setup_servers()
+	local backend_name = os.getenv("BACKEND_NAME")
+	local server_prefix = os.getenv("SERVER_PREFIX")
+	local hosts_map = Map.new("/etc/haproxy/hosts.map", Map._str);
+	local backends_map = Map.new("/etc/haproxy/backends.map", Map._str);
+	local handle = io.open("/etc/haproxy/hosts.map", "r")
+	local line = handle:read("*line")
+	local counter = 1
+	while line do
+		local hostname, backend_address = line:match("([^%s]+)%s+([^%s]+)")
+		core.set_map("/etc/haproxy/backends.map", hostname, "websrv"..counter)
+		local proxy = core.proxies[backend_name].servers[server_prefix..counter]
+		proxy:set_addr(backend_address)
+		proxy:set_ready()
+		line = handle:read("*line")
+		counter = counter + 1
+	end
+	handle:close()
+end
+
 -- main page template
 local body_template = [[
 <!DOCTYPE html>
--- a/src/scripts/register.lua
+++ b/src/scripts/register.lua
@ -6,3 +6,4 @@ core.register_service("hcaptcha-view", "http", hcaptcha.view)
 core.register_action("hcaptcha-check", { 'http-req', }, hcaptcha.check_captcha_status)
 core.register_action("pow-check", { 'http-req', }, hcaptcha.check_pow_status)
 core.register_action("decide-checks-necessary", { 'http-req', }, hcaptcha.decide_checks_necessary)
+core.register_init(hcaptcha.setup_servers)