update, dynamic backends based on hostname ,can be updated live control panel/management socket

2025-05-09 02:05:37 +00:00 · 2021-12-26 23:56:15 +11:00
parent 6f52ee8977
commit 9557c06aa1
9 changed files with 41 additions and 5 deletions
--- a/README.MD
+++ b/README.MD
@ -31,6 +31,8 @@ Add some env vars to docker-compose file:
 - POW_COOKIE_SECRET - different random string, a salt for pow cookies
 - RAY_ID - string to identify the haproxy node by
 - BUCKET_DURATION - how long between bucket changes, invalidating cookies
 - BACKEND_NAME - name of backend to build from hosts.map
 - SERVER_PREFIX - prefix of server names i.e. <prefix>n where n is the number, in server-template
 Run docker compose:
 ```bash
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,6 +5,7 @@ services:
 #      context: ./
 #      dockerfile: tor/Dockerfile
  haproxy:
    network_mode: "host"
    build:
      context: ./
      dockerfile: haproxy/Dockerfile
@ -15,6 +16,8 @@ services:
      - ./haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
      - ./haproxy/ddos.map:/etc/haproxy/ddos.map
      - ./haproxy/hosts.map:/etc/haproxy/hosts.map
      - ./haproxy/backends.map:/etc/haproxy/backends.map
      - ./haproxy/blocked.map:/etc/haproxy/blocked.map
      - ./src/scripts/:/etc/haproxy/scripts/
      - ./src/libs/:/etc/haproxy/libs/
      - ./haproxy/js/:/var/www/js/
@ -25,7 +28,11 @@ services:
      - POW_COOKIE_SECRET=
      - RAY_ID=
      - BUCKET_DURATION=43200
      - BACKEND_NAME="servers"
      - SERVER_PREFIX="websrv"
  nginx:
    ports:
      - 81:80
    image: "nginx:latest"
    volumes:
      - ./nginx:/usr/share/nginx/html
--- a/haproxy/backends.map
+++ b/haproxy/backends.map
--- a/haproxy/blocked.map
+++ b/haproxy/blocked.map
--- a/haproxy/ddos.map
+++ b/haproxy/ddos.map
@ -1 +0,0 @@
 localhost 1
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@ -4,7 +4,7 @@ global
 	log stdout  format raw  local0  debug
 	lua-load /etc/haproxy/scripts/register.lua
 	stats socket /var/run/haproxy.sock mode 666 level admin
-	stats socket *:2000 level operator
+	stats socket *:2000 level admin
 defaults
 	mode http
@ -13,11 +13,17 @@ defaults
 	timeout server 50000ms
 frontend http-in
 	option httplog
 	bind *:80
 	bind *:443
 	acl is_existing_vhost hdr(host),lower,map_str(/etc/haproxy/hosts.map) -m found
 	http-request silent-drop unless is_existing_vhost
 	# acl for blocked IPs/subnets
 	acl blocked_ip_or_subnet src,map_ip(/etc/haproxy/blocked.map) -m found
 	http-request deny deny_status 403 if blocked_ip_or_subnet
 	# acl ORs for when ddos_mode_enabled
 	acl ddos_mode_enabled_override hdr_cnt(xr3la1rfFc) eq 0 # note: global only enables POW not captcha atm until
 	acl ddos_mode_enabled hdr(host),lower,map(/etc/haproxy/ddos.map) -m bool
@ -47,7 +53,10 @@ frontend http-in
 	default_backend servers
 backend servers
-	server server1 nginx:80 maxconn 32
+	mode http
    server-template websrv 1-100 0.0.0.0:80 check disabled
 	use-server %[req.hdr(host),lower,map(/etc/haproxy/backends.map)] if TRUE
 	#server  default 127.0.0.1:80
 backend hcaptcha
 	mode http
--- a/haproxy/hosts.map
+++ b/haproxy/hosts.map
@ -1 +0,0 @@
 localhost
--- a/src/scripts/hcaptcha.lua
+++ b/src/scripts/hcaptcha.lua
@ -14,9 +14,28 @@ local pow_cookie_secret = os.getenv("POW_COOKIE_SECRET")
 local ray_id = os.getenv("RAY_ID")
 local captcha_provider_domain = "hcaptcha.com"
 local captcha_map = Map.new("/etc/haproxy/ddos.map", Map._str);
 function _M.setup_servers()
 	local backend_name = os.getenv("BACKEND_NAME")
 	local server_prefix = os.getenv("SERVER_PREFIX")
 	local hosts_map = Map.new("/etc/haproxy/hosts.map", Map._str);
 	local backends_map = Map.new("/etc/haproxy/backends.map", Map._str);
 	local handle = io.open("/etc/haproxy/hosts.map", "r")
 	local line = handle:read("*line")
 	local counter = 1
 	while line do
 		local hostname, backend_address = line:match("([^%s]+)%s+([^%s]+)")
 		core.set_map("/etc/haproxy/backends.map", hostname, "websrv"..counter)
 		local proxy = core.proxies[backend_name].servers[server_prefix..counter]
 		proxy:set_addr(backend_address)
 		proxy:set_ready()
 		line = handle:read("*line")
 		counter = counter + 1
 	end
 	handle:close()
 end
 -- main page template
 local body_template = [[
 <!DOCTYPE html>
--- a/src/scripts/register.lua
+++ b/src/scripts/register.lua
@ -6,3 +6,4 @@ core.register_service("hcaptcha-view", "http", hcaptcha.view)
 core.register_action("hcaptcha-check", { 'http-req', }, hcaptcha.check_captcha_status)
 core.register_action("pow-check", { 'http-req', }, hcaptcha.check_pow_status)
 core.register_action("decide-checks-necessary", { 'http-req', }, hcaptcha.decide_checks_necessary)
 core.register_init(hcaptcha.setup_servers)