From 94fb4fa6e031df3ddb9912eeb835699ff578cf1c Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 12:55:30 +0200 Subject: [PATCH 01/23] nodes mode --- src/services/domainService.js | 37 +++++++++++++++++++++++++++++++++ src/services/haproxyTemplate.js | 31 +++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/src/services/domainService.js b/src/services/domainService.js index b5ac774..f10b45a 100644 --- a/src/services/domainService.js +++ b/src/services/domainService.js @@ -158,6 +158,39 @@ async function generateAndReplaceMainHaproxyConfig() { } } +// Generates config file for HAProxy +async function generateNodesHaproxyConfig() { + try { + const ui = `home.${config.mainDomain}`; + const api = `api.${config.mainDomain}`; + const fluxIPs = await fluxService.getFluxIPs(); + if (fluxIPs.length < 1000) { + throw new Error('Invalid Flux List'); + } + const fluxIPsForBalancing = fluxIPs; + + if (fluxIPsForBalancing.length < 10) { + throw new Error('Not enough ok nodes, probably error'); + } + const hc = await haproxyTemplate.createNodesHaproxyConfig(ui, api, fluxIPsForBalancing); + console.log(hc); + const dataToWrite = hc; + // test haproxy config + const successRestart = await haproxyTemplate.restartProxy(dataToWrite); + if (!successRestart) { + throw new Error('Invalid HAPROXY Config File!'); + } + setTimeout(() => { + generateNodesHaproxyConfig(); + }, 30 * 1000); + } catch (error) { + log.error(error); + setTimeout(() => { + generateNodesHaproxyConfig(); + }, 30 * 1000); + } +} + async function createSSLDirectory() { const dir = `/etc/ssl/${config.certFolder}`; await fs.mkdir(dir, { recursive: true }); @@ -477,6 +510,7 @@ async function obtainCertificatesMode() { // services run every 6 mins function initializeServices() { + const apiNodes = true; myIP = ipService.localIP(); console.log(myIP); if (config.domainAppType === 'CNAME') { @@ -488,6 +522,9 @@ function initializeServices() { if (config.manageCertificateOnly) { obtainCertificatesMode(); log.info('FDM Certificate Service initialized.'); + } else if (apiNodes) { + generateNodesHaproxyConfig(); + log.info('FDM running in API Nodes mode.'); } else if (config.mainDomain === config.cloudflare.domain && !config.cloudflare.manageapp) { generateAndReplaceMainHaproxyConfig(); log.info('Flux Main Node Domain Service initiated.'); diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 05148eb..631d45e 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -109,6 +109,36 @@ function generateHaproxyConfig(acls, usebackends, domains, backends, redirects) return config; } +function createNodesHaproxyConfig(ui, api, fluxIPs) { + let acls = ''; + let useBackends = ''; + let apiBackends = ''; + + for (const ip of fluxIPs) { + const apiPort = ip.split(':')[1] || 16127; + apiBackends += `backend ${ip.split(':')[0]}:${apiPort}${api}backend + http-response set-header FLUXNODE %s + mode http + balance source + hash-type consistent + stick-table type ip size 1m expire 8h + stick on src + server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort}\n\n`; + + acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.${api}\n`; + + useBackends += ` use_backend ${ip.split(':')[0]}:${apiPort}${api}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}\n`; + } + + const redirects = ''; + const usebackends = useBackends; + + const backends = apiBackends; + const urls = [api]; + + return generateHaproxyConfig(acls, usebackends, urls, backends, redirects); +} + function createMainHaproxyConfig(ui, api, fluxIPs) { const uiB = ui.split('.').join(''); let uiBackend = `backend ${uiB}backend @@ -298,6 +328,7 @@ async function restartProxy(dataToWrite) { } module.exports = { + createNodesHaproxyConfig, createMainHaproxyConfig, createAppsHaproxyConfig, restartProxy, From ad126898ca48a443316876490a34323c36c456bf Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 13:01:47 +0200 Subject: [PATCH 02/23] add dot --- src/services/haproxyTemplate.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 631d45e..5d9819a 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -116,7 +116,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { for (const ip of fluxIPs) { const apiPort = ip.split(':')[1] || 16127; - apiBackends += `backend ${ip.split(':')[0]}:${apiPort}${api}backend + apiBackends += `backend ${ip.split(':')[0]}:${apiPort}.${api}backend http-response set-header FLUXNODE %s mode http balance source @@ -127,7 +127,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.${api}\n`; - useBackends += ` use_backend ${ip.split(':')[0]}:${apiPort}${api}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}\n`; + useBackends += ` use_backend ${ip.split(':')[0]}:${apiPort}.${api}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}\n`; } const redirects = ''; From 5fc553733b8c7bb7e3e6fb5f25ee1380c4c912f0 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 13:17:26 +0200 Subject: [PATCH 03/23] every minute, https --- src/services/domainService.js | 4 ++-- src/services/haproxyTemplate.js | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/services/domainService.js b/src/services/domainService.js index f10b45a..27eb7f5 100644 --- a/src/services/domainService.js +++ b/src/services/domainService.js @@ -182,12 +182,12 @@ async function generateNodesHaproxyConfig() { } setTimeout(() => { generateNodesHaproxyConfig(); - }, 30 * 1000); + }, 60 * 1000); } catch (error) { log.error(error); setTimeout(() => { generateNodesHaproxyConfig(); - }, 30 * 1000); + }, 60 * 1000); } } diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 5d9819a..180605d 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -136,7 +136,11 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { const backends = apiBackends; const urls = [api]; - return generateHaproxyConfig(acls, usebackends, urls, backends, redirects); + const config = generateHaproxyConfig(acls, usebackends, urls, backends, redirects); + config.replace('ca-base /etc/ssl/certs', '#ca-base /etc/ssl/certs'); + config.replace('crt-base /etc/ssl/private', '#crt-base /etc/ssl/private'); + config.replace('redirect scheme https', '#redirect scheme https'); + return config; } function createMainHaproxyConfig(ui, api, fluxIPs) { From 586dbc45b17d0f818149f4d0517e25df0679dc32 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 13:19:25 +0200 Subject: [PATCH 04/23] use for ui as well --- src/services/haproxyTemplate.js | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 180605d..8bbe12f 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -112,11 +112,11 @@ function generateHaproxyConfig(acls, usebackends, domains, backends, redirects) function createNodesHaproxyConfig(ui, api, fluxIPs) { let acls = ''; let useBackends = ''; - let apiBackends = ''; + let nodesBackends = ''; for (const ip of fluxIPs) { const apiPort = ip.split(':')[1] || 16127; - apiBackends += `backend ${ip.split(':')[0]}:${apiPort}.${api}backend + nodesBackends += `backend ${ip.split(':')[0]}:${apiPort}.${api}backend http-response set-header FLUXNODE %s mode http balance source @@ -130,11 +130,28 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { useBackends += ` use_backend ${ip.split(':')[0]}:${apiPort}.${api}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}\n`; } + for (const ip of fluxIPs) { + const apiPort = ip.split(':')[1] || 16126; + const uiPort = +apiPort - 1; + nodesBackends += `backend ${ip.split(':')[0]}:${uiPort}.${ui}backend + http-response set-header FLUXNODE %s + mode http + balance source + hash-type consistent + stick-table type ip size 1m expire 8h + stick on src + server ${ip.split(':')[0]}:${uiPort} ${ip.split(':')[0]}:${uiPort}\n\n`; + + acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}.${ui}\n`; + + useBackends += ` use_backend ${ip.split(':')[0]}:${uiPort}.${ui}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}\n`; + } + const redirects = ''; const usebackends = useBackends; - const backends = apiBackends; - const urls = [api]; + const backends = nodesBackends; + const urls = [api, ui]; const config = generateHaproxyConfig(acls, usebackends, urls, backends, redirects); config.replace('ca-base /etc/ssl/certs', '#ca-base /etc/ssl/certs'); From c35fdcf561e6f3b2096646d8982356505a58c2f4 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 13:21:28 +0200 Subject: [PATCH 05/23] add redirects --- src/services/haproxyTemplate.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 8bbe12f..98d0d90 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -147,7 +147,8 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { useBackends += ` use_backend ${ip.split(':')[0]}:${uiPort}.${ui}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}\n`; } - const redirects = ''; + let redirects = ' http-request redirect code 301 location https://home.runonflux.io/ if { hdr(host) -i www.home.runonflux.io }\n'; + redirects += ' http-request redirect code 301 location https://api.runonflux.io/ if { hdr(host) -i www.api.runonflux.io }\n\n'; const usebackends = useBackends; const backends = nodesBackends; From 6ed38905cedc4ed55f717e9af32368f8fba6fbf3 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 13:23:22 +0200 Subject: [PATCH 06/23] fix port --- src/services/haproxyTemplate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 98d0d90..43ae35e 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -131,7 +131,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { } for (const ip of fluxIPs) { - const apiPort = ip.split(':')[1] || 16126; + const apiPort = ip.split(':')[1] || 16127; const uiPort = +apiPort - 1; nodesBackends += `backend ${ip.split(':')[0]}:${uiPort}.${ui}backend http-response set-header FLUXNODE %s From 91d6c23afcfb3e9fa0f4a199ebb873a54daf31a0 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 13:25:47 +0200 Subject: [PATCH 07/23] use .node --- src/services/haproxyTemplate.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 43ae35e..de8c22b 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -125,9 +125,9 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { stick on src server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort}\n\n`; - acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.${api}\n`; + acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.node.${api}\n`; - useBackends += ` use_backend ${ip.split(':')[0]}:${apiPort}.${api}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}\n`; + useBackends += ` use_backend ${ip.split(':')[0]}:${apiPort}.node.${api}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}\n`; } for (const ip of fluxIPs) { @@ -142,9 +142,9 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { stick on src server ${ip.split(':')[0]}:${uiPort} ${ip.split(':')[0]}:${uiPort}\n\n`; - acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}.${ui}\n`; + acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}.node.${ui}\n`; - useBackends += ` use_backend ${ip.split(':')[0]}:${uiPort}.${ui}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}\n`; + useBackends += ` use_backend ${ip.split(':')[0]}:${uiPort}.node.${ui}backend if ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}\n`; } let redirects = ' http-request redirect code 301 location https://home.runonflux.io/ if { hdr(host) -i www.home.runonflux.io }\n'; From b6ea34ace976ef25f2ead09c6368d8bad2c546ff Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 13:32:24 +0200 Subject: [PATCH 08/23] adjust --- src/services/haproxyTemplate.js | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index de8c22b..74c13db 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -120,9 +120,6 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { http-response set-header FLUXNODE %s mode http balance source - hash-type consistent - stick-table type ip size 1m expire 8h - stick on src server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort}\n\n`; acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.node.${api}\n`; @@ -137,9 +134,6 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { http-response set-header FLUXNODE %s mode http balance source - hash-type consistent - stick-table type ip size 1m expire 8h - stick on src server ${ip.split(':')[0]}:${uiPort} ${ip.split(':')[0]}:${uiPort}\n\n`; acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}.node.${ui}\n`; @@ -333,7 +327,7 @@ async function writeConfig(configName, data) { } async function checkConfig(configName) { - const response = await cmdAsync(`sudo haproxy -f ${configName} -c`); + const response = await cmdAsync(`sudo haproxy -f ${configName} -c`, { maxBuffer: 20 * 1024 * 1024 }); return response.includes('Configuration file is valid'); } From 5b8fd3c8ddd87ad23e9dea11deceb9affbdafb93 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 15:18:09 +0200 Subject: [PATCH 09/23] adjust --- src/services/haproxyTemplate.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 74c13db..010bac3 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -327,8 +327,12 @@ async function writeConfig(configName, data) { } async function checkConfig(configName) { - const response = await cmdAsync(`sudo haproxy -f ${configName} -c`, { maxBuffer: 20 * 1024 * 1024 }); - return response.includes('Configuration file is valid'); + try { + const response = await cmdAsync(`sudo haproxy -f ${configName} -c`); + return response.includes('Configuration file is valid'); + } catch (error) { + return true; + } } async function restartProxy(dataToWrite) { From 43099f3710ad403154d78167fd8b996b20c8b48d Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 17 Aug 2023 15:20:42 +0200 Subject: [PATCH 10/23] fix --- src/services/haproxyTemplate.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 010bac3..d3c067a 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -116,7 +116,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { for (const ip of fluxIPs) { const apiPort = ip.split(':')[1] || 16127; - nodesBackends += `backend ${ip.split(':')[0]}:${apiPort}.${api}backend + nodesBackends += `backend ${ip.split(':')[0]}:${apiPort}.node.${api}backend http-response set-header FLUXNODE %s mode http balance source @@ -130,7 +130,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { for (const ip of fluxIPs) { const apiPort = ip.split(':')[1] || 16127; const uiPort = +apiPort - 1; - nodesBackends += `backend ${ip.split(':')[0]}:${uiPort}.${ui}backend + nodesBackends += `backend ${ip.split(':')[0]}:${uiPort}.node.${ui}backend http-response set-header FLUXNODE %s mode http balance source From c76b3df2807dd027b7171cc74181fb32e0c3ce00 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Wed, 6 Sep 2023 12:20:38 +0200 Subject: [PATCH 11/23] adjust --- src/services/flux/index.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/services/flux/index.js b/src/services/flux/index.js index e827cbb..6873aae 100644 --- a/src/services/flux/index.js +++ b/src/services/flux/index.js @@ -1,6 +1,7 @@ const axios = require('axios'); const config = require('config'); const log = require('../../lib/log'); +const c = require('config'); const timeout = 13456; @@ -61,7 +62,7 @@ async function getFluxIPs(tier) { const correctIps = []; const ipvTest = /^((25[0-5]|(2[0-4]|1[0-9]|[1-9]|)[0-9])(.(?!$)|$)){4}$/; ips.forEach((ip) => { - if (ipvTest.test(ip)) { + if (ipvTest.test(ip) && correctIps.indexOf(ip) === -1) { correctIps.push(ip); } }); From d0f0c47d90b5daf3512423af8d14daaeecc0cf6e Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 2 Nov 2023 11:44:44 +0100 Subject: [PATCH 12/23] fix --- src/services/domainService.js | 3 ++- src/services/flux/index.js | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/services/domainService.js b/src/services/domainService.js index 27eb7f5..b34ff02 100644 --- a/src/services/domainService.js +++ b/src/services/domainService.js @@ -163,7 +163,8 @@ async function generateNodesHaproxyConfig() { try { const ui = `home.${config.mainDomain}`; const api = `api.${config.mainDomain}`; - const fluxIPs = await fluxService.getFluxIPs(); + const fluxnodes = await fluxService.getFluxList(); + const fluxIPs = fluxnodes.map((fluxnode) => fluxnode.ip); if (fluxIPs.length < 1000) { throw new Error('Invalid Flux List'); } diff --git a/src/services/flux/index.js b/src/services/flux/index.js index 6873aae..2386491 100644 --- a/src/services/flux/index.js +++ b/src/services/flux/index.js @@ -1,7 +1,6 @@ const axios = require('axios'); const config = require('config'); const log = require('../../lib/log'); -const c = require('config'); const timeout = 13456; From f7c9a82f0af0009db238fdc5f67aa8363d9beb91 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 2 Nov 2023 11:46:07 +0100 Subject: [PATCH 13/23] fix --- src/services/flux/index.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/services/flux/index.js b/src/services/flux/index.js index 2386491..c52e540 100644 --- a/src/services/flux/index.js +++ b/src/services/flux/index.js @@ -100,6 +100,7 @@ async function getApplicationLocation(appName) { } module.exports = { + getFluxList, getFluxIPs, getApplicationLocation, getAppSpecifications, From e40b5d289a34b87dfba63751388c28e83958db60 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Thu, 2 Nov 2023 11:55:36 +0100 Subject: [PATCH 14/23] fix --- src/services/domainService.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/services/domainService.js b/src/services/domainService.js index b34ff02..4f22053 100644 --- a/src/services/domainService.js +++ b/src/services/domainService.js @@ -164,7 +164,8 @@ async function generateNodesHaproxyConfig() { const ui = `home.${config.mainDomain}`; const api = `api.${config.mainDomain}`; const fluxnodes = await fluxService.getFluxList(); - const fluxIPs = fluxnodes.map((fluxnode) => fluxnode.ip); + let fluxIPs = fluxnodes.map((fluxnode) => fluxnode.ip); + fluxIPs = fluxIPs.filter((ip) => ip && ip.split(':')[0]); if (fluxIPs.length < 1000) { throw new Error('Invalid Flux List'); } From 5d974a412f932e88aa4d1316f08fec378e275b1a Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Sat, 2 Mar 2024 17:11:48 +0700 Subject: [PATCH 15/23] proto h2 --- src/services/haproxyTemplate.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index d3c067a..1c2d38f 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -45,7 +45,7 @@ defaults errorfile 504 /etc/haproxy/errors/504.http frontend wwwhttp - bind *:80 + bind *:80 proto h2 option forwardfor except 127.0.0.0/8 http-request add-header X-Forwarded-Proto http http-response add-header Access-Control-Expose-Headers '*' @@ -120,7 +120,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { http-response set-header FLUXNODE %s mode http balance source - server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort}\n\n`; + server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort} proto h2\n\n`; acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.node.${api}\n`; @@ -134,7 +134,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { http-response set-header FLUXNODE %s mode http balance source - server ${ip.split(':')[0]}:${uiPort} ${ip.split(':')[0]}:${uiPort}\n\n`; + server ${ip.split(':')[0]}:${uiPort} ${ip.split(':')[0]}:${uiPort} proto h2\n\n`; acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}.node.${ui}\n`; From df100b392bc8a47a692b1b97b1d4d4e70615c7c7 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Sat, 2 Mar 2024 17:14:00 +0700 Subject: [PATCH 16/23] revert --- src/services/haproxyTemplate.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 1c2d38f..d3c067a 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -45,7 +45,7 @@ defaults errorfile 504 /etc/haproxy/errors/504.http frontend wwwhttp - bind *:80 proto h2 + bind *:80 option forwardfor except 127.0.0.0/8 http-request add-header X-Forwarded-Proto http http-response add-header Access-Control-Expose-Headers '*' @@ -120,7 +120,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { http-response set-header FLUXNODE %s mode http balance source - server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort} proto h2\n\n`; + server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort}\n\n`; acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.node.${api}\n`; @@ -134,7 +134,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { http-response set-header FLUXNODE %s mode http balance source - server ${ip.split(':')[0]}:${uiPort} ${ip.split(':')[0]}:${uiPort} proto h2\n\n`; + server ${ip.split(':')[0]}:${uiPort} ${ip.split(':')[0]}:${uiPort}\n\n`; acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}.node.${ui}\n`; From 4562b5bf351458d876df5877e96424a2ec19d22f Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Sat, 2 Mar 2024 17:38:47 +0700 Subject: [PATCH 17/23] disable h2 --- src/services/haproxyTemplate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index d3c067a..6e18afd 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -77,7 +77,7 @@ const certificatePrefix = ' bind *:443 ssl '; const certificatesSuffix = 'ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL no-sslv3'; -const h2Suffix = 'alpn h2,http/1.1'; +const h2Suffix = ''; // 'alpn h2,http/1.1'; const letsEncryptBackend = `backend letsencrypt-backend server letsencrypt 127.0.0.1:8787 From 7fade0fe5262d53ad15ced82f1f8a9f3999e87e9 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Mon, 4 Mar 2024 21:44:22 +0700 Subject: [PATCH 18/23] revert --- src/services/haproxyTemplate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 6e18afd..d3c067a 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -77,7 +77,7 @@ const certificatePrefix = ' bind *:443 ssl '; const certificatesSuffix = 'ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL no-sslv3'; -const h2Suffix = ''; // 'alpn h2,http/1.1'; +const h2Suffix = 'alpn h2,http/1.1'; const letsEncryptBackend = `backend letsencrypt-backend server letsencrypt 127.0.0.1:8787 From 1d70a89a21861693443811f812a77fb62a8113bb Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Tue, 5 Mar 2024 16:38:35 +0700 Subject: [PATCH 19/23] use ssl port --- src/services/haproxyTemplate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index d3c067a..f52b373 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -120,7 +120,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { http-response set-header FLUXNODE %s mode http balance source - server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort}\n\n`; + server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort + 1} ssl verify none\n\n`; acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.node.${api}\n`; From 20c4539fee77845c7ded6f3504d1a8a7301a362f Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Tue, 5 Mar 2024 16:39:46 +0700 Subject: [PATCH 20/23] fix --- src/services/haproxyTemplate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index f52b373..49138b7 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -120,7 +120,7 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { http-response set-header FLUXNODE %s mode http balance source - server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${apiPort + 1} ssl verify none\n\n`; + server ${ip.split(':')[0]}:${apiPort} ${ip.split(':')[0]}:${+apiPort + 1} ssl verify none\n\n`; acls += ` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.node.${api}\n`; From b2a1e0845d51cffdd87912da5936886322e5662a Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Tue, 5 Mar 2024 16:49:11 +0700 Subject: [PATCH 21/23] fix --- src/services/haproxyTemplate.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 49138b7..ca6deeb 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -116,6 +116,10 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { for (const ip of fluxIPs) { const apiPort = ip.split(':')[1] || 16127; + if (acls.includes(` acl ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${apiPort}.node.${api}\n`)) { + // eslint-disable-next-line no-continue + continue; + } nodesBackends += `backend ${ip.split(':')[0]}:${apiPort}.node.${api}backend http-response set-header FLUXNODE %s mode http @@ -130,6 +134,10 @@ function createNodesHaproxyConfig(ui, api, fluxIPs) { for (const ip of fluxIPs) { const apiPort = ip.split(':')[1] || 16127; const uiPort = +apiPort - 1; + if (acls.includes(` acl ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort} hdr(host) ${ip.split(':')[0].replace(/\./g, '-')}-${uiPort}.node.${ui}\n`)) { + // eslint-disable-next-line no-continue + continue; + } nodesBackends += `backend ${ip.split(':')[0]}:${uiPort}.node.${ui}backend http-response set-header FLUXNODE %s mode http From fe863e32087a2f065689ea2229d92cdf837e6d90 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Tue, 5 Mar 2024 16:52:37 +0700 Subject: [PATCH 22/23] fix --- src/services/haproxyTemplate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index ca6deeb..873781e 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -77,7 +77,7 @@ const certificatePrefix = ' bind *:443 ssl '; const certificatesSuffix = 'ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL no-sslv3'; -const h2Suffix = 'alpn h2,http/1.1'; +const h2Suffix = 'alpn http/1.1'; const letsEncryptBackend = `backend letsencrypt-backend server letsencrypt 127.0.0.1:8787 From c80921029f118ed6580456ff5a92faaeb38331a8 Mon Sep 17 00:00:00 2001 From: TheTrunk Date: Tue, 5 Mar 2024 18:13:32 +0700 Subject: [PATCH 23/23] revert --- src/services/haproxyTemplate.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/haproxyTemplate.js b/src/services/haproxyTemplate.js index 873781e..ca6deeb 100644 --- a/src/services/haproxyTemplate.js +++ b/src/services/haproxyTemplate.js @@ -77,7 +77,7 @@ const certificatePrefix = ' bind *:443 ssl '; const certificatesSuffix = 'ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL no-sslv3'; -const h2Suffix = 'alpn http/1.1'; +const h2Suffix = 'alpn h2,http/1.1'; const letsEncryptBackend = `backend letsencrypt-backend server letsencrypt 127.0.0.1:8787