Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-04-29 22:38:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

removed ssl parameter from configs, it will be detected automatically

Browse Source
This commit is contained in:
Ara Sadoyan
2025-05-09 19:41:12 +02:00
parent c2d847f2aa
commit 75486ca73d
5 changed files with 43 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@@ -113,7 +113,6 @@ globals:
myhost.mydomain.com:
paths:
"/":
ssl: false
headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa"
- "X-Proxy-From:Hopaaaaaaaaaaaar"
@@ -121,19 +120,21 @@ myhost.mydomain.com:
- "127.0.0.1:8000"
- "127.0.0.2:8000"
"/foo":
ssl: true
headers:
- "X-Another-Header:Hohohohoho"
servers:
- "127.0.0.4:8000"
- "127.0.0.5:8000"
- "127.0.0.4:8443"
- "127.0.0.5:8443"
```
This means:
- Sticky sessions are disabled globally. This boolean setting applies to all upstreams.
- Requests to `myhost.mydomain.com/` will be load balanced to `127.0.0.1` and `127.0.0.2` servers via plain http.
- Requests to `myhost.mydomain.com/foo` will be load balanced to `127.0.0.4` and `127.0.0.5` servers via https.
- Requests to `myhost.mydomain.com/` will be load balanced to `127.0.0.1` and `127.0.0.2`.
- Requests to `myhost.mydomain.com/foo` will be load balanced to `127.0.0.4` and `127.0.0.5`.
- SSL/TLS for upstreams is detected automatically, no need to set any config parameter.
- Assuming the `127.0.0.5:8443` is SSL protected. It will be detected automatically.
- Self signed certificates are silently accepted
- Global headers (CORS for this case) will be injected to all upstreams
- Additional headers will be injected into the request for `myhost.mydomain.com`.
- You can choose any path, deep nested paths are supported, the best match will be chosen

12
etc/upstreams.yaml
View File

@@ -9,7 +9,7 @@ globals:
- "X-Custom-Header:Something Special"
# authorization: # Optional, only one of auth methods below can be active at a time
# - "basic"
# - "zangag:Anhnazand1234"
# - "gazan:Gazanpass1234"
# - "apikey"
# - "5a28cc4c-ce10-4ff1-824e-743c38835f5c"
# - "jwt"
@@ -31,7 +31,6 @@ upstreams: # If provider is files. Otherwise ignored
myip.netangels.net: # Hostname, or header host to access the upstream
paths: # URL path(s) for current upstream, closest match wins
"/":
ssl: false # If upstream is SSL enabled
headers: # Custom headers, set only for this Host and Path
- "X-Proxy-From:Gazan"
servers: # List of upstreams HOST:PORT
@@ -40,7 +39,6 @@ upstreams: # If provider is files. Otherwise ignored
- "127.0.0.3:8000"
- "127.0.0.4:8000"
"/ping":
ssl: false
headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa"
- "X-Proxy-From:Gazan"
@@ -48,13 +46,11 @@ upstreams: # If provider is files. Otherwise ignored
- "127.0.0.1:8000"
- "127.0.0.2:8000"
"/draw":
ssl: false
servers:
- "192.168.1.1:8000"
polo.netangels.net:
paths:
"/":
ssl: false
headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa"
servers:
@@ -67,7 +63,6 @@ upstreams: # If provider is files. Otherwise ignored
glop.netangels.net:
paths:
"/":
ssl: false
headers:
- "X-Hopar-From:Hopaaaaaaaaaaaar"
servers:
@@ -76,30 +71,25 @@ upstreams: # If provider is files. Otherwise ignored
apt.netangels.net:
paths:
"/":
ssl: true
servers:
- "apt.netangels.net:443"
test.netangels.net:
paths:
"/":
ssl: false
servers:
- "myip.netangels.net:80"
127.0.0.1:
paths:
"/":
ssl: false
servers:
- "192.168.1.5:8080"
127.0.0.2:
paths:
"/":
ssl: false
servers:
- "10.0.55.171:3000"
localpost:
paths:
"/":
ssl: false
servers:
- "127.0.0.1:9000"

39
src/utils/healthcheck.rs
View File

@@ -20,22 +20,29 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>,
for val in fclone.iter() {
let host = val.key();
let inner = DashMap::new();
let mut _scheme: (String, u16, bool) = ("".to_string(), 0, false);
for path_entry in val.value().iter() {
// let inner = DashMap::new();
let path = path_entry.key();
let mut innervec= Vec::new();
for k in path_entry.value().0.iter().enumerate() {
let (ip, port, ssl) = k.1;
for k in path_entry.value().0 .iter().enumerate() {
let (ip, port, _ssl) = k.1;
let mut _pref = "";
match ssl {
let tls = detect_tls(ip, port).await;
match tls {
true => _pref = "https://",
false => _pref = "http://",
}
if _pref == "https://" {
_scheme = (ip.to_string(), *port, true);
}else {
_scheme = (ip.to_string(), *port, false);
}
let link = format!("{}{}:{}{}", _pref, ip, port, path);
let resp = http_request(link.as_str(), params.0, "").await;
match resp {
true => {
innervec.push(k.1.clone());
innervec.push(_scheme.clone());
}
false => {
warn!("Dead Upstream : {}", link);
@@ -48,8 +55,9 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>,
}
if first_run == 1 {
info!("Synchronising inner hashmaps");
info!("Performing initial hatchecks and upstreams ssl detection");
clone_idmap_into(&totest, &idlist);
info!("Gazan is up and ready to serve requests");
}
first_run+=1;
@@ -58,7 +66,7 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>,
clone_dashmap_into(&totest, &upslist);
clone_idmap_into(&totest, &idlist);
}
// print!("{:?}", idlist);
}
}
}
@@ -107,3 +115,22 @@ pub async fn ping_grpc(addr: &str) -> bool {
false
}
}
async fn detect_tls(ip: &str, port: &u16) -> bool {
let url = format!("https://{}:{}", ip, port);
let client = Client::builder()
.timeout(Duration::from_secs(2))
.danger_accept_invalid_certs(true) // skip cert validation for testing
.build()
.unwrap();
match client.get(&url).send().await {
Ok(_) => true,
Err(e) => {
if e.is_builder() || e.is_connect() || e.to_string().contains("tls") {
false
} else {
false
}
}
}
}

3
src/utils/parceyaml.rs
View File

@@ -86,7 +86,8 @@ pub fn load_configuration(d: &str, kind: &str) -> Option<Configuration> {
for server in path_config.servers {
if let Some((ip, port_str)) = server.split_once(':') {
if let Ok(port) = port_str.parse::<u16>() {
server_list.push((ip.to_string(), port, path_config.ssl));
// server_list.push((ip.to_string(), port, path_config.ssl));
server_list.push((ip.to_string(), port, true));
}
}
}

1
src/utils/structs.rs
View File

@@ -41,7 +41,6 @@ pub struct HostConfig {
#[derive(Debug, Serialize, Deserialize)]
pub struct PathConfig {
pub ssl: bool,
pub servers: Vec<String>,
pub headers: Option<Vec<String>>,
}