Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-04-29 22:38:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

removed ssl parameter from configs, it will be detected automatically

Browse Source
This commit is contained in:
Ara Sadoyan
2025-05-09 19:41:12 +02:00
parent c2d847f2aa
commit 75486ca73d
5 changed files with 43 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@@ -113,7 +113,6 @@ globals:
myhost.mydomain.com: myhost.mydomain.com:
paths: paths:
"/": "/":
ssl: false
headers: headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa" - "X-Some-Thing:Yaaaaaaaaaaaaaaa"
- "X-Proxy-From:Hopaaaaaaaaaaaar" - "X-Proxy-From:Hopaaaaaaaaaaaar"
@@ -121,19 +120,21 @@ myhost.mydomain.com:
- "127.0.0.1:8000" - "127.0.0.1:8000"
- "127.0.0.2:8000" - "127.0.0.2:8000"
"/foo": "/foo":
ssl: true
headers: headers:
- "X-Another-Header:Hohohohoho" - "X-Another-Header:Hohohohoho"
servers: servers:
- "127.0.0.4:8000" - "127.0.0.4:8443"
- "127.0.0.5:8000" - "127.0.0.5:8443"
``` ```
This means: This means:
- Sticky sessions are disabled globally. This boolean setting applies to all upstreams. - Sticky sessions are disabled globally. This boolean setting applies to all upstreams.
- Requests to `myhost.mydomain.com/` will be load balanced to `127.0.0.1` and `127.0.0.2` servers via plain http. - Requests to `myhost.mydomain.com/` will be load balanced to `127.0.0.1` and `127.0.0.2`.
- Requests to `myhost.mydomain.com/foo` will be load balanced to `127.0.0.4` and `127.0.0.5` servers via https. - Requests to `myhost.mydomain.com/foo` will be load balanced to `127.0.0.4` and `127.0.0.5`.
- SSL/TLS for upstreams is detected automatically, no need to set any config parameter.
- Assuming the `127.0.0.5:8443` is SSL protected. It will be detected automatically.
- Self signed certificates are silently accepted
- Global headers (CORS for this case) will be injected to all upstreams - Global headers (CORS for this case) will be injected to all upstreams
- Additional headers will be injected into the request for `myhost.mydomain.com`. - Additional headers will be injected into the request for `myhost.mydomain.com`.
- You can choose any path, deep nested paths are supported, the best match will be chosen - You can choose any path, deep nested paths are supported, the best match will be chosen

12
etc/upstreams.yaml
View File

@@ -9,7 +9,7 @@ globals:
- "X-Custom-Header:Something Special" - "X-Custom-Header:Something Special"
# authorization: # Optional, only one of auth methods below can be active at a time # authorization: # Optional, only one of auth methods below can be active at a time
# - "basic" # - "basic"
# - "zangag:Anhnazand1234" # - "gazan:Gazanpass1234"
# - "apikey" # - "apikey"
# - "5a28cc4c-ce10-4ff1-824e-743c38835f5c" # - "5a28cc4c-ce10-4ff1-824e-743c38835f5c"
# - "jwt" # - "jwt"
@@ -31,7 +31,6 @@ upstreams: # If provider is files. Otherwise ignored
myip.netangels.net: # Hostname, or header host to access the upstream myip.netangels.net: # Hostname, or header host to access the upstream
paths: # URL path(s) for current upstream, closest match wins paths: # URL path(s) for current upstream, closest match wins
"/": "/":
ssl: false # If upstream is SSL enabled
headers: # Custom headers, set only for this Host and Path headers: # Custom headers, set only for this Host and Path
- "X-Proxy-From:Gazan" - "X-Proxy-From:Gazan"
servers: # List of upstreams HOST:PORT servers: # List of upstreams HOST:PORT
@@ -40,7 +39,6 @@ upstreams: # If provider is files. Otherwise ignored
- "127.0.0.3:8000" - "127.0.0.3:8000"
- "127.0.0.4:8000" - "127.0.0.4:8000"
"/ping": "/ping":
ssl: false
headers: headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa" - "X-Some-Thing:Yaaaaaaaaaaaaaaa"
- "X-Proxy-From:Gazan" - "X-Proxy-From:Gazan"
@@ -48,13 +46,11 @@ upstreams: # If provider is files. Otherwise ignored
- "127.0.0.1:8000" - "127.0.0.1:8000"
- "127.0.0.2:8000" - "127.0.0.2:8000"
"/draw": "/draw":
ssl: false
servers: servers:
- "192.168.1.1:8000" - "192.168.1.1:8000"
polo.netangels.net: polo.netangels.net:
paths: paths:
"/": "/":
ssl: false
headers: headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa" - "X-Some-Thing:Yaaaaaaaaaaaaaaa"
servers: servers:
@@ -67,7 +63,6 @@ upstreams: # If provider is files. Otherwise ignored
glop.netangels.net: glop.netangels.net:
paths: paths:
"/": "/":
ssl: false
headers: headers:
- "X-Hopar-From:Hopaaaaaaaaaaaar" - "X-Hopar-From:Hopaaaaaaaaaaaar"
servers: servers:
@@ -76,30 +71,25 @@ upstreams: # If provider is files. Otherwise ignored
apt.netangels.net: apt.netangels.net:
paths: paths:
"/": "/":
ssl: true
servers: servers:
- "apt.netangels.net:443" - "apt.netangels.net:443"
test.netangels.net: test.netangels.net:
paths: paths:
"/": "/":
ssl: false
servers: servers:
- "myip.netangels.net:80" - "myip.netangels.net:80"
127.0.0.1: 127.0.0.1:
paths: paths:
"/": "/":
ssl: false
servers: servers:
- "192.168.1.5:8080" - "192.168.1.5:8080"
127.0.0.2: 127.0.0.2:
paths: paths:
"/": "/":
ssl: false
servers: servers:
- "10.0.55.171:3000" - "10.0.55.171:3000"
localpost: localpost:
paths: paths:
"/": "/":
ssl: false
servers: servers:
- "127.0.0.1:9000" - "127.0.0.1:9000"

39
src/utils/healthcheck.rs
View File

@@ -20,22 +20,29 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>,
for val in fclone.iter() { for val in fclone.iter() {
let host = val.key(); let host = val.key();
let inner = DashMap::new(); let inner = DashMap::new();
let mut _scheme: (String, u16, bool) = ("".to_string(), 0, false);
for path_entry in val.value().iter() { for path_entry in val.value().iter() {
// let inner = DashMap::new(); // let inner = DashMap::new();
let path = path_entry.key(); let path = path_entry.key();
let mut innervec= Vec::new(); let mut innervec= Vec::new();
for k in path_entry.value().0.iter().enumerate() { for k in path_entry.value().0 .iter().enumerate() {
let (ip, port, ssl) = k.1; let (ip, port, _ssl) = k.1;
let mut _pref = ""; let mut _pref = "";
match ssl { let tls = detect_tls(ip, port).await;
match tls {
true => _pref = "https://", true => _pref = "https://",
false => _pref = "http://", false => _pref = "http://",
} }
if _pref == "https://" {
_scheme = (ip.to_string(), *port, true);
}else {
_scheme = (ip.to_string(), *port, false);
}
let link = format!("{}{}:{}{}", _pref, ip, port, path); let link = format!("{}{}:{}{}", _pref, ip, port, path);
let resp = http_request(link.as_str(), params.0, "").await; let resp = http_request(link.as_str(), params.0, "").await;
match resp { match resp {
true => { true => {
innervec.push(k.1.clone()); innervec.push(_scheme.clone());
} }
false => { false => {
warn!("Dead Upstream : {}", link); warn!("Dead Upstream : {}", link);
@@ -48,8 +55,9 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>,
} }
if first_run == 1 { if first_run == 1 {
info!("Synchronising inner hashmaps"); info!("Performing initial hatchecks and upstreams ssl detection");
clone_idmap_into(&totest, &idlist); clone_idmap_into(&totest, &idlist);
info!("Gazan is up and ready to serve requests");
} }
first_run+=1; first_run+=1;
@@ -58,7 +66,7 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>,
clone_dashmap_into(&totest, &upslist); clone_dashmap_into(&totest, &upslist);
clone_idmap_into(&totest, &idlist); clone_idmap_into(&totest, &idlist);
} }
// print!("{:?}", idlist);
} }
} }
} }
@@ -107,3 +115,22 @@ pub async fn ping_grpc(addr: &str) -> bool {
false false
} }
} }
async fn detect_tls(ip: &str, port: &u16) -> bool {
let url = format!("https://{}:{}", ip, port);
let client = Client::builder()
.timeout(Duration::from_secs(2))
.danger_accept_invalid_certs(true) // skip cert validation for testing
.build()
.unwrap();
match client.get(&url).send().await {
Ok(_) => true,
Err(e) => {
if e.is_builder() || e.is_connect() || e.to_string().contains("tls") {
false
} else {
false
}
}
}
}

3
src/utils/parceyaml.rs
View File

@@ -86,7 +86,8 @@ pub fn load_configuration(d: &str, kind: &str) -> Option<Configuration> {
for server in path_config.servers { for server in path_config.servers {
if let Some((ip, port_str)) = server.split_once(':') { if let Some((ip, port_str)) = server.split_once(':') {
if let Ok(port) = port_str.parse::<u16>() { if let Ok(port) = port_str.parse::<u16>() {
server_list.push((ip.to_string(), port, path_config.ssl)); // server_list.push((ip.to_string(), port, path_config.ssl));
server_list.push((ip.to_string(), port, true));
} }
} }
} }

1
src/utils/structs.rs
View File

@@ -41,7 +41,6 @@ pub struct HostConfig {
#[derive(Debug, Serialize, Deserialize)] #[derive(Debug, Serialize, Deserialize)]
pub struct PathConfig { pub struct PathConfig {
pub ssl: bool,
pub servers: Vec<String>, pub servers: Vec<String>,
pub headers: Option<Vec<String>>, pub headers: Option<Vec<String>>,
} }