Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-04-29 22:38:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

disable HC for upstream.

Browse Source
This commit is contained in:
Ara Sadoyan
2025-09-16 12:54:23 +02:00
parent 66b1a1c399
commit c78245e695
9 changed files with 46 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -212,6 +212,10 @@ myhost.mydomain.com:
servers:
- "127.0.0.4:8443"
- "127.0.0.5:8443"
"/.well-known/acme-challenge":
healthcheck: false
servers:
- "127.0.0.1:8001"
```
**This means:**
@@ -226,6 +230,7 @@ myhost.mydomain.com:
- Requests to `myhost.mydomain.com/` will be proxied to `127.0.0.1` and `127.0.0.2`.
- Plain HTTP to `myhost.mydomain.com/foo` will get 301 redirect to configured TLS port of Aralez.
- Requests to `myhost.mydomain.com/foo` will be proxied to `127.0.0.4` and `127.0.0.5`.
- Requests to `myhost.mydomain.com/.well-known/acme-challenge` will be proxied to `127.0.0.1:8001`, but healthcheks are disabled.
- SSL/TLS for upstreams is detected automatically, no need to set any config parameter.
- Assuming the `127.0.0.5:8443` is SSL protected. The inner traffic will use TLS.
- Self-signed certificates are silently accepted.

8
etc/upstreams.yaml
View File

@@ -65,9 +65,11 @@ upstreams:
headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa"
servers:
- "192.168.1.1:8000"
- "192.168.1.10:8000"
- "127.0.0.1:8000"
- "127.0.0.2:8000"
- "127.0.0.3:8000"
- "127.0.0.4:8000"
- "127.0.0.4:8000"
"/.well-known/acme-challenge":
healthcheck: false
servers:
- "127.0.0.1:8001"

1
src/utils/consul.rs
View File

@@ -128,6 +128,7 @@ async fn get_by_http(url: String, token: Option<String>) -> Option<DashMap<Strin
is_http2: false,
to_https: false,
rate_limit: None,
healthcheck: None,
};
values.push(to_add);
}

27
src/utils/healthcheck.rs
View File

@@ -62,17 +62,32 @@ async fn build_upstreams(fullist: &UpstreamsDashMap, method: &str, client: &Clie
is_http2: is_h2,
to_https: upstream.to_https,
rate_limit: upstream.rate_limit,
healthcheck: upstream.healthcheck,
};
let resp = http_request(&link, method, "", &client).await;
if resp.0 {
if resp.1 {
scheme.is_http2 = is_h2; // could be adjusted further
if scheme.healthcheck.unwrap_or(true) {
let resp = http_request(&link, method, "", &client).await;
if resp.0 {
if resp.1 {
scheme.is_http2 = is_h2; // could be adjusted further
}
innervec.push(scheme);
} else {
warn!("Dead Upstream : {}", link);
}
innervec.push(scheme);
} else {
warn!("Dead Upstream : {}", link);
innervec.push(scheme);
}
// let resp = http_request(&link, method, "", &client).await;
// if resp.0 {
// if resp.1 {
// scheme.is_http2 = is_h2; // could be adjusted further
// }
// innervec.push(scheme);
// } else {
// warn!("Dead Upstream : {}", link);
// }
}
inner.insert(path.clone(), (innervec, AtomicUsize::new(0)));
}

1
src/utils/kuber.rs
View File

@@ -114,6 +114,7 @@ pub async fn get_by_http(url: &str, token: &str) -> Option<DashMap<String, (Vec<
is_http2: false,
to_https: false,
rate_limit: None,
healthcheck: None,
};
inner_vec.push(to_add);
}

2
src/utils/parceyaml.rs
View File

@@ -128,8 +128,8 @@ async fn populate_file_upstreams(config: &mut Configuration, parsed: &Config) {
is_ssl: true,
is_http2: false,
to_https: path_config.to_https.unwrap_or(false),
// rate_limit: rate,
rate_limit: path_config.rate_limit,
healthcheck: path_config.healthcheck,
});
}
}

3
src/utils/structs.rs
View File

@@ -67,6 +67,7 @@ pub struct PathConfig {
pub to_https: Option<bool>,
pub headers: Option<Vec<String>>,
pub rate_limit: Option<isize>,
pub healthcheck: Option<bool>,
}
#[derive(Debug, Default)]
pub struct Configuration {
@@ -108,6 +109,7 @@ pub struct InnerMap {
pub is_http2: bool,
pub to_https: bool,
pub rate_limit: Option<isize>,
pub healthcheck: Option<bool>,
}
#[allow(dead_code)]
@@ -120,6 +122,7 @@ impl InnerMap {
is_http2: Default::default(),
to_https: Default::default(),
rate_limit: Default::default(),
healthcheck: Default::default(),
}
}
}

1
src/utils/tools.rs
View File

@@ -155,6 +155,7 @@ pub fn clone_idmap_into(original: &UpstreamsDashMap, cloned: &UpstreamsIdMap) {
is_http2: false,
to_https: false,
rate_limit: None,
healthcheck: None,
};
cloned.insert(id, to_add);
cloned.insert(hh, x.to_owned());

26
src/web/proxyhttp.rs
View File

@@ -67,7 +67,7 @@ impl ProxyHttp for LB {
};
let hostname = return_header_host(&session);
_ctx.hostname = hostname.clone();
_ctx.hostname = hostname;
let mut backend_id = None;
@@ -85,7 +85,7 @@ impl ProxyHttp for LB {
}
}
match hostname {
match _ctx.hostname.as_ref() {
None => return Ok(false),
Some(host) => {
// let optioninnermap = self.get_host(host.as_str(), host.as_str(), backend_id);
@@ -175,22 +175,12 @@ impl ProxyHttp for LB {
}
}
async fn upstream_request_filter(&self, session: &mut Session, _upstream_request: &mut RequestHeader, _ctx: &mut Self::CTX) -> Result<()> {
match session.client_addr() {
Some(ip) => {
let inet = ip.as_inet();
match inet {
Some(addr) => {
_upstream_request
.insert_header("X-Forwarded-For", addr.to_string().split(':').collect::<Vec<&str>>()[0])
.unwrap();
}
None => warn!("Malformed Client IP: {:?}", inet),
}
}
None => {
warn!("Cannot detect client IP");
}
async fn upstream_request_filter(&self, _session: &mut Session, upstream_request: &mut RequestHeader, ctx: &mut Self::CTX) -> Result<()> {
if let Some(hostname) = ctx.hostname.as_ref() {
upstream_request.insert_header("Host", hostname)?;
}
if let Some(peer) = ctx.upstream_peer.as_ref() {
upstream_request.insert_header("X-Forwarded-For", peer.address.as_str())?;
}
Ok(())
}