Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-04-29 22:38:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Accept self-signed certificates for upstreams

Browse Source
This commit is contained in:
Ara Sadoyan
2025-04-10 13:14:59 +02:00
parent 8933e51d13
commit e5782414dd
4 changed files with 25 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
etc/main.yaml
View File

@@ -1,15 +1,17 @@
version: 1
threads: 8
#idle_timeout: 1000
upstream_keepalive_pool_size: 100
pid_file: /tmp/load_balancer.pid
error_log: /tmp/load_balancer_err.log
upgrade_sock: /tmp/load_balancer.sock
proxy_address_http: 0.0.0.0:6193
proxy_address_tls: 0.0.0.0:6194 # Optionnal
tls_certificate: etc/server.crt # Mandatory if proxy_address_tls if exists
tls_key_file: etc/key.pem # Mandatory if proxy_address_tls if exists
config_address: 0.0.0.0:3000
proxy_address_http: 0.0.0.0:6193
proxy_address_tls: 0.0.0.0:6194 # Optional
tls_certificate: etc/server.crt # Mandatory if proxy_address_tls is set
tls_key_file: etc/key.pem # Mandatory if proxy_address_tls is set
upstreams_conf: etc/upstreams.yaml
#idle_timeout: 1000
log_level: info # info, warn, error, debug, trace, off
hc_method: HEAD
hc_interval: 2

8
etc/upstreams.yaml
View File

@@ -84,4 +84,10 @@ upstreams:
"/":
ssl: false
servers:
- "192.168.1.5:8080"
- "192.168.1.5:8080"
127.0.0.2:
paths:
"/":
ssl: false
servers:
- "10.0.55.171:3000"

15
src/utils/healthcheck.rs
View File

@@ -1,13 +1,13 @@
use crate::utils::tools::*;
use dashmap::DashMap;
use log::warn;
use log::{error, warn};
use std::sync::atomic::AtomicUsize;
use std::sync::Arc;
use std::time::Duration;
use tokio::time::interval;
pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>) {
let mut period = interval(Duration::from_secs(2));
pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>, params: (&str, u64)) {
let mut period = interval(Duration::from_secs(params.1));
loop {
tokio::select! {
_ = period.tick() => {
@@ -28,7 +28,7 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>)
false => _pref = "http://",
}
let link = format!("{}{}:{}{}", _pref, ip, port, path);
let resp = http_request(link.as_str(), "HEAD", "").await;
let resp = http_request(link.as_str(), params.0, "").await;
match resp {
true => {
innervec.push(k.1.clone());
@@ -53,7 +53,7 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>)
#[allow(dead_code)]
async fn http_request(url: &str, method: &str, payload: &str) -> bool {
let client = reqwest::Client::new();
let client = reqwest::Client::builder().danger_accept_invalid_certs(true).build().unwrap();
let to = Duration::from_secs(1);
match method {
"POST" => {
@@ -83,6 +83,9 @@ async fn http_request(url: &str, method: &str, payload: &str) -> bool {
Err(_) => false,
}
}
_ => false,
_ => {
error!("Method {} not supported. Only GET|POST|HEAD are supported", method);
false
}
}
}

4
src/web/proxyhttp.rs
View File

@@ -65,7 +65,8 @@ impl BackgroundService for LB {
let uu = self.ump_upst.clone();
let ff = self.ump_full.clone();
let _ = tokio::spawn(async move { healthcheck::hc2(uu, ff).await });
let (hc_method, hc_interval) = (self.config.get("hc_method").unwrap().clone(), self.config.get("hc_interval").unwrap().clone());
let _ = tokio::spawn(async move { healthcheck::hc2(uu, ff, (&*hc_method.to_string(), hc_interval.to_string().parse().unwrap())).await });
loop {
tokio::select! {
@@ -301,7 +302,6 @@ impl ProxyHttp for LB {
async fn logging(&self, session: &mut Session, _e: Option<&pingora::Error>, ctx: &mut Self::CTX) {
let response_code = session.response_written().map_or(0, |resp| resp.status.as_u16());
debug!("{}, response code: {response_code}", self.request_summary(session, ctx));
// info!("{}, response code: {response_code}", self.request_summary(session, ctx));
}
}