Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-04-30 23:08:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Accept self-signed certificates for upstreams

Browse Source
This commit is contained in:
Ara Sadoyan
2025-04-10 13:14:59 +02:00
parent 8933e51d13
commit e5782414dd
4 changed files with 25 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
etc/main.yaml
View File

@@ -1,15 +1,17 @@
version: 1 version: 1
threads: 8 threads: 8
#idle_timeout: 1000
upstream_keepalive_pool_size: 100 upstream_keepalive_pool_size: 100
pid_file: /tmp/load_balancer.pid pid_file: /tmp/load_balancer.pid
error_log: /tmp/load_balancer_err.log error_log: /tmp/load_balancer_err.log
upgrade_sock: /tmp/load_balancer.sock upgrade_sock: /tmp/load_balancer.sock
proxy_address_http: 0.0.0.0:6193
proxy_address_tls: 0.0.0.0:6194 # Optionnal
tls_certificate: etc/server.crt # Mandatory if proxy_address_tls if exists
tls_key_file: etc/key.pem # Mandatory if proxy_address_tls if exists
config_address: 0.0.0.0:3000 config_address: 0.0.0.0:3000
proxy_address_http: 0.0.0.0:6193
proxy_address_tls: 0.0.0.0:6194 # Optional
tls_certificate: etc/server.crt # Mandatory if proxy_address_tls is set
tls_key_file: etc/key.pem # Mandatory if proxy_address_tls is set
upstreams_conf: etc/upstreams.yaml upstreams_conf: etc/upstreams.yaml
#idle_timeout: 1000
log_level: info # info, warn, error, debug, trace, off log_level: info # info, warn, error, debug, trace, off
hc_method: HEAD
hc_interval: 2

8
etc/upstreams.yaml
View File

@@ -84,4 +84,10 @@ upstreams:
"/": "/":
ssl: false ssl: false
servers: servers:
- "192.168.1.5:8080" - "192.168.1.5:8080"
127.0.0.2:
paths:
"/":
ssl: false
servers:
- "10.0.55.171:3000"

15
src/utils/healthcheck.rs
View File

@@ -1,13 +1,13 @@
use crate::utils::tools::*; use crate::utils::tools::*;
use dashmap::DashMap; use dashmap::DashMap;
use log::warn; use log::{error, warn};
use std::sync::atomic::AtomicUsize; use std::sync::atomic::AtomicUsize;
use std::sync::Arc; use std::sync::Arc;
use std::time::Duration; use std::time::Duration;
use tokio::time::interval; use tokio::time::interval;
pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>) { pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>, params: (&str, u64)) {
let mut period = interval(Duration::from_secs(2)); let mut period = interval(Duration::from_secs(params.1));
loop { loop {
tokio::select! { tokio::select! {
_ = period.tick() => { _ = period.tick() => {
@@ -28,7 +28,7 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>)
false => _pref = "http://", false => _pref = "http://",
} }
let link = format!("{}{}:{}{}", _pref, ip, port, path); let link = format!("{}{}:{}{}", _pref, ip, port, path);
let resp = http_request(link.as_str(), "HEAD", "").await; let resp = http_request(link.as_str(), params.0, "").await;
match resp { match resp {
true => { true => {
innervec.push(k.1.clone()); innervec.push(k.1.clone());
@@ -53,7 +53,7 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>)
#[allow(dead_code)] #[allow(dead_code)]
async fn http_request(url: &str, method: &str, payload: &str) -> bool { async fn http_request(url: &str, method: &str, payload: &str) -> bool {
let client = reqwest::Client::new(); let client = reqwest::Client::builder().danger_accept_invalid_certs(true).build().unwrap();
let to = Duration::from_secs(1); let to = Duration::from_secs(1);
match method { match method {
"POST" => { "POST" => {
@@ -83,6 +83,9 @@ async fn http_request(url: &str, method: &str, payload: &str) -> bool {
Err(_) => false, Err(_) => false,
} }
} }
_ => false, _ => {
error!("Method {} not supported. Only GET|POST|HEAD are supported", method);
false
}
} }
} }

4
src/web/proxyhttp.rs
View File

@@ -65,7 +65,8 @@ impl BackgroundService for LB {
let uu = self.ump_upst.clone(); let uu = self.ump_upst.clone();
let ff = self.ump_full.clone(); let ff = self.ump_full.clone();
let _ = tokio::spawn(async move { healthcheck::hc2(uu, ff).await }); let (hc_method, hc_interval) = (self.config.get("hc_method").unwrap().clone(), self.config.get("hc_interval").unwrap().clone());
let _ = tokio::spawn(async move { healthcheck::hc2(uu, ff, (&*hc_method.to_string(), hc_interval.to_string().parse().unwrap())).await });
loop { loop {
tokio::select! { tokio::select! {
@@ -301,7 +302,6 @@ impl ProxyHttp for LB {
async fn logging(&self, session: &mut Session, _e: Option<&pingora::Error>, ctx: &mut Self::CTX) { async fn logging(&self, session: &mut Session, _e: Option<&pingora::Error>, ctx: &mut Self::CTX) {
let response_code = session.response_written().map_or(0, |resp| resp.status.as_u16()); let response_code = session.response_written().map_or(0, |resp| resp.status.as_u16());
debug!("{}, response code: {response_code}", self.request_summary(session, ctx)); debug!("{}, response code: {response_code}", self.request_summary(session, ctx));
// info!("{}, response code: {response_code}", self.request_summary(session, ctx));
} }
} }