fixes
This commit is contained in:
Mateusz Gruszczyński
@@ -60,10 +60,9 @@ def index():
|
||||
# Server header removal
|
||||
del_server_header = 'del_server_header' in request.form
|
||||
|
||||
# Backend SSL redirect
|
||||
backend_ssl_redirect = 'backend_ssl_redirect' in request.form
|
||||
ssl_redirect_backend_name = request.form.get('ssl_redirect_backend_name', '').strip() if backend_ssl_redirect else ''
|
||||
ssl_redirect_port = request.form.get('ssl_redirect_port', '80')
|
||||
ssl_redirect_port = request.form.get('ssl_redirect_port', '80') # ✅ POBIERA PORT Z FORMU
|
||||
|
||||
# Backend servers
|
||||
backend_server_names = request.form.getlist('backend_server_names[]')
|
||||
|
||||
@@ -52,7 +52,7 @@
|
||||
|
||||
{% if message %}
|
||||
<div class="alert alert-{{ message_type|default('info') }} alert-dismissible fade show" role="alert">
|
||||
<i class="bi bi-{% if message_type == 'success' %}check-circle{% elif message_type == 'danger' %}exclamation-circle{% else %}info-circle{% endif %} me-2"></i>
|
||||
<i class="bi bi-{% if message_type == 'success' %}check-circle{% elif message_type == 'danger' %}exclamation-circle{% elif message_type == 'warning' %}exclamation-triangle{% else %}info-circle{% endif %} me-2"></i>
|
||||
{{ message }}
|
||||
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
|
||||
</div>
|
||||
@@ -98,12 +98,13 @@
|
||||
<div class="col-md-6">
|
||||
<label for="lb_method" class="form-label">Load Balancing Method</label>
|
||||
<select class="form-select" id="lb_method" name="lb_method" required>
|
||||
<option value="no-lb">No Load Balancing (single host)</option>
|
||||
<option value="roundrobin">Round Robin</option>
|
||||
<option value="leastconn">Least Connections</option>
|
||||
<option value="source">Source IP Hash</option>
|
||||
<option value="uri">URI Hash</option>
|
||||
<option value="static-rr">Static Round Robin (WRR)</option>
|
||||
<option value="no-lb">No Load Balancing (single host)</option>
|
||||
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
@@ -138,7 +139,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Backend SSL Redirect -->
|
||||
<!-- HTTP to HTTPS Redirect -->
|
||||
<div class="row g-3 mb-3">
|
||||
<div class="col-md-12">
|
||||
<div class="form-check">
|
||||
@@ -147,16 +148,23 @@
|
||||
<label class="form-check-label" for="backend_ssl_redirect">
|
||||
<i class="bi bi-arrow-repeat me-1"></i>Add HTTP Redirect to HTTPS
|
||||
</label>
|
||||
<small class="text-muted d-block">Creates additional frontend on port 80</small>
|
||||
<small class="text-muted d-block">Creates additional frontend to redirect HTTP traffic to HTTPS</small>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row g-3 mb-3 d-none" id="backend_ssl_fields">
|
||||
<div class="col-md-12">
|
||||
<div class="col-md-6">
|
||||
<label for="ssl_redirect_backend_name" class="form-label">Redirect Backend Name</label>
|
||||
<input type="text" class="form-control" id="ssl_redirect_backend_name"
|
||||
name="ssl_redirect_backend_name" placeholder="e.g. redirect">
|
||||
<small class="text-muted">Name for the redirect backend</small>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<label for="ssl_redirect_port" class="form-label">HTTP Redirect Port</label>
|
||||
<input type="number" class="form-control" id="ssl_redirect_port"
|
||||
name="ssl_redirect_port" value="80" min="1" max="65535">
|
||||
<small class="text-muted">Default: 80 (leave empty for standard)</small>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
@@ -18,11 +18,11 @@ def frontend_exists_at_port(frontend_ip, frontend_port):
|
||||
|
||||
for i, line in enumerate(lines):
|
||||
if line.strip().startswith('frontend'):
|
||||
# Szukaj bind line
|
||||
for j in range(i+1, min(i+10, len(lines))):
|
||||
if lines[j].strip().startswith('bind'):
|
||||
bind_info = lines[j].strip().split(' ', 1)[1]
|
||||
if f"{frontend_ip}:{frontend_port}" in bind_info:
|
||||
bind_part = bind_info.split(' ssl ')[0].strip()
|
||||
if f"{frontend_ip}:{frontend_port}" in bind_part:
|
||||
return line.strip().split(' ', 1)[1] # Zwróć nazwę frontendu
|
||||
elif lines[j].strip().startswith('frontend') or lines[j].strip().startswith('backend'):
|
||||
break
|
||||
@@ -32,7 +32,6 @@ def frontend_exists_at_port(frontend_ip, frontend_port):
|
||||
return None
|
||||
|
||||
def add_acl_to_frontend(frontend_name, acl_name, hostname, backend_name):
|
||||
"""Dodaj ACL i use_backend do istniejącego frontendu"""
|
||||
if not os.path.exists(HAPROXY_CFG):
|
||||
return False
|
||||
|
||||
@@ -40,7 +39,6 @@ def add_acl_to_frontend(frontend_name, acl_name, hostname, backend_name):
|
||||
with open(HAPROXY_CFG, 'r') as f:
|
||||
lines = f.readlines()
|
||||
|
||||
# Znajdź frontend
|
||||
frontend_idx = -1
|
||||
for i, line in enumerate(lines):
|
||||
if 'frontend' in line and frontend_name in line:
|
||||
@@ -48,19 +46,19 @@ def add_acl_to_frontend(frontend_name, acl_name, hostname, backend_name):
|
||||
break
|
||||
|
||||
if frontend_idx == -1:
|
||||
print(f"[HAPROXY_CONFIG] Frontend '{frontend_name}' not found", flush=True)
|
||||
return False
|
||||
|
||||
# Sprawdź czy ACL już istnieje
|
||||
for line in lines[frontend_idx:]:
|
||||
if acl_name in line and 'acl' in line:
|
||||
return True # Już istnieje
|
||||
print(f"[HAPROXY_CONFIG] ACL '{acl_name}' already exists", flush=True)
|
||||
return True
|
||||
if line.strip().startswith('backend'):
|
||||
break
|
||||
|
||||
# Znajdź ostatnią linię ACL/use_backend w tym frontendzie
|
||||
insert_idx = frontend_idx + 1
|
||||
for i in range(frontend_idx + 1, len(lines)):
|
||||
if lines[i].strip().startswith('backend'):
|
||||
if lines[i].strip().startswith('backend') or lines[i].strip().startswith('frontend'):
|
||||
insert_idx = i
|
||||
break
|
||||
if 'use_backend' in lines[i] or 'default_backend' in lines[i]:
|
||||
@@ -76,6 +74,7 @@ def add_acl_to_frontend(frontend_name, acl_name, hostname, backend_name):
|
||||
with open(HAPROXY_CFG, 'w') as f:
|
||||
f.writelines(lines)
|
||||
|
||||
print(f"[HAPROXY_CONFIG] ACL '{acl_name}' added to frontend '{frontend_name}'", flush=True)
|
||||
return True
|
||||
except Exception as e:
|
||||
print(f"[HAPROXY_CONFIG] Error adding ACL: {e}", flush=True)
|
||||
@@ -158,7 +157,6 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
|
||||
existing_frontend = frontend_exists_at_port(frontend_ip, frontend_port)
|
||||
|
||||
if existing_frontend:
|
||||
# Frontend już istnieje - dodaj tylko backend + ACL
|
||||
print(f"[HAPROXY] Found existing frontend '{existing_frontend}' at {frontend_ip}:{frontend_port}", flush=True)
|
||||
|
||||
with open(HAPROXY_CFG, 'a') as haproxy_cfg:
|
||||
@@ -198,16 +196,53 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
|
||||
else:
|
||||
haproxy_cfg.write(f" server {server_name} {server_ip}:{server_port}{maxconn_str}\n")
|
||||
|
||||
# Dodaj ACL do istniejącego frontendu
|
||||
acl_name_sanitized = f"is_{sanitize_name(frontend_hostname)}" if frontend_hostname else f"is_{unique_backend_name}"
|
||||
add_acl_to_frontend(existing_frontend, acl_name_sanitized, frontend_hostname or 'localhost', unique_backend_name)
|
||||
|
||||
# ===== REDIRECT HTTP→HTTPS (jeśli zaznaczony) =====
|
||||
if backend_ssl_redirect and ssl_redirect_backend_name:
|
||||
unique_redirect_backend_name = f"{ssl_redirect_backend_name}_redirect_{sanitize_name(frontend_hostname)}" if frontend_hostname else f"{ssl_redirect_backend_name}_redirect"
|
||||
|
||||
existing_http_frontend = frontend_exists_at_port(frontend_ip, ssl_redirect_port)
|
||||
|
||||
if existing_http_frontend:
|
||||
print(f"[HAPROXY] Adding redirect ACL to existing HTTP frontend '{existing_http_frontend}'", flush=True)
|
||||
|
||||
with open(HAPROXY_CFG, 'a') as haproxy_cfg:
|
||||
haproxy_cfg.write(f"\nbackend {unique_redirect_backend_name}\n")
|
||||
haproxy_cfg.write(f" mode http\n")
|
||||
haproxy_cfg.write(f" redirect scheme https code 301 if !{{ ssl_fc }}\n")
|
||||
|
||||
if frontend_hostname:
|
||||
acl_name_redirect = f"is_{sanitize_name(frontend_hostname)}_redirect"
|
||||
add_acl_to_frontend(existing_http_frontend, acl_name_redirect, frontend_hostname, unique_redirect_backend_name)
|
||||
else:
|
||||
print(f"[HAPROXY] Creating new HTTP redirect frontend at {frontend_ip}:{ssl_redirect_port}", flush=True)
|
||||
|
||||
with open(HAPROXY_CFG, 'a') as haproxy_cfg:
|
||||
generic_http_redirect_name = f"http_redirect_frontend"
|
||||
|
||||
haproxy_cfg.write(f"\nfrontend {generic_http_redirect_name}\n")
|
||||
haproxy_cfg.write(f" bind {frontend_ip}:{ssl_redirect_port}\n")
|
||||
haproxy_cfg.write(f" mode http\n")
|
||||
|
||||
if frontend_hostname:
|
||||
acl_name_redirect = f"is_{sanitize_name(frontend_hostname)}_redirect"
|
||||
haproxy_cfg.write(f" acl {acl_name_redirect} hdr(host) -i {frontend_hostname}\n")
|
||||
haproxy_cfg.write(f" use_backend {unique_redirect_backend_name} if {acl_name_redirect}\n")
|
||||
else:
|
||||
haproxy_cfg.write(f" default_backend {unique_redirect_backend_name}\n")
|
||||
|
||||
# Redirect backend
|
||||
haproxy_cfg.write(f"\nbackend {unique_redirect_backend_name}\n")
|
||||
haproxy_cfg.write(f" mode http\n")
|
||||
haproxy_cfg.write(f" redirect scheme https code 301 if !{{ ssl_fc }}\n")
|
||||
|
||||
return f"Backend added to existing frontend"
|
||||
|
||||
# ===== TWORZENIE NOWEGO FRONTENDU (GENERYCZNE NAZWY) =====
|
||||
# Generuj generyczną nazwę frontendu
|
||||
generic_frontend_name = f"https_frontend" if use_ssl else f"http_frontend"
|
||||
generic_http_redirect_name = f"http_redirect_frontend"
|
||||
|
||||
print(f"[HAPROXY] Creating new frontend '{generic_frontend_name}' at {frontend_ip}:{frontend_port}", flush=True)
|
||||
|
||||
@@ -314,13 +349,14 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
|
||||
|
||||
# ===== REDIRECT HTTP -> HTTPS (GENERIC NAME) =====
|
||||
if backend_ssl_redirect and ssl_redirect_backend_name:
|
||||
unique_redirect_backend_name = f"{ssl_redirect_backend_name}_redirect_{sanitize_name(frontend_hostname)}" if frontend_hostname else ssl_redirect_backend_name
|
||||
unique_redirect_backend_name = f"{ssl_redirect_backend_name}_redirect_{sanitize_name(frontend_hostname)}" if frontend_hostname else f"{ssl_redirect_backend_name}_redirect"
|
||||
|
||||
# Check if HTTP redirect frontend exists
|
||||
# Check if HTTP frontend exists
|
||||
existing_http_frontend = frontend_exists_at_port(frontend_ip, ssl_redirect_port)
|
||||
|
||||
if not existing_http_frontend:
|
||||
# Utwórz nowy HTTP redirect frontend (generic name)
|
||||
generic_http_redirect_name = f"http_redirect_frontend"
|
||||
|
||||
haproxy_cfg.write(f"\nfrontend {generic_http_redirect_name}\n")
|
||||
haproxy_cfg.write(f" bind {frontend_ip}:{ssl_redirect_port}\n")
|
||||
haproxy_cfg.write(f" mode http\n")
|
||||
@@ -332,7 +368,6 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
|
||||
else:
|
||||
haproxy_cfg.write(f" default_backend {unique_redirect_backend_name}\n")
|
||||
else:
|
||||
# Dodaj ACL do istniejącego HTTP frontendu
|
||||
if frontend_hostname:
|
||||
acl_name_redirect = f"is_{sanitize_name(frontend_hostname)}_redirect"
|
||||
add_acl_to_frontend(existing_http_frontend, acl_name_redirect, frontend_hostname, unique_redirect_backend_name)
|
||||
|
||||
Reference in New Issue
Block a user