gru/haproxy-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new options

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-11-03 08:30:30 +01:00
parent d86175a3b6
commit b305368690
7 changed files with 943 additions and 370 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
utils/haproxy_config.py
View File

@@ -3,7 +3,6 @@ import os
HAPROXY_CFG = '/etc/haproxy/haproxy.cfg'
def is_frontend_exist(frontend_name, frontend_ip, frontend_port):
"""Check if frontend with given name, IP and port already exists"""
if not os.path.exists(HAPROXY_CFG):
return False
@@ -28,7 +27,6 @@ def is_frontend_exist(frontend_name, frontend_ip, frontend_port):
return False
def is_backend_exist(backend_name):
"""Check if backend with given name already exists"""
if not os.path.exists(HAPROXY_CFG):
return False
@@ -45,8 +43,52 @@ def is_backend_exist(backend_name):
return False
def update_simple_haproxy_config(frontend_name, frontend_host, use_ssl, ssl_cert_path,
backend_name, backend_ip, backend_port,
forward_for=True, del_server_header=True):
"""
Tworzy prostą konfigurację frontend->backend bez load balancingu
"""
os.makedirs(os.path.dirname(HAPROXY_CFG), exist_ok=True)
if is_backend_exist(backend_name):
return f"Backend {backend_name} already exists. Cannot add duplicate."
try:
with open(HAPROXY_CFG, 'a') as haproxy_cfg:
# Frontend section
haproxy_cfg.write(f"\nfrontend {frontend_name}\n")
if use_ssl:
haproxy_cfg.write(f" bind :443 ssl crt {ssl_cert_path}\n")
else:
haproxy_cfg.write(f" bind :80\n")
# Headers
if forward_for:
haproxy_cfg.write(f" http-request set-header X-Forwarded-For %[src]\n")
haproxy_cfg.write(f" http-request set-header X-Forwarded-Proto {'https' if use_ssl else 'http'}\n")
if del_server_header:
haproxy_cfg.write(f" http-response del-header Server\n")
# ACL dla hosta
haproxy_cfg.write(f"\n acl host_{backend_name} hdr(host) -i {frontend_host}\n")
haproxy_cfg.write(f" use_backend {backend_name} if host_{backend_name}\n")
# Backend section
haproxy_cfg.write(f"\nbackend {backend_name}\n")
haproxy_cfg.write(f" server s1 {backend_ip}:{backend_port} check\n")
return "Configuration updated successfully!"
except Exception as e:
print(f"[HAPROXY_CONFIG] Error updating simple config: {e}", flush=True)
return f"Error: {e}"
def count_frontends_and_backends():
"""Count frontends, backends, ACLs and layer types"""
if not os.path.exists(HAPROXY_CFG):
return 0, 0, 0, 0, 0
@@ -86,7 +128,6 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
allowed_ip, forbidden_path, sql_injection_check, is_xss, is_remote_upload,
add_path_based, redirect_domain_name, root_redirect, redirect_to, is_webshells):
# Ensure directory exists
os.makedirs(os.path.dirname(HAPROXY_CFG), exist_ok=True)
if is_backend_exist(backend_name):
@@ -114,7 +155,6 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
haproxy_cfg.write(f" mode {protocol}\n")
haproxy_cfg.write(f" balance {lb_method}\n")
# Add protection rules
if is_dos:
haproxy_cfg.write(f" stick-table type ip size 1m expire {ban_duration} store http_req_rate(1m)\n")
haproxy_cfg.write(f" http-request track-sc0 src\n")
@@ -122,7 +162,6 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
haproxy_cfg.write(f" http-request silent-drop if abuse\n")
if sql_injection_check:
# POPRAWNE escape sequence'i - podwójny backslash dla haproxy
haproxy_cfg.write(" acl is_sql_injection urlp_reg -i (union|select|insert|update|delete|drop|@@|1=1|`1)\n")
haproxy_cfg.write(" acl is_long_uri path_len gt 400\n")
haproxy_cfg.write(" acl semicolon_path path_reg -i ^.*;.*\n")