252 lines
11 KiB
Python
252 lines
11 KiB
Python
from flask import Blueprint, render_template, request
|
|
import subprocess
|
|
from auth.auth_middleware import requires_auth
|
|
from utils.haproxy_config import update_haproxy_config, count_frontends_and_backends
|
|
|
|
main_bp = Blueprint('main', __name__)
|
|
|
|
def reload_haproxy():
|
|
"""Reload HAProxy by killing it - supervisord restarts automatically"""
|
|
try:
|
|
# Validate config first
|
|
result = subprocess.run(
|
|
['haproxy', '-c', '-V', '-f', '/etc/haproxy/haproxy.cfg'],
|
|
stdout=subprocess.PIPE,
|
|
stderr=subprocess.STDOUT,
|
|
text=True,
|
|
timeout=10
|
|
)
|
|
|
|
if result.returncode != 0:
|
|
return False, f"Config validation failed: {result.stdout}"
|
|
|
|
# Kill haproxy - supervisord will restart it automatically
|
|
result = subprocess.run(
|
|
['pkill', '-f', 'haproxy'],
|
|
stdout=subprocess.PIPE,
|
|
stderr=subprocess.STDOUT,
|
|
text=True,
|
|
timeout=10
|
|
)
|
|
|
|
if result.returncode == 0 or 'No such process' in result.stdout:
|
|
print("[HAPROXY] Process killed, supervisord will restart", flush=True)
|
|
return True, "HAProxy restarted successfully"
|
|
else:
|
|
print(f"[HAPROXY] pkill failed: {result.stdout}", flush=True)
|
|
return False, f"pkill failed: {result.stdout}"
|
|
except Exception as e:
|
|
print(f"[HAPROXY] Error: {e}", flush=True)
|
|
return False, f"Error: {str(e)}"
|
|
|
|
@main_bp.route('/', methods=['GET', 'POST'])
|
|
@requires_auth
|
|
def index():
|
|
if request.method == 'POST':
|
|
# Frontend IP i port
|
|
frontend_ip = request.form['frontend_ip']
|
|
frontend_port = request.form['frontend_port']
|
|
frontend_hostname = request.form.get('frontend_hostname', '').strip()
|
|
|
|
lb_method = request.form['lb_method']
|
|
protocol = request.form['protocol']
|
|
backend_name = request.form['backend_name']
|
|
|
|
# Header options
|
|
add_header = 'add_header' in request.form
|
|
header_name = request.form.get('header_name', '') if add_header else ''
|
|
header_value = request.form.get('header_value', '') if add_header else ''
|
|
|
|
# Server header removal
|
|
del_server_header = 'del_server_header' in request.form
|
|
|
|
backend_ssl_redirect = 'backend_ssl_redirect' in request.form
|
|
ssl_redirect_backend_name = request.form.get('ssl_redirect_backend_name', '').strip() if backend_ssl_redirect else ''
|
|
ssl_redirect_port = request.form.get('ssl_redirect_port', '80') # ✅ POBIERA PORT Z FORMU
|
|
|
|
# Backend servers
|
|
backend_server_names = request.form.getlist('backend_server_names[]')
|
|
backend_server_ips = request.form.getlist('backend_server_ips[]')
|
|
backend_server_ports = request.form.getlist('backend_server_ports[]')
|
|
backend_server_maxconns = request.form.getlist('backend_server_maxconns[]')
|
|
|
|
# Custom ACL
|
|
add_custom_acl = 'add_custom_acl' in request.form
|
|
custom_acl_name = request.form.get('custom_acl_name', '').strip() if add_custom_acl else ''
|
|
custom_acl_type = request.form.get('custom_acl_type', 'path_beg') if add_custom_acl else ''
|
|
custom_acl_value = request.form.get('custom_acl_value', '').strip() if add_custom_acl else ''
|
|
custom_acl_action = request.form.get('custom_acl_action', 'route') if add_custom_acl else ''
|
|
custom_acl_backend = request.form.get('custom_acl_backend', '').strip() if add_custom_acl else ''
|
|
custom_acl_redirect_url = request.form.get('custom_acl_redirect_url', '').strip() if add_custom_acl else ''
|
|
|
|
# SSL
|
|
use_ssl = 'ssl_checkbox' in request.form
|
|
ssl_cert_path = request.form.get('ssl_cert_path', '/app/ssl/haproxy-configurator.pem')
|
|
https_redirect = 'ssl_redirect_checkbox' in request.form
|
|
|
|
# DOS Protection
|
|
is_dos = 'add_dos' in request.form
|
|
ban_duration = request.form.get('ban_duration', '30m')
|
|
limit_requests = request.form.get('limit_requests', '100')
|
|
|
|
# Forward For
|
|
forward_for = 'forward_for_check' in request.form
|
|
|
|
# SQL Injection
|
|
sql_injection_check = 'sql_injection_check' in request.form
|
|
|
|
# XSS
|
|
is_xss = 'xss_check' in request.form
|
|
|
|
# Remote uploads
|
|
is_remote_upload = 'remote_uploads_check' in request.form
|
|
|
|
# Webshells
|
|
is_webshells = 'webshells_check' in request.form
|
|
|
|
# Path-based redirects (legacy)
|
|
add_path_based = 'add_path_based' in request.form
|
|
redirect_domain_name = request.form.get('redirect_domain_name', '')
|
|
root_redirect = request.form.get('root_redirect', '')
|
|
redirect_to = request.form.get('redirect_to', '')
|
|
|
|
# Forbidden paths (legacy)
|
|
is_forbidden_path = 'add_acl_path' in request.form
|
|
forbidden_name = request.form.get('forbidden_name', '')
|
|
allowed_ip = request.form.get('allowed_ip', '')
|
|
forbidden_path = request.form.get('forbidden_path', '')
|
|
|
|
# Build backend_servers list
|
|
backend_servers = []
|
|
for i in range(len(backend_server_ips)):
|
|
name = backend_server_names[i] if i < len(backend_server_names) else f"server{i+1}"
|
|
ip = backend_server_ips[i] if i < len(backend_server_ips) else ''
|
|
port = backend_server_ports[i] if i < len(backend_server_ports) else ''
|
|
maxconn = backend_server_maxconns[i] if i < len(backend_server_maxconns) else None
|
|
if ip and port:
|
|
backend_servers.append((name, ip, port, maxconn))
|
|
|
|
# Health checks
|
|
health_check = False
|
|
health_check_link = ""
|
|
if protocol == 'http':
|
|
health_check = 'health_check' in request.form
|
|
if health_check:
|
|
health_check_link = request.form.get('health_check_link', '/')
|
|
|
|
health_check_tcp = False
|
|
if protocol == 'tcp':
|
|
health_check_tcp = 'health_check2' in request.form
|
|
|
|
# Sticky session
|
|
sticky_session = False
|
|
sticky_session_type = ""
|
|
if 'sticky_session' in request.form:
|
|
sticky_session = True
|
|
sticky_session_type = request.form.get('sticky_session_type', 'cookie')
|
|
|
|
# Legacy ACL (unused, kept for compatibility)
|
|
is_acl = False
|
|
acl_name = ''
|
|
acl_action = ''
|
|
acl_backend_name = ''
|
|
|
|
# Frontend name (None - will be generated)
|
|
frontend_name = None
|
|
|
|
# Call update_haproxy_config
|
|
message = update_haproxy_config(
|
|
frontend_name=frontend_name,
|
|
frontend_ip=frontend_ip,
|
|
frontend_port=frontend_port,
|
|
lb_method=lb_method,
|
|
protocol=protocol,
|
|
backend_name=backend_name,
|
|
backend_servers=backend_servers,
|
|
health_check=health_check,
|
|
health_check_tcp=health_check_tcp,
|
|
health_check_link=health_check_link,
|
|
sticky_session=sticky_session,
|
|
add_header=add_header,
|
|
header_name=header_name,
|
|
header_value=header_value,
|
|
sticky_session_type=sticky_session_type,
|
|
is_acl=is_acl,
|
|
acl_name=acl_name,
|
|
acl_action=acl_action,
|
|
acl_backend_name=acl_backend_name,
|
|
use_ssl=use_ssl,
|
|
ssl_cert_path=ssl_cert_path,
|
|
https_redirect=https_redirect,
|
|
is_dos=is_dos,
|
|
ban_duration=ban_duration,
|
|
limit_requests=limit_requests,
|
|
forward_for=forward_for,
|
|
is_forbidden_path=is_forbidden_path,
|
|
forbidden_name=forbidden_name,
|
|
allowed_ip=allowed_ip,
|
|
forbidden_path=forbidden_path,
|
|
sql_injection_check=sql_injection_check,
|
|
is_xss=is_xss,
|
|
is_remote_upload=is_remote_upload,
|
|
add_path_based=add_path_based,
|
|
redirect_domain_name=redirect_domain_name,
|
|
root_redirect=root_redirect,
|
|
redirect_to=redirect_to,
|
|
is_webshells=is_webshells,
|
|
del_server_header=del_server_header,
|
|
backend_ssl_redirect=backend_ssl_redirect,
|
|
ssl_redirect_backend_name=ssl_redirect_backend_name,
|
|
ssl_redirect_port=ssl_redirect_port,
|
|
frontend_hostname=frontend_hostname,
|
|
add_custom_acl=add_custom_acl,
|
|
custom_acl_name=custom_acl_name,
|
|
custom_acl_type=custom_acl_type,
|
|
custom_acl_value=custom_acl_value,
|
|
custom_acl_action=custom_acl_action,
|
|
custom_acl_backend=custom_acl_backend,
|
|
custom_acl_redirect_url=custom_acl_redirect_url
|
|
)
|
|
|
|
# ===== DETERMINE MESSAGE TYPE =====
|
|
message_type = "success" # Default
|
|
|
|
# Check for ERROR conditions
|
|
if "error" in message.lower():
|
|
message_type = "danger"
|
|
elif "failed" in message.lower():
|
|
message_type = "danger"
|
|
elif "already exists" in message.lower():
|
|
message_type = "danger"
|
|
elif "cannot add" in message.lower():
|
|
message_type = "danger"
|
|
# SUCCESS conditions
|
|
elif "configuration updated successfully" in message.lower():
|
|
message_type = "success"
|
|
elif "backend added to existing" in message.lower():
|
|
message_type = "success"
|
|
|
|
# ===== RELOAD HAPROXY (JEŚLI SUCCESS) =====
|
|
if message_type == "success":
|
|
reload_ok, reload_msg = reload_haproxy()
|
|
if reload_ok:
|
|
message = message + " ✓ " + reload_msg
|
|
message_type = "success"
|
|
else:
|
|
message = message + " ⚠ " + reload_msg
|
|
message_type = "warning"
|
|
|
|
return render_template('index.html',
|
|
message=message,
|
|
message_type=message_type)
|
|
|
|
# GET request - display stats
|
|
frontend_count, backend_count, acl_count, layer7_count, layer4_count = count_frontends_and_backends()
|
|
|
|
return render_template('index.html',
|
|
frontend_count=frontend_count,
|
|
backend_count=backend_count,
|
|
acl_count=acl_count,
|
|
layer7_count=layer7_count,
|
|
layer4_count=layer4_count)
|