diff --git a/scripts/config_haproxy_create.sh b/scripts/config_haproxy_create.sh new file mode 100755 index 0000000..1bfa740 --- /dev/null +++ b/scripts/config_haproxy_create.sh @@ -0,0 +1,127 @@ +#!/bin/sh + +# Initial parameters +DATE=`date +%F-%H-%M-%S` + +# Set env variables +DOMAIN_DIR=$DOMAIN_DIR +PROXY_CONFIG_DIR=$PROXY_CONFIG_DIR + +cd /scripts +file="$PROXY_DIR/haproxy.cfg" +global_http="global_http" +global_https="global_https" + +cp -a haproxy_template.cfg $PROXY_DIR/haproxy.cfg + +{ + +echo "frontend http +"; + +cat "$global_http" +echo + +echo "acl letsencrypt path_beg /.well-known/acme-challenge/"; + +echo + +for i in `ls $DOMAIN_DIR|cut -d / -f2` ; do + + if [[ "$(jq -r .REDIRECT_HTTPS $i)" != "" && "$(jq -r .HTTP_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]] + then + echo "redirect prefix https://$(jq -r .REDIRECT_HTTPS $i) hdr(host) code 301 if { hdr(host) -i $(jq -r .DOMAIN $i) }"; + fi +done +echo + +for i in `ls ${DOMAINS}*` ; do + + if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTP_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]] + then + echo "acl $(jq -r .DOMAIN $i)_http hdr(host) -i $(jq -r .DOMAIN $i)"; + fi + + if [[ "$(jq -r .DOMAIN $i)" != "letsencrypt" && "$(jq -r .HTTP_PORT $i)" != "" && "$(jq -r .ALIASES_HTTP[] $i)" != "" ]] + then + ALIASES_LIST=$(jq -r .ALIASES_HTTP[] $i) + for ALIAS in $ALIASES_LIST + do + echo "acl $(jq -r .DOMAIN $i)_http hdr(host) -i $ALIAS"; + done + fi + +done + +echo + +echo "use_backend letsencrypt_http if letsencrypt" + +for i in `ls ${DOMAINS}*` ; do + + if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTP_PORTS $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]] + then + echo "use_backend $(jq -r .DOMAIN $i)_http if $(jq -r .DOMAIN $i)_http"; + fi +done + +echo + +for i in `ls ${DOMAINS}*` ; do + + if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTP_PORT $i)" != "" ]] + then + echo "backend $(jq -r .DOMAIN $i)_http"; + echo " mode http"; + echo " server $(jq -r .DOMAIN $i) $(jq -r .LOCAL_IP $i):$(jq -r .HTTP_PORT $i)"; + fi +done + +echo + +echo "frontend https +"; + +cat "$global_https" +echo + +for i in `ls ${DOMAINS}*` ; do + + if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTPS_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]] + then + echo "acl $(jq -r .DOMAIN $i)_https req_ssl_sni -i $(jq -r .DOMAIN $i)"; + fi + if [[ "$(jq -r .HTTPS_PORT $i)" != "" && "$(jq -r .ALIASES_HTTPS[] $i)" != "" ]] + then + ALIASES_LIST=$(jq -r .ALIASES_HTTPS[] $i) + for ALIAS in $ALIASES_LIST + do + echo "acl $(jq -r .DOMAIN $i)_https req_ssl_sni -i $ALIAS"; + done + fi +done + +echo + +for i in `ls ${DOMAINS}*` ; do + + if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTPS_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]] + then + echo "use_backend $(jq -r .DOMAIN $i)_https if $(jq -r .DOMAIN $i)_https"; + fi +done + +echo + +for i in `ls ${DOMAINS}*` ; do + + if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTPS_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]] + then + echo "backend $(jq -r .DOMAIN $i)_https"; + echo " option ssl-hello-chk"; + echo " mode tcp"; + echo " server $(jq -r .DOMAIN $i) $(jq -r .LOCAL_IP $i):$(jq -r .HTTPS_PORT $i) check"; + fi +done + +} >> "$file" diff --git a/scripts/global_http b/scripts/global_http new file mode 100644 index 0000000..5f4029b --- /dev/null +++ b/scripts/global_http @@ -0,0 +1,6 @@ +bind :80 + mode http + option forwardfor + option httplog + option dontlognull + http-request add-header X-Forwarded-For %[src] diff --git a/scripts/global_https b/scripts/global_https new file mode 100644 index 0000000..181e10d --- /dev/null +++ b/scripts/global_https @@ -0,0 +1,7 @@ +bind :443 + mode tcp + option tcplog + option dontlognull + tcp-request inspect-delay 5s + tcp-request content accept if { req_ssl_hello_type 1 } + http-request add-header X-Forwarded-Proto https if { ssl_fc } diff --git a/scripts/haproxy_template.cfg b/scripts/haproxy_template.cfg new file mode 100644 index 0000000..022bb5a --- /dev/null +++ b/scripts/haproxy_template.cfg @@ -0,0 +1,11 @@ +global + log stdout format raw local0 debug +defaults + timeout client 30s + timeout server 30s + timeout connect 5s + mode http + option redispatch + option http-server-close + log global +