260 lines
7.0 KiB
TypeScript
260 lines
7.0 KiB
TypeScript
import { dev } from '$app/env';
|
|
import got from 'got';
|
|
import mustache from 'mustache';
|
|
import crypto from 'crypto';
|
|
|
|
import * as db from '$lib/database';
|
|
import { checkContainer, checkHAProxy } from '.';
|
|
import { asyncExecShell, getDomain, getEngine } from '$lib/common';
|
|
|
|
const url = dev ? 'http://localhost:5555' : 'http://coolify-haproxy:5555';
|
|
|
|
let template = `program api
|
|
command /usr/bin/dataplaneapi -f /usr/local/etc/haproxy/dataplaneapi.hcl --userlist haproxy-dataplaneapi
|
|
no option start-on-reload
|
|
|
|
global
|
|
stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
|
|
log stdout format raw local0 debug
|
|
|
|
defaults
|
|
mode http
|
|
log global
|
|
timeout http-request 60s
|
|
timeout connect 10s
|
|
timeout client 60s
|
|
timeout server 60s
|
|
|
|
userlist haproxy-dataplaneapi
|
|
user admin insecure-password "\${HAPROXY_PASSWORD}"
|
|
|
|
frontend http
|
|
mode http
|
|
bind :80
|
|
bind :443 ssl crt /usr/local/etc/haproxy/ssl/ alpn h2,http/1.1
|
|
acl is_certbot path_beg /.well-known/acme-challenge/
|
|
{{#applications}}
|
|
{{#isHttps}}
|
|
http-request redirect scheme https code ${
|
|
dev ? 302 : 301
|
|
} if { hdr(host) -i {{domain}} } !{ ssl_fc }
|
|
{{/isHttps}}
|
|
http-request redirect location {{{redirectValue}}} code ${
|
|
dev ? 302 : 301
|
|
} if { req.hdr(host) -i {{redirectTo}} }
|
|
{{/applications}}
|
|
{{#services}}
|
|
{{#isHttps}}
|
|
http-request redirect scheme https code ${
|
|
dev ? 302 : 301
|
|
} if { hdr(host) -i {{domain}} } !{ ssl_fc }
|
|
{{/isHttps}}
|
|
http-request redirect location {{{redirectValue}}} code ${
|
|
dev ? 302 : 301
|
|
} if { req.hdr(host) -i {{redirectTo}} }
|
|
{{/services}}
|
|
{{#coolify}}
|
|
{{#isHttps}}
|
|
http-request redirect scheme https code ${
|
|
dev ? 302 : 301
|
|
} if { hdr(host) -i {{domain}} } !{ ssl_fc }
|
|
{{/isHttps}}
|
|
http-request redirect location {{{redirectValue}}} code ${
|
|
dev ? 302 : 301
|
|
} if { req.hdr(host) -i {{redirectTo}} }
|
|
{{/coolify}}
|
|
use_backend backend-certbot if is_certbot
|
|
use_backend %[req.hdr(host),lower]
|
|
|
|
frontend stats
|
|
bind *:8404
|
|
stats enable
|
|
stats uri /
|
|
stats admin if TRUE
|
|
stats auth "\${HAPROXY_USERNAME}:\${HAPROXY_PASSWORD}"
|
|
|
|
backend backend-certbot
|
|
mode http
|
|
server certbot host.docker.internal:9080
|
|
|
|
{{#applications}}
|
|
{{#isRunning}}
|
|
# updatedAt={{updatedAt}}
|
|
backend {{domain}}
|
|
option forwardfor
|
|
server {{id}} {{id}}:{{port}} check
|
|
{{/isRunning}}
|
|
{{/applications}}
|
|
|
|
{{#services}}
|
|
{{#isRunning}}
|
|
# updatedAt={{updatedAt}}
|
|
backend {{domain}}
|
|
option forwardfor
|
|
server {{id}} {{id}}:{{port}} check
|
|
{{/isRunning}}
|
|
{{/services}}
|
|
|
|
{{#coolify}}
|
|
backend {{domain}}
|
|
option forwardfor
|
|
option httpchk GET /undead.json
|
|
server {{id}} {{id}}:{{port}} check fall 10
|
|
{{/coolify}}
|
|
`;
|
|
export async function haproxyInstance() {
|
|
const { proxyPassword } = await db.listSettings();
|
|
return got.extend({
|
|
prefixUrl: url,
|
|
username: 'admin',
|
|
password: proxyPassword
|
|
});
|
|
}
|
|
|
|
export async function configureHAProxy() {
|
|
try {
|
|
const haproxy = await haproxyInstance();
|
|
await checkHAProxy(haproxy);
|
|
const data = {
|
|
applications: [],
|
|
services: [],
|
|
coolify: []
|
|
};
|
|
const applications = await db.prisma.application.findMany({
|
|
include: { destinationDocker: true, settings: true }
|
|
});
|
|
for (const application of applications) {
|
|
const {
|
|
fqdn,
|
|
id,
|
|
port,
|
|
destinationDocker,
|
|
destinationDockerId,
|
|
settings: { previews },
|
|
updatedAt
|
|
} = application;
|
|
if (destinationDockerId) {
|
|
const { engine, network } = destinationDocker;
|
|
const isRunning = await checkContainer(engine, id);
|
|
if (fqdn) {
|
|
const domain = getDomain(fqdn);
|
|
const isHttps = fqdn.startsWith('https://');
|
|
const isWWW = fqdn.includes('www.');
|
|
const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`;
|
|
if (isRunning) {
|
|
data.applications.push({
|
|
id,
|
|
port: port || 3000,
|
|
domain,
|
|
isRunning,
|
|
isHttps,
|
|
redirectValue,
|
|
redirectTo: isWWW ? domain : 'www.' + domain,
|
|
updatedAt: updatedAt.getTime()
|
|
});
|
|
}
|
|
if (previews) {
|
|
const host = getEngine(engine);
|
|
const { stdout } = await asyncExecShell(
|
|
`DOCKER_HOST=${host} docker container ls --filter="status=running" --filter="network=${network}" --filter="name=${id}-" --format="{{json .Names}}"`
|
|
);
|
|
const containers = stdout
|
|
.trim()
|
|
.split('\n')
|
|
.filter((a) => a)
|
|
.map((c) => c.replace(/"/g, ''));
|
|
if (containers.length > 0) {
|
|
for (const container of containers) {
|
|
let previewDomain = `${container.split('-')[1]}.${domain}`;
|
|
data.applications.push({
|
|
id: container,
|
|
port: port || 3000,
|
|
domain: previewDomain,
|
|
isRunning,
|
|
isHttps,
|
|
redirectValue,
|
|
redirectTo: isWWW ? previewDomain : 'www.' + previewDomain,
|
|
updatedAt: updatedAt.getTime()
|
|
});
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
const services = await db.prisma.service.findMany({
|
|
include: {
|
|
destinationDocker: true,
|
|
minio: true,
|
|
plausibleAnalytics: true,
|
|
vscodeserver: true,
|
|
wordpress: true
|
|
}
|
|
});
|
|
|
|
for (const service of services) {
|
|
const { fqdn, id, type, destinationDocker, destinationDockerId, updatedAt } = service;
|
|
if (destinationDockerId) {
|
|
const { engine } = destinationDocker;
|
|
const found = db.supportedServiceTypesAndVersions.find((a) => a.name === type);
|
|
if (found) {
|
|
const port = found.ports.main;
|
|
const publicPort = service[type]?.publicPort;
|
|
const isRunning = await checkContainer(engine, id);
|
|
if (fqdn) {
|
|
const domain = getDomain(fqdn);
|
|
const isHttps = fqdn.startsWith('https://');
|
|
const isWWW = fqdn.includes('www.');
|
|
const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`;
|
|
if (isRunning) {
|
|
data.services.push({
|
|
id,
|
|
port,
|
|
publicPort,
|
|
domain,
|
|
isRunning,
|
|
isHttps,
|
|
redirectValue,
|
|
redirectTo: isWWW ? domain : 'www.' + domain,
|
|
updatedAt: updatedAt.getTime()
|
|
});
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
const { fqdn } = await db.prisma.setting.findFirst();
|
|
if (fqdn) {
|
|
const domain = getDomain(fqdn);
|
|
const isHttps = fqdn.startsWith('https://');
|
|
const isWWW = fqdn.includes('www.');
|
|
const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`;
|
|
data.coolify.push({
|
|
id: dev ? 'host.docker.internal' : 'coolify',
|
|
port: 3000,
|
|
domain,
|
|
isHttps,
|
|
redirectValue,
|
|
redirectTo: isWWW ? domain : 'www.' + domain
|
|
});
|
|
}
|
|
const output = mustache.render(template, data);
|
|
const newHash = crypto.createHash('md5').update(output).digest('hex');
|
|
const { proxyHash, id } = await db.listSettings();
|
|
if (proxyHash !== newHash) {
|
|
await db.prisma.setting.update({ where: { id }, data: { proxyHash: newHash } });
|
|
await haproxy.post(`v2/services/haproxy/configuration/raw`, {
|
|
searchParams: {
|
|
skip_version: true
|
|
},
|
|
body: output,
|
|
headers: {
|
|
'Content-Type': 'text/plain'
|
|
}
|
|
});
|
|
}
|
|
} catch (error) {
|
|
throw error;
|
|
}
|
|
}
|