haproxy/haproxy_config.sh

#!/bin/bash

HAPROXY_CFG_DIR="/etc/haproxy"
HAPROXY_CFG="$HAPROXY_CFG_DIR/haproxy.cfg"
HAPROXY_SERVICE_DIR="$HAPROXY_CFG_DIR/services"

set -e

sudo mkdir -p $HAPROXY_SERVICE_DIR

sudo cp $HAPROXY_CFG $HAPROXY_CFG.bak

AUTOCONFIG_BEGIN="# === BEGIN autoconfig ==="
AUTOCONFIG_END="# === END autoconfig ==="
sudo sed -i "/$AUTOCONFIG_BEGIN/,/$AUTOCONFIG_END/d" $HAPROXY_CFG

echo "$AUTOCONFIG_BEGIN" | sudo tee -a $HAPROXY_CFG > /dev/null

if [ -z "$(ls -A $HAPROXY_SERVICE_DIR 2>/dev/null)" ]; then
    echo "No services found under $HAPROXY_SERVICE_DIR. Skipping autoconfig."
    echo "$AUTOCONFIG_END" | sudo tee -a $HAPROXY_CFG > /dev/null
    exit 0
fi

# general http redirect
echo "Generating http redirect config.."
HTTP_REDIRECT=$(cat <<EOF
# === BEGIN autoconfig redirect ===
frontend http_redirect
    bind *:80
    http-request redirect scheme https code 301
# === END autoconfig redirect ===
EOF
)
echo "$HTTP_REDIRECT" | sudo tee -a $HAPROXY_CFG > /dev/null

# Frontend https config
echo "Generating frontend https config.."
HTTPS_BEGIN="# === BEGIN autoconfig https ==="
HTTPS_END="# === END autoconfig https ==="
BIND_LINE="    bind *:443 ssl"

for cert_file in $HAPROXY_SERVICE_DIR/*/cert.block; do
    while IFS= read -r line; do
        [[ -z "$line" || "$line" == \#* ]] && continue
        BIND_LINE+=" $line"
    done < "$cert_file"
done
BIND_LINE+=" alpn h2,http/1.1"

ACL_BLOCK=""
for acl_file in $HAPROXY_SERVICE_DIR/*/acl.block; do
    while IFS= read -r line; do
        [[ -z "$line" ]] && continue
        ACL_BLOCK+="    $line"$'\n'
    done < "$acl_file"
done

HTTPS_CONFIG=$(cat <<EOF
$HTTPS_BEGIN
frontend https
$BIND_LINE
    mode http
$ACL_BLOCK
$HTTPS_END
EOF
)

echo "$HTTPS_CONFIG" | sudo tee -a $HAPROXY_CFG > /dev/null

# Per service backend config
echo "Generating per service backend config"
BACKEND_BEGIN="# === BEGIN autoconfig backends ==="
BACKEND_END="# === END autoconfig backends ==="

BACKEND_BLOCK=""

for backend_file in $HAPROXY_SERVICE_DIR/*/backend.block; do
    while IFS= read -r line; do
        BACKEND_BLOCK+="$line"$'\n'
    done < "$backend_file"
    BACKEND_BLOCK+=$'\n'
done
BACKEND_CONFIG=$(cat <<EOF
$BACKEND_BEGIN
$BACKEND_BLOCK
$BACKEND_END
EOF
)

echo "$BACKEND_BLOCK" | sudo tee -a $HAPROXY_CFG > /dev/null

echo "$AUTOCONFIG_END" | sudo tee -a $HAPROXY_CFG > /dev/null
Add auto rebuild haproxy config 2025-05-03 22:27:15 +02:00			`#!/bin/bash`

			`HAPROXY_CFG_DIR="/etc/haproxy"`
			`HAPROXY_CFG="$HAPROXY_CFG_DIR/haproxy.cfg"`
			`HAPROXY_SERVICE_DIR="$HAPROXY_CFG_DIR/services"`

			`set -e`

			`sudo mkdir -p $HAPROXY_SERVICE_DIR`

			`sudo cp $HAPROXY_CFG $HAPROXY_CFG.bak`

			`AUTOCONFIG_BEGIN="# === BEGIN autoconfig ==="`
			`AUTOCONFIG_END="# === END autoconfig ==="`
			`sudo sed -i "/$AUTOCONFIG_BEGIN/,/$AUTOCONFIG_END/d" $HAPROXY_CFG`

			`echo "$AUTOCONFIG_BEGIN" \| sudo tee -a $HAPROXY_CFG > /dev/null`

			`if [ -z "$(ls -A $HAPROXY_SERVICE_DIR 2>/dev/null)" ]; then`
			`echo "No services found under $HAPROXY_SERVICE_DIR. Skipping autoconfig."`
			`echo "$AUTOCONFIG_END" \| sudo tee -a $HAPROXY_CFG > /dev/null`
			`exit 0`
			`fi`

			`# general http redirect`
			`echo "Generating http redirect config.."`
			`HTTP_REDIRECT=$(cat <<EOF`
			`# === BEGIN autoconfig redirect ===`
			`frontend http_redirect`
			`bind *:80`
			`http-request redirect scheme https code 301`
			`# === END autoconfig redirect ===`
			`EOF`
			`)`
			`echo "$HTTP_REDIRECT" \| sudo tee -a $HAPROXY_CFG > /dev/null`

			`# Frontend https config`
			`echo "Generating frontend https config.."`
			`HTTPS_BEGIN="# === BEGIN autoconfig https ==="`
			`HTTPS_END="# === END autoconfig https ==="`
			`BIND_LINE=" bind *:443 ssl"`

			`for cert_file in $HAPROXY_SERVICE_DIR/*/cert.block; do`
			`while IFS= read -r line; do`
			`[[ -z "$line" \|\| "$line" == \#* ]] && continue`
			`BIND_LINE+=" $line"`
			`done < "$cert_file"`
			`done`
			`BIND_LINE+=" alpn h2,http/1.1"`

			`ACL_BLOCK=""`
			`for acl_file in $HAPROXY_SERVICE_DIR/*/acl.block; do`
			`while IFS= read -r line; do`
			`[[ -z "$line" ]] && continue`
			`ACL_BLOCK+=" $line"$'\n'`
			`done < "$acl_file"`
			`done`

			`HTTPS_CONFIG=$(cat <<EOF`
			`$HTTPS_BEGIN`
			`frontend https`
			`$BIND_LINE`
			`mode http`
			`$ACL_BLOCK`
			`$HTTPS_END`
			`EOF`
			`)`

			`echo "$HTTPS_CONFIG" \| sudo tee -a $HAPROXY_CFG > /dev/null`

			`# Per service backend config`
			`echo "Generating per service backend config"`
			`BACKEND_BEGIN="# === BEGIN autoconfig backends ==="`
			`BACKEND_END="# === END autoconfig backends ==="`

			`BACKEND_BLOCK=""`

			`for backend_file in $HAPROXY_SERVICE_DIR/*/backend.block; do`
			`while IFS= read -r line; do`
			`BACKEND_BLOCK+="$line"$'\n'`
			`done < "$backend_file"`
			`BACKEND_BLOCK+=$'\n'`
			`done`
			`BACKEND_CONFIG=$(cat <<EOF`
			`$BACKEND_BEGIN`
			`$BACKEND_BLOCK`
			`$BACKEND_END`
			`EOF`
			`)`

			`echo "$BACKEND_BLOCK" \| sudo tee -a $HAPROXY_CFG > /dev/null`

			`echo "$AUTOCONFIG_END" \| sudo tee -a $HAPROXY_CFG > /dev/null`