From d2f8acb02b3edeee1d2a6ab03cedd994c96b20f0 Mon Sep 17 00:00:00 2001
From: Tianyu Liu <liu.tianyu93@hotmail.com>
Date: Sat, 3 May 2025 22:27:15 +0200
Subject: [PATCH] Add auto rebuild haproxy config

---
 haproxy/haproxy_config.sh | 93 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100755 haproxy/haproxy_config.sh

diff --git a/haproxy/haproxy_config.sh b/haproxy/haproxy_config.sh
new file mode 100755
index 0000000..844ed56
--- /dev/null
+++ b/haproxy/haproxy_config.sh
@@ -0,0 +1,93 @@
+#!/bin/bash
+
+HAPROXY_CFG_DIR="/etc/haproxy"
+HAPROXY_CFG="$HAPROXY_CFG_DIR/haproxy.cfg"
+HAPROXY_SERVICE_DIR="$HAPROXY_CFG_DIR/services"
+
+set -e
+
+sudo mkdir -p $HAPROXY_SERVICE_DIR
+
+sudo cp $HAPROXY_CFG $HAPROXY_CFG.bak
+
+AUTOCONFIG_BEGIN="# === BEGIN autoconfig ==="
+AUTOCONFIG_END="# === END autoconfig ==="
+sudo sed -i "/$AUTOCONFIG_BEGIN/,/$AUTOCONFIG_END/d" $HAPROXY_CFG
+
+echo "$AUTOCONFIG_BEGIN" | sudo tee -a $HAPROXY_CFG > /dev/null
+
+if [ -z "$(ls -A $HAPROXY_SERVICE_DIR 2>/dev/null)" ]; then
+    echo "No services found under $HAPROXY_SERVICE_DIR. Skipping autoconfig."
+    echo "$AUTOCONFIG_END" | sudo tee -a $HAPROXY_CFG > /dev/null
+    exit 0
+fi
+
+# general http redirect
+echo "Generating http redirect config.."
+HTTP_REDIRECT=$(cat <<EOF
+# === BEGIN autoconfig redirect ===
+frontend http_redirect
+    bind *:80
+    http-request redirect scheme https code 301
+# === END autoconfig redirect ===
+EOF
+)
+echo "$HTTP_REDIRECT" | sudo tee -a $HAPROXY_CFG > /dev/null
+
+# Frontend https config
+echo "Generating frontend https config.."
+HTTPS_BEGIN="# === BEGIN autoconfig https ==="
+HTTPS_END="# === END autoconfig https ==="
+BIND_LINE="    bind *:443 ssl"
+
+for cert_file in $HAPROXY_SERVICE_DIR/*/cert.block; do
+    while IFS= read -r line; do
+        [[ -z "$line" || "$line" == \#* ]] && continue
+        BIND_LINE+=" $line"
+    done < "$cert_file"
+done
+BIND_LINE+=" alpn h2,http/1.1"
+
+ACL_BLOCK=""
+for acl_file in $HAPROXY_SERVICE_DIR/*/acl.block; do
+    while IFS= read -r line; do
+        [[ -z "$line" ]] && continue
+        ACL_BLOCK+="    $line"$'\n'
+    done < "$acl_file"
+done
+
+HTTPS_CONFIG=$(cat <<EOF
+$HTTPS_BEGIN
+frontend https
+$BIND_LINE
+    mode http
+$ACL_BLOCK
+$HTTPS_END
+EOF
+)
+
+echo "$HTTPS_CONFIG" | sudo tee -a $HAPROXY_CFG > /dev/null
+
+# Per service backend config
+echo "Generating per service backend config"
+BACKEND_BEGIN="# === BEGIN autoconfig backends ==="
+BACKEND_END="# === END autoconfig backends ==="
+
+BACKEND_BLOCK=""
+
+for backend_file in $HAPROXY_SERVICE_DIR/*/backend.block; do
+    while IFS= read -r line; do
+        BACKEND_BLOCK+="$line"$'\n'
+    done < "$backend_file"
+    BACKEND_BLOCK+=$'\n'
+done
+BACKEND_CONFIG=$(cat <<EOF
+$BACKEND_BEGIN
+$BACKEND_BLOCK
+$BACKEND_END
+EOF
+)
+
+echo "$BACKEND_BLOCK" | sudo tee -a $HAPROXY_CFG > /dev/null
+
+echo "$AUTOCONFIG_END" | sudo tee -a $HAPROXY_CFG > /dev/null
\ No newline at end of file