feat(haproxy): Add wildcard domain support and Vortex hub

- Support suffix matching for wildcard domains (*.domain.tld) - Add match_type option: exact, suffix, regex - Enable subdomain-to-path mapping for mesh publishing - Prepare infrastructure for distributed Vortex DNS nodes Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 11:27:14 +01:00 · 2026-02-08 11:27:14 +01:00 · dde2e12568
commit dde2e12568
parent a661c9bea8
1 changed files with 20 additions and 5 deletions
--- a/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
+++ b/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
@ -276,8 +276,7 @@ lxc.arch = $arch
 # Network: use host network for binding ports
 lxc.net.0.type = none

-# Mount points - proc/sys needed for lxc-attach, avoid cgroup:mixed which causes failures
-lxc.mount.auto = proc:mixed sys:ro
+# Mount points - avoid cgroup:mixed which causes failures on some systems
 lxc.mount.entry = $data_path opt/haproxy none bind,create=dir 0 0

 # Disable seccomp for compatibility
@ -627,13 +626,14 @@ _add_ssl_redirect() {
 _add_vhost_acl() {
 	local section="$1"
 	local proto="$2"
-	local enabled domain backend ssl
+	local enabled domain backend ssl match_type

 	config_get enabled "$section" enabled "0"
 	[ "$enabled" = "1" ] || return

 	config_get domain "$section" domain
 	config_get backend "$section" backend
+	config_get match_type "$section" match_type "exact"
 	# Validate backend is not IP:port (common misconfiguration)
 	case "$backend" in
 		*:*) log_warn "Vhost $section has IP:port backend , should be backend name"; return ;;
@ -646,8 +646,23 @@ _add_vhost_acl() {
 	# For HTTP frontend, skip SSL-only vhosts
 	[ "$proto" = "http" ] && [ "$ssl" = "1" ] && return

-	local acl_name=$(echo "$domain" | tr '.' '_' | tr '-' '_')
-	echo "    acl host_${acl_name} hdr(host) -i $domain"
+	local acl_name=$(echo "$domain" | tr "." "_" | tr "-" "_" | tr "*" "wildcard")
+	
+	# Handle different match types
+	case "$match_type" in
+		suffix)
+			# Suffix match for wildcard subdomains (e.g., .gk2.secubox.in)
+			echo "    acl host_${acl_name} hdr(host) -m end -i $domain"
+			;;
+		regex)
+			# Regex match
+			echo "    acl host_${acl_name} hdr(host) -m reg -i $domain"
+			;;
+		*)
+			# Exact match (default)
+			echo "    acl host_${acl_name} hdr(host) -i $domain"
+			;;
+	esac
 	echo "    use_backend $backend if host_${acl_name}"
 }