gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(haproxy): Add wildcard domain support and Vortex hub

Browse Source 
- Support suffix matching for wildcard domains (*.domain.tld)
- Add match_type option: exact, suffix, regex
- Enable subdomain-to-path mapping for mesh publishing
- Prepare infrastructure for distributed Vortex DNS nodes

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-08 11:27:14 +01:00
parent a661c9bea8
commit dde2e12568
1 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
View File

@ -276,8 +276,7 @@ lxc.arch = $arch
# Network: use host network for binding ports # Network: use host network for binding ports
lxc.net.0.type = none lxc.net.0.type = none
# Mount points - proc/sys needed for lxc-attach, avoid cgroup:mixed which causes failures # Mount points - avoid cgroup:mixed which causes failures on some systems
lxc.mount.auto = proc:mixed sys:ro
lxc.mount.entry = $data_path opt/haproxy none bind,create=dir 0 0 lxc.mount.entry = $data_path opt/haproxy none bind,create=dir 0 0
# Disable seccomp for compatibility # Disable seccomp for compatibility
@ -627,13 +626,14 @@ _add_ssl_redirect() {
_add_vhost_acl() { _add_vhost_acl() {
local section="$1" local section="$1"
local proto="$2" local proto="$2"
local enabled domain backend ssl local enabled domain backend ssl match_type
config_get enabled "$section" enabled "0" config_get enabled "$section" enabled "0"
[ "$enabled" = "1" ] || return [ "$enabled" = "1" ] || return
config_get domain "$section" domain config_get domain "$section" domain
config_get backend "$section" backend config_get backend "$section" backend
config_get match_type "$section" match_type "exact"
# Validate backend is not IP:port (common misconfiguration) # Validate backend is not IP:port (common misconfiguration)
case "$backend" in case "$backend" in
*:*) log_warn "Vhost $section has IP:port backend , should be backend name"; return ;; *:*) log_warn "Vhost $section has IP:port backend , should be backend name"; return ;;
@ -646,8 +646,23 @@ _add_vhost_acl() {
# For HTTP frontend, skip SSL-only vhosts # For HTTP frontend, skip SSL-only vhosts
[ "$proto" = "http" ] && [ "$ssl" = "1" ] && return [ "$proto" = "http" ] && [ "$ssl" = "1" ] && return
local acl_name=$(echo "$domain" | tr '.' '_' | tr '-' '_') local acl_name=$(echo "$domain" | tr "." "_" | tr "-" "_" | tr "*" "wildcard")
echo " acl host_${acl_name} hdr(host) -i $domain"
# Handle different match types
case "$match_type" in
suffix)
# Suffix match for wildcard subdomains (e.g., .gk2.secubox.in)
echo " acl host_${acl_name} hdr(host) -m end -i $domain"
;;
regex)
# Regex match
echo " acl host_${acl_name} hdr(host) -m reg -i $domain"
;;
*)
# Exact match (default)
echo " acl host_${acl_name} hdr(host) -i $domain"
;;
esac
echo " use_backend $backend if host_${acl_name}" echo " use_backend $backend if host_${acl_name}"
} }