CyberMind-FR
906bf6f549
- metablogizer: Add HTTP health checks for backend (uhttpd) and frontend (HAProxy) - metablogizer: Fix BusyBox-compatible certificate expiry detection using openssl checkend - secubox-portal: Add speed test widget with ping/download/upload measurement - tor-shield: Fix settings save ensuring UCI sections exist - cdn-cache: UI improvements and restructure - streamlit: Fix port conflict (sappix now uses 8503) - secubox-core: Add proxy mode detection - security-threats: Dashboard improvements - haproxy: Init.d and Makefile updates PKG_RELEASE bumps: - luci-app-cdn-cache: 3 - luci-app-metablogizer: 2 - luci-app-secubox-portal: 2 - luci-app-secubox-security-threats: 2 - luci-app-secubox: 4 - luci-app-streamlit: 9 - luci-app-tor-shield: 2 - secubox-app-haproxy: 23 - secubox-core: 6 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
74 lines
1.6 KiB
Bash
Executable File
74 lines
1.6 KiB
Bash
Executable File
#!/bin/sh /etc/rc.common
|
|
# SecuBox HAProxy Service
|
|
# Copyright (C) 2025 CyberMind.fr
|
|
|
|
START=90
|
|
STOP=10
|
|
USE_PROCD=1
|
|
|
|
NAME="haproxy"
|
|
PROG="/usr/sbin/haproxyctl"
|
|
ACME_WEBROOT="/var/www/acme-challenge"
|
|
ACME_PORT="8402"
|
|
|
|
# Setup ACME challenge webserver for certificate issuance
|
|
# HAProxy routes /.well-known/acme-challenge/ to this server
|
|
setup_acme_webserver() {
|
|
# Create ACME challenge directory
|
|
mkdir -p "$ACME_WEBROOT/.well-known/acme-challenge"
|
|
chmod -R 755 "$ACME_WEBROOT"
|
|
|
|
# Configure uhttpd instance for ACME if not exists
|
|
if ! uci -q get uhttpd.acme >/dev/null 2>&1; then
|
|
uci set uhttpd.acme=uhttpd
|
|
uci set uhttpd.acme.listen_http="0.0.0.0:$ACME_PORT"
|
|
uci set uhttpd.acme.home="$ACME_WEBROOT"
|
|
uci commit uhttpd
|
|
/etc/init.d/uhttpd restart 2>/dev/null || true
|
|
fi
|
|
|
|
# Ensure uhttpd is listening on ACME port
|
|
if ! netstat -tln 2>/dev/null | grep -q ":$ACME_PORT "; then
|
|
/etc/init.d/uhttpd restart 2>/dev/null || true
|
|
fi
|
|
}
|
|
|
|
start_service() {
|
|
local enabled
|
|
config_load haproxy
|
|
config_get enabled main enabled '0'
|
|
|
|
[ "$enabled" = "1" ] || return 0
|
|
|
|
# Ensure ACME challenge webserver is configured and running
|
|
setup_acme_webserver
|
|
|
|
# Sync ACME certificates to HAProxy format before starting
|
|
/usr/sbin/haproxy-sync-certs 2>/dev/null || true
|
|
|
|
procd_open_instance
|
|
procd_set_param command "$PROG" service-run
|
|
procd_set_param respawn 3600 5 0
|
|
procd_set_param stdout 1
|
|
procd_set_param stderr 1
|
|
procd_set_param pidfile /var/run/haproxy.pid
|
|
procd_close_instance
|
|
}
|
|
|
|
stop_service() {
|
|
"$PROG" service-stop
|
|
}
|
|
|
|
reload_service() {
|
|
"$PROG" reload
|
|
}
|
|
|
|
restart_service() {
|
|
stop
|
|
start
|
|
}
|
|
|
|
service_triggers() {
|
|
procd_add_reload_trigger "haproxy"
|
|
}
|