cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Major upgrade: API key authentication, certificate renewal/download endpoints, monitoring/alerting scripts, improved logging, and documentation updates. See UPGRADE_SUMMARY.md for details.
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 43s
Details

Browse Source
This commit is contained in:
jknapp
2025-07-11 06:24:56 -07:00
parent f58dbef3c5
commit 7b0b4c0476
9 changed files with 1338 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
scripts/external-monitoring-example.conf Normal file
View File

@@ -0,0 +1,42 @@
# HAProxy Manager External Monitoring Configuration
# Copy this file to /etc/haproxy-monitor.conf and modify for your environment
# Container configuration
CONTAINER_NAME="haproxy-manager"
CONTAINER_API_URL="http://localhost:8000"
# Log directory (adjust based on your Docker volume setup)
# Common paths:
# - Docker volumes: /var/lib/docker/volumes/haproxy-logs/_data
# - Bind mounts: /path/to/your/logs
# - Docker Desktop (Mac/Windows): May need different path
LOG_DIR="/var/lib/docker/volumes/haproxy-logs/_data"
# API key for certificate status checks
API_KEY="your-secure-api-key-here"
# Alerting configuration
ALERT_EMAIL="admin@yourdomain.com"
WEBHOOK_URL="https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"
# Example crontab entries for external monitoring:
#
# Check container and API health every 5 minutes
# */5 * * * * /path/to/monitor-errors-external.sh health
#
# Check for errors every 30 minutes
# */30 * * * * /path/to/monitor-errors-external.sh errors 30
#
# Check certificates daily at 9 AM
# 0 9 * * * /path/to/monitor-errors-external.sh certs 30
#
# Comprehensive check every hour
# 0 * * * * /path/to/monitor-errors-external.sh all 60 30
# Installation instructions:
# 1. Copy this file to /etc/haproxy-monitor.conf
# 2. Modify the variables above for your environment
# 3. Copy monitor-errors-external.sh to /usr/local/bin/
# 4. Make it executable: chmod +x /usr/local/bin/monitor-errors-external.sh
# 5. Install required packages: apt-get install curl jq
# 6. Set up crontab entries as shown above

224
scripts/monitor-errors-external.sh Executable file
View File

@@ -0,0 +1,224 @@
#!/bin/bash
# HAProxy Manager External Monitoring Script
# This script monitors the HAProxy Manager from outside the container
# Configuration - modify these variables
CONTAINER_NAME="haproxy-manager"
CONTAINER_API_URL="http://localhost:8000"
LOG_DIR="/var/lib/docker/volumes/haproxy-logs/_data" # Adjust path as needed
ERROR_LOG="$LOG_DIR/haproxy-manager-errors.log"
ALERT_EMAIL=""
WEBHOOK_URL=""
API_KEY=""
# Load configuration from file if it exists
CONFIG_FILE="/etc/haproxy-monitor.conf"
if [ -f "$CONFIG_FILE" ]; then
source "$CONFIG_FILE"
fi
# Function to send email alert
send_email_alert() {
local subject="$1"
local message="$2"
if [ -n "$ALERT_EMAIL" ]; then
if command -v mail >/dev/null 2>&1; then
echo "$message" | mail -s "$subject" "$ALERT_EMAIL"
else
echo "Email alert (mail command not available): $subject - $message"
fi
fi
}
# Function to send webhook alert
send_webhook_alert() {
local message="$1"
if [ -n "$WEBHOOK_URL" ]; then
curl -s -X POST "$WEBHOOK_URL" \
-H "Content-Type: application/json" \
-d "{\"text\":\"$message\"}" >/dev/null 2>&1
fi
}
# Function to check if container is running
check_container_status() {
if ! docker ps --format "table {{.Names}}" | grep -q "^${CONTAINER_NAME}$"; then
local alert_message="HAProxy Manager Alert: Container $CONTAINER_NAME is not running!"
send_email_alert "HAProxy Manager Container Down" "$alert_message"
send_webhook_alert "$alert_message"
return 1
fi
return 0
}
# Function to check for recent errors
check_recent_errors() {
local minutes="${1:-60}" # Default to last 60 minutes
if [ ! -f "$ERROR_LOG" ]; then
echo "Error log file not found: $ERROR_LOG"
echo "Container may not be running or log volume not mounted correctly"
return 1
fi
# Get current timestamp minus specified minutes
local cutoff_time=$(date -d "$minutes minutes ago" +%s)
# Check for errors in the last N minutes
local recent_errors=$(awk -v cutoff="$cutoff_time" '
BEGIN { FS="\""; found=0 }
/"timestamp":/ {
# Extract timestamp and convert to epoch
gsub(/[",]/, "", $4)
split($4, parts, "T")
split(parts[1], date_parts, "-")
split(parts[2], time_parts, ":")
timestamp = mktime(date_parts[1] " " date_parts[2] " " date_parts[3] " " time_parts[1] " " time_parts[2] " " time_parts[3])
if (timestamp > cutoff) {
found=1
print $0
}
}
END { exit found ? 0 : 1 }
' "$ERROR_LOG")
if [ $? -eq 0 ]; then
echo "Recent errors found in the last $minutes minutes:"
echo "$recent_errors"
# Send alerts
local alert_message="HAProxy Manager Error Alert: Recent errors detected in the last $minutes minutes. Check $ERROR_LOG for details."
send_email_alert "HAProxy Manager Error Alert" "$alert_message"
send_webhook_alert "$alert_message"
return 1 # Return error status
else
echo "No recent errors found in the last $minutes minutes."
return 0 # Return success status
fi
}
# Function to check certificate expiration via API
check_certificate_expiration() {
local warning_days="${1:-30}" # Default to 30 days warning
if [ -z "$API_KEY" ]; then
echo "No API key configured. Cannot check certificate status."
return 1
fi
# Check if container is running
if ! check_container_status; then
return 1
fi
# Use the API to get certificate status
local cert_status=$(curl -s -H "Authorization: Bearer $API_KEY" "$CONTAINER_API_URL/api/certificates/status")
if [ $? -eq 0 ]; then
# Parse JSON to check for expiring certificates
local expiring_certs=$(echo "$cert_status" | jq -r --arg days "$warning_days" '
.certificates[] |
select(.days_until_expiry != null and .days_until_expiry <= ($days | tonumber)) |
"\(.domain): expires in \(.days_until_expiry) days"
' 2>/dev/null)
if [ -n "$expiring_certs" ]; then
echo "Certificates expiring soon:"
echo "$expiring_certs"
local alert_message="HAProxy Manager Certificate Alert: Certificates expiring soon. $expiring_certs"
send_email_alert "HAProxy Manager Certificate Alert" "$alert_message"
send_webhook_alert "$alert_message"
return 1
else
echo "No certificates expiring within $warning_days days."
return 0
fi
else
echo "Failed to get certificate status from API."
return 1
fi
}
# Function to check API health
check_api_health() {
local health_response=$(curl -s "$CONTAINER_API_URL/health")
if [ $? -eq 0 ]; then
local status=$(echo "$health_response" | jq -r '.status' 2>/dev/null)
if [ "$status" = "healthy" ]; then
echo "API health check passed"
return 0
else
echo "API health check failed: $health_response"
return 1
fi
else
echo "API health check failed: cannot connect to $CONTAINER_API_URL"
return 1
fi
}
# Main script logic
case "${1:-help}" in
"container")
check_container_status
;;
"health")
check_api_health
;;
"errors")
check_recent_errors "${2:-60}"
;;
"certs")
check_certificate_expiration "${2:-30}"
;;
"all")
echo "Checking container status..."
check_container_status
container_status=$?
echo "Checking API health..."
check_api_health
health_status=$?
echo "Checking for recent errors..."
check_recent_errors "${2:-60}"
error_status=$?
echo "Checking certificate expiration..."
check_certificate_expiration "${3:-30}"
cert_status=$?
exit $((container_status + health_status + error_status + cert_status))
;;
"help"|*)
echo "HAProxy Manager External Monitoring Script"
echo ""
echo "Usage: $0 {container|health|errors|certs|all} [minutes] [cert_warning_days]"
echo ""
echo "Commands:"
echo " container Check if container is running"
echo " health Check API health endpoint"
echo " errors [minutes] Check for errors in the last N minutes (default: 60)"
echo " certs [days] Check for certificates expiring within N days (default: 30)"
echo " all [minutes] [days] Check container, health, errors, and certificates"
echo " help Show this help message"
echo ""
echo "Configuration:"
echo " Set variables at the top of this script or create $CONFIG_FILE"
echo " Required variables: CONTAINER_NAME, CONTAINER_API_URL, API_KEY"
echo " Optional variables: ALERT_EMAIL, WEBHOOK_URL, LOG_DIR"
echo ""
echo "Examples:"
echo " $0 container # Check if container is running"
echo " $0 errors 30 # Check for errors in last 30 minutes"
echo " $0 certs 7 # Check for certificates expiring in 7 days"
echo " $0 all 60 14 # Check everything (60 min errors, 14 day certs)"
;;
esac

159
scripts/monitor-errors.sh Executable file
View File

@@ -0,0 +1,159 @@
#!/bin/bash
# HAProxy Manager Error Monitoring Script
# This script monitors the error log and can send alerts
ERROR_LOG="/var/log/haproxy-manager-errors.log"
ALERT_EMAIL=""
WEBHOOK_URL=""
# Function to send email alert
send_email_alert() {
local subject="$1"
local message="$2"
if [ -n "$ALERT_EMAIL" ]; then
echo "$message" | mail -s "$subject" "$ALERT_EMAIL"
fi
}
# Function to send webhook alert
send_webhook_alert() {
local message="$1"
if [ -n "$WEBHOOK_URL" ]; then
curl -X POST "$WEBHOOK_URL" \
-H "Content-Type: application/json" \
-d "{\"text\":\"$message\"}"
fi
}
# Function to check for recent errors
check_recent_errors() {
local minutes="${1:-60}" # Default to last 60 minutes
if [ ! -f "$ERROR_LOG" ]; then
echo "Error log file not found: $ERROR_LOG"
exit 1
fi
# Get current timestamp minus specified minutes
local cutoff_time=$(date -d "$minutes minutes ago" +%s)
# Check for errors in the last N minutes
local recent_errors=$(awk -v cutoff="$cutoff_time" '
BEGIN { FS="\""; found=0 }
/"timestamp":/ {
# Extract timestamp and convert to epoch
gsub(/[",]/, "", $4)
split($4, parts, "T")
split(parts[1], date_parts, "-")
split(parts[2], time_parts, ":")
timestamp = mktime(date_parts[1] " " date_parts[2] " " date_parts[3] " " time_parts[1] " " time_parts[2] " " time_parts[3])
if (timestamp > cutoff) {
found=1
print $0
}
}
END { exit found ? 0 : 1 }
' "$ERROR_LOG")
if [ $? -eq 0 ]; then
echo "Recent errors found in the last $minutes minutes:"
echo "$recent_errors"
# Send alerts
local alert_message="HAProxy Manager Error Alert: Recent errors detected in the last $minutes minutes. Check $ERROR_LOG for details."
send_email_alert "HAProxy Manager Error Alert" "$alert_message"
send_webhook_alert "$alert_message"
return 1 # Return error status
else
echo "No recent errors found in the last $minutes minutes."
return 0 # Return success status
fi
}
# Function to check certificate expiration
check_certificate_expiration() {
local warning_days="${1:-30}" # Default to 30 days warning
# Use the API to get certificate status
local api_key="${HAPROXY_API_KEY:-}"
local base_url="http://localhost:8000"
if [ -n "$api_key" ]; then
local cert_status=$(curl -s -H "Authorization: Bearer $api_key" "$base_url/api/certificates/status")
if [ $? -eq 0 ]; then
# Parse JSON to check for expiring certificates
local expiring_certs=$(echo "$cert_status" | jq -r --arg days "$warning_days" '
.certificates[] |
select(.days_until_expiry != null and .days_until_expiry <= ($days | tonumber)) |
"\(.domain): expires in \(.days_until_expiry) days"
')
if [ -n "$expiring_certs" ]; then
echo "Certificates expiring soon:"
echo "$expiring_certs"
local alert_message="HAProxy Manager Certificate Alert: Certificates expiring soon. $expiring_certs"
send_email_alert "HAProxy Manager Certificate Alert" "$alert_message"
send_webhook_alert "$alert_message"
return 1
else
echo "No certificates expiring within $warning_days days."
return 0
fi
else
echo "Failed to get certificate status from API."
return 1
fi
else
echo "No API key configured. Cannot check certificate status."
return 1
fi
}
# Main script logic
case "${1:-help}" in
"errors")
check_recent_errors "${2:-60}"
;;
"certs")
check_certificate_expiration "${2:-30}"
;;
"all")
echo "Checking for recent errors..."
check_recent_errors "${2:-60}"
error_status=$?
echo "Checking certificate expiration..."
check_certificate_expiration "${3:-30}"
cert_status=$?
exit $((error_status + cert_status))
;;
"help"|*)
echo "HAProxy Manager Monitoring Script"
echo ""
echo "Usage: $0 {errors|certs|all} [minutes] [cert_warning_days]"
echo ""
echo "Commands:"
echo " errors [minutes] Check for errors in the last N minutes (default: 60)"
echo " certs [days] Check for certificates expiring within N days (default: 30)"
echo " all [minutes] [days] Check both errors and certificates"
echo " help Show this help message"
echo ""
echo "Environment variables:"
echo " ALERT_EMAIL Email address for alerts"
echo " WEBHOOK_URL Webhook URL for alerts"
echo " HAPROXY_API_KEY API key for certificate status checks"
echo ""
echo "Examples:"
echo " $0 errors 30 # Check for errors in last 30 minutes"
echo " $0 certs 7 # Check for certificates expiring in 7 days"
echo " $0 all 60 14 # Check both (60 min errors, 14 day certs)"
;;
esac

28
scripts/monitoring-example.conf Normal file
View File

@@ -0,0 +1,28 @@
# HAProxy Manager Monitoring Configuration Example
# Copy this file and modify it for your environment
# Email alerts (requires mailutils to be installed)
ALERT_EMAIL="admin@yourdomain.com"
# Webhook alerts (e.g., Slack, Discord, etc.)
WEBHOOK_URL="https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"
# API key for certificate status checks
HAPROXY_API_KEY="your-secure-api-key-here"
# Monitoring intervals (in minutes)
ERROR_CHECK_INTERVAL=30
CERT_CHECK_INTERVAL=1440 # 24 hours
# Certificate warning threshold (days before expiration)
CERT_WARNING_DAYS=30
# Example crontab entries for monitoring:
# Check for errors every 30 minutes
# */30 * * * * /haproxy/scripts/monitor-errors.sh errors 30
# Check certificates daily
# 0 9 * * * /haproxy/scripts/monitor-errors.sh certs 30
# Check both errors and certificates daily
# 0 9 * * * /haproxy/scripts/monitor-errors.sh all 60 30

161
scripts/test-api.sh Executable file
View File

@@ -0,0 +1,161 @@
#!/bin/bash
# HAProxy Manager API Test Script
# This script tests the new API endpoints
BASE_URL="http://localhost:8000"
API_KEY="${HAPROXY_API_KEY:-}"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Function to print colored output
print_status() {
local status=$1
local message=$2
if [ "$status" = "PASS" ]; then
echo -e "${GREEN}✓ PASS${NC}: $message"
elif [ "$status" = "FAIL" ]; then
echo -e "${RED}✗ FAIL${NC}: $message"
else
echo -e "${YELLOW}? INFO${NC}: $message"
fi
}
# Function to make API request
api_request() {
local method=$1
local endpoint=$2
local data=$3
local headers=""
if [ -n "$API_KEY" ]; then
headers="-H \"Authorization: Bearer $API_KEY\""
fi
if [ -n "$data" ]; then
headers="$headers -H \"Content-Type: application/json\" -d '$data'"
fi
eval "curl -s -w \"%{http_code}\" -o /tmp/api_response.json $headers -X $method $BASE_URL$endpoint"
}
# Test health endpoint (no auth required)
test_health() {
print_status "INFO" "Testing health endpoint..."
local response=$(api_request "GET" "/health")
local status_code=$(echo "$response" | tail -c 4)
if [ "$status_code" = "200" ]; then
print_status "PASS" "Health endpoint working"
else
print_status "FAIL" "Health endpoint failed with status $status_code"
fi
}
# Test domains endpoint
test_domains() {
print_status "INFO" "Testing domains endpoint..."
local response=$(api_request "GET" "/api/domains")
local status_code=$(echo "$response" | tail -c 4)
if [ "$status_code" = "200" ] || [ "$status_code" = "401" ]; then
print_status "PASS" "Domains endpoint responded correctly (status: $status_code)"
else
print_status "FAIL" "Domains endpoint failed with status $status_code"
fi
}
# Test certificate status endpoint
test_cert_status() {
print_status "INFO" "Testing certificate status endpoint..."
local response=$(api_request "GET" "/api/certificates/status")
local status_code=$(echo "$response" | tail -c 4)
if [ "$status_code" = "200" ] || [ "$status_code" = "401" ]; then
print_status "PASS" "Certificate status endpoint responded correctly (status: $status_code)"
else
print_status "FAIL" "Certificate status endpoint failed with status $status_code"
fi
}
# Test certificate renewal endpoint
test_cert_renewal() {
print_status "INFO" "Testing certificate renewal endpoint..."
local response=$(api_request "POST" "/api/certificates/renew")
local status_code=$(echo "$response" | tail -c 4)
if [ "$status_code" = "200" ] || [ "$status_code" = "401" ]; then
print_status "PASS" "Certificate renewal endpoint responded correctly (status: $status_code)"
else
print_status "FAIL" "Certificate renewal endpoint failed with status $status_code"
fi
}
# Test reload endpoint
test_reload() {
print_status "INFO" "Testing HAProxy reload endpoint..."
local response=$(api_request "GET" "/api/reload")
local status_code=$(echo "$response" | tail -c 4)
if [ "$status_code" = "200" ] || [ "$status_code" = "401" ]; then
print_status "PASS" "Reload endpoint responded correctly (status: $status_code)"
else
print_status "FAIL" "Reload endpoint failed with status $status_code"
fi
}
# Test authentication
test_auth() {
if [ -n "$API_KEY" ]; then
print_status "INFO" "API key is configured"
# Test with valid API key
local response=$(api_request "GET" "/api/domains")
local status_code=$(echo "$response" | tail -c 4)
if [ "$status_code" = "200" ]; then
print_status "PASS" "Authentication working with API key"
else
print_status "FAIL" "Authentication failed with API key (status: $status_code)"
fi
else
print_status "INFO" "No API key configured - testing without authentication"
# Test without API key
local response=$(api_request "GET" "/api/domains")
local status_code=$(echo "$response" | tail -c 4)
if [ "$status_code" = "200" ]; then
print_status "PASS" "API accessible without authentication"
else
print_status "FAIL" "API not accessible without authentication (status: $status_code)"
fi
fi
}
# Main test execution
main() {
echo "HAProxy Manager API Test Suite"
echo "=============================="
echo "Base URL: $BASE_URL"
echo "API Key: ${API_KEY:-"Not configured"}"
echo ""
test_health
test_auth
test_domains
test_cert_status
test_cert_renewal
test_reload
echo ""
echo "Test completed. Check /tmp/api_response.json for detailed responses."
}
# Run tests
main "$@"