24 Commits

Author	SHA1	Message	Date
jknapp	15c7f40b2e	Fix bug with haproxy config for blocked address	2025-08-22 09:48:24 -07:00
jknapp	58fa6d8aba	Update blocked IP handling to use custom blocked page with 403 status ... **Template Changes:** - Switch from direct denial to blocked page redirect with 403 status - Blocked IPs now see /blocked-ip page instead of generic 403 denial - Maintains proper 403 HTTP status code for blocked requests **Blocked Page Updates:** - Remove contact support button to prevent misuse - Add clear instructions on how to request unblocking - Provide structured guidance for contacting hosting provider - Maintain professional appearance with helpful information **Benefits:** - Better user experience for legitimate blocks - Clear instructions prevent support confusion - Maintains security while being informative - Professional appearance reflects well on hosting providers 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-22 08:36:57 -07:00
jknapp	7869b81f27	CRITICAL FIX: Migrate HAProxy IP blocking from ACL to map files ... **Problem Solved:** - HAProxy ACL 64-word limit caused config parsing failures - "too many words, truncating after word 64" error - Complete service outage when >64 IPs were blocked - Error: "no such ACL : 'is_blocked'" broke all traffic routing **Solution: HAProxy Map Files (v1.6+)** - ✅ Unlimited IP addresses (no word limits) - ✅ Runtime updates without config reloads - ✅ Better performance (hash table vs linear search) - ✅ Safer config management with validation & rollback **Technical Implementation:** **Map File Integration:** - `/etc/haproxy/blocked_ips.map` stores all blocked IPs - `http-request deny status 403 if { src -f /etc/haproxy/blocked_ips.map }` - Runtime updates: `echo "add map #0 IP" | socat stdio /var/run/haproxy.sock` **Safety Features Added:** - `create_backup()` - Automatic config/map backups before changes - `validate_haproxy_config()` - Config validation before applying - `restore_backup()` - Automatic rollback on failures - `reload_haproxy_safely()` - Safe reload with validation pipeline **Runtime Management:** - `update_blocked_ips_map()` - Sync database to map file - `add_ip_to_runtime_map()` - Immediate IP blocking without reload - `remove_ip_from_runtime_map()` - Immediate IP unblocking **New API Endpoints:** - `POST /api/config/reload` - Safe config reload with rollback - `POST /api/blocked-ips/sync` - Sync database to runtime map **Template Changes:** - Replaced ACL method: `acl is_blocked src IP1 IP2...` (64 limit) - With map method: `http-request deny if { src -f blocked_ips.map }` (unlimited) **Backwards Compatibility:** - Existing API endpoints unchanged (GET/POST/DELETE /api/blocked-ips) - Database schema unchanged - Automatic migration on first config generation **Performance Improvements:** - O(1) hash table lookups vs O(n) linear ACL search - No config reloads needed for IP changes - Supports millions of IPs if needed - Memory efficient external file storage **Documentation:** - Complete migration guide in MIGRATION_GUIDE.md - Updated API documentation with new endpoints - Runtime management examples - Troubleshooting guide **Production Safety:** - All changes include automatic backup/restore - Config validation prevents bad deployments - Runtime updates avoid service interruption - Comprehensive error logging and monitoring This fixes the critical production outage caused by ACL word limits while providing a more scalable and performant IP blocking solution. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-22 08:31:17 -07:00
jknapp	ca37a68255	Add IP blocking functionality to HAProxy Manager ... - Add blocked_ips database table to store blocked IP addresses - Implement API endpoints for IP blocking management: - GET /api/blocked-ips: List all blocked IPs - POST /api/blocked-ips: Block an IP address - DELETE /api/blocked-ips: Unblock an IP address - Update HAProxy configuration generation to include blocked IP ACLs - Create blocked IP page template for denied access - Add comprehensive API documentation for WHP integration - Include test script for IP blocking functionality - Update .gitignore with Python patterns - Add CLAUDE.md for codebase documentation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-21 18:32:47 -07:00
jknapp	a7ce40f600	Fix server configuration templates - add proper newlines between server entries	2025-07-13 01:21:19 -07:00
jknapp	fac6cef0db	Fix HAProxy 2.6 compatibility for default backend ... - Replace http-response set-body (HAProxy 2.8+) with local server approach - Add separate Flask server on port 8080 to serve default page - Update default backend template to use local server instead of inline HTML - Maintain all customization features via environment variables - Fix JavaScript error handling for domains API response	2025-07-11 19:27:42 -07:00
jknapp	27f3f8959b	Add default backend page for unmatched domains ... - Add default backend template (hap_default_backend.tpl) - Add customizable default page HTML template (default_page.html) - Modify generate_config() to include default backend for unmatched domains - Add environment variables for customizing default page content: - HAPROXY_DEFAULT_PAGE_TITLE - HAPROXY_DEFAULT_MAIN_MESSAGE - HAPROXY_DEFAULT_SECONDARY_MESSAGE - Update README with documentation and examples - Ensure backward compatibility with existing configurations - Remove email contact link as requested	2025-07-11 19:10:05 -07:00
jknapp	64c707317f	Adding reload function and more tweaks for backends	2025-03-09 10:59:03 -07:00
jknapp	7e53ba00d8	update again for GET Method	2025-03-07 19:29:20 -08:00
jknapp	2c66b1bf40	fix method to GET instead of POST	2025-03-07 19:13:41 -08:00
jknapp	edaefd9cd1	remove the extra lines at the end of the index	2025-03-07 19:09:51 -08:00
jknapp	d3dd69cc02	Adding config regenerate	2025-03-07 19:06:38 -08:00
jknapp	c27f7fb5e8	Adding httpchk options	2025-03-07 17:19:22 -08:00
jknapp	7b1e8a9536	Fix issue where backend was not getting created	2025-03-06 21:03:08 -08:00
jknapp	6f395fa621	fix issue with existing domains and new domains conflicting	2025-03-06 17:45:02 -08:00
jknapp	94f9223bc7	troubleshoot errors with web interface	2025-03-06 17:14:42 -08:00
jknapp	9621786175	Adding web interface	2025-03-06 16:51:29 -08:00
jknapp	6b28c118de	Adding template overrides	2025-02-21 08:01:16 -08:00
jknapp	ff529be07f	Fix Templates from causing errors with haproxy when added, Fix add notice when haproxy fails check	2025-02-21 06:28:51 -08:00
jknapp	0357a73770	cleanup template	2025-02-20 17:13:25 -08:00
jknapp	673265690a	fix file name error	2025-02-20 16:32:07 -08:00
jknapp	32498f1a04	fix order of acls and backends, put db in volume	2025-02-20 16:26:27 -08:00
jknapp	305fffba42	haproxy manager	2025-02-20 13:41:38 -08:00
jknapp	9c52edd53a	Not fully working, but saving progress	2025-02-19 07:53:26 -08:00