29 Commits

Author	SHA1	Message	Date
jknapp	2406d9f995	Add 403 status to blocked IP page and reload HAProxy on IP block/unblock ... - Modified /blocked-ip route to return 403 Forbidden status with HTML page - Added HAProxy reload after adding blocked IP to ensure consistency - Added HAProxy reload after removing blocked IP to ensure consistency - Includes error handling for reload failures without breaking the operation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-22 10:06:04 -07:00
jknapp	7869b81f27	CRITICAL FIX: Migrate HAProxy IP blocking from ACL to map files ... **Problem Solved:** - HAProxy ACL 64-word limit caused config parsing failures - "too many words, truncating after word 64" error - Complete service outage when >64 IPs were blocked - Error: "no such ACL : 'is_blocked'" broke all traffic routing **Solution: HAProxy Map Files (v1.6+)** - ✅ Unlimited IP addresses (no word limits) - ✅ Runtime updates without config reloads - ✅ Better performance (hash table vs linear search) - ✅ Safer config management with validation & rollback **Technical Implementation:** **Map File Integration:** - `/etc/haproxy/blocked_ips.map` stores all blocked IPs - `http-request deny status 403 if { src -f /etc/haproxy/blocked_ips.map }` - Runtime updates: `echo "add map #0 IP" | socat stdio /var/run/haproxy.sock` **Safety Features Added:** - `create_backup()` - Automatic config/map backups before changes - `validate_haproxy_config()` - Config validation before applying - `restore_backup()` - Automatic rollback on failures - `reload_haproxy_safely()` - Safe reload with validation pipeline **Runtime Management:** - `update_blocked_ips_map()` - Sync database to map file - `add_ip_to_runtime_map()` - Immediate IP blocking without reload - `remove_ip_from_runtime_map()` - Immediate IP unblocking **New API Endpoints:** - `POST /api/config/reload` - Safe config reload with rollback - `POST /api/blocked-ips/sync` - Sync database to runtime map **Template Changes:** - Replaced ACL method: `acl is_blocked src IP1 IP2...` (64 limit) - With map method: `http-request deny if { src -f blocked_ips.map }` (unlimited) **Backwards Compatibility:** - Existing API endpoints unchanged (GET/POST/DELETE /api/blocked-ips) - Database schema unchanged - Automatic migration on first config generation **Performance Improvements:** - O(1) hash table lookups vs O(n) linear ACL search - No config reloads needed for IP changes - Supports millions of IPs if needed - Memory efficient external file storage **Documentation:** - Complete migration guide in MIGRATION_GUIDE.md - Updated API documentation with new endpoints - Runtime management examples - Troubleshooting guide **Production Safety:** - All changes include automatic backup/restore - Config validation prevents bad deployments - Runtime updates avoid service interruption - Comprehensive error logging and monitoring This fixes the critical production outage caused by ACL word limits while providing a more scalable and performant IP blocking solution. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-22 08:31:17 -07:00
jknapp	ca37a68255	Add IP blocking functionality to HAProxy Manager ... - Add blocked_ips database table to store blocked IP addresses - Implement API endpoints for IP blocking management: - GET /api/blocked-ips: List all blocked IPs - POST /api/blocked-ips: Block an IP address - DELETE /api/blocked-ips: Unblock an IP address - Update HAProxy configuration generation to include blocked IP ACLs - Create blocked IP page template for denied access - Add comprehensive API documentation for WHP integration - Include test script for IP blocking functionality - Update .gitignore with Python patterns - Add CLAUDE.md for codebase documentation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-21 18:32:47 -07:00
jknapp	d4f54aef35	Fix HAProxy crash loop and improve startup resilience ... - Add configuration regeneration before HAProxy startup - Add configuration validation before starting HAProxy - Add automatic configuration regeneration if invalid config detected - Prevent container crashes when HAProxy fails to start - Allow container to continue running even if HAProxy is not available - Add better error handling and logging for startup issues	2025-07-11 19:37:41 -07:00
jknapp	fac6cef0db	Fix HAProxy 2.6 compatibility for default backend ... - Replace http-response set-body (HAProxy 2.8+) with local server approach - Add separate Flask server on port 8080 to serve default page - Update default backend template to use local server instead of inline HTML - Maintain all customization features via environment variables - Fix JavaScript error handling for domains API response	2025-07-11 19:27:42 -07:00
jknapp	27f3f8959b	Add default backend page for unmatched domains ... - Add default backend template (hap_default_backend.tpl) - Add customizable default page HTML template (default_page.html) - Modify generate_config() to include default backend for unmatched domains - Add environment variables for customizing default page content: - HAPROXY_DEFAULT_PAGE_TITLE - HAPROXY_DEFAULT_MAIN_MESSAGE - HAPROXY_DEFAULT_SECONDARY_MESSAGE - Update README with documentation and examples - Ensure backward compatibility with existing configurations - Remove email contact link as requested	2025-07-11 19:10:05 -07:00
jknapp	ef488a253d	Add /api/certificates/request endpoint for programmatic certificate requests, update docs and add test script	2025-07-11 17:14:01 -07:00
jknapp	7b0b4c0476	Major upgrade: API key authentication, certificate renewal/download endpoints, monitoring/alerting scripts, improved logging, and documentation updates. See UPGRADE_SUMMARY.md for details.	2025-07-11 06:24:56 -07:00
jknapp	7550df9890	Fixing reload issue	2025-04-18 16:52:57 -07:00
jknapp	8ae1a6b99f	debug reload	2025-03-09 11:56:18 -07:00
jknapp	9de12c72de	added missing return	2025-03-09 11:11:35 -07:00
jknapp	cb58f1d762	Switch reload from post to get	2025-03-09 11:07:21 -07:00
jknapp	2492eab708	Fix missing '/'	2025-03-09 11:02:20 -07:00
jknapp	64c707317f	Adding reload function and more tweaks for backends	2025-03-09 10:59:03 -07:00
jknapp	9621786175	Adding web interface	2025-03-06 16:51:29 -08:00
jknapp	c5f29374e1	Fix Template Override	2025-02-21 10:17:15 -08:00
jknapp	d944a75fb5	fix backend creation	2025-02-21 08:28:56 -08:00
jknapp	ac40737fd7	Adding template overrides	2025-02-21 08:07:58 -08:00
jknapp	6b28c118de	Adding template overrides	2025-02-21 08:01:16 -08:00
jknapp	c47118729f	add new line at the end of the server block to prevent issue with haproxy reloading	2025-02-21 06:42:30 -08:00
jknapp	ff529be07f	Fix Templates from causing errors with haproxy when added, Fix add notice when haproxy fails check	2025-02-21 06:28:51 -08:00
jknapp	c951103b3b	adding function on start up	2025-02-21 06:00:37 -08:00
jknapp	1df58758b5	Make haproxy start with the script	2025-02-20 17:00:28 -08:00
jknapp	32498f1a04	fix order of acls and backends, put db in volume	2025-02-20 16:26:27 -08:00
jknapp	ff46f0a616	Add regenerate endpoint	2025-02-20 15:40:32 -08:00
jknapp	576666d9da	Fixing order for haproxy config	2025-02-20 15:29:42 -08:00
jknapp	cef684b0a9	register certbot by default	2025-02-20 14:01:53 -08:00
jknapp	305fffba42	haproxy manager	2025-02-20 13:41:38 -08:00
jknapp	9c52edd53a	Not fully working, but saving progress	2025-02-19 07:53:26 -08:00