refactor: remove standalone proxies, add Traefik provider with Docker labels
Standalone proxy removal: - Delete store, API handlers, proxy manager, health monitor, validator, hints - Delete frontend pages (proxies list, create, edit) and components (ProxyCard, ProxyForm, ProxyFilter, ProxyGroup, ValidationChecklist) - Remove proxy routes from router, nav items, dashboard references - Clean up SystemHealthCard to remove proxy section Traefik provider: - Add TraefikProvider implementing proxy.Provider via Docker labels - ContainerLabels() returns traefik.enable, router rule, entrypoints, service port, TLS cert resolver, docker network - ConfigureRoute() returns router name (labels handle routing at container creation) - DeleteRoute() is no-op (container removal auto-deregisters) - Ping() checks Traefik API health (optional) - Wire ContainerLabels into deployer (executeDeploy + blueGreenDeploy) - Add Traefik settings: entrypoint, cert_resolver, network, api_url - Add traefik option to proxy provider selector in settings UI - Show conditional Traefik config fields - Add i18n keys (EN + RU)
This commit is contained in:
@@ -1,184 +0,0 @@
|
||||
package proxy
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/alexei/docker-watcher/internal/events"
|
||||
"github.com/alexei/docker-watcher/internal/store"
|
||||
"github.com/robfig/cron/v3"
|
||||
)
|
||||
|
||||
// HealthMonitor periodically checks the health of all standalone proxies.
|
||||
type HealthMonitor struct {
|
||||
store *store.Store
|
||||
eventBus *events.Bus
|
||||
|
||||
cron *cron.Cron
|
||||
mu sync.Mutex
|
||||
entryID cron.EntryID
|
||||
running bool
|
||||
}
|
||||
|
||||
// NewHealthMonitor creates a new proxy health monitor.
|
||||
func NewHealthMonitor(st *store.Store, eventBus *events.Bus) *HealthMonitor {
|
||||
return &HealthMonitor{
|
||||
store: st,
|
||||
eventBus: eventBus,
|
||||
cron: cron.New(),
|
||||
}
|
||||
}
|
||||
|
||||
// Start begins periodic health checks with the given interval (e.g., "5m", "1m").
|
||||
// If already running, it stops and restarts with the new interval.
|
||||
func (h *HealthMonitor) Start(interval string) error {
|
||||
h.mu.Lock()
|
||||
defer h.mu.Unlock()
|
||||
|
||||
duration, err := time.ParseDuration(interval)
|
||||
if err != nil {
|
||||
return fmt.Errorf("parse health check interval %q: %w", interval, err)
|
||||
}
|
||||
|
||||
if h.running {
|
||||
h.cron.Remove(h.entryID)
|
||||
}
|
||||
|
||||
spec := fmt.Sprintf("@every %s", duration.String())
|
||||
entryID, err := h.cron.AddFunc(spec, func() {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
|
||||
defer cancel()
|
||||
if checkErr := h.CheckAll(ctx); checkErr != nil {
|
||||
slog.Warn("proxy health monitor: check error", "error", checkErr)
|
||||
}
|
||||
})
|
||||
if err != nil {
|
||||
return fmt.Errorf("schedule proxy health monitor: %w", err)
|
||||
}
|
||||
|
||||
h.entryID = entryID
|
||||
if !h.running {
|
||||
h.cron.Start()
|
||||
}
|
||||
h.running = true
|
||||
|
||||
slog.Info("proxy health monitor started", "interval", duration.String())
|
||||
return nil
|
||||
}
|
||||
|
||||
// Stop gracefully shuts down the health monitor.
|
||||
func (h *HealthMonitor) Stop() {
|
||||
h.mu.Lock()
|
||||
defer h.mu.Unlock()
|
||||
|
||||
if h.running {
|
||||
ctx := h.cron.Stop()
|
||||
<-ctx.Done()
|
||||
h.running = false
|
||||
slog.Info("proxy health monitor stopped")
|
||||
}
|
||||
}
|
||||
|
||||
// CheckAll performs a single health check cycle for all standalone proxies.
|
||||
func (h *HealthMonitor) CheckAll(ctx context.Context) error {
|
||||
proxies, err := h.store.ListStandaloneProxies()
|
||||
if err != nil {
|
||||
return fmt.Errorf("list standalone proxies: %w", err)
|
||||
}
|
||||
|
||||
for _, proxy := range proxies {
|
||||
newStatus := checkProxyHealth(ctx, proxy.DestinationURL, proxy.DestinationPort)
|
||||
oldStatus := proxy.HealthStatus
|
||||
|
||||
if err := h.store.UpdateProxyHealth(proxy.ID, newStatus); err != nil {
|
||||
slog.Warn("proxy health monitor: failed to update health",
|
||||
"proxy_id", proxy.ID, "error", err)
|
||||
continue
|
||||
}
|
||||
|
||||
// Emit event on status change.
|
||||
if oldStatus != newStatus && oldStatus != "unknown" {
|
||||
h.emitHealthEvent(proxy, oldStatus, newStatus)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// checkProxyHealth performs an HTTP GET to the destination and returns the health status.
|
||||
func checkProxyHealth(ctx context.Context, host string, port int) string {
|
||||
target := fmt.Sprintf("http://%s:%d/", host, port)
|
||||
|
||||
reqCtx, cancel := context.WithTimeout(ctx, 10*time.Second)
|
||||
defer cancel()
|
||||
|
||||
req, err := http.NewRequestWithContext(reqCtx, http.MethodGet, target, nil)
|
||||
if err != nil {
|
||||
return "unhealthy"
|
||||
}
|
||||
|
||||
client := &http.Client{
|
||||
Timeout: 10 * time.Second,
|
||||
CheckRedirect: func(*http.Request, []*http.Request) error {
|
||||
return http.ErrUseLastResponse
|
||||
},
|
||||
}
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
return "unhealthy"
|
||||
}
|
||||
resp.Body.Close()
|
||||
|
||||
if resp.StatusCode >= 500 {
|
||||
return "unhealthy"
|
||||
}
|
||||
|
||||
return "healthy"
|
||||
}
|
||||
|
||||
// emitHealthEvent persists and publishes a health status change event.
|
||||
func (h *HealthMonitor) emitHealthEvent(proxy store.StandaloneProxy, oldStatus, newStatus string) {
|
||||
severity := "info"
|
||||
if newStatus == "unhealthy" {
|
||||
severity = "warn"
|
||||
}
|
||||
|
||||
msg := fmt.Sprintf("Proxy %s (%s) health changed: %s -> %s",
|
||||
proxy.Domain, proxy.ID, oldStatus, newStatus)
|
||||
|
||||
metadata, _ := json.Marshal(map[string]any{
|
||||
"proxy_id": proxy.ID,
|
||||
"domain": proxy.Domain,
|
||||
"old_status": oldStatus,
|
||||
"new_status": newStatus,
|
||||
})
|
||||
|
||||
evt, err := h.store.InsertEvent(store.EventLog{
|
||||
Source: "proxy_health",
|
||||
Severity: severity,
|
||||
Message: msg,
|
||||
Metadata: string(metadata),
|
||||
})
|
||||
if err != nil {
|
||||
slog.Error("proxy health monitor: failed to persist event", "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
h.eventBus.Publish(events.Event{
|
||||
Type: events.EventLog,
|
||||
Payload: events.EventLogPayload{
|
||||
ID: evt.ID,
|
||||
Source: "proxy_health",
|
||||
Severity: severity,
|
||||
Message: msg,
|
||||
Metadata: string(metadata),
|
||||
CreatedAt: evt.CreatedAt,
|
||||
},
|
||||
})
|
||||
}
|
||||
@@ -1,74 +0,0 @@
|
||||
package proxy
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// diagnosticHint returns a user-friendly suggestion for a validation failure.
|
||||
func diagnosticHint(step string, err error) string {
|
||||
if err == nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
switch step {
|
||||
case StepDNS:
|
||||
return "Domain cannot be resolved. Check DNS settings or use an IP address."
|
||||
|
||||
case StepTCP:
|
||||
return tcpHintFromError(err)
|
||||
|
||||
case StepHTTP:
|
||||
return httpHint(err.Error())
|
||||
|
||||
default:
|
||||
return "Validation failed: " + err.Error()
|
||||
}
|
||||
}
|
||||
|
||||
// tcpHintFromError returns a specific hint based on the TCP error type.
|
||||
func tcpHintFromError(err error) string {
|
||||
if err == nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
var opErr *net.OpError
|
||||
if errors.As(err, &opErr) {
|
||||
lower := strings.ToLower(opErr.Err.Error())
|
||||
switch {
|
||||
case strings.Contains(lower, "connection refused"):
|
||||
return "Port is not accepting connections. Check if the service is running and the port is correct."
|
||||
case strings.Contains(lower, "i/o timeout") || strings.Contains(lower, "timeout"):
|
||||
return "Connection timed out. Possible firewall blocking. Check network/firewall rules."
|
||||
case strings.Contains(lower, "no route to host") || strings.Contains(lower, "host is unreachable"):
|
||||
return "Host is not reachable. Verify the IP address and network connectivity."
|
||||
}
|
||||
}
|
||||
|
||||
msg := err.Error()
|
||||
lower := strings.ToLower(msg)
|
||||
switch {
|
||||
case strings.Contains(lower, "connection refused"):
|
||||
return "Port is not accepting connections. Check if the service is running and the port is correct."
|
||||
case strings.Contains(lower, "timeout"):
|
||||
return "Connection timed out. Possible firewall blocking. Check network/firewall rules."
|
||||
default:
|
||||
return fmt.Sprintf("TCP connection failed: %s", msg)
|
||||
}
|
||||
}
|
||||
|
||||
// httpHint returns a specific hint based on the HTTP probe result.
|
||||
func httpHint(msg string) string {
|
||||
lower := strings.ToLower(msg)
|
||||
|
||||
switch {
|
||||
case strings.Contains(lower, "status"):
|
||||
return msg // Already formatted by the caller with the status code.
|
||||
case strings.Contains(lower, "timeout"):
|
||||
return "HTTP health probe timed out. The service may be slow or unresponsive."
|
||||
default:
|
||||
return "HTTP health probe failed: " + msg
|
||||
}
|
||||
}
|
||||
@@ -1,370 +0,0 @@
|
||||
package proxy
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"sync"
|
||||
|
||||
"github.com/alexei/docker-watcher/internal/dns"
|
||||
"github.com/alexei/docker-watcher/internal/store"
|
||||
)
|
||||
|
||||
// Manager handles the lifecycle of standalone proxy hosts.
|
||||
type Manager struct {
|
||||
store *store.Store
|
||||
provider Provider
|
||||
dnsMu sync.RWMutex
|
||||
dns dns.Provider // nil when wildcard DNS is active
|
||||
}
|
||||
|
||||
// NewManager creates a new proxy manager.
|
||||
func NewManager(st *store.Store, provider Provider) *Manager {
|
||||
return &Manager{
|
||||
store: st,
|
||||
provider: provider,
|
||||
}
|
||||
}
|
||||
|
||||
// SetDNSProvider sets the DNS provider for managing DNS records.
|
||||
func (m *Manager) SetDNSProvider(provider dns.Provider) {
|
||||
m.dnsMu.Lock()
|
||||
defer m.dnsMu.Unlock()
|
||||
m.dns = provider
|
||||
}
|
||||
|
||||
// getDNS returns the current DNS provider under read lock.
|
||||
func (m *Manager) getDNS() dns.Provider {
|
||||
m.dnsMu.RLock()
|
||||
defer m.dnsMu.RUnlock()
|
||||
return m.dns
|
||||
}
|
||||
|
||||
// CreateProxyRequest is the input for creating a standalone proxy.
|
||||
type CreateProxyRequest struct {
|
||||
Domain string `json:"domain"`
|
||||
DestinationURL string `json:"destination_url"`
|
||||
DestinationPort int `json:"destination_port"`
|
||||
}
|
||||
|
||||
// UpdateProxyRequest is the input for updating a standalone proxy.
|
||||
type UpdateProxyRequest struct {
|
||||
Domain string `json:"domain"`
|
||||
DestinationURL string `json:"destination_url"`
|
||||
DestinationPort int `json:"destination_port"`
|
||||
}
|
||||
|
||||
// ProxyView is a unified view of both standalone and deploy-managed proxies.
|
||||
type ProxyView struct {
|
||||
ID string `json:"id"`
|
||||
Domain string `json:"domain"`
|
||||
Destination string `json:"destination"`
|
||||
Type string `json:"type"` // "standalone" or "managed"
|
||||
ProjectName string `json:"project_name,omitempty"`
|
||||
StageName string `json:"stage_name,omitempty"`
|
||||
HealthStatus string `json:"health_status"`
|
||||
SSLEnabled bool `json:"ssl_enabled"`
|
||||
NpmProxyID int `json:"npm_proxy_id"`
|
||||
CreatedAt string `json:"created_at"`
|
||||
}
|
||||
|
||||
// CreateProxy validates the destination, creates a proxy route via the provider, and saves to the store.
|
||||
func (m *Manager) CreateProxy(ctx context.Context, req CreateProxyRequest) (store.StandaloneProxy, error) {
|
||||
// Validate destination.
|
||||
result := ValidateDestination(ctx, req.DestinationURL, req.DestinationPort)
|
||||
if !result.Valid {
|
||||
return store.StandaloneProxy{}, fmt.Errorf("destination validation failed: %s", lastFailedStep(result))
|
||||
}
|
||||
|
||||
// Load settings for SSL certificate and domain.
|
||||
settings, err := m.store.GetSettings()
|
||||
if err != nil {
|
||||
return store.StandaloneProxy{}, fmt.Errorf("get settings: %w", err)
|
||||
}
|
||||
|
||||
// Create proxy route via provider.
|
||||
routeID, err := m.provider.ConfigureRoute(ctx, req.Domain, req.DestinationURL, req.DestinationPort, RouteOptions{
|
||||
SSLCertificateID: settings.SSLCertificateID,
|
||||
})
|
||||
if err != nil {
|
||||
return store.StandaloneProxy{}, fmt.Errorf("create proxy route: %w", err)
|
||||
}
|
||||
|
||||
slog.Info("created proxy route for standalone proxy",
|
||||
"domain", req.Domain, "route_id", routeID, "provider", m.provider.Name())
|
||||
|
||||
// Save to store.
|
||||
proxy, err := m.store.CreateStandaloneProxy(store.StandaloneProxy{
|
||||
Domain: req.Domain,
|
||||
DestinationURL: req.DestinationURL,
|
||||
DestinationPort: req.DestinationPort,
|
||||
SSLCertificateID: settings.SSLCertificateID,
|
||||
HealthStatus: "unknown",
|
||||
})
|
||||
if err != nil {
|
||||
// Best effort: clean up the proxy route if store insert fails.
|
||||
if delErr := m.provider.DeleteRoute(ctx, routeID); delErr != nil {
|
||||
slog.Error("failed to clean up proxy route after store error",
|
||||
"route_id", routeID, "error", delErr)
|
||||
}
|
||||
return store.StandaloneProxy{}, fmt.Errorf("save standalone proxy: %w", err)
|
||||
}
|
||||
|
||||
// Create DNS record after successful store save.
|
||||
m.ensureDNS(ctx, req.Domain, proxy.ID)
|
||||
|
||||
return proxy, nil
|
||||
}
|
||||
|
||||
// UpdateProxy re-validates the destination, updates the proxy route via the provider, and updates the store.
|
||||
func (m *Manager) UpdateProxy(ctx context.Context, id string, req UpdateProxyRequest) (store.StandaloneProxy, error) {
|
||||
existing, err := m.store.GetStandaloneProxy(id)
|
||||
if err != nil {
|
||||
return store.StandaloneProxy{}, fmt.Errorf("get proxy: %w", err)
|
||||
}
|
||||
|
||||
// Validate new destination.
|
||||
result := ValidateDestination(ctx, req.DestinationURL, req.DestinationPort)
|
||||
if !result.Valid {
|
||||
return store.StandaloneProxy{}, fmt.Errorf("destination validation failed: %s", lastFailedStep(result))
|
||||
}
|
||||
|
||||
// Load settings for SSL certificate.
|
||||
settings, err := m.store.GetSettings()
|
||||
if err != nil {
|
||||
return store.StandaloneProxy{}, fmt.Errorf("get settings: %w", err)
|
||||
}
|
||||
|
||||
// Update proxy route via provider (ConfigureRoute handles create-or-update).
|
||||
if _, err := m.provider.ConfigureRoute(ctx, req.Domain, req.DestinationURL, req.DestinationPort, RouteOptions{
|
||||
SSLCertificateID: settings.SSLCertificateID,
|
||||
}); err != nil {
|
||||
return store.StandaloneProxy{}, fmt.Errorf("update proxy route: %w", err)
|
||||
}
|
||||
|
||||
// Update store.
|
||||
updated := existing
|
||||
updated.Domain = req.Domain
|
||||
updated.DestinationURL = req.DestinationURL
|
||||
updated.DestinationPort = req.DestinationPort
|
||||
updated.SSLCertificateID = settings.SSLCertificateID
|
||||
|
||||
if err := m.store.UpdateStandaloneProxy(updated); err != nil {
|
||||
return store.StandaloneProxy{}, fmt.Errorf("update standalone proxy: %w", err)
|
||||
}
|
||||
|
||||
// Update DNS records if domain changed.
|
||||
if existing.Domain != req.Domain {
|
||||
m.removeDNS(ctx, existing.Domain)
|
||||
m.ensureDNS(ctx, req.Domain, id)
|
||||
}
|
||||
|
||||
// Re-read from store to get updated timestamps.
|
||||
return m.store.GetStandaloneProxy(id)
|
||||
}
|
||||
|
||||
// DeleteProxy removes the proxy route via the provider and deletes from the store.
|
||||
func (m *Manager) DeleteProxy(ctx context.Context, id string) error {
|
||||
p, err := m.store.GetStandaloneProxy(id)
|
||||
if err != nil {
|
||||
return fmt.Errorf("get proxy: %w", err)
|
||||
}
|
||||
|
||||
// Delete proxy route via provider using the NpmProxyID as a string route ID.
|
||||
if p.NpmProxyID > 0 {
|
||||
routeID := fmt.Sprintf("%d", p.NpmProxyID)
|
||||
if err := m.provider.DeleteRoute(ctx, routeID); err != nil {
|
||||
slog.Warn("failed to delete proxy route (continuing with store deletion)",
|
||||
"route_id", routeID, "error", err)
|
||||
}
|
||||
}
|
||||
|
||||
// Remove DNS record.
|
||||
m.removeDNS(ctx, p.Domain)
|
||||
|
||||
if err := m.store.DeleteStandaloneProxy(id); err != nil {
|
||||
return fmt.Errorf("delete standalone proxy: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetProxy returns a single standalone proxy by ID.
|
||||
func (m *Manager) GetProxy(id string) (store.StandaloneProxy, error) {
|
||||
proxy, err := m.store.GetStandaloneProxy(id)
|
||||
if err != nil {
|
||||
return store.StandaloneProxy{}, fmt.Errorf("get proxy: %w", err)
|
||||
}
|
||||
return proxy, nil
|
||||
}
|
||||
|
||||
// ListProxies returns all standalone proxies.
|
||||
func (m *Manager) ListProxies() ([]store.StandaloneProxy, error) {
|
||||
proxies, err := m.store.ListStandaloneProxies()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("list proxies: %w", err)
|
||||
}
|
||||
return proxies, nil
|
||||
}
|
||||
|
||||
// ListAllProxies returns a merged view of standalone and deploy-managed proxies.
|
||||
func (m *Manager) ListAllProxies() ([]ProxyView, error) {
|
||||
views := []ProxyView{}
|
||||
|
||||
// Standalone proxies.
|
||||
standalones, err := m.store.ListStandaloneProxies()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("list standalone proxies: %w", err)
|
||||
}
|
||||
|
||||
for _, p := range standalones {
|
||||
views = append(views, ProxyView{
|
||||
ID: p.ID,
|
||||
Domain: p.Domain,
|
||||
Destination: fmt.Sprintf("%s:%d", p.DestinationURL, p.DestinationPort),
|
||||
Type: "standalone",
|
||||
HealthStatus: p.HealthStatus,
|
||||
SSLEnabled: p.SSLCertificateID > 0,
|
||||
NpmProxyID: p.NpmProxyID,
|
||||
CreatedAt: p.CreatedAt,
|
||||
})
|
||||
}
|
||||
|
||||
// Deploy-managed proxies: instances with a proxy route configured.
|
||||
instances, err := m.store.ListAllInstances()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("list instances: %w", err)
|
||||
}
|
||||
|
||||
// Pre-load project and stage names to avoid N+1 queries.
|
||||
allProjects, _ := m.store.GetAllProjects()
|
||||
projectNames := make(map[string]string, len(allProjects))
|
||||
for _, p := range allProjects {
|
||||
projectNames[p.ID] = p.Name
|
||||
}
|
||||
stageNames := make(map[string]string)
|
||||
for _, p := range allProjects {
|
||||
stages, _ := m.store.GetStagesByProjectID(p.ID)
|
||||
for _, s := range stages {
|
||||
stageNames[s.ID] = s.Name
|
||||
}
|
||||
}
|
||||
|
||||
for _, inst := range instances {
|
||||
if inst.ProxyRouteID == "" && inst.NpmProxyID <= 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
projectName := projectNames[inst.ProjectID]
|
||||
if projectName == "" {
|
||||
projectName = inst.ProjectID
|
||||
}
|
||||
stageName := stageNames[inst.StageID]
|
||||
if stageName == "" {
|
||||
stageName = inst.StageID
|
||||
}
|
||||
|
||||
cid := inst.ContainerID
|
||||
if len(cid) > 12 {
|
||||
cid = cid[:12]
|
||||
}
|
||||
destination := fmt.Sprintf("%s:%d", cid, inst.Port)
|
||||
if inst.Subdomain != "" {
|
||||
destination = fmt.Sprintf("%s:%d", inst.Subdomain, inst.Port)
|
||||
}
|
||||
|
||||
healthStatus := "unknown"
|
||||
if inst.Status == "running" {
|
||||
healthStatus = "healthy"
|
||||
} else if inst.Status == "stopped" || inst.Status == "failed" {
|
||||
healthStatus = "unhealthy"
|
||||
}
|
||||
|
||||
views = append(views, ProxyView{
|
||||
ID: inst.ID,
|
||||
Domain: inst.Subdomain,
|
||||
Destination: destination,
|
||||
Type: "managed",
|
||||
ProjectName: projectName,
|
||||
StageName: stageName,
|
||||
HealthStatus: healthStatus,
|
||||
SSLEnabled: true, // managed proxies always get SSL from settings
|
||||
NpmProxyID: inst.NpmProxyID,
|
||||
CreatedAt: inst.CreatedAt,
|
||||
})
|
||||
}
|
||||
|
||||
return views, nil
|
||||
}
|
||||
|
||||
// ensureDNS creates or updates a DNS record for a standalone proxy domain. Best-effort.
|
||||
func (m *Manager) ensureDNS(ctx context.Context, domain, proxyID string) {
|
||||
dnsProvider := m.getDNS()
|
||||
if dnsProvider == nil {
|
||||
return
|
||||
}
|
||||
settings, err := m.store.GetSettings()
|
||||
if err != nil {
|
||||
slog.Warn("dns: get settings for server IP", "error", err)
|
||||
return
|
||||
}
|
||||
if settings.ServerIP == "" {
|
||||
slog.Warn("dns: server IP not configured, skipping DNS record creation", "domain", domain)
|
||||
return
|
||||
}
|
||||
|
||||
recordID, err := dnsProvider.EnsureRecord(ctx, domain, settings.ServerIP)
|
||||
if err != nil {
|
||||
slog.Warn("dns: failed to create/update record for standalone proxy", "domain", domain, "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := m.store.CreateDNSRecord(store.DNSRecord{
|
||||
FQDN: domain,
|
||||
ProviderRecordID: recordID,
|
||||
ConsumerType: "standalone",
|
||||
ConsumerID: proxyID,
|
||||
}); err != nil {
|
||||
// May already exist — try updating.
|
||||
if updateErr := m.store.UpdateDNSRecordProviderID(domain, recordID); updateErr != nil {
|
||||
slog.Warn("dns: failed to track record", "domain", domain, "error", updateErr)
|
||||
}
|
||||
}
|
||||
slog.Info("dns: record ensured for standalone proxy", "domain", domain)
|
||||
}
|
||||
|
||||
// removeDNS deletes a DNS record for a standalone proxy domain. Best-effort.
|
||||
func (m *Manager) removeDNS(ctx context.Context, domain string) {
|
||||
dnsProvider := m.getDNS()
|
||||
if dnsProvider == nil {
|
||||
return
|
||||
}
|
||||
if err := dnsProvider.DeleteRecord(ctx, domain); err != nil {
|
||||
slog.Warn("dns: failed to delete record for standalone proxy", "domain", domain, "error", err)
|
||||
return
|
||||
}
|
||||
if err := m.store.DeleteDNSRecord(domain); err != nil {
|
||||
slog.Warn("dns: failed to remove tracking record", "domain", domain, "error", err)
|
||||
}
|
||||
slog.Info("dns: record deleted for standalone proxy", "domain", domain)
|
||||
}
|
||||
|
||||
// lastFailedStep returns the message of the last failed validation step.
|
||||
func lastFailedStep(result ValidationResult) string {
|
||||
for _, step := range result.Steps {
|
||||
if !step.Passed {
|
||||
msg := step.Message
|
||||
if step.Hint != "" {
|
||||
msg += " — " + step.Hint
|
||||
}
|
||||
return msg
|
||||
}
|
||||
}
|
||||
return "unknown validation failure"
|
||||
}
|
||||
|
||||
// IsNotFound checks if an error wraps store.ErrNotFound.
|
||||
func IsNotFound(err error) bool {
|
||||
return errors.Is(err, store.ErrNotFound)
|
||||
}
|
||||
@@ -0,0 +1,93 @@
|
||||
package proxy
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// TraefikProvider manages proxy routes via Docker labels.
|
||||
// Traefik auto-discovers containers with the appropriate labels.
|
||||
type TraefikProvider struct {
|
||||
entrypoint string
|
||||
certResolver string
|
||||
network string // Docker network for traefik.docker.network label
|
||||
apiURL string // Traefik API URL for health checks (optional)
|
||||
httpClient *http.Client
|
||||
}
|
||||
|
||||
// NewTraefikProvider creates a Traefik-backed proxy provider.
|
||||
func NewTraefikProvider(entrypoint, certResolver, network, apiURL string) *TraefikProvider {
|
||||
if entrypoint == "" {
|
||||
entrypoint = "websecure"
|
||||
}
|
||||
return &TraefikProvider{
|
||||
entrypoint: entrypoint,
|
||||
certResolver: certResolver,
|
||||
network: network,
|
||||
apiURL: strings.TrimRight(apiURL, "/"),
|
||||
httpClient: &http.Client{Timeout: 5 * time.Second},
|
||||
}
|
||||
}
|
||||
|
||||
func (t *TraefikProvider) Name() string { return "traefik" }
|
||||
|
||||
// ConfigureRoute for Traefik is a no-op for deploy-managed containers.
|
||||
// Labels are set at container creation time via ContainerLabels().
|
||||
// Returns a route ID for tracking.
|
||||
func (t *TraefikProvider) ConfigureRoute(_ context.Context, domain, _ string, _ int, _ RouteOptions) (string, error) {
|
||||
routerName := sanitizeDomain(domain)
|
||||
return routerName, nil
|
||||
}
|
||||
|
||||
// DeleteRoute for Traefik is a no-op — removing the container removes the labels,
|
||||
// and Traefik automatically de-registers the route.
|
||||
func (t *TraefikProvider) DeleteRoute(_ context.Context, _ string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// ContainerLabels returns Docker labels for Traefik auto-discovery.
|
||||
func (t *TraefikProvider) ContainerLabels(domain string, port int) map[string]string {
|
||||
name := sanitizeDomain(domain)
|
||||
labels := map[string]string{
|
||||
"traefik.enable": "true",
|
||||
fmt.Sprintf("traefik.http.routers.%s.rule", name): fmt.Sprintf("Host(`%s`)", domain),
|
||||
fmt.Sprintf("traefik.http.routers.%s.entrypoints", name): t.entrypoint,
|
||||
fmt.Sprintf("traefik.http.services.%s.loadbalancer.server.port", name): fmt.Sprintf("%d", port),
|
||||
}
|
||||
if t.certResolver != "" {
|
||||
labels[fmt.Sprintf("traefik.http.routers.%s.tls.certresolver", name)] = t.certResolver
|
||||
}
|
||||
if t.network != "" {
|
||||
labels["traefik.docker.network"] = t.network
|
||||
}
|
||||
return labels
|
||||
}
|
||||
|
||||
// Ping checks Traefik API connectivity if a URL is configured.
|
||||
func (t *TraefikProvider) Ping(ctx context.Context) error {
|
||||
if t.apiURL == "" {
|
||||
return nil // No API URL configured, skip health check.
|
||||
}
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, t.apiURL+"/api/overview", nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("create traefik ping request: %w", err)
|
||||
}
|
||||
resp, err := t.httpClient.Do(req)
|
||||
if err != nil {
|
||||
return fmt.Errorf("traefik ping: %w", err)
|
||||
}
|
||||
resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return fmt.Errorf("traefik api returned status %d", resp.StatusCode)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// sanitizeDomain converts a domain to a safe Traefik router name.
|
||||
func sanitizeDomain(domain string) string {
|
||||
r := strings.NewReplacer(".", "-", ":", "-", "*", "wildcard")
|
||||
return r.Replace(strings.ToLower(domain))
|
||||
}
|
||||
@@ -1,224 +0,0 @@
|
||||
package proxy
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Validation step names.
|
||||
const (
|
||||
StepSyntax = "syntax"
|
||||
StepDNS = "dns"
|
||||
StepTCP = "tcp"
|
||||
StepHTTP = "http"
|
||||
)
|
||||
|
||||
// ValidationStep holds the result of a single validation check.
|
||||
type ValidationStep struct {
|
||||
Name string `json:"name"`
|
||||
Passed bool `json:"passed"`
|
||||
Message string `json:"message,omitempty"`
|
||||
Hint string `json:"hint,omitempty"`
|
||||
}
|
||||
|
||||
// ValidationResult holds the aggregate result of the validation pipeline.
|
||||
type ValidationResult struct {
|
||||
Valid bool `json:"valid"`
|
||||
Steps []ValidationStep `json:"steps"`
|
||||
}
|
||||
|
||||
// ValidateDestination runs the multi-step validation pipeline against the given
|
||||
// destination host and port. It checks syntax, DNS, TCP reachability, and HTTP health.
|
||||
// The pipeline short-circuits on failure: later steps are skipped if an earlier one fails.
|
||||
func ValidateDestination(ctx context.Context, host string, port int) ValidationResult {
|
||||
result := ValidationResult{Valid: true}
|
||||
|
||||
// Step 1: Syntax validation.
|
||||
if step, ok := validateSyntax(host, port); !ok {
|
||||
result.Valid = false
|
||||
result.Steps = append(result.Steps, step)
|
||||
return result
|
||||
} else {
|
||||
result.Steps = append(result.Steps, step)
|
||||
}
|
||||
|
||||
// Step 2: DNS resolution (skip for IP addresses).
|
||||
ip := net.ParseIP(host)
|
||||
if ip == nil {
|
||||
if step, ok := validateDNS(ctx, host); !ok {
|
||||
result.Valid = false
|
||||
result.Steps = append(result.Steps, step)
|
||||
return result
|
||||
} else {
|
||||
result.Steps = append(result.Steps, step)
|
||||
}
|
||||
} else {
|
||||
result.Steps = append(result.Steps, ValidationStep{
|
||||
Name: StepDNS,
|
||||
Passed: true,
|
||||
Message: "Skipped (IP address provided)",
|
||||
})
|
||||
}
|
||||
|
||||
// Step 3: TCP port reachability.
|
||||
if step, ok := validateTCP(ctx, host, port); !ok {
|
||||
result.Valid = false
|
||||
result.Steps = append(result.Steps, step)
|
||||
return result
|
||||
} else {
|
||||
result.Steps = append(result.Steps, step)
|
||||
}
|
||||
|
||||
// Step 4: HTTP health probe.
|
||||
step := validateHTTP(ctx, host, port)
|
||||
result.Steps = append(result.Steps, step)
|
||||
if !step.Passed {
|
||||
result.Valid = false
|
||||
}
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
// validateSyntax checks that the host and port values are syntactically valid.
|
||||
func validateSyntax(host string, port int) (ValidationStep, bool) {
|
||||
if host == "" {
|
||||
return ValidationStep{
|
||||
Name: StepSyntax,
|
||||
Passed: false,
|
||||
Message: "Host is empty",
|
||||
Hint: "Provide a valid hostname or IP address.",
|
||||
}, false
|
||||
}
|
||||
|
||||
if port < 1 || port > 65535 {
|
||||
return ValidationStep{
|
||||
Name: StepSyntax,
|
||||
Passed: false,
|
||||
Message: fmt.Sprintf("Port %d is out of range (1-65535)", port),
|
||||
Hint: "Provide a valid port number between 1 and 65535.",
|
||||
}, false
|
||||
}
|
||||
|
||||
// Reject obviously invalid hostnames (but allow IPs).
|
||||
if net.ParseIP(host) == nil {
|
||||
// Basic hostname validation: must not contain spaces or schemes.
|
||||
if _, err := url.Parse("http://" + host); err != nil {
|
||||
return ValidationStep{
|
||||
Name: StepSyntax,
|
||||
Passed: false,
|
||||
Message: "Invalid hostname: " + err.Error(),
|
||||
Hint: "Provide a valid hostname without scheme (e.g., 'example.com' not 'http://example.com').",
|
||||
}, false
|
||||
}
|
||||
}
|
||||
|
||||
return ValidationStep{
|
||||
Name: StepSyntax,
|
||||
Passed: true,
|
||||
Message: fmt.Sprintf("Host %q port %d syntax OK", host, port),
|
||||
}, true
|
||||
}
|
||||
|
||||
// validateDNS performs a DNS lookup on the given host.
|
||||
func validateDNS(ctx context.Context, host string) (ValidationStep, bool) {
|
||||
resolver := net.DefaultResolver
|
||||
addrs, err := resolver.LookupHost(ctx, host)
|
||||
if err != nil {
|
||||
return ValidationStep{
|
||||
Name: StepDNS,
|
||||
Passed: false,
|
||||
Message: fmt.Sprintf("DNS resolution failed for %q: %s", host, err.Error()),
|
||||
Hint: diagnosticHint(StepDNS, err),
|
||||
}, false
|
||||
}
|
||||
|
||||
return ValidationStep{
|
||||
Name: StepDNS,
|
||||
Passed: true,
|
||||
Message: fmt.Sprintf("Resolved to %v", addrs),
|
||||
}, true
|
||||
}
|
||||
|
||||
// validateTCP attempts a TCP connection to host:port with a 5-second timeout.
|
||||
func validateTCP(ctx context.Context, host string, port int) (ValidationStep, bool) {
|
||||
addr := net.JoinHostPort(host, strconv.Itoa(port))
|
||||
|
||||
dialCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
|
||||
defer cancel()
|
||||
|
||||
var d net.Dialer
|
||||
conn, err := d.DialContext(dialCtx, "tcp", addr)
|
||||
if err != nil {
|
||||
return ValidationStep{
|
||||
Name: StepTCP,
|
||||
Passed: false,
|
||||
Message: fmt.Sprintf("TCP connect to %s failed: %s", addr, err.Error()),
|
||||
Hint: diagnosticHint(StepTCP, err),
|
||||
}, false
|
||||
}
|
||||
conn.Close()
|
||||
|
||||
return ValidationStep{
|
||||
Name: StepTCP,
|
||||
Passed: true,
|
||||
Message: fmt.Sprintf("TCP connect to %s succeeded", addr),
|
||||
}, true
|
||||
}
|
||||
|
||||
// validateHTTP performs a GET request to the destination and checks for a response.
|
||||
// Non-5xx responses are considered passing (the service is responding).
|
||||
func validateHTTP(ctx context.Context, host string, port int) ValidationStep {
|
||||
target := fmt.Sprintf("http://%s:%d/", host, port)
|
||||
|
||||
httpCtx, cancel := context.WithTimeout(ctx, 10*time.Second)
|
||||
defer cancel()
|
||||
|
||||
req, err := http.NewRequestWithContext(httpCtx, http.MethodGet, target, nil)
|
||||
if err != nil {
|
||||
return ValidationStep{
|
||||
Name: StepHTTP,
|
||||
Passed: false,
|
||||
Message: fmt.Sprintf("Failed to build HTTP request: %s", err.Error()),
|
||||
Hint: diagnosticHint(StepHTTP, err),
|
||||
}
|
||||
}
|
||||
|
||||
client := &http.Client{
|
||||
Timeout: 10 * time.Second,
|
||||
// Do not follow redirects — we just want to see if the port responds to HTTP.
|
||||
CheckRedirect: func(*http.Request, []*http.Request) error {
|
||||
return http.ErrUseLastResponse
|
||||
},
|
||||
}
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
return ValidationStep{
|
||||
Name: StepHTTP,
|
||||
Passed: false,
|
||||
Message: fmt.Sprintf("HTTP probe to %s failed: %s", target, err.Error()),
|
||||
Hint: diagnosticHint(StepHTTP, err),
|
||||
}
|
||||
}
|
||||
resp.Body.Close()
|
||||
|
||||
if resp.StatusCode >= 500 {
|
||||
return ValidationStep{
|
||||
Name: StepHTTP,
|
||||
Passed: false,
|
||||
Message: fmt.Sprintf("Service responded with HTTP %d. The service may not be healthy.", resp.StatusCode),
|
||||
Hint: fmt.Sprintf("Service responded with HTTP %d. The service may not be healthy.", resp.StatusCode),
|
||||
}
|
||||
}
|
||||
|
||||
return ValidationStep{
|
||||
Name: StepHTTP,
|
||||
Passed: true,
|
||||
Message: fmt.Sprintf("HTTP probe returned %d", resp.StatusCode),
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user