dockercloud-haproxy/haproxy/helper/backend_helper.py at b17bbe455c499194f8c2fc6f4b8a27dd6cba2096 · docker-archive/dockercloud-haproxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
import re

from haproxy.config import HEALTH_CHECK, HTTP_BASIC_AUTH, EXTRA_ROUTE_SETTINGS
from haproxy.utils import get_service_attribute


def get_backend_section(details, routes, vhosts, service_alias, routes_added):
    backend = []

    backend_websocket_setting = get_websocket_setting(vhosts, service_alias)
    backend.extend(backend_websocket_setting)

    backend_settings, is_sticky = get_backend_settings(details, service_alias, HTTP_BASIC_AUTH)
    backend.extend(backend_settings)

    backend_routes = get_backend_routes(is_sticky, routes, routes_added, service_alias)
    backend.extend(backend_routes)

    return backend


def get_backend_routes(is_sticky, routes, routes_added, service_alias):
    backend_routes = []
    for _service_alias, routes in routes.iteritems():
        if not service_alias or _service_alias == service_alias:
            addresses_added = []
            for route in routes:
                # avoid adding those tcp routes adding http backends
                if route in routes_added:
                    continue
                address = "%s:%s" % (route["addr"], route["port"])
                if address not in addresses_added:
                    addresses_added.append(address)
                    backend_route = ["server %s %s" % (route["container_name"], address)]
                    if is_sticky:
                        backend_route.append("cookie %s" % route["container_name"])

                    if "health_check" in route and route["health_check"]:
                        backend_route.append(route["health_check"])
                    else:
                        backend_route.append(HEALTH_CHECK)

                    if "extra_route_settings" in route and route["extra_route_settings"]:
                        backend_route.append(route["extra_route_settings"])
                    else:
                        backend_route.append(EXTRA_ROUTE_SETTINGS)

                    backend_routes.append(" ".join(backend_route).strip())

    return sorted(backend_routes)


def get_websocket_setting(vhosts, service_alias):
    websocket_setting = []
    for v in vhosts:
        if service_alias == v["service_alias"]:
            if v["scheme"].lower() in ["ws", "wss"]:
                websocket_setting.append("option http-server-close")
                break
    return websocket_setting


def get_backend_settings(details, service_alias, basic_auth):
    backend_settings = []

    sticky_setting, is_sticky = get_sticky_setting(details, service_alias)
    backend_settings.extend(sticky_setting)
    backend_settings.extend(get_balance_setting(details, service_alias))
    backend_settings.extend(get_force_ssl_setting(details, service_alias))
    backend_settings.extend(get_http_check_setting(details, service_alias))
    backend_settings.extend(get_gzip_compression_setting(details, service_alias))
    backend_settings.extend(get_hsts_max_age_setting(details, service_alias))
    backend_settings.extend(get_options_setting(details, service_alias))
    backend_settings.extend(get_extra_settings_setting(details, service_alias))
    backend_settings.extend(get_basic_auth_setting(details, basic_auth, service_alias))

    return backend_settings, is_sticky


def get_balance_setting(details, service_alias):
    setting = []
    balance = get_service_attribute(details, "balance", service_alias)
    if balance:
        setting.append("balance %s" % balance)
    return setting


def get_sticky_setting(details, service_alias):
    setting = []
    is_sticky = False

    cookie = get_service_attribute(details, "cookie", service_alias)
    if cookie:
        setting.append("cookie %s" % cookie)
        is_sticky = True

    return setting, is_sticky


def get_force_ssl_setting(details, service_alias):
    setting = []
    force_ssl = get_service_attribute(details, "force_ssl", service_alias)
    if force_ssl:
        setting.append("redirect scheme https code 301 if !{ ssl_fc }")
    return setting


def get_http_check_setting(details, service_alias):
    setting = []
    http_check = get_service_attribute(details, "http_check", service_alias)
    if http_check:
        setting.append("option httpchk %s" % http_check)
    return setting


def get_hsts_max_age_setting(details, service_alias):
    setting = []
    hsts_max_age = get_service_attribute(details, "hsts_max_age", service_alias)
    if hsts_max_age:
        setting.append("rspadd Strict-Transport-Security:\ max-age=%s;\ includeSubDomains" % hsts_max_age)
    return setting


def get_gzip_compression_setting(details, service_alias):
    setting = []
    gzip_compression_type = get_service_attribute(details, 'gzip_compression_type', service_alias)
    if gzip_compression_type:
        setting.append("compression algo gzip")
        setting.append("compression type %s" % gzip_compression_type)
    return setting


def get_options_setting(details, service_alias):
    setting = []
    options = get_service_attribute(details, 'option', service_alias)
    if options:
        for option in options:
            setting.append("option %s" % option)
    return setting


def get_extra_settings_setting(details, service_alias):
    setting = []
    extra_settings_str = get_service_attribute(details, 'extra_settings', service_alias)
    if extra_settings_str:
        extra_settings = re.split(r'(?<!\\),', extra_settings_str)
        for extra_setting in extra_settings:
            if extra_setting.strip():
                setting.append(extra_setting.strip().replace("\,", ","))
    return setting


def get_basic_auth_setting(details, basic_auth, service_alias):
    setting = []
    exclude_basic_auth = get_service_attribute(details, "exclude_basic_auth", service_alias)

    if basic_auth and not exclude_basic_auth:
        setting.append("acl need_auth http_auth(haproxy_userlist)")
        setting.append("http-request auth realm haproxy_basic_auth if !need_auth")
    return setting