- Added upstream objects

- Renamed host templates to nginx templates - Generate upstream templates - Better nginx error reporting when reloading - Use tparse for golang test reporting
2025-11-04 09:25:15 +00:00 · 2023-01-04 15:36:56 +10:00
parent b3ae2f4dbb
commit 5e5f0de0e2
82 changed files with 2209 additions and 294 deletions
--- a/backend/embed/migrations/20201013035318_initial_schema.sql
+++ b/backend/embed/migrations/20201013035318_initial_schema.sql
@@ -123,7 +123,6 @@ CREATE TABLE IF NOT EXISTS `stream`
 	user_id INTEGER NOT NULL,
 	listen_interface TEXT NOT NULL,
 	incoming_port INTEGER NOT NULL,
-	upstream_options TEXT NOT NULL,
 	tcp_forwarding INTEGER NOT NULL DEFAULT 0,
 	udp_forwarding INTEGER NOT NULL DEFAULT 0,
 	advanced_config TEXT NOT NULL,
@@ -138,13 +137,36 @@ CREATE TABLE IF NOT EXISTS `upstream`
 	created_on INTEGER NOT NULL DEFAULT 0,
 	modified_on INTEGER NOT NULL DEFAULT 0,
 	user_id INTEGER NOT NULL,
-	hosts TEXT NOT NULL,
-	balance_method TEXT NOT NULL,
-	max_fails INTEGER NOT NULL DEFAULT 1,
-	fail_timeout INTEGER NOT NULL DEFAULT 10,
+	name TEXT NOT NULL,
+	nginx_template_id INTEGER NOT NULL,
+	ip_hash INTEGER NOT NULL DEFAULT 0,
+	ntlm INTEGER NOT NULL DEFAULT 0,
+	keepalive INTEGER NOT NULL DEFAULT 0,
+	keepalive_requests INTEGER NOT NULL DEFAULT 0,
+	keepalive_time TEXT NOT NULL DEFAULT "",
+	keepalive_timeout TEXT NOT NULL DEFAULT "",
 	advanced_config TEXT NOT NULL,
+	status TEXT NOT NULL DEFAULT "",
+	error_message TEXT NOT NULL DEFAULT "",
 	is_deleted INTEGER NOT NULL DEFAULT 0,
-	FOREIGN KEY (user_id) REFERENCES user (id)
+	FOREIGN KEY (user_id) REFERENCES user (id),
+	FOREIGN KEY (nginx_template_id) REFERENCES nginx_template (id)
+);
+
+CREATE TABLE IF NOT EXISTS `upstream_server`
+(
+	id INTEGER PRIMARY KEY AUTOINCREMENT,
+	created_on INTEGER NOT NULL DEFAULT 0,
+	modified_on INTEGER NOT NULL DEFAULT 0,
+	upstream_id INTEGER NOT NULL,
+	server TEXT NOT NULL,
+	weight INTEGER NOT NULL DEFAULT 0,
+	max_conns INTEGER NOT NULL DEFAULT 0,
+	max_fails INTEGER NOT NULL DEFAULT 0,
+	fail_timeout INTEGER NOT NULL DEFAULT 0,
+	backup INTEGER NOT NULL DEFAULT 0,
+	is_deleted INTEGER NOT NULL DEFAULT 0,
+	FOREIGN KEY (upstream_id) REFERENCES upstream (id)
 );

 CREATE TABLE IF NOT EXISTS `access_list`
@@ -159,14 +181,14 @@ CREATE TABLE IF NOT EXISTS `access_list`
 	FOREIGN KEY (user_id) REFERENCES user (id)
 );

-CREATE TABLE IF NOT EXISTS `host_template`
+CREATE TABLE IF NOT EXISTS `nginx_template`
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
 	created_on INTEGER NOT NULL DEFAULT 0,
 	modified_on INTEGER NOT NULL DEFAULT 0,
 	user_id INTEGER NOT NULL,
 	name TEXT NOT NULL,
-	host_type TEXT NOT NULL,
+	type TEXT NOT NULL,
 	template TEXT NOT NULL,
 	is_deleted INTEGER NOT NULL DEFAULT 0,
 	FOREIGN KEY (user_id) REFERENCES user (id)
@@ -179,7 +201,7 @@ CREATE TABLE IF NOT EXISTS `host`
 	modified_on INTEGER NOT NULL DEFAULT 0,
 	user_id INTEGER NOT NULL,
 	type TEXT NOT NULL,
-	host_template_id INTEGER NOT NULL,
+	nginx_template_id INTEGER NOT NULL,
 	listen_interface TEXT NOT NULL DEFAULT "",
 	domain_names TEXT NOT NULL,
 	upstream_id INTEGER NOT NULL DEFAULT 0,
@@ -193,14 +215,13 @@ CREATE TABLE IF NOT EXISTS `host`
 	hsts_enabled INTEGER NOT NULL DEFAULT 0,
 	hsts_subdomains INTEGER NOT NULL DEFAULT 0,
 	paths TEXT NOT NULL DEFAULT "",
-	upstream_options TEXT NOT NULL DEFAULT "",
 	advanced_config TEXT NOT NULL DEFAULT "",
 	status TEXT NOT NULL DEFAULT "",
 	error_message TEXT NOT NULL DEFAULT "",
 	is_disabled INTEGER NOT NULL DEFAULT 0,
 	is_deleted INTEGER NOT NULL DEFAULT 0,
 	FOREIGN KEY (user_id) REFERENCES user (id),
-	FOREIGN KEY (host_template_id) REFERENCES host_template (id),
+	FOREIGN KEY (nginx_template_id) REFERENCES nginx_template (id),
 	FOREIGN KEY (upstream_id) REFERENCES upstream (id),
 	FOREIGN KEY (certificate_id) REFERENCES certificate (id),
 	FOREIGN KEY (access_list_id) REFERENCES access_list (id)
--- a/backend/embed/migrations/20201013035839_initial_data.sql
+++ b/backend/embed/migrations/20201013035839_initial_data.sql
@@ -16,8 +16,8 @@ INSERT INTO `capability` (
 	("dns-providers.manage"),
 	("hosts.view"),
 	("hosts.manage"),
-	("host-templates.view"),
-	("host-templates.manage"),
+	("nginx-templates.view"),
+	("nginx-templates.manage"),
 	("settings.manage"),
 	("streams.view"),
 	("streams.manage"),
@@ -131,12 +131,12 @@ INSERT INTO `user` (
 );

 -- Host Templates
-INSERT INTO `host_template` (
+INSERT INTO `nginx_template` (
 	created_on,
 	modified_on,
 	user_id,
 	name,
-	host_type,
+	type,
 	template
 ) VALUES (
 	strftime('%s', 'now'),
@@ -144,7 +144,119 @@ INSERT INTO `host_template` (
 	(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
 	"Default Proxy Template",
 	"proxy",
-	"# this is a proxy template"
+	"# ------------------------------------------------------------
+{{#each Host.DomainNames}}
+# {{this}}
+{{/each}}
+# ------------------------------------------------------------
+
+{{#if Host.IsDisabled}}
+# This Proxy Host is disabled and will not generate functional config
+{{/if}}
+
+{{#unless Host.IsDisabled}}
+server {
+  set $forward_scheme {{Host.ForwardScheme}};
+  set $server         ""{{Host.ForwardHost}}"";
+  set $port           {{Host.ForwardPort}};
+
+  {{#if Config.Ipv4}}
+  listen 80;
+  {{/if}}
+  {{#if Config.Ipv6}}
+  listen [::]:80;
+  {{/if}}
+
+  {{#if Certificate.ID}}
+  listen 443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
+  {{/if}}
+  {{#if Config.Ipv6}}
+  listen [::]:443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
+  {{/if}}
+
+  server_name {{#each Host.DomainNames}}{{this}} {{/each}};
+
+  {{#if Certificate.ID}}
+  include conf.d/include/ssl-ciphers.conf;
+  {{#if Certificate.IsAcme}}
+  ssl_certificate {{Certificate.Folder}}/fullchain.pem;
+  ssl_certificate_key {{Certificate.Folder}}/privkey.pem;
+  {{else}}
+  # Custom SSL
+  ssl_certificate /data/custom_ssl/npm-{{Certicicate.ID}}/fullchain.pem;
+  ssl_certificate_key /data/custom_ssl/npm-{{Certificate.ID}}/privkey.pem;
+  {{/if}}
+  {{/if}}
+
+  {{#if Host.CachingEnabled}}
+  include conf.d/include/assets.conf;
+  {{/if}}
+
+  {{#if Host.BlockExploits}}
+  include conf.d/include/block-exploits.conf;
+  {{/if}}
+
+  {{#if Certificate.ID}}
+  {{#if Host.SSLForced}}
+  {{#if Host.HSTSEnabled}}
+  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+  add_header Strict-Transport-Security ""max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload"" always;
+  {{/if}}
+  # Force SSL
+  include conf.d/include/force-ssl.conf;
+  {{/if}}
+  {{/if}}
+
+  {{#if Host.AllowWebsocketUpgrade}}
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $http_connection;
+  proxy_http_version 1.1;
+  {{/if}}
+
+  access_log /data/logs/host-{{Host.ID}}_access.log proxy;
+  error_log /data/logs/host-{{Host.ID}}_error.log warn;
+
+  {{Host.AdvancedConfig}}
+
+  # locations ?
+
+  # default location:
+  location / {
+    {{#if Host.AccessListID}}
+    # Authorization
+    auth_basic            ""Authorization required"";
+    auth_basic_user_file  /data/access/{{Host.AccessListID}};
+    # access_list.passauth ? todo
+    {{/if}}
+
+    # Access Rules ? todo
+
+    # Access checks must...? todo
+
+    {{#if Certificate.ID}}
+    {{#if Host.SSLForced}}
+    {{#if Host.HSTSEnabled}}
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+    add_header Strict-Transport-Security ""max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload"" always;
+    {{/if}}
+    {{/if}}
+    {{/if}}
+
+    {{#if Host.AllowWebsocketUpgrade}}
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_http_version 1.1;
+    {{/if}}
+
+    # Proxy!
+    include conf.d/include/proxy.conf;
+  }
+
+  # Legacy Custom Configuration
+  include /data/nginx/custom/server_proxy[.]conf;
+}
+{{/unless}}
+"
 ), (
 	strftime('%s', 'now'),
 	strftime('%s', 'now'),
@@ -166,6 +278,55 @@ INSERT INTO `host_template` (
 	"Default Stream Template",
 	"stream",
 	"# this is a stream template"
+), (
+	strftime('%s', 'now'),
+	strftime('%s', 'now'),
+	(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
+	"Default Upstream Template",
+	"upstream",
+	"# ------------------------------------------------------------
+# Upstream {{Upstream.ID}}: {{Upstream.Name}}
+# ------------------------------------------------------------
+
+{{#unless Upstream.IsDeleted~}}
+
+upstream npm_upstream_{{Upstream.ID}} {
+
+  {{#if Upstream.IPHash~}}
+  ip_hash;
+  {{~/if}}
+
+  {{#if Upstream.NTLM~}}
+  ntlm;
+  {{~/if}}
+
+  {{#if Upstream.Keepalive~}}
+  keepalive {{Upstream.Keepalive}};
+  {{~/if}}
+
+  {{#if Upstream.KeepaliveRequests~}}
+  keepalive_requests {{Upstream.KeepaliveRequests}};
+  {{~/if}}
+
+  {{#if Upstream.KeepaliveTime~}}
+  keepalive_time {{Upstream.KeepaliveTime}};
+  {{~/if}}
+
+  {{#if Upstream.KeepaliveTimeout~}}
+  keepalive_timeout {{Upstream.KeepaliveTimeout}};
+  {{~/if}}
+
+  {{Upstream.AdvancedConfig}}
+
+  {{#each Upstream.Servers~}}
+  {{#unless IsDeleted~}}
+  server {{Server}} {{#if Weight}}weight={{Weight}} {{/if}}{{#if MaxConns}}max_conns={{MaxConns}} {{/if}}{{#if MaxFails}}max_fails={{MaxFails}} {{/if}}{{#if FailTimeout}}fail_timeout={{FailTimeout}} {{/if}}{{#if Backup}}backup{{/if}};
+  {{/unless}}
+  {{/each}}
+}
+
+{{~/unless~}}
+"
 );

 -- migrate:down