coolify/src/lib/haproxy/configuration.ts

import { dev } from '$app/env';
import got from 'got';
import mustache from 'mustache';
import crypto from 'crypto';

import * as db from '$lib/database';
import { checkContainer, checkHAProxy } from '.';
import { asyncExecShell, getDomain, getEngine } from '$lib/common';
import { letsEncrypt } from '$lib/letsencrypt';

const url = dev ? 'http://localhost:5555' : 'http://coolify-haproxy:5555';

let template = `program api 
  command /usr/bin/dataplaneapi -f /usr/local/etc/haproxy/dataplaneapi.hcl --userlist haproxy-dataplaneapi
  no option start-on-reload
	
global
  stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
  log stdout format raw local0 debug
		 
defaults 
  mode http
  log global
  timeout http-request 60s
  timeout connect 10s
  timeout client 60s
  timeout server 60s

userlist haproxy-dataplaneapi 
  user admin insecure-password "\${HAPROXY_PASSWORD}"

frontend http
  mode http
  bind :80
  bind :443 ssl crt /usr/local/etc/haproxy/ssl/ alpn h2,http/1.1
  acl is_certbot path_beg /.well-known/acme-challenge/
  {{#applications}}
  {{#isHttps}}
  http-request redirect scheme https code ${
		dev ? 302 : 301
	} if { hdr(host) -i {{domain}} } !{ ssl_fc }
  {{/isHttps}}
  http-request redirect location {{{redirectValue}}} code ${
		dev ? 302 : 301
	} if { req.hdr(host) -i {{redirectTo}} }
  {{/applications}}
  {{#services}}
  {{#isHttps}}
  http-request redirect scheme https code ${
		dev ? 302 : 301
	} if { hdr(host) -i {{domain}} } !{ ssl_fc }
  {{/isHttps}}
  http-request redirect location {{{redirectValue}}} code ${
		dev ? 302 : 301
	} if { req.hdr(host) -i {{redirectTo}} }
  {{/services}}
  {{#coolify}}
  {{#isHttps}}
  http-request redirect scheme https code ${
		dev ? 302 : 301
	} if { hdr(host) -i {{domain}} } !{ ssl_fc }
  {{/isHttps}}
  http-request redirect location {{{redirectValue}}} code ${
		dev ? 302 : 301
	} if { req.hdr(host) -i {{redirectTo}} }
  {{/coolify}}
  use_backend backend-certbot if is_certbot
  use_backend %[req.hdr(host),lower]

frontend stats 
  bind *:8404
  stats enable
  stats uri /
  stats admin if TRUE
  stats auth "\${HAPROXY_USERNAME}:\${HAPROXY_PASSWORD}"

backend backend-certbot 
  mode http
  server certbot host.docker.internal:9080

{{#applications}}
{{#isRunning}}

backend {{domain}}
  option forwardfor
  server {{id}} {{id}}:{{port}} check
{{/isRunning}}
{{/applications}}

{{#services}}
{{#isRunning}}

backend {{domain}}
  option forwardfor
  server {{id}} {{id}}:{{port}} check
{{/isRunning}}
{{/services}}

{{#coolify}}
backend {{domain}}
  option forwardfor
  option httpchk GET /undead.json
  server {{id}} {{id}}:{{port}} check fall 10
{{/coolify}}
`;
export async function haproxyInstance() {
	const { proxyPassword } = await db.listSettings();
	return got.extend({
		prefixUrl: url,
		username: 'admin',
		password: proxyPassword
	});
}

export async function configureHAProxy() {
	const haproxy = await haproxyInstance();
	await checkHAProxy(haproxy);
	const ssls = [];
	const data = {
		applications: [],
		services: [],
		coolify: []
	};
	const applications = await db.prisma.application.findMany({
		include: { destinationDocker: true, settings: true }
	});
	for (const application of applications) {
		const {
			fqdn,
			id,
			port,
			destinationDocker: { engine, network },
			settings: { previews }
		} = application;
		const isRunning = await checkContainer(engine, id);
		const domain = getDomain(fqdn);
		const isHttps = fqdn.startsWith('https://');
		const isWWW = fqdn.includes('www.');
		const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`;
		if (isRunning) {
			data.applications.push({
				id,
				port: port || 3000,
				domain,
				isRunning,
				isHttps,
				redirectValue,
				redirectTo: isWWW ? domain : 'www.' + domain
			});
			if (isHttps) ssls.push({ domain, id, isCoolify: false });
		}
		if (previews) {
			const host = getEngine(engine);
			const { stdout } = await asyncExecShell(
				`DOCKER_HOST=${host} docker container ls --filter="status=running" --filter="network=${network}" --filter="name=${id}-" --format="{{json .Names}}"`
			);
			const containers = stdout
				.trim()
				.split('\n')
				.filter((a) => a)
				.map((c) => c.replace(/"/g, ''));
			if (containers.length > 0) {
				for (const container of containers) {
					let previewDomain = `${container.split('-')[1]}.${domain}`;
					data.applications.push({
						id: container,
						port: port || 3000,
						domain: previewDomain,
						isRunning,
						isHttps,
						redirectValue,
						redirectTo: isWWW ? previewDomain : 'www.' + previewDomain
					});
					if (isHttps) ssls.push({ domain: previewDomain, id, isCoolify: false });
				}
			}
		}
	}
	const services = await db.prisma.service.findMany({
		include: {
			destinationDocker: true,
			minio: true,
			plausibleAnalytics: true,
			vscodeserver: true,
			wordpress: true
		}
	});

	for (const service of services) {
		const {
			fqdn,
			id,
			type,
			destinationDocker: { engine }
		} = service;
		const found = db.supportedServiceTypesAndVersions.find((a) => a.name === type);
		if (found) {
			const port = found.ports.main;
			const publicPort = service[type]?.publicPort;
			const isRunning = await checkContainer(engine, id);
			const domain = getDomain(fqdn);
			const isHttps = fqdn.startsWith('https://');
			const isWWW = fqdn.includes('www.');
			const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`;
			data.services.push({
				id,
				port,
				publicPort,
				domain,
				isRunning,
				isHttps,
				redirectValue,
				redirectTo: isWWW ? domain : 'www.' + domain
			});
			if (isHttps) ssls.push({ domain, id, isCoolify: false });
		}
	}
	const { fqdn } = await db.prisma.setting.findFirst();
	if (fqdn) {
		const domain = getDomain(fqdn);
		const isHttps = fqdn.startsWith('https://');
		const isWWW = fqdn.includes('www.');
		const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`;
		data.coolify.push({
			id: dev ? 'host.docker.internal' : 'coolify',
			port: 3000,
			domain,
			isHttps,
			redirectValue,
			redirectTo: isWWW ? domain : 'www.' + domain
		});
		if (!dev && isHttps) ssls.push({ domain, id: 'coolify', isCoolify: true });
	}
	const output = mustache.render(template, data);
	const newHash = crypto.createHash('md5').update(output).digest('hex');
	const { proxyHash, id } = await db.listSettings();
	if (proxyHash !== newHash) {
		await db.prisma.setting.update({ where: { id }, data: { proxyHash: newHash } });
		console.log('HAProxy configuration changed, updating...');
		await haproxy.post(`v2/services/haproxy/configuration/raw`, {
			searchParams: {
				skip_version: true
			},
			body: output,
			headers: {
				'Content-Type': 'text/plain'
			}
		});
	} else {
		// console.log('HAProxy configuration is up to date');
	}
	if (ssls.length > 0) {
		for (const ssl of ssls) {
			if (!dev) {
				await letsEncrypt(ssl.domain, ssl.id, ssl.isCoolify);
			} else {
				// console.log('Generate ssl for', ssl.domain);
			}
		}
	}
}