You have to install HAProxy Nodes, before usage of haproxy_api. See details: Installation Guide
By default port 3000
is used.
Use header X-HaproxyApi-Key
or key
parameter to authorize requests:
X-HaproxyApi-Key: 37c2256c-35d6-4e57-a5aa-ef79329c99e8
http://host:3000/api/1/route?key=37c2256c-35d6-4e57-a5aa-ef79329c99e8
API key is stored in api_keys
collection in database. See Installation Guide to know how to add <here_is_api_key>
Error processing:
- Invalid data cause answer with HTTP code
400
- On error manipulate HAProxy Nodes HTTP code
500
HTTP | URL | Comment | JSON Answer |
---|---|---|---|
GET | /api/1/routes |
Show routes | Array of routes |
GET | /api/1/routes?service=:id |
Show routes by service id | Array of routes |
GET | /api/1/routes?proto=:id |
Show routes by protocol name (http,https,tcp) | Array of routes |
GET | /api/1/routes/:id |
Get route by id | Single route |
POST | /api/1/routes |
Add new route | Added route |
PUT | /api/1/routes/:id |
Modify existing route | Modified route |
PUT | /api/1/routes/:id/suspend |
Suspend (disapprove) route | Modified route |
PUT | /api/1/routes/:id/set-path |
Adds backend option: http-request set-path $path | Modified route |
DELETE | /api/1/routes/:id |
Delete route | 204 No Content |
DELETE | /api/1/routes |
Delete routes all routes | 204 No Content |
DELETE | /api/1/routes?service=:id |
Delete routes by service id | 204 No Content |
POST | /api/1/store |
Push configs to remote nodes | 200 OK |
GET | /api/1/certs |
List certificates | All certificates |
GET | /api/1/certs/:id |
Get certificate by id | Single certificate |
GET | /api/1/certs?owner=:id |
Get certificates by username | List of certificates |
GET | /api/1/certs?domain=:id |
Get certificates by domain | List of certificates |
POST | /api/1/certs |
Add new SSL-certificate | Add certificate |
PUT | /api/1/certs/:id |
Update certificate (name) | 405 Not Implemented yet |
DELETE | /api/1/certs/:id |
Delete certificate by id | 204 No Content |
GET | /api/1/nodes |
List HAproxy nodes | All nodes |
GET | /api/1/nodes/:id |
Get HAproxy nodes by id | Single node |
POST | /api/1/nodes |
Add HAproxy node | Added nodes |
DELETE | /api/1/nodes |
Remove all HAproxy nodes | 204 No Content |
- POST /api/1/route
- PUT /api/1/route/:id
{
"name":"my balancer",
"proto":"http",
"host":"test1-vr.icdc.io",
"service_id":"1000000075",
"approve_status":"waiting",
"backend":{
"proto":"http",
"balance":"roundrobin",
"servers":[
{
"name":"vm1-id",
"host":"172.20.140.22",
"port":"8080"
},
{
"name":"vm2-id",
"host":"172.20.150.23",
"port":"9000"
}
]
}
}
- GET /api/1/certs?owner=user@iba.by
[
{
"created_at":"2018-02-21T15:01:18.687Z",
"domains": ["danix1.icdc.io"],
"id":"5a8d89be9f789d3d2e000001",
"name":"ss cert 1",
"not_after":"2019-02-20T08:01:49.000Z",
"not_before":"2018-02-20T08:01:49.000Z",
"owner":"dsatsura@gmail.com",
"expired":false
}
]
- GET /api/1/certs?owner=user@iba.by
[
{
"created_at":"2018-02-21T15:01:18.687Z",
"domains": ["danix1.icdc.io"],
"id":"5a8d89be9f789d3d2e000001",
"name":"ss cert 1",
"not_after":"2019-02-20T08:01:49.000Z",
"not_before":"2018-02-20T08:01:49.000Z",
"owner":"dsatsura@gmail.com",
"expired":false
}
]
- POST /api/1/certs
{
"name":"cert1",
"owner":"dsatsura@iba.by",
"cert":"LS0tLS1CRUdJTiBDRVJUSU...<certificate pem content in base64>",
"key":"LS0tLS1CRUdJTiBDRVJUSU...<certificate pem content in base64>",
"ca":"LS0tLS1CRUdJTiBDRVJUSU...<certificate pem content in base64>"
}
При поступлении запроса на добавление route:
-
Если указан параметр
host
и параметрproto
соответствует HTTP/HTTPS/TCP (в противном случае генерируем ошибку):- Для протоколов HTTP/HTTPS добавляем параметр
port
со значениями 80/443 соответственно - Для TCP выделяются порты по очереди из диапазона 8000-9000: получаем список всех портов существующих TCP routes и к максимальному значению протокола прибавляем единицу. Если значение превышает 9000 - генерируем ошибку. Если получили пустой список портов - используем порт 8000.
- Для протоколов HTTP/HTTPS добавляем параметр
-
Вся информация заносится в коллекцию
routes
, если новый route не дублирует существующие (проверяетсяproto
,host
,path
) -
На основе новых данных (при условии, что параметр
approve_status
у route имеет значениеapproved
) генерируется конфигурационный файл для Haproxy. -
Сгенерированный конфигурационный файл заливается на nodes из коллекции
haproxy_nodes
defaults router:http_begin
frontend router:https
bind *:80
mode http
#option ?
#WARN: no default_backend
acl acl_00000000001 hdr(host) -i "test-vr.icdc.io"
use_backend backend_00000000002 if acl_00000000001
backend backend_00000000002
mode http
option forwardfor
server server_0000000011 172.20.234.73:8080 check
defaults router:http_end
defaults router:https_begin
frontend router:https
bind *:443 ssl crt /etc/ssl/private/example.com.pem
mode http
reqadd X-Forwarded-Proto:\ https
#option ?
#WARN: no default_backend
acl acl_00000000001 hdr(host) -i "test-vr.icdc.io"
use_backend backend_00000000002 if acl_00000000001
backend backend_00000000002
mode http
option forwardfor
server server_0000000011 172.20.234.73:443 check
defaults router:https_end
defaults router:tcp_begin
frontend router:tcp_0000000001
bind *:8000
mode tcp
#option ?
#WARN: no default_backend
acl acl_0000000001 hdr(host) -i "test1-vr.icdc.io"
use_backend backend_0000000011 if acl_0000000001
backend backend_0000000011
mode tcp
server server_0000000111 172.20.234.73:9999 check
frontend router:tcp_0000000002
bind *:8001
mode tcp
#option ?
#WARN: no default_backend
use_backend backend_0000000022
backend backend_0000000022
mode tc
server server_0000000111 172.20.234.73:7777 check
defaults router:tcp_end
Все конфигурации проходят проверк командой haproxy -f /etc/haproxy/router.cfg -c