diff --git a/docker-compose.proxy.yml b/docker-compose.proxy.yml new file mode 100644 index 00000000..67f70a04 --- /dev/null +++ b/docker-compose.proxy.yml @@ -0,0 +1,19 @@ +version: '3.1' + +services: + + haproxy: + image: haproxytech/haproxy-alpine:latest + ports: + - "80:80" + expose: + - 80 + environment: + - AUTH_HTTP=$AUTH_HTTP + volumes: + - ./haproxy/:/usr/local/etc/haproxy:ro + networks: + - $NET_POKT + restart: unless-stopped + + diff --git a/haproxy/eth-healthcheck.sh b/haproxy/eth-healthcheck.sh new file mode 100644 index 00000000..e3413d66 --- /dev/null +++ b/haproxy/eth-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/eth-healthcheck.sh~ b/haproxy/eth-healthcheck.sh~ new file mode 100644 index 00000000..c8727d81 --- /dev/null +++ b/haproxy/eth-healthcheck.sh~ @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg new file mode 100644 index 00000000..9572390a --- /dev/null +++ b/haproxy/haproxy.cfg @@ -0,0 +1,68 @@ +global + + nbproc 1 + nbthread 2 + cpu-map auto:1/1-2 0-1 + + log /dev/log local0 + log /dev/log local1 notice + #chroot /var/lib/haproxy + user haproxy + group haproxy + daemon + external-check + +defaults + mode http + log global + option httplog + option http-keep-alive + option dontlognull + option redispatch + option contstats + retries 3 + backlog 10000 + timeout client 50s + timeout connect 5s + timeout server 50s + timeout tunnel 3600s + timeout http-keep-alive 2s + timeout http-request 15s + timeout queue 30s + timeout tarpit 60s + default-server inter 3s rise 2 fall 3 + option forwardfor + + +listen stats + bind *:9600 + stats enable + stats uri /stats + stats realm Haproxy\ Statistics + stats auth pocket:P@ssw0rd00! + + +frontend rpc-frontend + bind *:80 + acl host_is_erigon path_beg /erigon + acl host_is_goerli path_beg /goerli + acl host_is_avalanche path_beg /avalanche + acl host_is_ropsten path_beg /ropsten + acl host_is_geth path_beg /geth + acl host_is_rinkeby path_beg /rinkeby + + use_backend default-cluster if host_is_erigon OR host_is_goerli OR host_is_avalanche OR host_is_ropsten OR host_is_geth OR host_is_rinkeby + default_backend backend-no-match + +backend backend-no-match + http-request deny deny_status 400 + +backend default-cluster + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/eth-healthcheck.sh + + #server 157.90.90.23 157.90.90.23:80 check inter 10000 fall 3 rise 2 maxconn 2000 diff --git a/haproxy/haproxy.cfg~ b/haproxy/haproxy.cfg~ new file mode 100644 index 00000000..3b1be603 --- /dev/null +++ b/haproxy/haproxy.cfg~ @@ -0,0 +1,80 @@ +global + + nbproc 1 + nbthread 2 + cpu-map auto:1/1-2 0-1 + + log /dev/log local0 + log /dev/log local1 notice + #chroot /var/lib/haproxy + user haproxy + group haproxy + daemon + external-check + +defaults + mode http + log global + option httplog + option http-keep-alive + option dontlognull + option redispatch + option contstats + retries 3 + backlog 10000 + timeout client 50s + timeout connect 5s + timeout server 50s + timeout tunnel 3600s + timeout http-keep-alive 2s + timeout http-request 15s + timeout queue 30s + timeout tarpit 60s + default-server inter 3s rise 2 fall 3 + option forwardfor + + # +listen stats + bind *:9600 + stats enable + stats uri /stats + stats realm Haproxy\ Statistics + stats auth pocket:P@ssw0rd00! + +frontend eth-frontend + bind 0.0.0.0:80 + acl network_allowed src 178.63.240.5/32 65.21.146.185/32 51.89.64.105/32 157.90.16.143/32 5.2.147.185/32 88.99.249.251/32 135.181.73.218/32 95.217.16.102/32 178.170.47.16/32 178.170.42.130/32 203. +86.232.156/32 49.12.165.122/32 162.55.165.32/32 148.251.194.119/32 + acl is_oe-lb-ext hdr(host) -i oe-lb-ext.easy2stake.com + acl is_tg-lb-ext hdr(host) -i tg-lb-ext.easy2stake.com + use_backend oe-nodes if is_oe-lb-ext network_allowed + #use_backend tg-nodes if is_tg-lb-ext network_allowed + default_backend backend-no-match + +backend backend-no-match + http-request deny deny_status 400 + + +backend oe-nodes + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /var/lib/haproxy/eth-healthcheck.sh + + server 157.90.90.29 157.90.90.29:8545 check inter 10000 fall 3 rise 2 maxconn 2000 + server 162.55.4.245 162.55.4.245:8545 check inter 10000 fall 3 rise 2 maxconn 2000 + #server 65.21.76.113 65.21.76.113:8545 check inter 10000 fall 3 rise 2 maxconn 2000 + +#backend tg-nodes +# mode http +# balance roundrobin +# +# option external-check +# external-check path "/usr/bin:/bin" +# external-check command /var/lib/haproxy/eth-healthcheck.sh +# +# server 135.181.5.147 135.181.5.147:9656 check inter 10000 fall 3 rise 2 maxconn 2000 +# server 176.9.147.47 176.9.147.47:9656 check inter 10000 fall 3 rise 2 maxconn 2000 +# server 168.119.64.26 168.119.64.26:9656 check inter 10000 fall 3 rise 2 maxconn 2000 \ No newline at end of file