PROXY protocol working for proxy hosts. Testing on stream, redirection and 404 hosts

baudneo · baudneo · commit 0cd436e507b9 · 2022-10-10T11:56:42.000-06:00
diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
@@ -0,0 +1,44 @@
+const migrate_name = 'proxy_protocol';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
+		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+		});
+
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	return knex.schema.table('proxy_host', (proxy_host) => {
+		proxy_host.dropColumn('enable_proxy_protocol');
+		proxy_host.dropColumn('load_balancer_ip');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] MIGRATING DOWN proxy_host Table altered');
+		});
+    
+	// logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
+	// return Promise.resolve(true);
+};
diff --git a/backend/migrations/22021009153423_proxy_protocol.js b/backend/migrations/22021009153423_proxy_protocol.js
@@ -11,15 +11,15 @@ const logger       = require('../logger').migrate;
  * @returns {Promise}
  */
 exports.up = function (knex/*, Promise*/) {
-    logger.info('[' + migrate_name + '] Migrating Up...');
+	logger.info('[' + migrate_name + '] Migrating Up...');
 
-    return knex.schema.table('proxy_host', function (proxy_host) {
-        proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
-        proxy_host.string('load_balancer_ip').notNull().defaultTo('');
-    })
-        .then(() => {
-            logger.info('[' + migrate_name + '] proxy_host Table altered');
-        });
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
+		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered - PROXY protocol added');
+		});
 
 };
 
@@ -30,7 +30,15 @@ exports.up = function (knex/*, Promise*/) {
  * @param   {Promise} Promise
  * @returns {Promise}
  */
-exports.down = function (knex, Promise) {
-    logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
-    return Promise.resolve(true);
+exports.down = function (knex/*, Promise*/) {
+	return knex.schema.table('proxy_host', (proxy_host) => {
+		proxy_host.dropColumn('enable_proxy_protocol');
+		proxy_host.dropColumn('load_balancer_ip');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] MIGRATING DOWN proxy_host Table altered - PROXY protocol removed');
+		});
+
+	// logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
+	// return Promise.resolve(true);
 };
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -24,6 +24,7 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
         MODSEC_ENABLE="0" \
         MODSEC_ADMIN_PANEL="0" \
         CROWDSEC_UPDATE_DIR='/cs-update' \
+        CROWDSEC_TEMPLATES='/crowdsec/templates' \
         GEOLITE_DB_GRAB="0" \
         GEOLITE2_DB_GRAB="0" \
         GEOIP_DIR="/geoip_db" \
diff --git a/frontend/js/app/nginx/proxy/form.js b/frontend/js/app/nginx/proxy/form.js
@@ -172,6 +172,7 @@ module.exports = Mn.View.extend({
             data.block_exploits          = !!data.block_exploits;
             data.caching_enabled         = !!data.caching_enabled;
             data.allow_websocket_upgrade = !!data.allow_websocket_upgrade;
+            data.enable_proxy_protocol   = !!data.enable_proxy_protocol;
             data.http2_support           = !!data.http2_support;
             data.hsts_enabled            = !!data.hsts_enabled;
             data.hsts_subdomains         = !!data.hsts_subdomains;
diff --git a/scripts/frontend-build b/scripts/frontend-build
@@ -11,7 +11,9 @@ if hash docker 2>/dev/null; then
 	docker pull "${DOCKER_IMAGE}"
 	cd "${DIR}/.."
 	echo -e "${BLUE}❯ ${CYAN}Building Frontend ...${RESET}"
-	docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" -w /app/frontend "$DOCKER_IMAGE" sh -c "yarn install && yarn build && yarn build && chown -R $(id -u):$(id -g) /app/frontend"
+	docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" \
+	-w /app/frontend "$DOCKER_IMAGE" sh \
+	-c "yarn install && yarn build && yarn build && chown -R $(id -u):$(id -g) /app/frontend"
 	echo -e "${BLUE}❯ ${GREEN}Building Frontend Complete${RESET}"
 else
 	echo -e "${RED}❯ docker command is not available${RESET}"
