push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(port-manager, certificate-manager): Improve port binding and ACME challenge route integration in SmartProxy

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-20 15:32:19 +00:00
parent 3b1531d4a2
commit 669cc2809c
7 changed files with 746 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
changelog.md
View File

@ -1,5 +1,14 @@
# Changelog
## 2025-05-20 - 19.3.13 - fix(port-manager, certificate-manager)
Improve port binding and ACME challenge route integration in SmartProxy
- Added reference counting in PortManager so that routes sharing the same port reuse the existing binding.
- Enhanced error handling to distinguish internal port conflicts from external ones, with more descriptive messages.
- Adjusted ACME challenge route addition to merge with existing port bindings when port is already in use.
- Refactored updateRoutes to release orphaned ports and bind only new required ports, minimizing rebinding operations.
- Improved certificate-manager logic to provide clearer error notifications when ACME port conflicts occur.
## 2025-05-19 - 19.3.12 - fix(tests)
Update test mocks to include provisionAllCertificates methods in certificate manager stubs and related objects.

384
readme.plan.md Normal file
View File

@ -0,0 +1,384 @@
# SmartProxy Development Plan
## ACME Route Port Binding Intelligence Improvement
### Problem Statement
Currently, SmartProxy has an issue with port binding conflicts between regular routes and ACME challenge routes. While SmartProxy is designed to support multiple routes sharing the same port (differentiated by host, path, etc.), there's a specific conflict when adding ACME challenge routes to a port that is already in use by other routes.
This results in the error: `Port 80 is already in use for ACME challenges` when SmartProxy tries to bind the ACME challenge route to a port that it's already using.
### Root Cause Analysis
1. **Double Binding Attempt**: SmartProxy tries to bind to port 80 twice - once for application routes and once for ACME challenge routes.
2. **Overlapping Route Updates**: When adding a challenge route, it triggers a port binding operation without checking if the port is already bound.
3. **Naive Error Handling**: The code detects EADDRINUSE but doesn't distinguish between external conflicts and internal conflicts.
4. **Port Binding Semantics**: The port manager doesn't recognize that a port already bound by SmartProxy can be reused for additional routes.
### Solution Architecture
We need a more intelligent approach to port binding that understands when a port can be shared between routes vs. when a new binding is needed:
1. **Port Binding Awareness**: Track what ports are already bound by SmartProxy itself.
2. **Smart Route Updates**: Only attempt to bind to ports that aren't already bound by SmartProxy.
3. **Route Merging Logic**: When adding ACME challenge routes, merge them with existing routes on the same ports.
4. **Dynamic Port Management**: Release port bindings when no routes are using them and rebind when needed.
5. **Improved Error Recovery**: Handle port conflicts gracefully, with distinct handling for internal vs. external conflicts.
### Implementation Plan
#### Phase 1: Improve Port Manager Intelligence
- [ ] Enhance `PortManager` to distinguish between ports that need new bindings vs ports that can reuse existing bindings
- [ ] Add an internal tracking mechanism to detect when a requested port is already bound internally
- [ ] Modify port addition logic to skip binding operations for ports already bound by SmartProxy
- [ ] Implement reference counting for port bindings to track how many routes use each port
- [ ] Add logic to release port bindings when no routes are using them anymore
- [ ] Update error handling to provide more context for port binding failures
#### Phase 2: Refine ACME Challenge Route Integration
- [ ] Modify `addChallengeRoute()` to check if the port is already in use by SmartProxy
- [ ] Ensure route updates don't trigger unnecessary port binding operations
- [ ] Implement a merging strategy for ACME routes with existing routes on the same port
- [ ] Add diagnostic logging to track route and port binding relationships
#### Phase 3: Enhance Proxy Route Management
- [ ] Restructure route update process to group routes by port
- [ ] Implement a more efficient route update mechanism that minimizes port binding operations
- [ ] Develop port lifecycle management to track usage across route changes
- [ ] Add validation to detect potential binding conflicts before attempting operations
- [ ] Create a proper route dependency graph to understand the relationships between routes
- [ ] Implement efficient detection of "orphaned" ports that no longer have associated routes
#### Phase 4: Improve Error Handling and Recovery
- [ ] Enhance error messages to be more specific about the nature of port conflicts
- [ ] Add recovery mechanisms for common port binding scenarios
- [ ] Implement a fallback port selection strategy for ACME challenges
- [ ] Create a more robust validation system to catch issues before they cause runtime errors
### Detailed Technical Tasks
#### Phase 1: Improve Port Manager Intelligence
1. Modify `/ts/proxies/smart-proxy/port-manager.ts`:
- Add a new method `isPortBoundBySmartProxy(port: number): boolean`
- Refactor `addPort()` to check if the port is already bound
- Update `updatePorts()` to be more intelligent about which ports need binding
- Add reference counting for port usage
2. Implement Port Reference Counting:
```typescript
// Add to PortManager class
private portRefCounts: Map<number, number> = new Map();
public incrementPortRefCount(port: number): void {
const currentCount = this.portRefCounts.get(port) || 0;
this.portRefCounts.set(port, currentCount + 1);
logger.log('debug', `Port ${port} reference count increased to ${currentCount + 1}`, { port, refCount: currentCount + 1 });
}
public decrementPortRefCount(port: number): number {
const currentCount = this.portRefCounts.get(port) || 0;
if (currentCount <= 0) {
logger.log('warn', `Attempted to decrement reference count for port ${port} below zero`, { port });
return 0;
}
const newCount = currentCount - 1;
this.portRefCounts.set(port, newCount);
logger.log('debug', `Port ${port} reference count decreased to ${newCount}`, { port, refCount: newCount });
return newCount;
}
public getPortRefCount(port: number): number {
return this.portRefCounts.get(port) || 0;
}
```
3. Port Binding Logic Enhancements:
```typescript
public async addPort(port: number): Promise<void> {
// If already bound by this instance, just increment ref count and return
if (this.servers.has(port)) {
this.incrementPortRefCount(port);
logger.log('debug', `Port ${port} is already bound by SmartProxy, reusing binding`, { port });
return;
}
// Initialize ref count for new port
this.portRefCounts.set(port, 1);
// Continue with normal binding...
}
public async removePort(port: number): Promise<void> {
// Decrement reference count
const newCount = this.decrementPortRefCount(port);
// If port is still in use by other routes, keep it
if (newCount > 0) {
logger.log('debug', `Port ${port} still in use by ${newCount} routes, keeping binding open`, { port, refCount: newCount });
return;
}
// No more references, can actually close the port
const server = this.servers.get(port);
if (!server) {
logger.log('warn', `Port ${port} not found in servers map`, { port });
return;
}
// Continue with normal unbinding logic...
}
```
4. Add Smarter Port Conflict Detection:
```typescript
private isPortConflict(error: any): { isConflict: boolean; isExternal: boolean } {
if (error.code !== 'EADDRINUSE') {
return { isConflict: false, isExternal: false };
}
// Check if we already have this port
const isBoundInternally = this.servers.has(Number(error.port));
return { isConflict: true, isExternal: !isBoundInternally };
}
```
#### Phase 2: Refine ACME Challenge Route Integration
1. Modify `/ts/proxies/smart-proxy/certificate-manager.ts`:
- Enhance `addChallengeRoute()` to be aware of existing port bindings
- Add port verification before attempting to add challenge routes
2. Smart Route Merging Logic:
```typescript
private async addChallengeRoute(): Promise<void> {
// Check if route is already active
if (this.challengeRouteActive) {
return;
}
// Create challenge route
const challengeRoute = this.challengeRoute;
const challengePort = this.globalAcmeDefaults?.port || 80;
// Check if port is already in use by another route
const portAlreadyUsed = this.routes.some(r =>
Array.isArray(r.match.ports)
? r.match.ports.includes(challengePort)
: r.match.ports === challengePort
);
if (portAlreadyUsed) {
logger.log('info', `Port ${challengePort} is already used by an existing route, merging ACME challenge route`);
}
// Continue with route update...
}
```
3. Update Route Manager Communication:
```typescript
// Add this method to smart-proxy.ts
private async addRouteWithoutRebinding(route: IRouteConfig): Promise<void> {
// Add route to configuration without triggering a port rebind
this.settings.routes.push(route);
this.routeManager.updateRoutes(this.settings.routes);
// Update HttpProxy if needed, but skip port binding updates
if (this.httpProxyBridge.getHttpProxy()) {
await this.httpProxyBridge.syncRoutesToHttpProxy(this.settings.routes);
}
}
```
#### Phase 3: Enhance Proxy Route Management
1. Modify `/ts/proxies/smart-proxy/smart-proxy.ts`:
- Refactor `updateRoutes()` to group routes by port
- Implement incremental updates that preserve port bindings
- Add orphaned port detection and cleanup
2. Group Routes by Port:
```typescript
private groupRoutesByPort(routes: IRouteConfig[]): Map<number, IRouteConfig[]> {
const portMap = new Map<number, IRouteConfig[]>();
for (const route of routes) {
const ports = Array.isArray(route.match.ports)
? route.match.ports
: [route.match.ports];
for (const port of ports) {
if (!portMap.has(port)) {
portMap.set(port, []);
}
portMap.get(port)!.push(route);
}
}
return portMap;
}
```
3. Implement Port Usage Tracking:
```typescript
private updatePortUsageMap(routes: IRouteConfig[]): Map<number, Set<string>> {
// Map of port -> Set of route names using that port
const portUsage = new Map<number, Set<string>>();
for (const route of routes) {
const ports = Array.isArray(route.match.ports)
? route.match.ports
: [route.match.ports];
const routeName = route.name || `unnamed_${Math.random().toString(36).substring(2, 9)}`;
for (const port of ports) {
if (!portUsage.has(port)) {
portUsage.set(port, new Set());
}
portUsage.get(port)!.add(routeName);
}
}
return portUsage;
}
private findOrphanedPorts(oldUsage: Map<number, Set<string>>, newUsage: Map<number, Set<string>>): number[] {
// Find ports that have no routes in new configuration
const orphanedPorts: number[] = [];
for (const [port, routes] of oldUsage.entries()) {
if (!newUsage.has(port) || newUsage.get(port)!.size === 0) {
orphanedPorts.push(port);
logger.log('info', `Port ${port} no longer has any associated routes, will be released`, { port });
}
}
return orphanedPorts;
}
```
4. Implement Incremental Update Logic:
```typescript
public async updateRoutesIncremental(newRoutes: IRouteConfig[]): Promise<void> {
// Track port usage before and after update
const oldPortUsage = this.updatePortUsageMap(this.settings.routes);
const newPortUsage = this.updatePortUsageMap(newRoutes);
// Find orphaned ports - ports that no longer have any routes
const orphanedPorts = this.findOrphanedPorts(oldPortUsage, newPortUsage);
// Ports that need new bindings - not in old configuration
const newBindingPorts = [...newPortUsage.keys()].filter(p => !oldPortUsage.has(p));
// Close orphaned ports
if (orphanedPorts.length > 0) {
logger.log('info', `Releasing ${orphanedPorts.length} orphaned ports: ${orphanedPorts.join(', ')}`, { ports: orphanedPorts });
await this.portManager.removePorts(orphanedPorts);
}
// Bind to new ports
if (newBindingPorts.length > 0) {
logger.log('info', `Binding to ${newBindingPorts.length} new ports: ${newBindingPorts.join(', ')}`, { ports: newBindingPorts });
await this.portManager.addPorts(newBindingPorts);
}
// Update route configuration
this.settings.routes = newRoutes;
this.routeManager.updateRoutes(newRoutes);
// Update other components...
}
```
#### Phase 4: Improve Error Handling and Recovery
1. Enhance Error Reporting:
```typescript
private handlePortBindingError(port: number, error: any): void {
if (error.code === 'EADDRINUSE') {
const isInternalConflict = this.portManager.isPortBoundBySmartProxy(port);
if (isInternalConflict) {
logger.log('warn', `Port ${port} is already bound by SmartProxy. This is likely a route configuration issue.`, { port });
} else {
logger.log('error', `Port ${port} is in use by another application. Please choose a different port.`, { port });
}
} else {
logger.log('error', `Failed to bind to port ${port}: ${error.message}`, { port, error });
}
}
```
2. Implement ACME Port Fallback Strategy:
```typescript
private async selectAcmePort(): Promise<number> {
const preferredPort = this.globalAcmeDefaults?.port || 80;
// Check if preferred port is already bound internally
if (this.portManager.isPortBoundBySmartProxy(preferredPort)) {
// We can use it without a new binding
return preferredPort;
}
// Try to bind to preferred port
try {
// Temporary test binding
const server = plugins.net.createServer();
await new Promise<void>((resolve, reject) => {
server.listen(preferredPort, () => {
server.close();
resolve();
}).on('error', reject);
});
// If we get here, port is available
return preferredPort;
} catch (error) {
if (error.code === 'EADDRINUSE') {
// Port is unavailable, try fallback ports
for (const fallbackPort of [8080, 8081, 8082, 8083, 8084]) {
try {
// Test if we can bind to fallback
const server = plugins.net.createServer();
await new Promise<void>((resolve, reject) => {
server.listen(fallbackPort, () => {
server.close();
resolve();
}).on('error', reject);
});
logger.log('warn', `Primary ACME port ${preferredPort} is unavailable, using fallback port ${fallbackPort}`);
return fallbackPort;
} catch {
// Try next fallback
}
}
}
// All attempts failed
throw new Error(`Could not find an available port for ACME challenges`);
}
}
```
### Testing Strategy
1. **Unit Tests**:
- Test port binding intelligence
- Test route merging logic
- Test error handling mechanisms
- Test port reference counting
- Test orphaned port detection and cleanup
2. **Integration Tests**:
- Test multiple routes on the same port
- Test ACME challenges on ports with existing routes
- Test dynamic route addition and removal
- Test port lifecycle (bind → share → release)
- Test various recovery scenarios
3. **Stress Tests**:
- Test rapid route updates
- Test concurrent operations
- Test large scale route changes (add/remove many at once)
- Test frequent changes to see if ports are properly released
- Test recovery from port conflicts
### Release Plan
1. **19.4.0** - Phase 1 & 2: Port Manager and ACME Route Improvements
2. **19.5.0** - Phase 3: Enhanced Route Management
3. **19.6.0** - Phase 4: Improved Error Handling and Recovery

26
test/test.port-forwarding-fix.ts
View File

@ -5,7 +5,9 @@ import { SmartProxy } from '../ts/proxies/smart-proxy/smart-proxy.js';
let echoServer: net.Server;
let proxy: SmartProxy;
tap.test('port forwarding should not immediately close connections', async () => {
tap.test('port forwarding should not immediately close connections', async (tools) => {
// Set a timeout for this test
tools.timeout(10000); // 10 seconds
// Create an echo server
echoServer = await new Promise<net.Server>((resolve) => {
const server = net.createServer((socket) => {
@ -39,7 +41,9 @@ tap.test('port forwarding should not immediately close connections', async () =>
const result = await new Promise<string>((resolve, reject) => {
client.on('data', (data) => {
resolve(data.toString());
const response = data.toString();
client.end(); // Close the connection after receiving data
resolve(response);
});
client.on('error', reject);
@ -48,8 +52,6 @@ tap.test('port forwarding should not immediately close connections', async () =>
});
expect(result).toEqual('ECHO: Hello');
client.end();
});
tap.test('TLS passthrough should work correctly', async () => {
@ -76,11 +78,23 @@ tap.test('TLS passthrough should work correctly', async () => {
tap.test('cleanup', async () => {
if (echoServer) {
echoServer.close();
await new Promise<void>((resolve) => {
echoServer.close(() => {
console.log('Echo server closed');
resolve();
});
});
}
if (proxy) {
await proxy.stop();
console.log('Proxy stopped');
}
});
export default tap.start();
export default tap.start().then(() => {
// Force exit after tests complete
setTimeout(() => {
console.log('Forcing process exit');
process.exit(0);
}, 1000);
});

2
ts/00_commitinfo_data.ts
View File

@ -3,6 +3,6 @@
*/
export const commitinfo = {
name: '@push.rocks/smartproxy',
version: '19.3.12',
version: '19.3.13',
description: 'A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.'
}

48
ts/proxies/smart-proxy/certificate-manager.ts
View File

@ -416,6 +416,33 @@ export class SmartCertManager {
if (!this.challengeRoute) {
throw new Error('Challenge route not initialized');
}
// Get the challenge port
const challengePort = this.globalAcmeDefaults?.port || 80;
// Check if any existing routes are already using this port
const portInUseByRoutes = this.routes.some(route => {
const routePorts = Array.isArray(route.match.ports) ? route.match.ports : [route.match.ports];
return routePorts.some(p => {
// Handle both number and port range objects
if (typeof p === 'number') {
return p === challengePort;
} else if (typeof p === 'object' && 'from' in p && 'to' in p) {
// Port range case - check if challengePort is in range
return challengePort >= p.from && challengePort <= p.to;
}
return false;
});
});
if (portInUseByRoutes) {
logger.log('info', `Port ${challengePort} is already used by another route, merging ACME challenge route`, {
port: challengePort,
component: 'certificate-manager'
});
}
// Add the challenge route
const challengeRoute = this.challengeRoute;
try {
@ -430,10 +457,27 @@ export class SmartCertManager {
logger.log('info', 'ACME challenge route successfully added', { component: 'certificate-manager' });
} catch (error) {
logger.log('error', `Failed to add challenge route: ${error.message}`, { error: error.message, component: 'certificate-manager' });
// Handle specific EADDRINUSE errors differently based on whether it's an internal conflict
if ((error as any).code === 'EADDRINUSE') {
throw new Error(`Port ${this.globalAcmeDefaults?.port || 80} is already in use for ACME challenges`);
logger.log('error', `Failed to add challenge route on port ${challengePort}: ${error.message}`, {
error: error.message,
port: challengePort,
component: 'certificate-manager'
});
// Provide a more informative error message
throw new Error(
`Port ${challengePort} is already in use. ` +
`If it's in use by an external process, configure a different port in the ACME settings. ` +
`If it's in use by SmartProxy, there may be a route configuration issue.`
);
}
// Log and rethrow other errors
logger.log('error', `Failed to add challenge route: ${error.message}`, {
error: error.message,
component: 'certificate-manager'
});
throw error;
}
}

181
ts/proxies/smart-proxy/port-manager.ts
View File

@ -1,6 +1,7 @@
import * as plugins from '../../plugins.js';
import type { ISmartProxyOptions } from './models/interfaces.js';
import { RouteConnectionHandler } from './route-connection-handler.js';
import { logger } from '../../core/utils/logger.js';
/**
* PortManager handles the dynamic creation and removal of port listeners
@ -8,12 +9,17 @@ import { RouteConnectionHandler } from './route-connection-handler.js';
* This class provides methods to add and remove listening ports at runtime,
* allowing SmartProxy to adapt to configuration changes without requiring
* a full restart.
*
* It includes a reference counting system to track how many routes are using
* each port, so ports can be automatically released when they are no longer needed.
*/
export class PortManager {
private servers: Map<number, plugins.net.Server> = new Map();
private settings: ISmartProxyOptions;
private routeConnectionHandler: RouteConnectionHandler;
private isShuttingDown: boolean = false;
// Track how many routes are using each port
private portRefCounts: Map<number, number> = new Map();
/**
* Create a new PortManager
@ -38,10 +44,18 @@ export class PortManager {
public async addPort(port: number): Promise<void> {
// Check if we're already listening on this port
if (this.servers.has(port)) {
console.log(`PortManager: Already listening on port ${port}`);
// Port is already bound, just increment the reference count
this.incrementPortRefCount(port);
logger.log('debug', `PortManager: Port ${port} is already bound by SmartProxy, reusing binding`, {
port,
component: 'port-manager'
});
return;
}
// Initialize reference count for new port
this.portRefCounts.set(port, 1);
// Create a server for this port
const server = plugins.net.createServer((socket) => {
// Check if shutting down
@ -54,24 +68,56 @@ export class PortManager {
// Delegate to route connection handler
this.routeConnectionHandler.handleConnection(socket);
}).on('error', (err: Error) => {
console.log(`Server Error on port ${port}: ${err.message}`);
logger.log('error', `Server Error on port ${port}: ${err.message}`, {
port,
error: err.message,
component: 'port-manager'
});
});
// Start listening on the port
return new Promise<void>((resolve, reject) => {
server.listen(port, () => {
const isHttpProxyPort = this.settings.useHttpProxy?.includes(port);
console.log(
`SmartProxy -> OK: Now listening on port ${port}${
isHttpProxyPort ? ' (HttpProxy forwarding enabled)' : ''
}`
);
logger.log('info', `SmartProxy -> OK: Now listening on port ${port}${
isHttpProxyPort ? ' (HttpProxy forwarding enabled)' : ''
}`, {
port,
isHttpProxyPort: !!isHttpProxyPort,
component: 'port-manager'
});
// Store the server reference
this.servers.set(port, server);
resolve();
}).on('error', (err) => {
console.log(`Failed to listen on port ${port}: ${err.message}`);
// Check if this is an external conflict
const { isConflict, isExternal } = this.isPortConflict(err);
if (isConflict && !isExternal) {
// This is an internal conflict (port already bound by SmartProxy)
// This shouldn't normally happen because we check servers.has(port) above
logger.log('warn', `Port ${port} binding conflict: already in use by SmartProxy`, {
port,
component: 'port-manager'
});
// Still increment reference count to maintain tracking
this.incrementPortRefCount(port);
resolve();
return;
}
// Log the error and propagate it
logger.log('error', `Failed to listen on port ${port}: ${err.message}`, {
port,
error: err.message,
code: (err as any).code,
component: 'port-manager'
});
// Clean up reference count since binding failed
this.portRefCounts.delete(port);
reject(err);
});
});
@ -84,10 +130,28 @@ export class PortManager {
* @returns Promise that resolves when the server is closed
*/
public async removePort(port: number): Promise<void> {
// Decrement the reference count first
const newRefCount = this.decrementPortRefCount(port);
// If there are still references to this port, keep it open
if (newRefCount > 0) {
logger.log('debug', `PortManager: Port ${port} still has ${newRefCount} references, keeping open`, {
port,
refCount: newRefCount,
component: 'port-manager'
});
return;
}
// Get the server for this port
const server = this.servers.get(port);
if (!server) {
console.log(`PortManager: Not listening on port ${port}`);
logger.log('warn', `PortManager: Not listening on port ${port}`, {
port,
component: 'port-manager'
});
// Ensure reference count is reset
this.portRefCounts.delete(port);
return;
}
@ -95,13 +159,21 @@ export class PortManager {
return new Promise<void>((resolve) => {
server.close((err) => {
if (err) {
console.log(`Error closing server on port ${port}: ${err.message}`);
logger.log('error', `Error closing server on port ${port}: ${err.message}`, {
port,
error: err.message,
component: 'port-manager'
});
} else {
console.log(`SmartProxy -> Stopped listening on port ${port}`);
logger.log('info', `SmartProxy -> Stopped listening on port ${port}`, {
port,
component: 'port-manager'
});
}
// Remove the server reference
// Remove the server reference and clean up reference counting
this.servers.delete(port);
this.portRefCounts.delete(port);
resolve();
});
});
@ -192,4 +264,89 @@ export class PortManager {
public getServers(): Map<number, plugins.net.Server> {
return new Map(this.servers);
}
/**
* Check if a port is bound by this SmartProxy instance
*
* @param port The port number to check
* @returns True if the port is currently bound by SmartProxy
*/
public isPortBoundBySmartProxy(port: number): boolean {
return this.servers.has(port);
}
/**
* Get the current reference count for a port
*
* @param port The port number to check
* @returns The number of routes using this port, 0 if none
*/
public getPortRefCount(port: number): number {
return this.portRefCounts.get(port) || 0;
}
/**
* Increment the reference count for a port
*
* @param port The port number to increment
* @returns The new reference count
*/
public incrementPortRefCount(port: number): number {
const currentCount = this.portRefCounts.get(port) || 0;
const newCount = currentCount + 1;
this.portRefCounts.set(port, newCount);
logger.log('debug', `Port ${port} reference count increased to ${newCount}`, {
port,
refCount: newCount,
component: 'port-manager'
});
return newCount;
}
/**
* Decrement the reference count for a port
*
* @param port The port number to decrement
* @returns The new reference count
*/
public decrementPortRefCount(port: number): number {
const currentCount = this.portRefCounts.get(port) || 0;
if (currentCount <= 0) {
logger.log('warn', `Attempted to decrement reference count for port ${port} below zero`, {
port,
component: 'port-manager'
});
return 0;
}
const newCount = currentCount - 1;
this.portRefCounts.set(port, newCount);
logger.log('debug', `Port ${port} reference count decreased to ${newCount}`, {
port,
refCount: newCount,
component: 'port-manager'
});
return newCount;
}
/**
* Determine if a port binding error is due to an external or internal conflict
*
* @param error The error object from a failed port binding
* @returns Object indicating if this is a conflict and if it's external
*/
private isPortConflict(error: any): { isConflict: boolean; isExternal: boolean } {
if (error.code !== 'EADDRINUSE') {
return { isConflict: false, isExternal: false };
}
// Check if we already have this port
const isBoundInternally = this.servers.has(Number(error.port));
return { isConflict: true, isExternal: !isBoundInternally };
}
}

122
ts/proxies/smart-proxy/smart-proxy.ts
View File

@ -64,6 +64,9 @@ export class SmartProxy extends plugins.EventEmitter {
private routeUpdateLock: any = null; // Will be initialized as AsyncMutex
private acmeStateManager: AcmeStateManager;
// Track port usage across route updates
private portUsageMap: Map<number, Set<string>> = new Map();
/**
* Constructor for SmartProxy
*
@ -342,6 +345,16 @@ export class SmartProxy extends plugins.EventEmitter {
// Get listening ports from RouteManager
const listeningPorts = this.routeManager.getListeningPorts();
// Initialize port usage tracking
this.portUsageMap = this.updatePortUsageMap(this.settings.routes);
// Log port usage for startup
logger.log('info', `SmartProxy starting with ${listeningPorts.length} ports: ${listeningPorts.join(', ')}`, {
portCount: listeningPorts.length,
ports: listeningPorts,
component: 'smart-proxy'
});
// Provision NFTables rules for routes that use NFTables
for (const route of this.settings.routes) {
if (route.action.forwardingEngine === 'nftables') {
@ -548,6 +561,18 @@ export class SmartProxy extends plugins.EventEmitter {
return this.routeUpdateLock.runExclusive(async () => {
logger.log('info', `Updating routes (${newRoutes.length} routes)`, { routeCount: newRoutes.length, component: 'route-manager' });
// Track port usage before and after updates
const oldPortUsage = this.updatePortUsageMap(this.settings.routes);
const newPortUsage = this.updatePortUsageMap(newRoutes);
// Find orphaned ports - ports that no longer have any routes
const orphanedPorts = this.findOrphanedPorts(oldPortUsage, newPortUsage);
// Find new ports that need binding
const currentPorts = new Set(this.portManager.getListeningPorts());
const newPortsSet = new Set(newPortUsage.keys());
const newBindingPorts = Array.from(newPortsSet).filter(p => !currentPorts.has(p));
// Get existing routes that use NFTables
const oldNfTablesRoutes = this.settings.routes.filter(
r => r.action.forwardingEngine === 'nftables'
@ -584,14 +609,29 @@ export class SmartProxy extends plugins.EventEmitter {
// Update routes in RouteManager
this.routeManager.updateRoutes(newRoutes);
// Get the new set of required ports
const requiredPorts = this.routeManager.getListeningPorts();
// Update port listeners to match the new configuration
await this.portManager.updatePorts(requiredPorts);
// Release orphaned ports first
if (orphanedPorts.length > 0) {
logger.log('info', `Releasing ${orphanedPorts.length} orphaned ports: ${orphanedPorts.join(', ')}`, {
ports: orphanedPorts,
component: 'smart-proxy'
});
await this.portManager.removePorts(orphanedPorts);
}
// Add new ports
if (newBindingPorts.length > 0) {
logger.log('info', `Binding to ${newBindingPorts.length} new ports: ${newBindingPorts.join(', ')}`, {
ports: newBindingPorts,
component: 'smart-proxy'
});
await this.portManager.addPorts(newBindingPorts);
}
// Update settings with the new routes
this.settings.routes = newRoutes;
// Save the new port usage map for future reference
this.portUsageMap = newPortUsage;
// If HttpProxy is initialized, resync the configurations
if (this.httpProxyBridge.getHttpProxy()) {
@ -637,6 +677,78 @@ export class SmartProxy extends plugins.EventEmitter {
await this.certManager.provisionCertificate(route);
}
/**
* Update the port usage map based on the provided routes
*
* This tracks which ports are used by which routes, allowing us to
* detect when a port is no longer needed and can be released.
*/
private updatePortUsageMap(routes: IRouteConfig[]): Map<number, Set<string>> {
// Reset the usage map
const portUsage = new Map<number, Set<string>>();
for (const route of routes) {
// Get the ports for this route
const portsConfig = Array.isArray(route.match.ports)
? route.match.ports
: [route.match.ports];
// Expand port range objects to individual port numbers
const expandedPorts: number[] = [];
for (const portConfig of portsConfig) {
if (typeof portConfig === 'number') {
expandedPorts.push(portConfig);
} else if (typeof portConfig === 'object' && 'from' in portConfig && 'to' in portConfig) {
// Expand the port range
for (let p = portConfig.from; p <= portConfig.to; p++) {
expandedPorts.push(p);
}
}
}
// Use route name if available, otherwise generate a unique ID
const routeName = route.name || `unnamed_${Math.random().toString(36).substring(2, 9)}`;
// Add each port to the usage map
for (const port of expandedPorts) {
if (!portUsage.has(port)) {
portUsage.set(port, new Set());
}
portUsage.get(port)!.add(routeName);
}
}
// Log port usage for debugging
for (const [port, routes] of portUsage.entries()) {
logger.log('debug', `Port ${port} is used by ${routes.size} routes: ${Array.from(routes).join(', ')}`, {
port,
routeCount: routes.size,
component: 'smart-proxy'
});
}
return portUsage;
}
/**
* Find ports that have no routes in the new configuration
*/
private findOrphanedPorts(oldUsage: Map<number, Set<string>>, newUsage: Map<number, Set<string>>): number[] {
const orphanedPorts: number[] = [];
for (const [port, routes] of oldUsage.entries()) {
if (!newUsage.has(port) || newUsage.get(port)!.size === 0) {
orphanedPorts.push(port);
logger.log('info', `Port ${port} no longer has any associated routes, will be released`, {
port,
component: 'smart-proxy'
});
}
}
return orphanedPorts;
}
/**
* Force renewal of a certificate