push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-09 21:21:28 +00:00
parent d57d343050
commit b214e58a26
41 changed files with 502 additions and 2224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

484
ts/proxies/network-proxy/network-proxy.ts Normal file
View File

@ -0,0 +1,484 @@
import * as plugins from '../../plugins.js';
import {
createLogger
} from './models/types.js';
import type {
NetworkProxyOptions,
Logger,
ReverseProxyConfig
} from './models/types.js';
import { CertificateManager } from './certificate-manager.js';
import { ConnectionPool } from './connection-pool.js';
import { RequestHandler, type IMetricsTracker } from './request-handler.js';
import { WebSocketHandler } from './websocket-handler.js';
import { ProxyRouter } from '../../http/router/index.js';
import { Port80Handler } from '../../http/port80/port80-handler.js';
/**
* NetworkProxy provides a reverse proxy with TLS termination, WebSocket support,
* automatic certificate management, and high-performance connection pooling.
*/
export class NetworkProxy implements IMetricsTracker {
// Provide a minimal JSON representation to avoid circular references during deep equality checks
public toJSON(): any {
return {};
}
// Configuration
public options: NetworkProxyOptions;
public proxyConfigs: ReverseProxyConfig[] = [];
// Server instances (HTTP/2 with HTTP/1 fallback)
public httpsServer: any;
// Core components
private certificateManager: CertificateManager;
private connectionPool: ConnectionPool;
private requestHandler: RequestHandler;
private webSocketHandler: WebSocketHandler;
private router = new ProxyRouter();
// State tracking
public socketMap = new plugins.lik.ObjectMap<plugins.net.Socket>();
public activeContexts: Set<string> = new Set();
public connectedClients: number = 0;
public startTime: number = 0;
public requestsServed: number = 0;
public failedRequests: number = 0;
// Tracking for SmartProxy integration
private portProxyConnections: number = 0;
private tlsTerminatedConnections: number = 0;
// Timers
private metricsInterval: NodeJS.Timeout;
private connectionPoolCleanupInterval: NodeJS.Timeout;
// Logger
private logger: Logger;
/**
* Creates a new NetworkProxy instance
*/
constructor(optionsArg: NetworkProxyOptions) {
// Set default options
this.options = {
port: optionsArg.port,
maxConnections: optionsArg.maxConnections || 10000,
keepAliveTimeout: optionsArg.keepAliveTimeout || 120000, // 2 minutes
headersTimeout: optionsArg.headersTimeout || 60000, // 1 minute
logLevel: optionsArg.logLevel || 'info',
cors: optionsArg.cors || {
allowOrigin: '*',
allowMethods: 'GET, POST, PUT, DELETE, OPTIONS',
allowHeaders: 'Content-Type, Authorization',
maxAge: 86400
},
// Defaults for SmartProxy integration
connectionPoolSize: optionsArg.connectionPoolSize || 50,
portProxyIntegration: optionsArg.portProxyIntegration || false,
useExternalPort80Handler: optionsArg.useExternalPort80Handler || false,
// Backend protocol (http1 or http2)
backendProtocol: optionsArg.backendProtocol || 'http1',
// Default ACME options
acme: {
enabled: optionsArg.acme?.enabled || false,
port: optionsArg.acme?.port || 80,
accountEmail: optionsArg.acme?.accountEmail || 'admin@example.com',
useProduction: optionsArg.acme?.useProduction || false, // Default to staging for safety
renewThresholdDays: optionsArg.acme?.renewThresholdDays || 30,
autoRenew: optionsArg.acme?.autoRenew !== false, // Default to true
certificateStore: optionsArg.acme?.certificateStore || './certs',
skipConfiguredCerts: optionsArg.acme?.skipConfiguredCerts || false
}
};
// Initialize logger
this.logger = createLogger(this.options.logLevel);
// Initialize components
this.certificateManager = new CertificateManager(this.options);
this.connectionPool = new ConnectionPool(this.options);
this.requestHandler = new RequestHandler(this.options, this.connectionPool, this.router);
this.webSocketHandler = new WebSocketHandler(this.options, this.connectionPool, this.router);
// Connect request handler to this metrics tracker
this.requestHandler.setMetricsTracker(this);
}
/**
* Implements IMetricsTracker interface to increment request counters
*/
public incrementRequestsServed(): void {
this.requestsServed++;
}
/**
* Implements IMetricsTracker interface to increment failed request counters
*/
public incrementFailedRequests(): void {
this.failedRequests++;
}
/**
* Returns the port number this NetworkProxy is listening on
* Useful for SmartProxy to determine where to forward connections
*/
public getListeningPort(): number {
return this.options.port;
}
/**
* Updates the server capacity settings
* @param maxConnections Maximum number of simultaneous connections
* @param keepAliveTimeout Keep-alive timeout in milliseconds
* @param connectionPoolSize Size of the connection pool per backend
*/
public updateCapacity(maxConnections?: number, keepAliveTimeout?: number, connectionPoolSize?: number): void {
if (maxConnections !== undefined) {
this.options.maxConnections = maxConnections;
this.logger.info(`Updated max connections to ${maxConnections}`);
}
if (keepAliveTimeout !== undefined) {
this.options.keepAliveTimeout = keepAliveTimeout;
if (this.httpsServer) {
this.httpsServer.keepAliveTimeout = keepAliveTimeout;
this.logger.info(`Updated keep-alive timeout to ${keepAliveTimeout}ms`);
}
}
if (connectionPoolSize !== undefined) {
this.options.connectionPoolSize = connectionPoolSize;
this.logger.info(`Updated connection pool size to ${connectionPoolSize}`);
// Clean up excess connections in the pool
this.connectionPool.cleanupConnectionPool();
}
}
/**
* Returns current server metrics
* Useful for SmartProxy to determine which NetworkProxy to use for load balancing
*/
public getMetrics(): any {
return {
activeConnections: this.connectedClients,
totalRequests: this.requestsServed,
failedRequests: this.failedRequests,
portProxyConnections: this.portProxyConnections,
tlsTerminatedConnections: this.tlsTerminatedConnections,
connectionPoolSize: this.connectionPool.getPoolStatus(),
uptime: Math.floor((Date.now() - this.startTime) / 1000),
memoryUsage: process.memoryUsage(),
activeWebSockets: this.webSocketHandler.getConnectionInfo().activeConnections
};
}
/**
* Sets an external Port80Handler for certificate management
* This allows the NetworkProxy to use a centrally managed Port80Handler
* instead of creating its own
*
* @param handler The Port80Handler instance to use
*/
public setExternalPort80Handler(handler: Port80Handler): void {
// Connect it to the certificate manager
this.certificateManager.setExternalPort80Handler(handler);
}
/**
* Starts the proxy server
*/
public async start(): Promise<void> {
this.startTime = Date.now();
// Initialize Port80Handler if enabled and not using external handler
if (this.options.acme?.enabled && !this.options.useExternalPort80Handler) {
await this.certificateManager.initializePort80Handler();
}
// Create HTTP/2 server with HTTP/1 fallback
this.httpsServer = plugins.http2.createSecureServer(
{
key: this.certificateManager.getDefaultCertificates().key,
cert: this.certificateManager.getDefaultCertificates().cert,
allowHTTP1: true,
ALPNProtocols: ['h2', 'http/1.1']
}
);
// Track raw TCP connections for metrics and limits
this.setupConnectionTracking();
// Handle incoming HTTP/2 streams
this.httpsServer.on('stream', (stream: any, headers: any) => {
this.requestHandler.handleHttp2(stream, headers);
});
// Handle HTTP/1.x fallback requests
this.httpsServer.on('request', (req: any, res: any) => {
this.requestHandler.handleRequest(req, res);
});
// Share server with certificate manager for dynamic contexts
this.certificateManager.setHttpsServer(this.httpsServer);
// Setup WebSocket support on HTTP/1 fallback
this.webSocketHandler.initialize(this.httpsServer);
// Start metrics logging
this.setupMetricsCollection();
// Start periodic connection pool cleanup
this.connectionPoolCleanupInterval = this.connectionPool.setupPeriodicCleanup();
// Start the server
return new Promise((resolve) => {
this.httpsServer.listen(this.options.port, () => {
this.logger.info(`NetworkProxy started on port ${this.options.port}`);
resolve();
});
});
}
/**
* Sets up tracking of TCP connections
*/
private setupConnectionTracking(): void {
this.httpsServer.on('connection', (connection: plugins.net.Socket) => {
// Check if max connections reached
if (this.socketMap.getArray().length >= this.options.maxConnections) {
this.logger.warn(`Max connections (${this.options.maxConnections}) reached, rejecting new connection`);
connection.destroy();
return;
}
// Add connection to tracking
this.socketMap.add(connection);
this.connectedClients = this.socketMap.getArray().length;
// Check for connection from SmartProxy by inspecting the source port
const localPort = connection.localPort || 0;
const remotePort = connection.remotePort || 0;
// If this connection is from a SmartProxy (usually indicated by it coming from localhost)
if (this.options.portProxyIntegration && connection.remoteAddress?.includes('127.0.0.1')) {
this.portProxyConnections++;
this.logger.debug(`New connection from SmartProxy (local: ${localPort}, remote: ${remotePort})`);
} else {
this.logger.debug(`New direct connection (local: ${localPort}, remote: ${remotePort})`);
}
// Setup connection cleanup handlers
const cleanupConnection = () => {
if (this.socketMap.checkForObject(connection)) {
this.socketMap.remove(connection);
this.connectedClients = this.socketMap.getArray().length;
// If this was a SmartProxy connection, decrement the counter
if (this.options.portProxyIntegration && connection.remoteAddress?.includes('127.0.0.1')) {
this.portProxyConnections--;
}
this.logger.debug(`Connection closed. ${this.connectedClients} connections remaining`);
}
};
connection.on('close', cleanupConnection);
connection.on('error', (err) => {
this.logger.debug('Connection error', err);
cleanupConnection();
});
connection.on('end', cleanupConnection);
});
// Track TLS handshake completions
this.httpsServer.on('secureConnection', (tlsSocket) => {
this.tlsTerminatedConnections++;
this.logger.debug('TLS handshake completed, connection secured');
});
}
/**
* Sets up metrics collection
*/
private setupMetricsCollection(): void {
this.metricsInterval = setInterval(() => {
const uptime = Math.floor((Date.now() - this.startTime) / 1000);
const metrics = {
uptime,
activeConnections: this.connectedClients,
totalRequests: this.requestsServed,
failedRequests: this.failedRequests,
portProxyConnections: this.portProxyConnections,
tlsTerminatedConnections: this.tlsTerminatedConnections,
activeWebSockets: this.webSocketHandler.getConnectionInfo().activeConnections,
memoryUsage: process.memoryUsage(),
activeContexts: Array.from(this.activeContexts),
connectionPool: this.connectionPool.getPoolStatus()
};
this.logger.debug('Proxy metrics', metrics);
}, 60000); // Log metrics every minute
// Don't keep process alive just for metrics
if (this.metricsInterval.unref) {
this.metricsInterval.unref();
}
}
/**
* Updates proxy configurations
*/
public async updateProxyConfigs(
proxyConfigsArg: ReverseProxyConfig[]
): Promise<void> {
this.logger.info(`Updating proxy configurations (${proxyConfigsArg.length} configs)`);
// Update internal configs
this.proxyConfigs = proxyConfigsArg;
this.router.setNewProxyConfigs(proxyConfigsArg);
// Collect all hostnames for cleanup later
const currentHostNames = new Set<string>();
// Add/update SSL contexts for each host
for (const config of proxyConfigsArg) {
currentHostNames.add(config.hostName);
try {
// Update certificate in cache
this.certificateManager.updateCertificateCache(
config.hostName,
config.publicKey,
config.privateKey
);
this.activeContexts.add(config.hostName);
} catch (error) {
this.logger.error(`Failed to add SSL context for ${config.hostName}`, error);
}
}
// Clean up removed contexts
for (const hostname of this.activeContexts) {
if (!currentHostNames.has(hostname)) {
this.logger.info(`Hostname ${hostname} removed from configuration`);
this.activeContexts.delete(hostname);
}
}
// Register domains with Port80Handler if available
const domainsForACME = Array.from(currentHostNames)
.filter(domain => !domain.includes('*')); // Skip wildcard domains
this.certificateManager.registerDomainsWithPort80Handler(domainsForACME);
}
/**
* Converts SmartProxy domain configurations to NetworkProxy configs
* @param domainConfigs SmartProxy domain configs
* @param sslKeyPair Default SSL key pair to use if not specified
* @returns Array of NetworkProxy configs
*/
public convertSmartProxyConfigs(
domainConfigs: Array<{
domains: string[];
targetIPs?: string[];
allowedIPs?: string[];
}>,
sslKeyPair?: { key: string; cert: string }
): ReverseProxyConfig[] {
const proxyConfigs: ReverseProxyConfig[] = [];
// Use default certificates if not provided
const defaultCerts = this.certificateManager.getDefaultCertificates();
const sslKey = sslKeyPair?.key || defaultCerts.key;
const sslCert = sslKeyPair?.cert || defaultCerts.cert;
for (const domainConfig of domainConfigs) {
// Each domain in the domains array gets its own config
for (const domain of domainConfig.domains) {
// Skip non-hostname patterns (like IP addresses)
if (domain.match(/^\d+\.\d+\.\d+\.\d+$/) || domain === '*' || domain === 'localhost') {
continue;
}
proxyConfigs.push({
hostName: domain,
destinationIps: domainConfig.targetIPs || ['localhost'],
destinationPorts: [this.options.port], // Use the NetworkProxy port
privateKey: sslKey,
publicKey: sslCert
});
}
}
this.logger.info(`Converted ${domainConfigs.length} SmartProxy configs to ${proxyConfigs.length} NetworkProxy configs`);
return proxyConfigs;
}
/**
* Adds default headers to be included in all responses
*/
public async addDefaultHeaders(headersArg: { [key: string]: string }): Promise<void> {
this.logger.info('Adding default headers', headersArg);
this.requestHandler.setDefaultHeaders(headersArg);
}
/**
* Stops the proxy server
*/
public async stop(): Promise<void> {
this.logger.info('Stopping NetworkProxy server');
// Clear intervals
if (this.metricsInterval) {
clearInterval(this.metricsInterval);
}
if (this.connectionPoolCleanupInterval) {
clearInterval(this.connectionPoolCleanupInterval);
}
// Stop WebSocket handler
this.webSocketHandler.shutdown();
// Close all tracked sockets
for (const socket of this.socketMap.getArray()) {
try {
socket.destroy();
} catch (error) {
this.logger.error('Error destroying socket', error);
}
}
// Close all connection pool connections
this.connectionPool.closeAllConnections();
// Stop Port80Handler if internally managed
await this.certificateManager.stopPort80Handler();
// Close the HTTPS server
return new Promise((resolve) => {
this.httpsServer.close(() => {
this.logger.info('NetworkProxy server stopped successfully');
resolve();
});
});
}
/**
* Requests a new certificate for a domain
* This can be used to manually trigger certificate issuance
* @param domain The domain to request a certificate for
* @returns A promise that resolves when the request is submitted (not when the certificate is issued)
*/
public async requestCertificate(domain: string): Promise<boolean> {
return this.certificateManager.requestCertificate(domain);
}
/**
* Gets all proxy configurations currently in use
*/
public getProxyConfigs(): ReverseProxyConfig[] {
return [...this.proxyConfigs];
}
}