From 58345473ca23fd77b407dd4b6411419662dc1cba Mon Sep 17 00:00:00 2001 From: Oleksander Piskun Date: Mon, 5 Jan 2026 11:50:11 +0200 Subject: [PATCH 1/2] feat(SPOE-port): allow define custom port number for internal SPOE agent Signed-off-by: Oleksander Piskun --- Dockerfile | 1 + haproxy.cfg.template | 3 ++- haproxy_agent.py | 7 +++++-- healthcheck.sh | 11 ++++------- start.sh | 13 +++++++++---- 5 files changed, 21 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 523c57f..4f3585c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,6 +32,7 @@ USER root ENV HP_EXAPPS_ADDRESS="0.0.0.0:8780" \ HP_EXAPPS_HTTPS_ADDRESS="0.0.0.0:8781" \ HP_FRP_ADDRESS="0.0.0.0:8782" \ + HP_SPOA_ADDRESS="127.0.0.1:9600" \ HP_FRP_DISABLE_TLS="false" \ HP_TIMEOUT_CONNECT="30s" \ HP_TIMEOUT_CLIENT="30s" \ diff --git a/haproxy.cfg.template b/haproxy.cfg.template index 37c0b6b..040a23b 100644 --- a/haproxy.cfg.template +++ b/haproxy.cfg.template @@ -7,6 +7,7 @@ # This template is processed by envsubst in start.sh to replace variables: # HP_EXAPPS_ADDRESS, # HP_EXAPPS_HTTPS_ADDRESS, +# HP_SPOA_ADDRESS, # HP_TIMEOUT_CONNECT, # HP_TIMEOUT_CLIENT, # HP_TIMEOUT_SERVER, @@ -119,4 +120,4 @@ backend agents timeout connect 5s timeout server 3m option spop-check - server agent1 127.0.0.1:9600 check + server agent1 ${HP_SPOA_ADDRESS} check diff --git a/haproxy_agent.py b/haproxy_agent.py index 8a32779..f0a35ca 100644 --- a/haproxy_agent.py +++ b/haproxy_agent.py @@ -28,6 +28,9 @@ APPID_PATTERN = re.compile(r"(?:^|/)exapps/([^/]+)") SHARED_KEY = os.environ.get("HP_SHARED_KEY") NC_INSTANCE_URL = os.environ.get("NC_INSTANCE_URL") +SPOA_ADDRESS = os.environ.get("HP_SPOA_ADDRESS", "127.0.0.1:9600") +SPOA_HOST, SPOA_PORT = SPOA_ADDRESS.rsplit(":", 1) +SPOA_PORT = int(SPOA_PORT) # Set up the logging configuration LOG_LEVEL = os.environ["HP_LOG_LEVEL"].upper() logging.basicConfig(level=LOG_LEVEL) @@ -1705,10 +1708,10 @@ async def run_http_server(host="127.0.0.1", port=8200): async def main(): - spoa_task = asyncio.create_task(SPOA_AGENT._run(host="127.0.0.1", port=9600)) # noqa + spoa_task = asyncio.create_task(SPOA_AGENT._run(host=SPOA_HOST, port=SPOA_PORT)) # noqa http_task = asyncio.create_task(run_http_server(host="127.0.0.1", port=8200)) - LOGGER.info("Starting both servers: SPOA on 127.0.0.1:9600, HTTP on 127.0.0.1:8200") + LOGGER.info("Starting both servers: SPOA on %s:%d, HTTP on 127.0.0.1:8200", SPOA_HOST, SPOA_PORT) await asyncio.gather(spoa_task, http_task) diff --git a/healthcheck.sh b/healthcheck.sh index 6ce312b..6ec06a4 100644 --- a/healthcheck.sh +++ b/healthcheck.sh @@ -6,7 +6,7 @@ # healthcheck.sh # - Validates HAProxy config syntax. # - Checks if Python SPOE HTTP Control API is listening on 127.0.0.1:8200. -# - Checks if SPOE Agent is running on 127.0.0.1:9600. +# - Checks if SPOE Agent is running on HP_SPOA_ADDRESS (default 127.0.0.1:9600). # - Checks FRP port at HP_FRP_ADDRESS. # - Checks EXAPPS HTTP frontend, and also the EXAPPS HTTPS frontend if the /certs/cert.pem file exists. # @@ -26,12 +26,6 @@ if ! nc -z 127.0.0.1 8200; then exit 1 fi -# 3) Check SPOE Agent port on 127.0.0.1:9600 -if ! nc -z 127.0.0.1 9600; then - echo "ERROR: SPOE Agent not responding on 127.0.0.1:9600" - exit 1 -fi - # Helper: netcat a given "host:port" check_port () { local fulladdr="$1" @@ -53,6 +47,9 @@ check_port () { fi } +# 3) Check SPOE Agent port +check_port "${HP_SPOA_ADDRESS:-127.0.0.1:9600}" + # 4) Check FRP port check_port "${HP_FRP_ADDRESS:-0.0.0.0:8782}" diff --git a/start.sh b/start.sh index 265a1b4..9425d3b 100644 --- a/start.sh +++ b/start.sh @@ -11,7 +11,7 @@ set -e # - Reads HP_SHARED_KEY or HP_SHARED_KEY_FILE # - Comments out HTTPS frontends if no /certs/cert.pem is found # - Starts FRP server (frps) on HP_FRP_ADDRESS -# - Starts the Python SPOE agent on 127.0.0.1:9600 +# - Starts the Python SPOE agent on HP_SPOA_ADDRESS # - Launches Python SPOE HTTP Control API on 127.0.0.1:8200 # - Finally runs HAProxy in the foreground # @@ -108,6 +108,11 @@ fi FRP_HOST="$(echo "$HP_FRP_ADDRESS" | cut -d':' -f1)" FRP_PORT="$(echo "$HP_FRP_ADDRESS" | cut -d':' -f2)" +# Initialize SPOA_HOST and SPOA_PORT from HP_SPOA_ADDRESS (default 127.0.0.1:9600). +HP_SPOA_ADDRESS="${HP_SPOA_ADDRESS:-127.0.0.1:9600}" +SPOA_HOST="$(echo "$HP_SPOA_ADDRESS" | cut -d':' -f1)" +SPOA_PORT="$(echo "$HP_SPOA_ADDRESS" | cut -d':' -f2)" + # ---------------------------------------------------------------------------- # Map HP_LOG_LEVEL (our user-friendly strings) to valid HAProxy log levels # ---------------------------------------------------------------------------- @@ -340,15 +345,15 @@ EOF fi fi -log "INFO: Starting Python HaProxy Agent on 127.0.0.1:8200 and 127.0.0.1:9600..." +log "INFO: Starting Python HaProxy Agent on 127.0.0.1:8200 and ${HP_SPOA_ADDRESS}..." nohup python3 /usr/local/bin/haproxy_agent.py & # Wait deterministically for the agent to be ready (HTTP) and for SPOA (TCP) log "INFO: Waiting for HaRP Agent HTTP (GET http://127.0.0.1:8200/info) to be ready..." wait_for_http "http://127.0.0.1:8200/info" "$HP_WAIT_AGENT_HTTP" "$HP_WAIT_INTERVAL" -log "INFO: Waiting for SPOA port 127.0.0.1:9600..." -wait_for_tcp "127.0.0.1" "9600" "$HP_WAIT_SPOA" "$HP_WAIT_INTERVAL" +log "INFO: Waiting for SPOA port ${HP_SPOA_ADDRESS}..." +wait_for_tcp "$SPOA_HOST" "$SPOA_PORT" "$HP_WAIT_SPOA" "$HP_WAIT_INTERVAL" log "INFO: Starting FRP server on ${HP_FRP_ADDRESS}..." frps -c /frps.toml & From 1a9492b07ef2cd278de5940ddc260ad5a8912926 Mon Sep 17 00:00:00 2001 From: Oleksander Piskun Date: Mon, 5 Jan 2026 12:11:16 +0200 Subject: [PATCH 2/2] update README.md Signed-off-by: Oleksander Piskun --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 54e648e..e5bab50 100644 --- a/README.md +++ b/README.md @@ -153,6 +153,11 @@ HaRP is configured via several environment variables. Here are the key variables - **Default:** `HP_FRP_ADDRESS="0.0.0.0:8782"` - **Note:** Should be accessible from where your ExApps are running. +- **`HP_SPOA_ADDRESS`** + - **Description:** IP:Port for the internal SPOE agent that HAProxy uses for request authentication. + - **Default:** `HP_SPOA_ADDRESS="127.0.0.1:9600"` + - **Note:** Only change if port 9600 conflicts with another service. + - **`HP_SHARED_KEY`** (or **`HP_SHARED_KEY_FILE`**) - **Description:** A secret token used for authentication between services. - **Requirement:** Must be set at runtime. Use only one of these methods.