#!/usr/bin/env bash set +e haproxy_admin_port=1936 starting_port=11080 script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" grep 'password=.*' "${script_dir}/.env" > /dev/null 2>&1\ || (password=$(openssl rand -base64 12)\ && printf "declare -x password='${password}'" > "${script_dir}/.env") source "${script_dir}/.env" tmpcfg=$(mktemp) cat << EOF > ${tmpcfg} global daemon maxconn 256 defaults mode tcp timeout connect 5000ms timeout client 50000ms timeout server 50000ms listen admin mode http bind *:${haproxy_admin_port} stats enable stats refresh 30s stats hide-version stats show-node stats uri / stats realm HAProxy\ Admin stats auth admin:${password} EOF port=${starting_port} ports=${port} echo "listen random-proxy:${port}" >> ${tmpcfg} echo " mode tcp" >> ${tmpcfg} echo " bind *:${port}" >> ${tmpcfg} for proxy in $(netstat -a -n -p | grep -E '^tcp\s+0\s+0\s+127.0.0.1:[0-9]+\s+0\.0\.0\.0:\*\s+LISTEN\s+[0-9]+/sshd:\s+tunnel$' | awk '{print $4}'); do echo " server ${proxy} ${proxy} maxconn 32 check port $(echo ${proxy} | awk -F':' '{print $2}')" >> ${tmpcfg} printf '\n' >> ${tmpcfg} done for proxy in $(netstat -a -n -p | grep -E '^tcp\s+0\s+0\s+127.0.0.1:[0-9]+\s+0\.0\.0\.0:\*\s+LISTEN\s+[0-9]+/sshd:\s+tunnel$' | awk '{print $4}'); do json=$(/usr/bin/curl --connect-timeout 5 --max-time 10 --silent --fail --socks ${proxy} freegeoip.net/json/) echo ${json} | jq '.' city=$(echo $json | jq -r '.city' | sed 's/ /-/g') [ "${city}" ] || city=Unknown country=$(echo $json | jq -r '.country_name' | sed 's/ /-/g') [ "${country}" ] || country=Unknown ip=$(echo $json | jq -r '.ip') [ ${ip} ] || ip=Unknown port=$(( ${port} + 1 )) if [ ! ${ports} ]; then ports=${port}; else ports="${ports},${port}";fi listen="${country}-${city}:${port}" echo "listen ${listen}" >> ${tmpcfg} echo " mode tcp" >> ${tmpcfg} echo " bind *:${port}" >> ${tmpcfg} echo " server ${ip}:$(echo ${proxy} | awk -F':' '{print $2}') ${proxy} maxconn 32 check port $(echo ${proxy} | awk -F':' '{print $2}')" >> ${tmpcfg} done if /usr/sbin/haproxy -c -f ${tmpcfg}; then cat ${tmpcfg} /sbin/iptables -I INPUT -p tcp -m multiport --dports ${ports} --syn -j DROP /bin/sleep 1s /usr/sbin/service haproxy restart /sbin/iptables -D INPUT -p tcp -m multiport --dports ${ports} --syn -j DROP else cat ${tmpcfg} fi rm ${tmpcfg}