diff --git a/README.md b/README.md index 76c4e4c..4f77820 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ You should see a message similar to `[+] Building 6.6s (18/18) FINISHED`. The co You can manually execute the Docker container with the following `docker` command ```bash -docker run -it -p 80:80 -p 443:443 -p 5222:5222 -p 8080:8080 -p 8443:8443 -p 8222:8222 -p 8199:8199 whatsapp_proxy:1.0 +docker run -it -p 80:80 -p 443:443 -p 5222:5222 -p 8080:8080 -p 8443:8443 -p 8222:8222 -p 8199:8199 -p 587:587 -p 7777:7777 whatsapp_proxy:1.0 ``` You will see lines ending with `Certificate generation completed.`. The HAProxy is running in the background and will continue to do so until you close this process. @@ -104,6 +104,7 @@ Depending on the scenario in which you utilize your proxy, the proxy container e 1. 80: Standard web traffic (HTTP) 2. 443: Standard web traffic, encrypted (HTTPS) 3. 5222: Jabber protocol traffic (WhatsApp default) +4. 587 or 7777: *.whatsapp.net traffic including media (HTTPS) There are also ports configured which accept incoming [proxy headers](https://www.haproxy.com/blog/use-the-proxy-protocol-to-preserve-a-clients-ip-address/) (version 1 or 2) on connections. If you have a network load balancer you can preserve the client IP address if you want. diff --git a/proxy/Dockerfile b/proxy/Dockerfile index 44f5bdd..288a45d 100644 --- a/proxy/Dockerfile +++ b/proxy/Dockerfile @@ -51,6 +51,8 @@ EXPOSE 8443/tcp EXPOSE 5222/tcp EXPOSE 8222/tcp EXPOSE 8199/tcp +EXPOSE 587/tcp +EXPOSE 7777/tcp # This is the startup command which also runs a background job to manage the WAPOX IPs CMD /usr/local/bin/set_public_ip_and_start.sh diff --git a/proxy/ops/docker-compose.yml b/proxy/ops/docker-compose.yml index c785528..811636a 100644 --- a/proxy/ops/docker-compose.yml +++ b/proxy/ops/docker-compose.yml @@ -17,6 +17,8 @@ services: - "8080:8080" # HTTP with accept-proxy processing - "8443:8443" # HTTPS with accept-proxy processing - "8222:8222" # JABBER with accept-proxy processing + - "587:587" # whatsapp.net + - "7777:7777" # whatsapp.net healthcheck: test: /usr/local/bin/healthcheck.sh interval: 10s diff --git a/proxy/src/healthcheck.sh b/proxy/src/healthcheck.sh index 4ecc6d3..0e65171 100644 --- a/proxy/src/healthcheck.sh +++ b/proxy/src/healthcheck.sh @@ -8,17 +8,17 @@ curl -s -w 2 "http://127.0.0.1:8199/;csv" > /tmp/stats.txt || exit 1 # First trim off the leading line which is just "#" # Then convert the ugly CSV to slightly less ugly JSON -# Filter out the lines for g_whatsapp_net backend status +# Filter out the lines for *.whatsapp_net backend status # Select the "check_desc" field (Description of the check result) # and take all results that do NOT equal "Layer4 check passed" from HAProxy -RESULT=$(tail -n +1 /tmp/stats.txt | jq -R 'split(",")' | jq -c '. | select(.[1] | contains("g_whatsapp_net"))' | jq --raw-output '.[65]| select(. | test("Layer4 check passed") | not)') +RESULT=$(tail -n +1 /tmp/stats.txt | jq -R 'split(",")' | jq -c '. | select(.[1] | contains("whatsapp_net"))' | jq --raw-output '.[65]| select(. | test("Layer4 check passed") | not)') # # CSV output header row: # # ["# pxname","svname","qcur","qmax","scur","smax","slim","stot","bin","bout","dreq","dresp","ereq","econ","eresp","wretr","wredis","status","weight","act","bck","chkfail","chkdown","lastchg","downtime","qlimit","pid","iid","sid","throttle","lbtot","tracked","type","rate","rate_lim","rate_max","check_status","check_code","check_duration","hrsp_1xx","hrsp_2xx","hrsp_3xx","hrsp_4xx","hrsp_5xx","hrsp_other","hanafail","req_rate","req_rate_max","req_tot","cli_abrt","srv_abrt","comp_in","comp_out","comp_byp","comp_rsp","lastsess","last_chk","last_agt","qtime","ctime","rtime","ttime","agent_status","agent_code","agent_duration","check_desc","agent_desc","check_rise","check_fall","check_health","agent_rise","agent_fall","agent_health","addr","cookie","mode","algo","conn_rate","conn_rate_max","conn_tot","intercepted","dcon","dses","wrew","connect","reuse","cache_lookups","cache_hits","srv_icur","src_ilim","qtime_max","ctime_max","rtime_max","ttime_max","eint","idle_conn_cur","safe_conn_cur","used_conn_cur","need_conn_est","uweight","agg_server_check_status","-","ssl_sess","ssl_reused_sess","ssl_failed_handshake","h2_headers_rcvd","h2_data_rcvd","h2_settings_rcvd","h2_rst_stream_rcvd","h2_goaway_rcvd","h2_detected_conn_protocol_errors","h2_detected_strm_protocol_errors","h2_rst_stream_resp","h2_goaway_resp","h2_open_connections","h2_backend_open_streams","h2_total_connections","h2_backend_total_streams",""] if [ "$RESULT" != "" ] then - echo "[HEALTHCHECKER] Container failed healthchecks, L4 healthcheck on g.whatsapp.net failed" + echo "[HEALTHCHECKER] Container failed healthchecks, L4 healthcheck on *.whatsapp.net failed" echo "[HEALTKCHECKER] Result $RESULT" exit -1; fi diff --git a/proxy/src/proxy_config.cfg b/proxy/src/proxy_config.cfg index 76707ed..889d991 100644 --- a/proxy/src/proxy_config.cfg +++ b/proxy/src/proxy_config.cfg @@ -80,6 +80,19 @@ frontend haproxy_v4_xmpp default_backend wa +frontend haproxy_v4_whatsapp_net + maxconn 27495 + #PUBLIC_IP + + bind ipv4@*:587 + bind ipv4@*:7777 + + default_backend wa_whatsapp_net + +backend wa_whatsapp_net + default-server check inter 60000 observe layer4 + server whatsapp_net_443 whatsapp.net:443 + backend wa default-server check inter 60000 observe layer4 send-proxy server g_whatsapp_net_5222 g.whatsapp.net:5222 diff --git a/proxy/src/set_public_ip_and_start.sh b/proxy/src/set_public_ip_and_start.sh index 178e588..9ade79a 100755 --- a/proxy/src/set_public_ip_and_start.sh +++ b/proxy/src/set_public_ip_and_start.sh @@ -6,7 +6,7 @@ ## About: # This script replaces instances of #PUBLIC_IP in the HaProxy configuration files -# with the the real public ip. There's an order of priority here which is +# with the real public ip. There's an order of priority here which is # 1. Environment variable # 2. AWS EC2 Metadata endpoint # 3. Third-party sources