Check API

anycast-certs.sh

@@ -0,0 +1,5 @@
+sudo certbot certonly --standalone --preferred-challenges http \
+    --server https://acme-v02.api.letsencrypt.org/directory --http-01-port 12345 \
+    --register-unsafely-without-email \
+    -d uncensored.any.dns.nixnet.xyz -d adblock.any.dns.nixnet.xyz -d check.any.dns.nixnet.xyz
+

anycast.http

@@ -0,0 +1,6 @@
+HTTP/1.0 200 Found
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/plain
+
+lv1.nixnet.xyz

haproxy.cfg

@@ -64,6 +64,8 @@ frontend http-ac-in
 
 	use_backend letsencrypt-lv1 if { path_beg -i /.well-known/acme-challenge }
 
+	default_backend redirect-to-https
+
 backend letsencrypt-lv1
 	mode http
 	server letsencrypt-http 10.250.66.2:12345 verify none
@@ -72,10 +74,18 @@ backend letsencrypt-lv1
 frontend 443-in
 	bind 209.141.34.95:443 tfo ssl crt /etc/haproxy/certs
 	bind [2605:6400:20:e6d::1]:443 tfo ssl crt /etc/haproxy/certs
-	bind 198.251.90.114:443 tfo ssl crt /etc/haproxy/certs
+	bind 198.251.90.114:443 tfo ssl crt /etc/haproxy/certs/uncensored.any.dns.nixnet.xyz.pem
 	mode http
 
-	use_backend nginx
+	http-response set-header X-Frontend lv1
+
+	use_backend check if { path /check }
+
+#	default_backend nginx
+
+backend check
+	mode http
+	errorfile 503 /home/amolith/nixnet-dns/anycast.http
 
 backend nginx
 	server nginx 127.0.0.1:80 verify none
@@ -91,7 +101,7 @@ frontend 853-in
 	use_backend dns-adblock if { ssl_fc_sni adblock.lv1.dns.nixnet.xyz }
 
 frontend 853ac-in
-	bind 198.251.90.114:443 tfo ssl crt /etc/haproxy/certs
+	bind 198.251.90.114:443 tfo ssl crt /etc/haproxy/certs/uncensored.any.dns.nixnet.xyz.pem
 	mode tcp
 
 	# DoT

test-utility.sh

@@ -31,3 +31,9 @@ test "uncensored.lv1"
 test "uncensored.lux1"
 test "uncensored.ny1"
 
+echo ""
+echo "Your nearest anycast instance is: $(curl -sS https://check.any.dns.nixnet.xyz/check)"
+
+#test "adblock.any"
+#test "uncensored.any"
+