From 82c2e6389394bb7f470782ba0d6747c052e1a938 Mon Sep 17 00:00:00 2001
From: sn0wb0i <sn0wb0i@aaathats3as.com>
Date: Fri, 19 Jul 2019 22:42:05 -0400
Subject: [PATCH] Check API

---
 anycast-certs.sh |  5 +++++
 anycast.http     |  6 ++++++
 haproxy.cfg      | 16 +++++++++++++---
 test-utility.sh  |  6 ++++++
 4 files changed, 30 insertions(+), 3 deletions(-)
 create mode 100755 anycast-certs.sh
 create mode 100644 anycast.http

diff --git a/anycast-certs.sh b/anycast-certs.sh
new file mode 100755
index 0000000..69921f4
--- /dev/null
+++ b/anycast-certs.sh
@@ -0,0 +1,5 @@
+sudo certbot certonly --standalone --preferred-challenges http \
+    --server https://acme-v02.api.letsencrypt.org/directory --http-01-port 12345 \
+    --register-unsafely-without-email \
+    -d uncensored.any.dns.nixnet.xyz -d adblock.any.dns.nixnet.xyz -d check.any.dns.nixnet.xyz
+
diff --git a/anycast.http b/anycast.http
new file mode 100644
index 0000000..c1bac7e
--- /dev/null
+++ b/anycast.http
@@ -0,0 +1,6 @@
+HTTP/1.0 200 Found
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/plain
+
+lv1.nixnet.xyz
diff --git a/haproxy.cfg b/haproxy.cfg
index fa48411..64570d1 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -64,6 +64,8 @@ frontend http-ac-in
 
 	use_backend letsencrypt-lv1 if { path_beg -i /.well-known/acme-challenge }
 
+	default_backend redirect-to-https
+
 backend letsencrypt-lv1
 	mode http
 	server letsencrypt-http 10.250.66.2:12345 verify none
@@ -72,10 +74,18 @@ backend letsencrypt-lv1
 frontend 443-in
 	bind 209.141.34.95:443 tfo ssl crt /etc/haproxy/certs
 	bind [2605:6400:20:e6d::1]:443 tfo ssl crt /etc/haproxy/certs
-	bind 198.251.90.114:443 tfo ssl crt /etc/haproxy/certs
+	bind 198.251.90.114:443 tfo ssl crt /etc/haproxy/certs/uncensored.any.dns.nixnet.xyz.pem
 	mode http
 
-	use_backend nginx
+	http-response set-header X-Frontend lv1
+
+	use_backend check if { path /check }
+
+#	default_backend nginx
+
+backend check
+	mode http
+	errorfile 503 /home/amolith/nixnet-dns/anycast.http
 
 backend nginx
 	server nginx 127.0.0.1:80 verify none
@@ -91,7 +101,7 @@ frontend 853-in
 	use_backend dns-adblock if { ssl_fc_sni adblock.lv1.dns.nixnet.xyz }
 
 frontend 853ac-in
-	bind 198.251.90.114:443 tfo ssl crt /etc/haproxy/certs
+	bind 198.251.90.114:443 tfo ssl crt /etc/haproxy/certs/uncensored.any.dns.nixnet.xyz.pem
 	mode tcp
 
 	# DoT
diff --git a/test-utility.sh b/test-utility.sh
index 33dcbd3..9968007 100755
--- a/test-utility.sh
+++ b/test-utility.sh
@@ -31,3 +31,9 @@ test "uncensored.lv1"
 test "uncensored.lux1"
 test "uncensored.ny1"
 
+echo ""
+echo "Your nearest anycast instance is: $(curl -sS https://check.any.dns.nixnet.xyz/check)"
+
+#test "adblock.any"
+#test "uncensored.any"
+