Added load balancer (wip)

+ Added support for multiple upstreams
+ Added load balancer
+ Added upstream abstraction in endpoint
+ Added load balancer structure
+ Added breaking change auto-updater
+ Added uptime monitor proxy type definitions
+ Added upstream editor UI
+ Fixed charset bug in many snippets HTML files

src/mod/dynamicproxy/Server.go

@@ -20,6 +20,7 @@ import (
 		- Access Router
 			- Blacklist
 			- Whitelist
+		- Rate Limitor
 		- Basic Auth
 		- Vitrual Directory Proxy
 		- Subdomain Proxy
@@ -30,7 +31,7 @@ func (h *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	/*
 		Special Routing Rules, bypass most of the limitations
 	*/
-	//Check if there are external routing rule matches.
+	//Check if there are external routing rule (rr) matches.
 	//If yes, route them via external rr
 	matchedRoutingRule := h.Parent.GetMatchingRoutingRule(r)
 	if matchedRoutingRule != nil {
@@ -45,7 +46,7 @@ func (h *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	//Check if this is a redirection url
 	if h.Parent.Option.RedirectRuleTable.IsRedirectable(r) {
 		statusCode := h.Parent.Option.RedirectRuleTable.HandleRedirect(w, r)
-		h.logRequest(r, statusCode != 500, statusCode, "redirect", "")
+		h.Parent.logRequest(r, statusCode != 500, statusCode, "redirect", "")
 		return
 	}
 
@@ -193,12 +194,12 @@ func (h *ProxyHandler) handleRootRouting(w http.ResponseWriter, r *http.Request)
 		}
 		hostname := parsedURL.Hostname()
 		if hostname == domainOnly {
-			h.logRequest(r, false, 500, "root-redirect", domainOnly)
+			h.Parent.logRequest(r, false, 500, "root-redirect", domainOnly)
 			http.Error(w, "Loopback redirects due to invalid settings", 500)
 			return
 		}
 
-		h.logRequest(r, false, 307, "root-redirect", domainOnly)
+		h.Parent.logRequest(r, false, 307, "root-redirect", domainOnly)
 		http.Redirect(w, r, redirectTarget, http.StatusTemporaryRedirect)
 	case DefaultSite_NotFoundPage:
 		//Serve the not found page, use template if exists

src/mod/dynamicproxy/access.go

@@ -24,7 +24,7 @@ func (h *ProxyHandler) handleAccessRouting(ruleID string, w http.ResponseWriter,
 
 	isBlocked, blockedReason := accessRequestBlocked(accessRule, h.Parent.Option.WebDirectory, w, r)
 	if isBlocked {
-		h.logRequest(r, false, 403, blockedReason, "")
+		h.Parent.logRequest(r, false, 403, blockedReason, "")
 	}
 	return isBlocked
 }

src/mod/dynamicproxy/basicAuth.go

@@ -18,7 +18,7 @@ import (
 func (h *ProxyHandler) handleBasicAuthRouting(w http.ResponseWriter, r *http.Request, pe *ProxyEndpoint) error {
 	err := handleBasicAuth(w, r, pe)
 	if err != nil {
-		h.logRequest(r, false, 401, "host", pe.Domain)
+		h.Parent.logRequest(r, false, 401, "host", r.URL.Hostname())
 	}
 	return err
 }

src/mod/dynamicproxy/dpcore/dpcore.go

@@ -180,7 +180,7 @@ var hopHeaders = []string{
 	"Te",      // canonicalized version of "TE"
 	"Trailer", // not Trailers per URL above; http://www.rfc-editor.org/errata_search.php?eid=4522
 	"Transfer-Encoding",
-	//"Upgrade",
+	//"Upgrade", // handled by websocket proxy in higher layer abstraction
 }
 
 // Copy response from src to dst with given flush interval, reference from httputil.ReverseProxy

src/mod/dynamicproxy/dynamicproxy.go

@@ -28,6 +28,7 @@ func NewDynamicProxy(option RouterOption) (*Router, error) {
 		Running:          false,
 		server:           nil,
 		routingRules:     []*RoutingRule{},
+		loadBalancer:     option.LoadBalancer,
 		rateLimitCounter: RequestCountPerIpTable{},
 	}
 
@@ -150,10 +151,16 @@ func (router *Router) StartProxyService() error {
 							}
 						}
 
-						sep.proxy.ServeHTTP(w, r, &dpcore.ResponseRewriteRuleSet{
-							ProxyDomain:  sep.Domain,
+						selectedUpstream, err := router.loadBalancer.GetRequestUpstreamTarget(r, sep.ActiveOrigins)
+						if err != nil {
+							http.ServeFile(w, r, "./web/hosterror.html")
+							log.Println(err.Error())
+							router.logRequest(r, false, 404, "vdir-http", r.Host)
+						}
+						selectedUpstream.ServeHTTP(w, r, &dpcore.ResponseRewriteRuleSet{
+							ProxyDomain:  selectedUpstream.OriginIpOrDomain,
 							OriginalHost: originalHostHeader,
-							UseTLS:       sep.RequireTLS,
+							UseTLS:       selectedUpstream.RequireTLS,
 							PathPrefix:   "",
 							Version:      sep.parent.Option.HostVersion,
 						})

src/mod/dynamicproxy/endpoints.go

@@ -7,6 +7,7 @@ import (
 
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
+	"imuslab.com/zoraxy/mod/dynamicproxy/loadbalance"
 )
 
 /*
@@ -133,6 +134,92 @@ func (ep *ProxyEndpoint) AddVirtualDirectoryRule(vdir *VirtualDirectoryEndpoint)
 	return readyRoutingRule, nil
 }
 
+/* Upstream related wrapper functions */
+//Check if there already exists another upstream with identical origin
+func (ep *ProxyEndpoint) UpstreamOriginExists(originURL string) bool {
+	for _, origin := range ep.ActiveOrigins {
+		if origin.OriginIpOrDomain == originURL {
+			return true
+		}
+	}
+	for _, origin := range ep.InactiveOrigins {
+		if origin.OriginIpOrDomain == originURL {
+			return true
+		}
+	}
+	return false
+}
+
+// Get a upstream origin from given origin ip or domain
+func (ep *ProxyEndpoint) GetUpstreamOriginByMatchingIP(originIpOrDomain string) (*loadbalance.Upstream, error) {
+	for _, origin := range ep.ActiveOrigins {
+		if origin.OriginIpOrDomain == originIpOrDomain {
+			return origin, nil
+		}
+	}
+
+	for _, origin := range ep.InactiveOrigins {
+		if origin.OriginIpOrDomain == originIpOrDomain {
+			return origin, nil
+		}
+	}
+	return nil, errors.New("target upstream origin not found")
+}
+
+// Add upstream to endpoint and update it to runtime
+func (ep *ProxyEndpoint) AddUpstreamOrigin(newOrigin *loadbalance.Upstream, activate bool) error {
+	//Check if the upstream already exists
+	if ep.UpstreamOriginExists(newOrigin.OriginIpOrDomain) {
+		return errors.New("upstream with same origin already exists")
+	}
+
+	if activate {
+		//Add it to the active origin list
+		err := newOrigin.StartProxy()
+		if err != nil {
+			return err
+		}
+		ep.ActiveOrigins = append(ep.ActiveOrigins, newOrigin)
+	} else {
+		//Add to inactive origin list
+		ep.InactiveOrigins = append(ep.InactiveOrigins, newOrigin)
+	}
+
+	ep.UpdateToRuntime()
+	return nil
+}
+
+// Remove upstream from endpoint and update it to runtime
+func (ep *ProxyEndpoint) RemoveUpstreamOrigin(originIpOrDomain string) error {
+	//Just to make sure there are no spaces
+	originIpOrDomain = strings.TrimSpace(originIpOrDomain)
+
+	//Check if the upstream already been removed
+	if !ep.UpstreamOriginExists(originIpOrDomain) {
+		//Not exists in the first place
+		return nil
+	}
+
+	newActiveOriginList := []*loadbalance.Upstream{}
+	for _, origin := range ep.ActiveOrigins {
+		if origin.OriginIpOrDomain != originIpOrDomain {
+			newActiveOriginList = append(newActiveOriginList, origin)
+		}
+	}
+
+	newInactiveOriginList := []*loadbalance.Upstream{}
+	for _, origin := range ep.InactiveOrigins {
+		if origin.OriginIpOrDomain != originIpOrDomain {
+			newInactiveOriginList = append(newInactiveOriginList, origin)
+		}
+	}
+	//Ok, set the origin list to the new one
+	ep.ActiveOrigins = newActiveOriginList
+	ep.InactiveOrigins = newInactiveOriginList
+	ep.UpdateToRuntime()
+	return nil
+}
+
 // Check if the proxy endpoint hostname or alias name contains subdomain wildcard
 func (ep *ProxyEndpoint) ContainsWildcardName(skipAliasCheck bool) bool {
 	hostname := ep.RootOrMatchingDomain

src/mod/dynamicproxy/loadbalance/loadbalance.go

@@ -1,9 +1,13 @@
 package loadbalance
 
 import (
+	"strings"
+	"sync"
+	"sync/atomic"
+
+	"imuslab.com/zoraxy/mod/dynamicproxy/dpcore"
 	"imuslab.com/zoraxy/mod/geodb"
 	"imuslab.com/zoraxy/mod/info/logger"
-	"imuslab.com/zoraxy/mod/uptime"
 )
 
 /*
@@ -12,49 +16,75 @@ import (
 	Handleing load balance request for upstream destinations
 */
 
-type BalancePolicy int
-
-const (
-	BalancePolicy_RoundRobin BalancePolicy = 0 //Round robin, will ignore upstream if down
-	BalancePolicy_Fallback   BalancePolicy = 1 //Fallback only. Will only switch to next node if the first one failed
-	BalancePolicy_Random     BalancePolicy = 2 //Random, randomly pick one from the list that is online
-	BalancePolicy_GeoRegion  BalancePolicy = 3 //Use the one defined for this geo-location, when down, pick the next avaible node
-)
-
-type LoadBalanceRule struct {
-	Upstreams         []string      //Reverse proxy upstream servers
-	LoadBalancePolicy BalancePolicy //Policy in deciding which target IP to proxy
-	UseRegionLock     bool          //If this is enabled with BalancePolicy_Geo, when the main site failed, it will not pick another node
-	UseStickySession  bool          //Use sticky session, if you are serving EU countries, make sure to add the "Do you want cookie" warning
-
-	parent *RouteManager
-}
-
 type Options struct {
-	Geodb         *geodb.Store    //GeoIP resolver for checking incoming request origin country
-	UptimeMonitor *uptime.Monitor //For checking if the target is online, this might be nil when the module starts
+	UseActiveHealthCheck bool         //Use active health check, default to false
+	Geodb                *geodb.Store //GeoIP resolver for checking incoming request origin country
+	Logger               *logger.Logger
 }
 
 type RouteManager struct {
-	Options Options
-	Logger  *logger.Logger
+	LoadBalanceMap         sync.Map  //Sync map to store the last load balance state of a given node
+	OnlineStatusMap        sync.Map  //Sync map to store the online status of a given ip address or domain name
+	onlineStatusTickerStop chan bool //Stopping channel for the online status pinger
+	Options                Options   //Options for the load balancer
 }
 
-// Create a new load balance route manager
-func NewRouteManager(options *Options, logger *logger.Logger) *RouteManager {
-	newManager := RouteManager{
-		Options: *options,
-		Logger:  logger,
+/* Upstream or Origin Server */
+type Upstream struct {
+	//Upstream Proxy Configs
+	OriginIpOrDomain         string //Target IP address or domain name with port
+	RequireTLS               bool   //Require TLS connection
+	SkipCertValidations      bool   //Set to true to accept self signed certs
+	SkipWebSocketOriginCheck bool   //Skip origin check on websocket upgrade connections
+
+	//Load balancing configs
+	Weight  int //Random weight for round robin, 0 for fallback only
+	MaxConn int //Maxmium connection to this server, 0 for unlimited
+
+	currentConnectionCounts atomic.Uint64 //Counter for number of client currently connected
+	proxy                   *dpcore.ReverseProxy
+}
+
+// Create a new load balancer
+func NewLoadBalancer(options *Options) *RouteManager {
+	onlineStatusCheckerStopChan := make(chan bool)
+
+	return &RouteManager{
+		LoadBalanceMap:         sync.Map{},
+		OnlineStatusMap:        sync.Map{},
+		onlineStatusTickerStop: onlineStatusCheckerStopChan,
+		Options:                *options,
 	}
-	logger.PrintAndLog("INFO", "Load Balance Route Manager started", nil)
-	return &newManager
 }
 
-func (b *LoadBalanceRule) GetProxyTargetIP() {
-//TODO: Implement get proxy target IP logic here
+// UpstreamsReady checks if the group of upstreams contains at least one
+// origin server that is ready
+func (m *RouteManager) UpstreamsReady(upstreams []*Upstream) bool {
+	for _, upstream := range upstreams {
+		if upstream.IsReady() {
+			return true
+		}
+	}
+	return false
+}
+
+// String format and convert a list of upstream into a string representations
+func GetUpstreamsAsString(upstreams []*Upstream) string {
+	targets := []string{}
+	for _, upstream := range upstreams {
+		targets = append(targets, upstream.String())
+	}
+	return strings.Join(targets, ", ")
+}
+
+func (m *RouteManager) Close() {
+	if m.onlineStatusTickerStop != nil {
+		m.onlineStatusTickerStop <- true
+	}
+
 }
 
 // Print debug message
 func (m *RouteManager) debugPrint(message string, err error) {
-	m.Logger.PrintAndLog("LB", message, err)
+	m.Options.Logger.PrintAndLog("LoadBalancer", message, err)
 }

src/mod/dynamicproxy/loadbalance/onlineStatus.go

@@ -0,0 +1,70 @@
+package loadbalance
+
+import (
+	"net/http"
+	"time"
+)
+
+// Return the last ping status to see if the target is online
+func (m *RouteManager) IsTargetOnline(matchingDomainOrIp string) bool {
+	value, ok := m.LoadBalanceMap.Load(matchingDomainOrIp)
+	if !ok {
+		return false
+	}
+
+	isOnline, ok := value.(bool)
+	return ok && isOnline
+}
+
+func (m *RouteManager) SetTargetOffline() {
+
+}
+
+// Ping a target to see if it is online
+func PingTarget(targetMatchingDomainOrIp string, requireTLS bool) bool {
+	client := &http.Client{
+		Timeout: 10 * time.Second,
+	}
+
+	url := targetMatchingDomainOrIp
+	if requireTLS {
+		url = "https://" + url
+	} else {
+		url = "http://" + url
+	}
+
+	resp, err := client.Get(url)
+	if err != nil {
+		return false
+	}
+	defer resp.Body.Close()
+
+	return resp.StatusCode >= 200 && resp.StatusCode <= 600
+}
+
+// StartHeartbeats start pinging each server every minutes to make sure all targets are online
+// Active mode only
+/*
+func (m *RouteManager) StartHeartbeats(pingTargets []*FallbackProxyTarget) {
+	ticker := time.NewTicker(1 * time.Minute)
+	defer ticker.Stop()
+
+	fmt.Println("Heartbeat started")
+	go func() {
+		for {
+			select {
+			case <-m.onlineStatusTickerStop:
+				ticker.Stop()
+				return
+			case <-ticker.C:
+				for _, target := range pingTargets {
+					go func(target *FallbackProxyTarget) {
+						isOnline := PingTarget(target.MatchingDomainOrIp, target.RequireTLS)
+						m.LoadBalanceMap.Store(target.MatchingDomainOrIp, isOnline)
+					}(target)
+				}
+			}
+		}
+	}()
+}
+*/

src/mod/dynamicproxy/loadbalance/originPicker.go

@@ -0,0 +1,26 @@
+package loadbalance
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+)
+
+/*
+	Origin Picker
+
+	This script contains the code to pick the best origin
+	by this request.
+*/
+
+// GetRequestUpstreamTarget return the upstream target where this
+// request should be routed
+func (m *RouteManager) GetRequestUpstreamTarget(r *http.Request, origins []*Upstream) (*Upstream, error) {
+	if len(origins) == 0 {
+		return nil, errors.New("no upstream is defined for this host")
+	}
+
+	//TODO: Add upstream picking algorithm here
+	fmt.Println("DEBUG: Picking origin " + origins[0].OriginIpOrDomain)
+	return origins[0], nil
+}

src/mod/dynamicproxy/loadbalance/upstream.go

@@ -0,0 +1,75 @@
+package loadbalance
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"imuslab.com/zoraxy/mod/dynamicproxy/dpcore"
+)
+
+// StartProxy create and start a HTTP proxy using dpcore
+// Example of webProxyEndpoint: https://example.com:443 or http://192.168.1.100:8080
+func (u *Upstream) StartProxy() error {
+	//Filter the tailing slash if any
+	domain := u.OriginIpOrDomain
+	if len(domain) == 0 {
+		return errors.New("invalid endpoint config")
+	}
+	if domain[len(domain)-1:] == "/" {
+		domain = domain[:len(domain)-1]
+	}
+
+	if !strings.HasPrefix("http://", domain) && !strings.HasPrefix("https://", domain) {
+		//TLS is not hardcoded in proxy target domain
+		if u.RequireTLS {
+			domain = "https://" + domain
+		} else {
+			domain = "http://" + domain
+		}
+	}
+
+	//Create a new proxy agent for this upstream
+	path, err := url.Parse(domain)
+	if err != nil {
+		return err
+	}
+
+	proxy := dpcore.NewDynamicProxyCore(path, "", &dpcore.DpcoreOptions{
+		IgnoreTLSVerification: u.SkipCertValidations,
+	})
+
+	u.proxy = proxy
+	return nil
+}
+
+// IsReady return the proxy ready state of the upstream server
+// Return false if StartProxy() is not called on this upstream before
+func (u *Upstream) IsReady() bool {
+	return u.proxy != nil
+}
+
+// Clone return a new deep copy object of the identical upstream
+func (u *Upstream) Clone() *Upstream {
+	newUpstream := Upstream{}
+	js, _ := json.Marshal(u)
+	json.Unmarshal(js, &newUpstream)
+	return &newUpstream
+}
+
+// ServeHTTP uses this upstream proxy router to route the current request
+func (u *Upstream) ServeHTTP(w http.ResponseWriter, r *http.Request, rrr *dpcore.ResponseRewriteRuleSet) error {
+	//Auto rewrite to upstream origin if not set
+	if rrr.ProxyDomain == "" {
+		rrr.ProxyDomain = u.OriginIpOrDomain
+	}
+
+	return u.proxy.ServeHTTP(w, r, rrr)
+}
+
+// String return the string representations of endpoints in this upstream
+func (u *Upstream) String() string {
+	return u.OriginIpOrDomain
+}

src/mod/dynamicproxy/proxyRequestHandler.go

@@ -16,6 +16,7 @@ import (
 	"imuslab.com/zoraxy/mod/websocketproxy"
 )
 
+// Check if the request URI matches any of the proxy endpoint
 func (router *Router) getTargetProxyEndpointFromRequestURI(requestURI string) *ProxyEndpoint {
 	var targetProxyEndpoint *ProxyEndpoint = nil
 	router.ProxyEndpoints.Range(func(key, value interface{}) bool {
@@ -30,6 +31,7 @@ func (router *Router) getTargetProxyEndpointFromRequestURI(requestURI string) *P
 	return targetProxyEndpoint
 }
 
+// Get the proxy endpoint from hostname, which might includes checking of wildcard certificates
 func (router *Router) getProxyEndpointFromHostname(hostname string) *ProxyEndpoint {
 	var targetSubdomainEndpoint *ProxyEndpoint = nil
 	ep, ok := router.ProxyEndpoints.Load(hostname)
@@ -110,12 +112,18 @@ func (router *Router) rewriteURL(rooturl string, requestURL string) string {
 func (h *ProxyHandler) hostRequest(w http.ResponseWriter, r *http.Request, target *ProxyEndpoint) {
 	r.Header.Set("X-Forwarded-Host", r.Host)
 	r.Header.Set("X-Forwarded-Server", "zoraxy-"+h.Parent.Option.HostUUID)
-
+	selectedUpstream, err := h.Parent.loadBalancer.GetRequestUpstreamTarget(r, target.ActiveOrigins)
+	if err != nil {
+		http.ServeFile(w, r, "./web/rperror.html")
+		log.Println(err.Error())
+		h.Parent.logRequest(r, false, 521, "subdomain-http", r.URL.Hostname())
+		return
+	}
 	requestURL := r.URL.String()
 	if r.Header["Upgrade"] != nil && strings.ToLower(r.Header["Upgrade"][0]) == "websocket" {
 		//Handle WebSocket request. Forward the custom Upgrade header and rewrite origin
 		r.Header.Set("Zr-Origin-Upgrade", "websocket")
-		wsRedirectionEndpoint := target.Domain
+		wsRedirectionEndpoint := selectedUpstream.OriginIpOrDomain
 		if wsRedirectionEndpoint[len(wsRedirectionEndpoint)-1:] != "/" {
 			//Append / to the end of the redirection endpoint if not exists
 			wsRedirectionEndpoint = wsRedirectionEndpoint + "/"
@@ -125,13 +133,13 @@ func (h *ProxyHandler) hostRequest(w http.ResponseWriter, r *http.Request, targe
 			requestURL = requestURL[1:]
 		}
 		u, _ := url.Parse("ws://" + wsRedirectionEndpoint + requestURL)
-		if target.RequireTLS {
+		if selectedUpstream.RequireTLS {
 			u, _ = url.Parse("wss://" + wsRedirectionEndpoint + requestURL)
 		}
-		h.logRequest(r, true, 101, "subdomain-websocket", target.Domain)
+		h.Parent.logRequest(r, true, 101, "subdomain-websocket", selectedUpstream.OriginIpOrDomain)
 		wspHandler := websocketproxy.NewProxy(u, websocketproxy.Options{
-			SkipTLSValidation: target.SkipCertValidations,
-			SkipOriginCheck:   target.SkipWebSocketOriginCheck,
+			SkipTLSValidation: selectedUpstream.SkipCertValidations,
+			SkipOriginCheck:   selectedUpstream.SkipWebSocketOriginCheck,
 		})
 		wspHandler.ServeHTTP(w, r)
 		return
@@ -148,10 +156,10 @@ func (h *ProxyHandler) hostRequest(w http.ResponseWriter, r *http.Request, targe
 	//Build downstream and upstream header rules
 	upstreamHeaders, downstreamHeaders := target.SplitInboundOutboundHeaders()
 
-	err := target.proxy.ServeHTTP(w, r, &dpcore.ResponseRewriteRuleSet{
-		ProxyDomain:       target.Domain,
+	err = selectedUpstream.ServeHTTP(w, r, &dpcore.ResponseRewriteRuleSet{
+		ProxyDomain:       selectedUpstream.OriginIpOrDomain,
 		OriginalHost:      originalHostHeader,
-		UseTLS:            target.RequireTLS,
+		UseTLS:            selectedUpstream.RequireTLS,
 		NoCache:           h.Parent.Option.NoCache,
 		PathPrefix:        "",
 		UpstreamHeaders:   upstreamHeaders,
@@ -164,15 +172,15 @@ func (h *ProxyHandler) hostRequest(w http.ResponseWriter, r *http.Request, targe
 		if errors.As(err, &dnsError) {
 			http.ServeFile(w, r, "./web/hosterror.html")
 			log.Println(err.Error())
-			h.logRequest(r, false, 404, "subdomain-http", target.Domain)
+			h.Parent.logRequest(r, false, 404, "subdomain-http", r.URL.Hostname())
 		} else {
 			http.ServeFile(w, r, "./web/rperror.html")
 			log.Println(err.Error())
-			h.logRequest(r, false, 521, "subdomain-http", target.Domain)
+			h.Parent.logRequest(r, false, 521, "subdomain-http", r.URL.Hostname())
 		}
 	}
 
-	h.logRequest(r, true, 200, "subdomain-http", target.Domain)
+	h.Parent.logRequest(r, true, 200, "subdomain-http", r.URL.Hostname())
 }
 
 // Handle vdir type request
@@ -194,10 +202,10 @@ func (h *ProxyHandler) vdirRequest(w http.ResponseWriter, r *http.Request, targe
 		if target.RequireTLS {
 			u, _ = url.Parse("wss://" + wsRedirectionEndpoint + r.URL.String())
 		}
-		h.logRequest(r, true, 101, "vdir-websocket", target.Domain)
+		h.Parent.logRequest(r, true, 101, "vdir-websocket", target.Domain)
 		wspHandler := websocketproxy.NewProxy(u, websocketproxy.Options{
 			SkipTLSValidation: target.SkipCertValidations,
-			SkipOriginCheck:   target.parent.SkipWebSocketOriginCheck,
+			SkipOriginCheck:   true, //You should not use websocket via virtual directory. But keep this to true for compatibility
 		})
 		wspHandler.ServeHTTP(w, r)
 		return
@@ -229,23 +237,23 @@ func (h *ProxyHandler) vdirRequest(w http.ResponseWriter, r *http.Request, targe
 		if errors.As(err, &dnsError) {
 			http.ServeFile(w, r, "./web/hosterror.html")
 			log.Println(err.Error())
-			h.logRequest(r, false, 404, "vdir-http", target.Domain)
+			h.Parent.logRequest(r, false, 404, "vdir-http", target.Domain)
 		} else {
 			http.ServeFile(w, r, "./web/rperror.html")
 			log.Println(err.Error())
-			h.logRequest(r, false, 521, "vdir-http", target.Domain)
+			h.Parent.logRequest(r, false, 521, "vdir-http", target.Domain)
 		}
 	}
-	h.logRequest(r, true, 200, "vdir-http", target.Domain)
+	h.Parent.logRequest(r, true, 200, "vdir-http", target.Domain)
 
 }
 
-func (h *ProxyHandler) logRequest(r *http.Request, succ bool, statusCode int, forwardType string, target string) {
-	if h.Parent.Option.StatisticCollector != nil {
+func (router *Router) logRequest(r *http.Request, succ bool, statusCode int, forwardType string, target string) {
+	if router.Option.StatisticCollector != nil {
 		go func() {
 			requestInfo := statistic.RequestInfo{
 				IpAddr:                        netutils.GetRequesterIP(r),
-				RequestOriginalCountryISOCode: h.Parent.Option.GeodbStore.GetRequesterCountryISOCode(r),
+				RequestOriginalCountryISOCode: router.Option.GeodbStore.GetRequesterCountryISOCode(r),
 				Succ:                          succ,
 				StatusCode:                    statusCode,
 				ForwardType:                   forwardType,
@@ -254,7 +262,7 @@ func (h *ProxyHandler) logRequest(r *http.Request, succ bool, statusCode int, fo
 				RequestURL:                    r.Host + r.RequestURI,
 				Target:                        target,
 			}
-			h.Parent.Option.StatisticCollector.RecordRequest(requestInfo)
+			router.Option.StatisticCollector.RecordRequest(requestInfo)
 		}()
 	}
 }

src/mod/dynamicproxy/ratelimit.go

@@ -51,7 +51,7 @@ func (t *RequestCountPerIpTable) Clear() {
 func (h *ProxyHandler) handleRateLimitRouting(w http.ResponseWriter, r *http.Request, pe *ProxyEndpoint) error {
 	err := h.Parent.handleRateLimit(w, r, pe)
 	if err != nil {
-		h.logRequest(r, false, 429, "ratelimit", pe.Domain)
+		h.Parent.logRequest(r, false, 429, "ratelimit", r.URL.Hostname())
 	}
 	return err
 }

src/mod/dynamicproxy/router.go

@@ -2,6 +2,7 @@ package dynamicproxy
 
 import (
 	"errors"
+	"log"
 	"net/url"
 	"strings"
 
@@ -17,41 +18,18 @@ import (
 
 // Prepare proxy route generate a proxy handler service object for your endpoint
 func (router *Router) PrepareProxyRoute(endpoint *ProxyEndpoint) (*ProxyEndpoint, error) {
-	//Filter the tailing slash if any
-	domain := endpoint.Domain
-	if len(domain) == 0 {
-		return nil, errors.New("invalid endpoint config")
-	}
-	if domain[len(domain)-1:] == "/" {
-		domain = domain[:len(domain)-1]
-	}
-	endpoint.Domain = domain
-
-	//Parse the web proxy endpoint
-	webProxyEndpoint := domain
-	if !strings.HasPrefix("http://", domain) && !strings.HasPrefix("https://", domain) {
-		//TLS is not hardcoded in proxy target domain
-		if endpoint.RequireTLS {
-			webProxyEndpoint = "https://" + webProxyEndpoint
-		} else {
-			webProxyEndpoint = "http://" + webProxyEndpoint
+	for _, thisOrigin := range endpoint.ActiveOrigins {
+		//Create the proxy routing handler
+		err := thisOrigin.StartProxy()
+		if err != nil {
+			log.Println("Unable to setup upstream " + thisOrigin.OriginIpOrDomain + ": " + err.Error())
+			continue
 		}
 	}
 
-	//Create a new proxy agent for this root
-	path, err := url.Parse(webProxyEndpoint)
-	if err != nil {
-		return nil, err
-	}
-
-	//Create the proxy routing handler
-	proxy := dpcore.NewDynamicProxyCore(path, "", &dpcore.DpcoreOptions{
-		IgnoreTLSVerification: endpoint.SkipCertValidations,
-	})
-	endpoint.proxy = proxy
 	endpoint.parent = router
 
-	//Prepare proxy routing hjandler for each of the virtual directories
+	//Prepare proxy routing handler for each of the virtual directories
 	for _, vdir := range endpoint.VirtualDirectories {
 		domain := vdir.Domain
 		if len(domain) == 0 {
@@ -63,7 +41,7 @@ func (router *Router) PrepareProxyRoute(endpoint *ProxyEndpoint) (*ProxyEndpoint
 		}
 
 		//Parse the web proxy endpoint
-		webProxyEndpoint = domain
+		webProxyEndpoint := domain
 		if !strings.HasPrefix("http://", domain) && !strings.HasPrefix("https://", domain) {
 			//TLS is not hardcoded in proxy target domain
 			if vdir.RequireTLS {
@@ -90,7 +68,7 @@ func (router *Router) PrepareProxyRoute(endpoint *ProxyEndpoint) (*ProxyEndpoint
 
 // Add Proxy Route to current runtime. Call to PrepareProxyRoute before adding to runtime
 func (router *Router) AddProxyRouteToRuntime(endpoint *ProxyEndpoint) error {
-	if endpoint.proxy == nil {
+	if !router.loadBalancer.UpstreamsReady(endpoint.ActiveOrigins) {
 		//This endpoint is not prepared
 		return errors.New("proxy endpoint not ready. Use PrepareProxyRoute before adding to runtime")
 	}
@@ -101,7 +79,7 @@ func (router *Router) AddProxyRouteToRuntime(endpoint *ProxyEndpoint) error {
 
 // Set given Proxy Route as Root. Call to PrepareProxyRoute before adding to runtime
 func (router *Router) SetProxyRouteAsRoot(endpoint *ProxyEndpoint) error {
-	if endpoint.proxy == nil {
+	if !router.loadBalancer.UpstreamsReady(endpoint.ActiveOrigins) {
 		//This endpoint is not prepared
 		return errors.New("proxy endpoint not ready. Use PrepareProxyRoute before adding to runtime")
 	}

src/mod/dynamicproxy/typedef.go

@@ -8,6 +8,7 @@ import (
 
 	"imuslab.com/zoraxy/mod/access"
 	"imuslab.com/zoraxy/mod/dynamicproxy/dpcore"
+	"imuslab.com/zoraxy/mod/dynamicproxy/loadbalance"
 	"imuslab.com/zoraxy/mod/dynamicproxy/permissionpolicy"
 	"imuslab.com/zoraxy/mod/dynamicproxy/redirection"
 	"imuslab.com/zoraxy/mod/geodb"
@@ -25,23 +26,26 @@ type ProxyHandler struct {
 	Parent *Router
 }
 
+/* Router Object Options */
 type RouterOption struct {
-	HostUUID           string //The UUID of Zoraxy, use for heading mod
-	HostVersion        string //The version of Zoraxy, use for heading mod
-	Port               int    //Incoming port
-	UseTls             bool   //Use TLS to serve incoming requsts
-	ForceTLSLatest     bool   //Force TLS1.2 or above
-	NoCache            bool   //Force set Cache-Control: no-store
-	ListenOnPort80     bool   //Enable port 80 http listener
-	ForceHttpsRedirect bool   //Force redirection of http to https endpoint
-	TlsManager         *tlscert.Manager
-	RedirectRuleTable  *redirection.RuleTable
-	GeodbStore         *geodb.Store       //GeoIP resolver
-	AccessController   *access.Controller //Blacklist / whitelist controller
-	StatisticCollector *statistic.Collector
-	WebDirectory       string //The static web server directory containing the templates folder
+	HostUUID           string                    //The UUID of Zoraxy, use for heading mod
+	HostVersion        string                    //The version of Zoraxy, use for heading mod
+	Port               int                       //Incoming port
+	UseTls             bool                      //Use TLS to serve incoming requsts
+	ForceTLSLatest     bool                      //Force TLS1.2 or above
+	NoCache            bool                      //Force set Cache-Control: no-store
+	ListenOnPort80     bool                      //Enable port 80 http listener
+	ForceHttpsRedirect bool                      //Force redirection of http to https endpoint
+	TlsManager         *tlscert.Manager          //TLS manager for serving SAN certificates
+	RedirectRuleTable  *redirection.RuleTable    //Redirection rules handler and table
+	GeodbStore         *geodb.Store              //GeoIP resolver
+	AccessController   *access.Controller        //Blacklist / whitelist controller
+	StatisticCollector *statistic.Collector      //Statistic collector for storing stats on incoming visitors
+	WebDirectory       string                    //The static web server directory containing the templates folder
+	LoadBalancer       *loadbalance.RouteManager //Load balancer that handle load balancing of proxy target
 }
 
+/* Router Object */
 type Router struct {
 	Option         *RouterOption
 	ProxyEndpoints *sync.Map
@@ -50,6 +54,7 @@ type Router struct {
 	mux            http.Handler
 	server         *http.Server
 	tlsListener    net.Listener
+	loadBalancer   *loadbalance.RouteManager //Load balancer routing manager
 	routingRules   []*RoutingRule
 
 	tlsRedirectStop  chan bool              //Stop channel for tls redirection server
@@ -57,6 +62,7 @@ type Router struct {
 	rateLimitCounter RequestCountPerIpTable //Request counter for rate limter
 }
 
+/* Basic Auth Related Data structure*/
 // Auth credential for basic auth on certain endpoints
 type BasicAuthCredentials struct {
 	Username     string
@@ -74,6 +80,7 @@ type BasicAuthExceptionRule struct {
 	PathPrefix string
 }
 
+/* Custom Header Related Data structure */
 // Header injection direction type
 type HeaderDirection int
 
@@ -90,6 +97,8 @@ type UserDefinedHeader struct {
 	IsRemove  bool //Instead of set, remove this key instead
 }
 
+/* Routing Rule Data Structures */
+
 // A Virtual Directory endpoint, provide a subset of ProxyEndpoint for better
 // program structure than directly using ProxyEndpoint
 type VirtualDirectoryEndpoint struct {
@@ -104,16 +113,17 @@ type VirtualDirectoryEndpoint struct {
 
 // A proxy endpoint record, a general interface for handling inbound routing
 type ProxyEndpoint struct {
-	ProxyType            int      //The type of this proxy, see const def
-	RootOrMatchingDomain string   //Matching domain for host, also act as key
-	MatchingDomainAlias  []string //A list of domains that alias to this rule
-	Domain               string   //Domain or IP to proxy to
+	ProxyType            int                     //The type of this proxy, see const def
+	RootOrMatchingDomain string                  //Matching domain for host, also act as key
+	MatchingDomainAlias  []string                //A list of domains that alias to this rule
+	ActiveOrigins        []*loadbalance.Upstream //Activated Upstream or origin servers IP or domain to proxy to
+	InactiveOrigins      []*loadbalance.Upstream //Disabled Upstream or origin servers IP or domain to proxy to
+	UseStickySession     bool                    //Use stick session for load balancing
+	UseActiveLoadBalance bool                    //Use active loadbalancing, default passive
+	Disabled             bool                    //If the rule is disabled
 
-	//TLS/SSL Related
-	RequireTLS               bool //Target domain require TLS
-	BypassGlobalTLS          bool //Bypass global TLS setting options if TLS Listener enabled (parent.tlsListener != nil)
-	SkipCertValidations      bool //Set to true to accept self signed certs
-	SkipWebSocketOriginCheck bool //Skip origin check on websocket upgrade connections
+	//Inbound TLS/SSL Related
+	BypassGlobalTLS bool //Bypass global TLS setting options if TLS Listener enabled (parent.tlsListener != nil)
 
 	//Virtual Directories
 	VirtualDirectories []*VirtualDirectoryEndpoint
@@ -136,15 +146,12 @@ type ProxyEndpoint struct {
 	//Access Control
 	AccessFilterUUID string //Access filter ID
 
-	Disabled bool //If the rule is disabled
-
 	//Fallback routing logic (Special Rule Sets Only)
 	DefaultSiteOption int    //Fallback routing logic options
 	DefaultSiteValue  string //Fallback routing target, optional
 
 	//Internal Logic Elements
-	parent *Router              `json:"-"`
-	proxy  *dpcore.ReverseProxy `json:"-"`
+	parent *Router `json:"-"`
 }
 
 /*