Installation - HAproxy-WI

RPM

You may retrieve signed binary configuration files from link. It may be automatically installed by root thus:

$ sudo yum install https://repo.haproxy-wi.org/haproxy-wi-release-7-1-0.noarch.rpm

Set up your credentials:

$ sudo vi /etc/yum.repos.d/haproxy-wi.repo

And add your credentials:

baseurl = http://login:password@repo.haproxy-wi.org/el$releasever/

Install extra repository:

$ sudo yum install https://repo.ius.io/ius-release-el7.rpm

Before uses RPM repository you should donate to support project on Patreon or on PayPal and I will send you credentials for access. Actual prices you can see on Patreon. But you can donate as many as you can or as you want. Please indicate the purpose of the donation, if any.

Why should I use RPM?

Using RPM it is the best solution because:

It is more convenient: just type one command for installation
Updating without any problems: update with a one command or click a one button in the Web Interface
More stable and less bugs: RPM releases after community tests
Use RPM you help project to grow and evolve

Manual

CentOS:

$ sudo yum -y install git nmap-ncat net-tools python35u dos2unix python35u-pip \
httpd python35u-devel gcc-c++ openldap-devel mod_ssl \
python-devel python-jinja2 python35u-mod_wsgi ansible
$ cd /var/www/
$ git clone https://github.com/Aidaho12/haproxy-wi.git /var/www/haproxy-wi
$ chown -R apache:apache haproxy-wi/
$ sudo cp haproxy-wi/config_other/httpd/* /etc/httpd/conf.d/

Or if use Debian/Ubuntu:

$ sudo apt-get install git  net-tools lshw dos2unix apache2 netcat python3.5 \
python3-pip g++ freetype2-demos libatlas-base-dev python3.5-mod_wsgi mod_ssl \
openldap-dev libpq-dev python-dev libxml2-dev libxslt1-dev libldap2-dev \
libsasl2-dev libffi-dev python3-dev libssl-dev gcc ansible -y
$ chown -R www-data:www-data haproxy-wi/
$ sudo cp haproxy-wi/config_other/httpd/* /etc/httpd/available-sites/

Both

$ pip3 install -r haproxy-wi/requirements.txt 
$ chmod +x haproxy-wi/app/*.py 
$ sudo ln -s /usr/bin/python3.5 /usr/bin/python3
$ sudo cp haproxy-wi/config_other/logrotate/* /etc/logrotate.d/
$ sudo cp haproxy-wi/config_other/syslog/* /etc/rsyslog.d/
$ sudo cp haproxy-wi/config_other/systemd/* /etc/systemd/system/
$ sudo systemctl daemon-reload      
$ sudo systemctl restart httpd
$ sudo systemctl restart rsyslog
$ sudo systemctl restart metrics_haproxy.service
$ sudo systemctl restart checker_haproxy.service
$ sudo systemctl restart keep_alive.service
$ sudo systemctl enable metrics_haproxy.service
$ sudo systemctl enable checker_haproxy.service
$ sudo systemctl enable keep_alive.service
$ sudo mkdir /var/www/haproxy-wi/app/certs
$ sudo mkdir /var/www/haproxy-wi/keys
$ sudo mkdir /var/www/haproxy-wi/configs/
$ sudo mkdir /var/www/haproxy-wi/configs/hap_config/
$ sudo mkdir /var/www/haproxy-wi/configs/kp_config/
$ sudo mkdir /var/www/haproxy-wi/configs/nginx_config/
$ sudo mkdir /var/www/haproxy-wi/log/

And add Apache config:

# vi /etc/httpd/conf.d/haproxy-wi.conf 
<VirtualHost *:443>
	WSGIDaemonProcess api user=apache group=apache processes=1 threads=5
    WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi

    <Directory /var/www/haproxy-wi/api>
        WSGIProcessGroup api
        WSGIApplicationGroup %{GLOBAL}
        Order deny,allow
		Allow from all
    </Directory>
		
	SSLEngine on
	SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt
	SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key

	ServerName haproxy-wi
	ErrorLog /var/log/httpd/haproxy-wi.error.log
	CustomLog /var/log/httpd/haproxy-wi.access.log combined
	TimeOut 600
	LimitRequestLine 16380
					
	DocumentRoot /var/www/haproxy-wi
	ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"

	<Directory /var/www/haproxy-wi/app>
		DirectoryIndex overview.py
		Options +ExecCGI
		AddHandler cgi-script .py
		Order deny,allow
		Allow from all
	</Directory>
					
	<Directory /var/www/haproxy-wi/app/certs>
		Options +ExecCGI -Indexes +MultiViews
		Order Deny,Allow
		Deny from all
		</Directory>
				
	<Directory /var/www/haproxy-wi/keys>
		Options +ExecCGI -Indexes +MultiViews
		Order Deny,Allow
		Deny from all
	</Directory>

	<FilesMatch "\.cfg$">
		Order Deny,Allow
		Deny from all
	</FilesMatch>
				
	<FilesMatch "\.db$">
		Order Deny,Allow
		Deny from all
		</FilesMatch>
		
	<IfModule mod_headers.c>
		Header set X-XSS-Protection: 1;
		Header set X-Frame-Options: deny
		Header set X-Content-Type-Options: nosniff
		Header set Strict-Transport-Security: max-age=3600;
		Header set Cache-Control no-cache
		Header set Expires: 0

		<filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$">
			Header set Cache-Control "max-age=86400, public"
		</filesMatch>
	</IfModule>	
</VirtualHost>

And create DB:

$ cd /var/www/haproxy-wi/app
$ ./create_db.py

If you are going to use installation HAProxy or/and Keepalived vi HAProxy-WI you should do next:

$ sudo mkdir /usr/share/httpd/.ansible
$ sudo touch /usr/share/httpd/.ansible_galaxy
$ sudo mkdir /usr/share/httpd/.ssh
$ sudo chown apache:apache /usr/share/httpd/.*

Disable SELinux and enjoy!

Installing SELinux policy

If you use RPM you have not do anything. HAProxy-WI has to install SELinux policy, if this does not happen then install the package:

$ sudo yum install haproxy-wi-selinux

OS support

HAProxy-WI supports next os:

EL7(RPM installation and manual installation)
EL8(RPM installation and manual installation)
Debian/Ubuntu(only manual installation)