Installation - HAproxy-WI

RPM

You may retrieve signed binary configuration files from link. It may be automatically installed by root thus:

$ sudo yum install https://repo.haproxy-wi.org/haproxy-wi-release-7-1-0.noarch.rpm

Set up your credentials:

$ sudo vi /etc/yum.repos.d/haproxy-wi.repo

And add your credentials:

baseurl = http://login:password@repo.haproxy-wi.org/el$releasever/

Disable SELinux and just:

$ sudo yum install haproxy-wi

Before uses RPM repository you should donate to support project on Patreon or on PayPal and I will send you credentials for access. Actual prices you can see on Patreon. But you can donate as many as you can or as you want. Please indicate the purpose of the donation, if any.

Manual

CentOS:

$ sudo yum -y install git nmap-ncat net-tools python35u dos2unix python35u-pip \
httpd python35u-devel gcc-c++ openldap-devel mod_ssl \
python-devel python-jinja2 python35u-mod_wsgi ansible
$ cd /var/www/
$ git clone https://github.com/Aidaho12/haproxy-wi.git /var/www/haproxy-wi
$ chown -R apache:apache haproxy-wi/

Or if use Debian/Ubuntu:

$ sudo apt-get install git  net-tools lshw dos2unix apache2 netcat python3.5 \
python3-pip g++ freetype2-demos libatlas-base-dev python3.5-mod_wsgi mod_ssl \
openldap-dev libpq-dev python-dev libxml2-dev libxslt1-dev libldap2-dev \
libsasl2-dev libffi-dev python3-dev libssl-dev gcc ansible -y
$ chown -R www-data:www-data haproxy-wi/

Both

$ pip3 install -r haproxy-wi/requirements.txt 
$ chmod +x haproxy-wi/app/*.py 
$ sudo ln -s /usr/bin/python3.5 /usr/bin/python3
$ sudo cp config_other/logrotate/* /etc/logrotate.d/
$ sudo cp config_other/syslog/* /etc/rsyslog.d/
$ sudo cp config_other/systemd/* /etc/systemd/system/
$ sudo systemctl daemon-reload      
$ sudo systemctl restart httpd
$ sudo systemctl restart rsyslog
$ sudo systemctl restart metrics_haproxy.service
$ sudo systemctl restart checker_haproxy.service
$ sudo systemctl restart keep_alive.service
$ sudo systemctl enable metrics_haproxy.service
$ sudo systemctl enable checker_haproxy.service
$ sudo systemctl enable keep_alive.service
$ sudo mkdir /var/www/haproxy-wi/app/certs
$ sudo mkdir /var/www/haproxy-wi/keys
$ sudo mkdir /var/www/haproxy-wi/configs/
$ sudo mkdir /var/www/haproxy-wi/configs/hap_config/
$ sudo mkdir /var/www/haproxy-wi/configs/kp_config/
$ sudo mkdir /var/www/haproxy-wi/log/

And add Apache config:

# vi /etc/httpd/conf.d/haproxy-wi.conf 
<VirtualHost *:443>
	WSGIDaemonProcess api user=apache group=apache processes=1 threads=5
    WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi

    <Directory /var/www/haproxy-wi/api>
        WSGIProcessGroup api
        WSGIApplicationGroup %{GLOBAL}
        Order deny,allow
		Allow from all
    </Directory>
		
	SSLEngine on
	SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt
	SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key

	ServerName haproxy-wi
	ErrorLog /var/log/httpd/haproxy-wi.error.log
	CustomLog /var/log/httpd/haproxy-wi.access.log combined
	TimeOut 600
	LimitRequestLine 16380
					
	DocumentRoot /var/www/haproxy-wi
	ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"

	<Directory /var/www/haproxy-wi/app>
		DirectoryIndex overview.py
		Options +ExecCGI
		AddHandler cgi-script .py
		Order deny,allow
		Allow from all
	</Directory>
					
	<Directory /var/www/haproxy-wi/app/certs>
		Options +ExecCGI -Indexes +MultiViews
		Order Deny,Allow
		Deny from all
		</Directory>
				
	<Directory /var/www/haproxy-wi/keys>
		Options +ExecCGI -Indexes +MultiViews
		Order Deny,Allow
		Deny from all
	</Directory>

	<FilesMatch "\.cfg$">
		Order Deny,Allow
		Deny from all
	</FilesMatch>
				
	<FilesMatch "\.db$">
		Order Deny,Allow
		Deny from all
		</FilesMatch>
		
	<IfModule mod_headers.c>
		Header set X-XSS-Protection: 1;
		Header set X-Frame-Options: deny
		Header set X-Content-Type-Options: nosniff
		Header set Strict-Transport-Security: max-age=3600;
		Header set Cache-Control no-cache
		Header set Expires: 0

		<filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$">
			Header set Cache-Control "max-age=86400, public"
		</filesMatch>
	</IfModule>	
</VirtualHost>

And create DB:

$ cd /var/www/haproxy-wi/app
$ ./create_db.py

If you are going to use installation HAProxy or/and Keepalived vi HAProxy-WI you should do next:

$ sudo mkdir /usr/share/httpd/.ansible
$ sudo mkdir /usr/share/httpd/.ssh
$ sudo chown apache:apache /usr/share/httpd/.*

OS support

HAProxy-WI supports next os:

EL7(RPM installation and manual installation)
EL8(RPM installation and manual installation)
Debian/Ubuntu(only manual installation)