HAproxy Console

Install HAproxy console for environments with internal ONLY IP addressing

• First of all you should should install haproxy

yum install haproxy

• keep a backup of your current haproxy.cfg file

mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak

• now create a new configuration file for haproxy. nano /etc/haproxy/haproxy.cfg and paste the following changing what needs to be changed depending on your current configuration setup

global
log /dev/log    local0
log /dev/log    local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH  
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
defaults
log     global
mode    http
option  httplog
option  dontlognull
timeout connect 50000
timeout client  50000
timeout server  50000
frontend http
bind 162.x.x.x:80
bind 162.x.x.x:443 ssl crt /etc/ssl/console.servarica.com/console$
mode http
option http-server-close
http-request replace-value Cookie __utma.* ;
use_backend %[capture.req.uri,map(/home/mapper/randomtobackendmap.map)]$
default_backend www

backend www
balance roundrobin
option httpclose
option forwardfor

server www 127.0.0.1:80
backend xen3
balance roundrobin
option httpclose
option forwardfor
server www 10.1.1.x:80

The important part above is the last paragraph which is your internal server declaration along with the SSL declaration in the first part. Keep in mind that SSL needs to be valid and obtained by official SSL certificate authority

Install Python script

• install python and dependencies

yum install python yum -y install python-pip pip install flask pip install expiringdict

• Create a .py file according to your server details mentioned above. Please use the below link and adjust it

http://www.xenmodule.com/app.txt

• create an empty /path/mapper/randomtobackendmap.map file according to above declarations

• start haproxy and enable on boot

systemctl start haproxy ; systemctl enable haproxy

• start python script with a nohup instruction

eg: nohup python script.py