You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

241 lines
8.2 KiB

7 years ago
# Haproxy web interface
Web interface(user-friendly web GUI, alerting, monitoring and secure) for managing Haproxy servers. Leave your [feedback](https://github.com/Aidaho12/haproxy-wi/issues)
7 years ago
# Youtube
6 years ago
[Demo video](https://www.youtube.com/channel/UCo0lCg24j-H4f0S9kMjp-_w)
6 years ago
# Twitter
[Twitter](https://twitter.com/haproxy_wi), subscribe! I will write there about all the changes and news
# Demo site
[Demo site](https://demo.haproxy-wi.org) Login/password: admin/admin. Server resets every hour.
![alt text](image/haproxy-wi-config-show.jpeg "Show config page")
7 years ago
# Features:
1. Configure HAproxy In a jiffy with haproxy-wi
2. View and analyse Status of all Frontend/backend server via haproxy-wi from a single control panel.
3. Enable/disable servers through stats page without rebooting HAProxy
4. View/Analyse HAproxy logs straight from the haproxy-wi web interface
5. Create and visualise the HAproxy workflow from Web Ui.
6. Push Your changes to your HAproxy servers with a single click through web interface.
7. Get info on past changes, Evaluate your config files and restore a previous stable config anytime with a single click straight from Web interface.
8. Add/Edit Frontend or backend servers via web interface with a click of a button.
9. Edit config of HAproxy and push changes to All Master/Slave server with a single click.
10. Add Multiple server to ensure Config Sync between servers.
11. Auto management of ports assigned to Fronted.
12. Evaluate the changes of recent configs pushed to HAproxy instances straight from web ui
13. Multiple User Roles support for privileged based Viewing and editing of Config.
14. Create Groups and add /remove servers to ensure proper identification for your HAproxy Clusters
15. Send notifications to telegram directly from haproxy-wi.
16. haproxy-wi supports high Availability to ensure uptime to all Master slave servers configured.
17. SSL certificate support.
18. SSH Key support for managing multiple HAproxy Servers straight from haproxy-wi
6 years ago
19. SYN flood protect
20. Alerting about changes backends state
21. Alerting about HAProxy service state
22. Metrics incoming connections
23. Web acceleration settings
24. Web application firewall
6 years ago
25. LDAP support
6 years ago
26. Keep active HAProxy service
27. Ability to hide parts of the config with tags for users with "guest" role: "HideBlockStart" and "HideBlockEnd"
28. Mobile-ready desing
7 years ago
5 years ago
![alt text](image/haproxy-wi-metrics.png "Merics")
6 years ago
7 years ago
# Install
5 years ago
## RPM
Install repository:
```
yum install https://repo.haproxy-wi.org/haproxy-wi-release-7-1-0.noarch.rpm
```
After install HAProxy-WI:
```
yum install haproxy-wi
```
5 years ago
5 years ago
#### Before uses RPM repository you should donate to support project on [Patreon](https://www.patreon.com/haproxy_wi/overview) or on [PayPal](https://www.paypal.me/loginovpavel) and I will send you credentials for access. Actual prices you can see on [Patreon](https://www.patreon.com/haproxy_wi/overview)
5 years ago
## Manual install
7 years ago
For install just clone:
7 years ago
```
5 years ago
CentOS:
5 years ago
$ sudo yum -y install git nmap-ncat net-tools python35u dos2unix python35u-pip mod_ssl httpd python35u-devel gcc-c++ openldap-devel python-devel python-jinja2 python35u-mod_wsgi
$ cd /var/www/
7 years ago
$ git clone https://github.com/Aidaho12/haproxy-wi.git /var/www/haproxy-wi
$ chown -R apache:apache haproxy-wi/
5 years ago
6 years ago
Or if use Debian/Ubuntu:
5 years ago
5 years ago
$ sudo apt-get install git net-tools lshw dos2unix apache2 gcc netcat python3.5 python3.5-mod_wsgi mod_ssl python3-pip g++ freetype2-demos libatlas-base-dev openldap-dev libpq-dev python-dev libxml2-dev libxslt1-dev libldap2-dev libsasl2-dev libffi-dev python3-dev libssl-dev -y
6 years ago
$ chown -R www-data:www-data haproxy-wi/
5 years ago
Both
$ pip3 install -r haproxy-wi/requirements.txt
$ chmod +x haproxy-wi/app/*.py
6 years ago
$ sudo ln -s /usr/bin/python3.5 /usr/bin/python3
5 years ago
$ sudo cp config_other/logrotate/* /etc/logrotate.d/
$ sudo cp config_other/syslog/* /etc/rsyslog.d/
$ sudo cp config_other/systemd/* /etc/systemd/system/
$ sudo systemctl daemon-reload
$ sudo systemctl restart httpd
$ sudo systemctl restart rsyslog
$ sudo systemctl restart metrics_haproxy.service
$ sudo systemctl restart checker_haproxy.service
$ sudo systemctl restart keep_alive.service
$ sudo systemctl enable metrics_haproxy.service
$ sudo systemctl enable checker_haproxy.service
$ sudo systemctl enable keep_alive.service
$ sudo mkdir /var/www/haproxy-wi/app/certs
$ sudo mkdir /var/www/haproxy-wi/keys
$ sudo mkdir /var/www/haproxy-wi/configs/
$ sudo mkdir /var/www/haproxy-wi/configs/hap_config/
$ sudo mkdir /var/www/haproxy-wi/configs/kp_config/
$ sudo mkdir /var/www/haproxy-wi/log/
7 years ago
```
7 years ago
For Apache do virtualhost with cgi-bin. Like this:
```
# vi /etc/httpd/conf.d/haproxy-wi.conf
7 years ago
<VirtualHost *:8080>
5 years ago
WSGIDaemonProcess api user=apache group=apache processes=1 threads=5
WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi
<Directory /var/www/haproxy-wi/api>
WSGIProcessGroup api
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt
SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key
7 years ago
ServerName haproxy-wi
ErrorLog /var/log/httpd/haproxy-wi.error.log
CustomLog /var/log/httpd/haproxy-wi.access.log combined
6 years ago
TimeOut 600
6 years ago
LimitRequestLine 16380
7 years ago
DocumentRoot /var/www/haproxy-wi
ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"
7 years ago
<Directory /var/www/haproxy-wi/app>
5 years ago
Options +ExecCGI
AddHandler cgi-script .py
Order deny,allow
Allow from all
7 years ago
</Directory>
<Directory /var/www/haproxy-wi/app/certs>
Options +ExecCGI -Indexes +MultiViews
Order Deny,Allow
Deny from all
</Directory>
5 years ago
<Directory /var/www/haproxy-wi/keys>
Options +ExecCGI -Indexes +MultiViews
Order Deny,Allow
Deny from all
</Directory>
<FilesMatch "\.cfg$">
Order Deny,Allow
Deny from all
</FilesMatch>
<FilesMatch "\.db$">
Order Deny,Allow
Deny from all
</FilesMatch>
<IfModule mod_headers.c>
Header set X-XSS-Protection: 1;
Header set X-Frame-Options: deny
Header set X-Content-Type-Options: nosniff
Header set Strict-Transport-Security: max-age=3600;
Header set Cache-Control no-cache
Header set Expires: 0
<filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$">
Header set Cache-Control "max-age=86400, public"
</filesMatch>
</IfModule>
7 years ago
</VirtualHost>
```
5 years ago
6 years ago
# OS support
HAProxy-WI was tested on EL 7, and all scripts too. Debian/Ubuntu OS support at 'beta' stage, may work not correct
7 years ago
# Database support
Default Haproxy-WI use Sqlite, if you want use MySQL enable in config, and create database:
7 years ago
### For MySQL support:
```
MariaDB [(none)]> create user 'haproxy-wi'@'%';
MariaDB [(none)]> create database haproxywi;
MariaDB [(none)]> grant all on haproxywi.* to 'haproxy-wi'@'%' IDENTIFIED BY 'haproxy-wi';
7 years ago
MariaDB [(none)]> grant all on haproxywi.* to 'haproxy-wi'@'localhost' IDENTIFIED BY 'haproxy-wi';
```
![alt text](image/haproxy-wi-overview.png "Overview page")
7 years ago
7 years ago
# Settings
```
6 years ago
Edit $HOME_HAPROXY-WI/app/haproxy-wi.cfg with your env
7 years ago
```
7 years ago
Login https://haproxy-wi-server/users.py, and add: users, groups and servers. Default: admin/admin
![alt text](image/haproxy-wi-admin-area.png "Admin area")
For Runtime API, Metrics and Alerting enable state file and stat socket on HAproxt servers and need install socat on all haproxy servers, and configre HAProxy:
7 years ago
```
global
6 years ago
stats socket *:1999 level admin
stats socket /var/run/haproxy.sock mode 600 level admin
server-state-file /etc/haproxy/haproxy.state
defaults
6 years ago
load-server-state-from-file global
6 years ago
listen stats
stats admin if TRUE
7 years ago
```
![alt text](image/haproxy-wi-logs.png "View logs page")
7 years ago
5 years ago
# Create and update DB
```
$ cd /var/www/haproxy-wi/app
$ ./create_db.py
```
7 years ago
# Troubleshooting
If you have error:
```
Forbidden
You don't have permission to access /app/overview.py on this server.
7 years ago
```
Check owner(must be apache, or another user for apache)
If at first login you have:
```
Internal Server Error
```
Do this:
```
$ cd /var/www/haproxy-wi/app
$ ./create_db.py
7 years ago
```
and check executeble py files
If you see plain text, check section "Directory" in httpd conf