github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v3.9.2

pull/194/head
Pavel Loginov 2019-12-15 10:41:24 +03:00
parent f8cc5dbc1d
commit b045b2aafc
10 changed files with 135 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
README.md
View File

@ -134,6 +134,7 @@ For Apache do virtualhost with cgi-bin. Like this:
ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/" ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"
<Directory /var/www/haproxy-wi/app> <Directory /var/www/haproxy-wi/app>
DirectoryIndex overview.py
Options +ExecCGI Options +ExecCGI
AddHandler cgi-script .py AddHandler cgi-script .py
Order deny,allow Order deny,allow
@ -146,33 +147,33 @@ For Apache do virtualhost with cgi-bin. Like this:
Deny from all Deny from all
</Directory> </Directory>
<Directory /var/www/haproxy-wi/keys> <Directory /var/www/haproxy-wi/keys>
Options +ExecCGI -Indexes +MultiViews Options +ExecCGI -Indexes +MultiViews
Order Deny,Allow Order Deny,Allow
Deny from all Deny from all
</Directory> </Directory>
<FilesMatch "\.cfg$"> <FilesMatch "\.cfg$">
Order Deny,Allow Order Deny,Allow
Deny from all Deny from all
</FilesMatch> </FilesMatch>
<FilesMatch "\.db$"> <FilesMatch "\.db$">
Order Deny,Allow Order Deny,Allow
Deny from all Deny from all
</FilesMatch> </FilesMatch>
<IfModule mod_headers.c> <IfModule mod_headers.c>
Header set X-XSS-Protection: 1; Header set X-XSS-Protection: 1;
Header set X-Frame-Options: deny Header set X-Frame-Options: deny
Header set X-Content-Type-Options: nosniff Header set X-Content-Type-Options: nosniff
Header set Strict-Transport-Security: max-age=3600; Header set Strict-Transport-Security: max-age=3600;
Header set Cache-Control no-cache Header set Cache-Control no-cache
Header set Expires: 0 Header set Expires: 0
<filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$"> <filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$">
Header set Cache-Control "max-age=86400, public" Header set Cache-Control "max-age=86400, public"
</filesMatch> </filesMatch>
</IfModule> </IfModule>
</VirtualHost> </VirtualHost>
``` ```
@ -213,6 +214,11 @@ For Runtime API, Metrics and Alerting enable state file and stat socket on HApro
load-server-state-from-file global load-server-state-from-file global
listen stats listen stats
bind *:8085
stats enable
stats uri /stats
stats realm HAProxy-04\ Statistics
stats auth admin:password
stats admin if TRUE stats admin if TRUE
``` ```
![alt text](image/haproxy-wi-logs.png "View logs page") ![alt text](image/haproxy-wi-logs.png "View logs page")

2
app/create_db.py
View File

@ -459,7 +459,7 @@ def update_db_v_3_8_1(**kwargs):
def update_ver(**kwargs): def update_ver(**kwargs):
con, cur = get_cur() con, cur = get_cur()
sql = """update version set version = '3.9.1'; """ sql = """update version set version = '3.9.2'; """
try: try:
cur.execute(sql) cur.execute(sql)
con.commit() con.commit()

34
app/funct.py
View File

@ -155,11 +155,10 @@ def page_for_admin(**kwargs):
print('<center><h3 style="color: red">How did you get here?! O_o You do not have need permissions</h>') print('<center><h3 style="color: red">How did you get here?! O_o You do not have need permissions</h>')
print('<meta http-equiv="refresh" content="5; url=/">') print('<meta http-equiv="refresh" content="5; url=/">')
import sys import sys
sys.exit() sys.exit()
def ssh_connect(serv, **kwargs):
import paramiko def return_ssh_keys_path(serv):
from paramiko import SSHClient
import sql import sql
fullpath = get_config_var('main', 'fullpath') fullpath = get_config_var('main', 'fullpath')
ssh_enable = '' ssh_enable = ''
@ -172,6 +171,16 @@ def ssh_connect(serv, **kwargs):
ssh_user_name = sshs[4] ssh_user_name = sshs[4]
ssh_user_password = sshs[5] ssh_user_password = sshs[5]
ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2] ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
return ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name
def ssh_connect(serv, **kwargs):
import paramiko
from paramiko import SSHClient
import sql
ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(serv)
servers = sql.select_servers(server=serv) servers = sql.select_servers(server=serv)
for server in servers: for server in servers:
@ -327,7 +336,7 @@ def rewrite_section(start_line, end_line, config, section):
return_config += line return_config += line
return return_config return return_config
def install_haproxy(serv, **kwargs): def install_haproxy(serv, **kwargs):
import sql import sql
@ -339,17 +348,10 @@ def install_haproxy(serv, **kwargs):
stats_password = sql.get_setting('stats_password') stats_password = sql.get_setting('stats_password')
proxy = sql.get_setting('proxy') proxy = sql.get_setting('proxy')
hapver = kwargs.get('hapver') hapver = kwargs.get('hapver')
fullpath = get_config_var('main', 'fullpath') ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(serv)
ssh_enable = ''
ssh_port = ''
ssh_user_name = ''
ssh_user_password = ''
for sshs in sql.select_ssh(serv=serv): if ssh_enable == 0:
ssh_enable = sshs[3] ssh_key_name = ''
ssh_user_name = sshs[4]
ssh_user_password = sshs[5]
ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
os.system("cp scripts/%s ." % script) os.system("cp scripts/%s ." % script)

32
app/index.html
View File

@ -1,32 +0,0 @@
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>HAProxy-WI</title>
<link href="/inc/images/favicon.ico" rel="icon" type="image/x-icon">
<link rel="shortcut icon" href="/inc/images/favicon.ico" type="image/x-icon">
<link href="/inc/style.css" rel="stylesheet">
<link href="/inc/nprogress.css" rel="stylesheet">
<link rel="stylesheet" href="/inc/jquery-ui.css">
<script src="/inc/jquery-1.12.4.js"></script>
<script src="/inc/jquery-ui.js"></script>
<script src="/inc/nprogress.js"></script>
<meta http-equiv="refresh" content="0; url=/app/overview.py" />
</head>
<body style="background-color: #239dee;">
<script>
$( function() {
NProgress.start();
$('#cover').fadeIn('fast');
});
</script>
<div id="cover"></div>
<center>
<div style="color: white;">
<h1 style="font-size: 100px;">Welcome to</h1>
<img src="/inc/images/logo_index.png" alt="logo" style="margin-top: -50px;display: block;padding-bottom: 70px;" />
<b style="font-size: 30px;">Redirecting... Please wait</b>
</div>
</center>
</body>
</html>

52
app/options.py
View File

@ -582,18 +582,12 @@ if form.getvalue('master'):
script = "install_keepalived.sh" script = "install_keepalived.sh"
fullpath = funct.get_config_var('main', 'fullpath') fullpath = funct.get_config_var('main', 'fullpath')
proxy = sql.get_setting('proxy') proxy = sql.get_setting('proxy')
ssh_enable = '' ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(master)
ssh_port = ''
ssh_user_name = '' if ssh_enable == 0:
ssh_user_password = '' ssh_key_name = ''
proxy_serv = proxy if proxy is not None else "" proxy_serv = proxy if proxy is not None else ""
for sshs in sql.select_ssh(serv=master):
ssh_enable = sshs[3]
ssh_user_name = sshs[4]
ssh_user_password = sshs[5]
ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
os.system("cp scripts/%s ." % script) os.system("cp scripts/%s ." % script)
@ -624,11 +618,10 @@ if form.getvalue('master'):
else: else:
print('success: Master Keepalived was installed<br>') print('success: Master Keepalived was installed<br>')
for sshs in sql.select_ssh(serv=slave): ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(slave)
ssh_enable = sshs[3]
ssh_user_name = sshs[4] if ssh_enable == 0:
ssh_user_password = sshs[5] ssh_key_name = ''
ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" +proxy_serv+ commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" +proxy_serv+
" ETH="+ETH+" IP="+IP+" MASTER=BACKUP"+" HOST="+str(slave)+ " ETH="+ETH+" IP="+IP+" MASTER=BACKUP"+" HOST="+str(slave)+
@ -664,20 +657,11 @@ if form.getvalue('masteradd'):
IP = form.getvalue('vrrpipadd') IP = form.getvalue('vrrpipadd')
kp = form.getvalue('kp') kp = form.getvalue('kp')
script = "install_keepalived.sh" script = "install_keepalived.sh"
fullpath = funct.get_config_var('main', 'fullpath') proxy = sql.get_setting('proxy')
proxy = sql.get_setting('proxy') ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(master)
ssh_enable = ''
ssh_port = ''
ssh_user_name = ''
ssh_user_password = ''
proxy_serv = proxy if proxy is not None else "" if ssh_enable == 0:
ssh_key_name = ''
for sshs in sql.select_ssh(serv=master):
ssh_enable = sshs[3]
ssh_user_name = sshs[4]
ssh_user_password = sshs[5]
ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
os.system("cp scripts/%s ." % script) os.system("cp scripts/%s ." % script)
@ -705,11 +689,10 @@ if form.getvalue('masteradd'):
print('success: Master VRRP address was added<br>') print('success: Master VRRP address was added<br>')
for sshs in sql.select_ssh(serv=slave): ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(slave)
ssh_enable = sshs[3]
ssh_user_name = sshs[4] if ssh_enable == 0:
ssh_user_password = sshs[5] ssh_key_name = ''
ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" + proxy_serv+ commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" + proxy_serv+
" ETH="+ETH+" IP="+str(IP)+" MASTER=BACKUP"+" RESTART="+kp+" ADD_VRRP=1 HOST="+str(slave)+ " ETH="+ETH+" IP="+str(IP)+" MASTER=BACKUP"+" RESTART="+kp+" ADD_VRRP=1 HOST="+str(slave)+
@ -781,8 +764,6 @@ if form.getvalue('new_metrics'):
for i in metric: for i in metric:
label = str(i[5]) label = str(i[5])
label = label.split(' ')[1] label = label.split(' ')[1]
#label = label.split(':')
#labels += label[0]+':'+label[1]+','
labels += label+',' labels += label+','
curr_con += str(i[1])+',' curr_con += str(i[1])+','
curr_ssl_con += str(i[2])+',' curr_ssl_con += str(i[2])+','
@ -811,7 +792,6 @@ if form.getvalue('new_waf_metrics'):
for i in metric: for i in metric:
label = str(i[2]) label = str(i[2])
label = label.split(' ')[1] label = label.split(' ')[1]
# label = label.split(':')
labels += label[0]+',' labels += label[0]+','
curr_con += str(i[1])+',' curr_con += str(i[1])+','

25
app/scripts/ansible/roles/haproxy/tasks/main.yml
View File

@ -3,6 +3,10 @@
package_facts: package_facts:
manager: "auto" manager: "auto"
- name: populate service facts
service_facts:
- name: install HAProxy {{HAPVER}} - name: install HAProxy {{HAPVER}}
yum: yum:
@ -94,6 +98,27 @@
set_fact: set_fact:
haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}" haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}"
- name: Open stat port for firewalld
firewalld:
port: "{{ item }}/tcp"
state: enabled
permanent: yes
immediate: yes
ignore_errors: yes
when: ansible_facts.services["firewalld.service"]['state'] == "running"
with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
- name: Open stat port for iptables
iptables:
chain: INPUT
destination_port: "{{ item }}"
jump: ACCEPT
protocol: tcp
ignore_errors: yes
with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
- name: Copy HAProxy configuration in place. - name: Copy HAProxy configuration in place.
template: template:

2
app/scripts/waf.sh
View File

@ -27,7 +27,7 @@ then
fi fi
if [ -f $HAPROXY_PATH/waf/modsecurity.conf ];then if [ -f $HAPROXY_PATH/waf/modsecurity.conf ];then
echo -e 'error: Haproxy WAF already installed. You can edit config<a href="/app/config.py" title="Edit HAProxy config">here</a> <br /><br />' echo -e 'error: Haproxy WAF already installed. <br /><br />'
exit 1 exit 1
fi fi
if hash apt-get 2>/dev/null; then if hash apt-get 2>/dev/null; then

60
config_other/httpd/haproxy-wi.conf
View File

@ -1,40 +1,40 @@
<VirtualHost *:443> <VirtualHost *:443>
WSGIDaemonProcess api display-name=%{GROUP} user=apache group=apache processes=1 threads=5 WSGIDaemonProcess api display-name=%{GROUP} user=apache group=apache processes=1 threads=5
WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi
<Directory /var/www/haproxy-wi/api> <Directory /var/www/haproxy-wi/api>
WSGIProcessGroup api WSGIProcessGroup api
WSGIApplicationGroup %{GLOBAL} WSGIApplicationGroup %{GLOBAL}
Order deny,allow Order deny,allow
Allow from all Allow from all
</Directory> </Directory>
SSLEngine on SSLEngine on
SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt
SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key
ServerName haprox-wi.example.com ServerName haprox-wi.example.com
ErrorLog /var/log/httpd/haproxy-wi.error.log ErrorLog /var/log/httpd/haproxy-wi.error.log
CustomLog /var/log/httpd/haproxy-wi.access.log combined CustomLog /var/log/httpd/haproxy-wi.access.log combined
TimeOut 600 TimeOut 600
LimitRequestLine 16380 LimitRequestLine 16380
DocumentRoot /var/www/haproxy-wi DocumentRoot /var/www/haproxy-wi
ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/" ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"
<Directory /var/www/haproxy-wi/app>
<Directory /var/www/haproxy-wi/app> DirectoryIndex overview.py
Options +ExecCGI Options +ExecCGI
AddHandler cgi-script .py AddHandler cgi-script .py
Order deny,allow Order deny,allow
Allow from all Allow from all
</Directory> </Directory>
<Directory /var/www/haproxy-wi/app/certs> <Directory /var/www/haproxy-wi/app/certs>
Options +ExecCGI -Indexes +MultiViews Options +ExecCGI -Indexes +MultiViews
Order Deny,Allow Order Deny,Allow
Deny from all Deny from all
</Directory> </Directory>
<Directory /var/www/haproxy-wi/keys> <Directory /var/www/haproxy-wi/keys>
Options +ExecCGI -Indexes +MultiViews Options +ExecCGI -Indexes +MultiViews
@ -64,4 +64,4 @@
Header set Cache-Control "max-age=86400, public" Header set Cache-Control "max-age=86400, public"
</filesMatch> </filesMatch>
</IfModule> </IfModule>
</VirtualHost> </VirtualHost>

BIN
image/haproxy-wi-overview.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 102 KiB

After

Width:  |  Height:  |  Size: 66 KiB

20
index.html
View File

@ -3,8 +3,24 @@
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<title>HAProxy-WI</title> <title>HAProxy-WI</title>
<link href="/inc/images/favicon.ico" rel="icon" type="image/x-icon"> <link href="/inc/images/favicon/favicon.ico" rel="icon" type="image/png" />
<link rel="shortcut icon" href="/inc/images/favicon.ico" type="image/x-icon"> <link rel="apple-touch-icon" sizes="57x57" href="/inc/images/favicon/inc/images/favicon/apple-icon-57x57.png">
<link rel="apple-touch-icon" sizes="60x60" href="/inc/images/favicon/apple-icon-60x60.png">
<link rel="apple-touch-icon" sizes="72x72" href="/inc/images/favicon/apple-icon-72x72.png">
<link rel="apple-touch-icon" sizes="76x76" href="/inc/images/favicon/apple-icon-76x76.png">
<link rel="apple-touch-icon" sizes="114x114" href="/inc/images/favicon/apple-icon-114x114.png">
<link rel="apple-touch-icon" sizes="120x120" href="/inc/images/favicon/apple-icon-120x120.png">
<link rel="apple-touch-icon" sizes="144x144" href="/inc/images/favicon/apple-icon-144x144.png">
<link rel="apple-touch-icon" sizes="152x152" href="/inc/images/favicon/apple-icon-152x152.png">
<link rel="apple-touch-icon" sizes="180x180" href="/inc/images/favicon/apple-icon-180x180.png">
<link rel="icon" type="image/png" sizes="192x192" href="/inc/images/favicon/android-icon-192x192.png">
<link rel="icon" type="image/png" sizes="32x32" href="/inc/images/favicon/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="96x96" href="/inc/images/favicon/favicon-96x96.png">
<link rel="icon" type="image/png" sizes="16x16" href="/inc/images/favicon/favicon-16x16.png">
<link rel="manifest" href="/inc/images/favicon/manifest.json">
<meta name="msapplication-TileColor" content="#ffffff">
<meta name="msapplication-TileImage" content="/inc/images/favicon/ms-icon-144x144.png">
<meta name="theme-color" content="#ffffff">
<link href="/inc/style.css" rel="stylesheet"> <link href="/inc/style.css" rel="stylesheet">
<link href="/inc/nprogress.css" rel="stylesheet"> <link href="/inc/nprogress.css" rel="stylesheet">
<link rel="stylesheet" href="/inc/jquery-ui.css"> <link rel="stylesheet" href="/inc/jquery-ui.css">