How To Use Terraform with DigitalOcean
resource "digitalocean_droplet" "haproxy-www" {
image = "ubuntu-14-04-x64"
name = "haproxy-www"
region = "nyc2"
size = "512mb"
private_networking = true
ssh_keys = [
connection {
user = "root"
type = "ssh"
key_file = "${var.pvt_key}"
timeout = "2m"
provisioner "remote-exec" {
inline = [
"export PATH=$PATH:/usr/bin",
# install haproxy 1.5
"sudo add-apt-repository -y ppa:vbernat/haproxy-1.5",
"sudo apt-get update",
"sudo apt-get -y install haproxy",
# download haproxy conf
"sudo wget -O /etc/haproxy/haproxy.cfg",
# replace ip address variables in haproxy conf to use droplet ip addresses
"sudo sed -i 's/HAPROXY_PUBLIC_IP/${digitalocean_droplet.haproxy-www.ipv4_address}/g' /etc/haproxy/haproxy.cfg",
"sudo sed -i 's/WWW_1_PRIVATE_IP/${digitalocean_droplet.www-1.ipv4_address_private}/g' /etc/haproxy/haproxy.cfg",
"sudo sed -i 's/WWW_2_PRIVATE_IP/${digitalocean_droplet.www-2.ipv4_address_private}/g' /etc/haproxy/haproxy.cfg",
# restart haproxy to load changes
"sudo service haproxy restart"
maxconn 2048
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
stats enable
stats uri /stats
stats realm Haproxy\ Statistics
stats auth hapuser:password!1234
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend www-http
default_backend www-backend
backend www-backend
server www-1 WWW_1_PRIVATE_IP:80 check
server www-2 WWW_2_PRIVATE_IP:80 check
variable "do_token" {}
variable "pub_key" {}
variable "pvt_key" {}
variable "ssh_fingerprint" {}
provider "digitalocean" {
token = "${var.do_token}"
resource "digitalocean_droplet" "www-1" {
image = "ubuntu-14-04-x64"
name = "www-1"
region = "nyc2"
size = "512mb"
private_networking = true
ssh_keys = [
connection {
user = "root"
type = "ssh"
key_file = "${var.pvt_key}"
timeout = "2m"
provisioner "remote-exec" {
inline = [
"export PATH=$PATH:/usr/bin",
# install nginx
"sudo apt-get update",
"sudo apt-get -y install nginx"
resource "digitalocean_droplet" "www-2" {
image = "ubuntu-14-04-x64"
name = "www-2"
region = "nyc2"
size = "512mb"
private_networking = true
ssh_keys = [
connection {
user = "root"
type = "ssh"
key_file = "${var.pvt_key}"
timeout = "2m"
provisioner "remote-exec" {
inline = [
"export PATH=$PATH:/usr/bin",
# install nginx
"sudo apt-get update",
"sudo apt-get -y install nginx"
