Created
May 8, 2019 08:28
-
-
Save mansurali901/1980c09e3fad1683b62388b971194a94 to your computer and use it in GitHub Desktop.
This script will automate process for HAProxy installation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script will install HAproxy with LUA+SSL support | |
| # Author : Mansur Ul Hasan | |
| # Email : [email protected] | |
| # Disclaimer : This script is well tested on ubuntu if you are using RPM based distros please install relevant packages | |
| CheckOS () { | |
| InstallPre () { | |
| ### This function install required depenedencies | |
| apt-get update ; | |
| apt-get install build-essential readline-dev libedit-dev libreadline-gplv2-dev libpcre3-dev libssl-dev -y | |
| } | |
| InstallLua () { | |
| ### This function will setup LUA | |
| wget http://www.lua.org/ftp/lua-5.3.3.tar.gz | |
| tar -xvf lua-5.3.3.tar.gz | |
| cd lua-5.3.3/ | |
| make linux | |
| make install | |
| lua -v | |
| } | |
| InstallHaproxy () { | |
| wget http://www.haproxy.org/download/1.8/src/haproxy-1.8.0.tar.gz | |
| tar -xvf haproxy-1.8.0.tar.gz | |
| cd haproxy-1.8.0/ | |
| make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 USE_LUA=1 | |
| make install | |
| haproxy -v | |
| } | |
| ConfigureHAProxy () { | |
| mkdir /etc/haproxy | |
| mkdir /etc/haproxy/errors/ | |
| mkdir /run/haproxy/ | |
| mkdir /var/lib/haproxy | |
| adduser haproxy | |
| echo "global | |
| log /dev/log local0 | |
| log /dev/log local1 notice | |
| chroot /var/lib/haproxy | |
| stats socket /run/haproxy/admin.sock mode 660 level admin | |
| stats timeout 30s | |
| user haproxy | |
| group haproxy | |
| daemon | |
| # Default SSL material locations | |
| ca-base /etc/ssl/certs | |
| crt-base /etc/ssl/private | |
| tune.ssl.default-dh-param 2048 | |
| # Default ciphers to use on SSL-enabled listening sockets. | |
| # For more information, see ciphers(1SSL). This list is from: | |
| # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
| ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS | |
| ssl-default-bind-options no-sslv3 force-tlsv12 | |
| #### ENable logging | |
| #log 127.9.9.1 local1 | |
| defaults | |
| # log global | |
| # mode http | |
| # option httplog | |
| option dontlognull | |
| ################################## | |
| # option forwardfor | |
| # option http-server-close | |
| ################################## | |
| timeout connect 5000 | |
| timeout client 50000 | |
| timeout server 50000 | |
| errorfile 400 /etc/haproxy/errors/400.http | |
| errorfile 403 /etc/haproxy/errors/403.http | |
| errorfile 408 /etc/haproxy/errors/408.http | |
| errorfile 500 /etc/haproxy/errors/500.http | |
| errorfile 502 /etc/haproxy/errors/502.http | |
| errorfile 503 /etc/haproxy/errors/503.http | |
| errorfile 504 /etc/haproxy/errors/504.http | |
| ########################################## | |
| ## Definations for TCP Loadbalancing | |
| " > /etc/haproxy/haproxy.cfg | |
| } | |
| StartingHaproxy () { | |
| ## Installing Pre requisites | |
| InstallPre | |
| ## Installing LUA package | |
| InstallLua | |
| ### Installing HAProxy | |
| InstallHaproxy | |
| ### Configure HAProxy | |
| ConfigureHAProxy | |
| ### Starting HAProxy | |
| haproxy -f /etc/haproxy/haproxy.cfg | |
| } | |
| StartingHaproxy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment