Manage HAProxy / Nginx / Apache from Web Interface using Roxy-WI

Roxy-WI is an application created enable you build a fault-tolerant infrastructure without plunging deep into the details of setting up and creating a cluster based on HAProxy, NGINX, Apache and Keepalived. It gives you a convenient interface for managing all services in one place. This tool can сreate servers on AWS, DigitalOcean and GCore, install HAProxy, NGINX, Apache, Keepalived, its exporters and carry out the initial configuration for the services.

Features of Roxy-WI web interface

With Roxy-WI web you enjoy the following features.

• Install, configure, and update HAProxy, Nginx, Apache and Keepalived services
• Install and update Grafana, Prometheus servers with Roxy-WI
• Server provisioning on AWS, DigitalOcean and G-Core Labs
• Downloading, updating and formatting GeoIP to the acceptable format for HAProxy with Roxy-WI
• Dynamic change of Maxconn, Black/white lists and backend’s IP address and port with saving changes to the config file
• Enabling/disabling servers through stats page without rebooting HAProxy
• Creating and visualizing the HAProxy workflow
• Adding Multiple server to ensure the Config Sync between servers
• Sending notifications from Roxy-WI via Telegram, Slack, Email, PageDuty and via the web interface
• Support of SSL (including Let’s Encrypt)
• LDAP support
• Keep active HAProxy, Nginx, Apache and Keepalived services
• SMON (Check: Ping, TCP/UDP, HTTP(s), SSL expiry, HTTP body answer, DNS records)
• and much more.

Installing and Configuring Roxy-WI

In this section we shall capture all processes that are used to install and configure Roxy-WI. The process is manual and involves installing dependency packages, building and installing Roxy-WI, and finally configuring Roxy-WI for managing HAProxy, Nginx, Apache and Keepalived services.

1) Install dependencies

Before we can build and install Roxy-WI we need to install dependencies.

Ubuntu / Debian

sudo apt update
sudo apt install apache2 python3 python3-pip python3-ldap rsync ansible python3-requests python3-networkx 
sudo apt install python3-matplotlib python3-bottle python3-future python3-jinja2 python3-peewee python3-distro
sudo apt install python3-psutil python3-pymysql  python3-paramiko netcat-traditional nmap net-tools lshw 
sudo apt install dos2unix libapache2-mod-wsgi-py3 openssl sshpass git

CentOS 7 / RHEL 7

sudo yum install https://repo.ius.io/ius-release-el7.rpm epel-release
sudo yum -y install git nmap-ncat net-tools dos2unix python3 python3-pip python3-distro python36-ldap3 nmap
sudo yum -y install python36-pytz python36-requests python36-future python36-cryptography python3-psutil libmodulemd
sudo yum -y install python36-jinja2 python-configparser python3-paramiko httpd mod_ssl rsync ansible mod_wsgi git

RHEL 8 / CentOS 8 / Rocky 8 / Alma8:

sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf -y install python3 python3-pip python3-devel python3-cryptography python3-jinja2 python3-distro 
sudo dnf -y install  nmap-ncat net-tools lshw python3-ldap python3-paramiko rsync ansible dos2unix nmap mod_ssl
sudo dnf -y install  httpd python3-mod_wsgi libmodulemd python3-psutil git

2) Install Python dependencies

Let’s clone Roxy-WI source from Github.

sudo git clone https://github.com/hap-wi/roxy-wi.git /var/www/haproxy-wi

Navigate to created folder.

cd /var/www/haproxy-wi

Install Python dependencies from requirements file.

### RHEL 7 based systems ###
sudo pip3 install -r config_other/requirements_el7.txt

### RHEL 8 based systems ###
sudo pip3 install -r config_other/requirements_el8.txt

### Ubuntu / Debian based systems ###
sudo pip3 install -r config_other/requirements_deb.txt

3) Copy Roxy-WI Apache configuration

Copy Apache httpd server configuration:

### RHEL  based systems ###
sudo cp config_other/httpd/roxy-wi.conf /etc/httpd/conf.d/
sudo chown -R apache:apache /var/www/haproxy-wi
sudo systemctl enable --now httpd

### Debian  based systems ###
sudo cp config_other/httpd/roxy-wi_deb.conf /etc/apache2/sites-available/roxy-wi.conf
sudo a2ensite roxy-wi.conf
sudo a2enmod cgid ssl proxy_http rewrite
sudo chown -R www-data:www-data /var/www/haproxy-wi
sudo systemctl restart apache2

You can modify the configuration e.g to set custom domain name, or use custom SSL certificates.

RHEL: /etc/httpd/conf.d/roxy-wi.conf
Debian: /etc/apache2/sites-available/roxy-wi.conf

You can check status of your web server service using:

systemctl status apache2||systemctl status httpd

4) Create Roxy-WI directories & generate certificates

Install paramiko-ng Python module.

sudo pip3 install paramiko-ng 

Make Python scripts executable

sudo chmod +x /var/www/haproxy-wi/app/*.py 

Copy Log rotation configurations

sudo cp /var/www/haproxy-wi/config_other/logrotate/* /etc/logrotate.d/

Create necessary directories – configs, data and logs.

sudo mkdir /etc/roxy-wi/
sudo mkdir /var/log/roxy-wi/
sudo mkdir -p /var/lib/roxy-wi/{keys,configs}
sudo mkdir -p /var/lib/roxy-wi/configs/{hap_config,kp_config,nginx_config,apache_config}

Move configuration file to /etc/roxy-wi directory.

sudo mv /var/www/haproxy-wi/roxy-wi.cfg /etc/roxy-wi

Generate SSL key and certificate.

sudo openssl req -newkey rsa:4096 -nodes -keyout /var/www/haproxy-wi/app/certs/haproxy-wi.key -x509 -days 10365 -out /var/www/haproxy-wi/app/certs/haproxy-wi.crt -subj "/C=KE/ST=Nairobi/L=Nairobi/O=Roxy-WI/OU=IT/CN=*.roxy-wi.neveropen.tech/emailAddress=[email protected]"

Where:

• C is for Country Name (2 letter code)
• ST is for State or Province Name (full name)
• L is for Locality Name (e.g., city)
• O is for Organization Name (e.g., company)
• OU is for Organizational Unit Name (e.g., section)
• CN is for Common Name (e.g., server FQDN)
• emailAddress is for your Email Address

Finally create database.

cd /var/www/haproxy-wi/app
sudo ./create_db.py
sudo chown -R apache:apache /var/www/haproxy-wi/
sudo chown -R apache:apache /var/lib/roxy-wi/

Set directory permissions on the server.

### RHEL  based systems ###
sudo chown -R apache:apache /var/www/haproxy-wi/
sudo chown -R apache:apache /var/lib/roxy-wi/
sudo chown -R apache:apache /var/log/roxy-wi/
sudo chown -R apache:apache /etc/roxy-wi/

### Debian  based systems ###
sudo chown -R www-data:www-data /var/www/haproxy-wi/
sudo chown -R www-data:www-data /var/lib/roxy-wi/
sudo chown -R www-data:www-data /var/log/roxy-wi/
sudo chown -R www-data:www-data /etc/roxy-wi/

Restart web service.

sudo systemctl daemon-reload      
sudo systemctl restart httpd||sudo systemctl restart apache2
sudo systemctl restart rsyslog

6) Access Roxy-WI Web Dashboard

Open in your browser and access https://your_server_ip/

Default login credentials are:

Username: admin
Password: admin

To change admin password click on the user in the right top corner.

Click on “Change password” to set new password.

Overview window will show next.

To add servers yet. Read how to add an existing server or create a new one and go to the “Admin area” to add your first server.

But first add host group add SSH credentials to use Servers > SSH Credentials

Add server by providing required information.

Added server should should show on Overview section.

What next?

Visit the official project’s documentation pages to learn more about

Other HAProxy articles:

Getting Started With Secure HAProxy on Linux

Galera Cluster High Availability With HAProxy on Ubuntu 18.04 / CentOS 7

How to Setup MariaDB Galera Cluster on Ubuntu 18.04 with HAProxy