sourcec0de · October 18, 2016 16:04 · Jul 26, 2013 · Jul 25, 2013 · Jul 25, 2013 · Jul 25, 2013
diff --git a/haproxy.cfg b/haproxy.cfg
@@ -39,11 +39,14 @@ global
       	#SERVEREND
 
   listen stats 0.0.0.0:8888
-        mode 		        http
-	stats 		        enable
-	stats 		        uri /haproxy
-	stats 	        	refresh 5s
-	stats 	        	auth [challenge-username]:[challenge-password]
-	timeout 	        connect 5000ms
-	timeout 	        client 50000ms
-	timeout 	        server 50000ms
+        mode            	http
+        stats           	enable
+        option          	httplog
+        stats           	show-legends
+        stats          		uri /haproxy
+        stats           	realm Haproxy\ Statistics
+        stats           	refresh 5s
+        stats           	auth SECRETUSER:SECRETPASS
+        timeout         	connect 5000ms
+        timeout         	client 50000ms
+        timeout         	server 50000ms
diff --git a/haproxy.cfg b/haproxy.cfg
@@ -1,7 +1,7 @@
 global
 	#debug
 	#daemon
-	log		127.0.0.1    local0
+	log 		        127.0.0.1    local0
 
   defaults
 	log  		        global

diff --git a/haproxy.cfg b/haproxy.cfg
@@ -4,13 +4,13 @@ global
 	log		127.0.0.1    local0
 
   defaults
-	log 		global
-	option 		httplog
+	log  		        global
+	option 		        httplog
 
   frontend unsecured *:80
-	mode  	            http
-	timeout		    client 86400000
-	redirect    	    prefix https://[ha-hostname] code 301 
+	mode 		        http
+	timeout 		client 86400000
+	redirect 		prefix https://[ha-hostname] code 301 
 
   frontend  secured
 	bind			0.0.0.0:443 ssl crt /path/to/your/cert/chain.pem

diff --git a/haproxy.cfg b/haproxy.cfg
@@ -1,37 +1,36 @@
-
 global
-      #debug
-      #daemon
-      log         127.0.0.1    local0
+	#debug
+	#daemon
+	log		127.0.0.1    local0
 
   defaults
-      log global
-      option httplog
+	log 		global
+	option 		httplog
 
   frontend unsecured *:80
-        mode  	            http
-      timeout		            client 86400000
-      redirect    	        prefix https://[ha-hostname] code 301 
+	mode  	            http
+	timeout		    client 86400000
+	redirect    	    prefix https://[ha-hostname] code 301 
 
   frontend  secured
-        bind        	      0.0.0.0:443 ssl crt /path/to/your/cert/chain.pem
-        mode 		            tcp
-        log 	      	      global
-        option 		          tcplog
-        timeout 	          client   3600s
-        backlog 	          4096
-        maxconn 	          50000      
-	      default_backend     www_backend
+	bind			0.0.0.0:443 ssl crt /path/to/your/cert/chain.pem
+	mode			tcp
+	log			global
+	option			tcplog
+	timeout			client   3600s
+	backlog			4096
+	maxconn			50000      
+	default_backend		www_backend
 
   backend www_backend
-        mode  		          tcp
-        option 		          log-health-checks
-        option 		          redispatch
-        option 		          tcplog
-        balance 	          source
-	      timeout 	          connect   1s
-        timeout             queue     5s
-        timeout 	          server    3600s
+        mode  		        tcp
+        option 		        log-health-checks
+        option 		        redispatch
+        option 		        tcplog
+        balance 	        source
+	timeout 	        connect   1s
+        timeout             	queue     5s
+        timeout 	        server    3600s
 
       	#SERVERBEGIN
       	     server     websocket-001 websocket-001.domain.com:8080 maxconn 1000 weight 10 check
@@ -40,11 +39,11 @@ global
       	#SERVEREND
 
   listen stats 0.0.0.0:8888
-        	mode 		          http
-	        stats 		        enable
-	        stats 		        uri /haproxy
-	        stats 	        	refresh 5s
-	        stats 	        	auth [challenge-username]:[challenge-password]
-	        timeout 	        connect 5000ms
-	        timeout 	        client 50000ms
-        	timeout 	        server 50000ms
+        mode 		        http
+	stats 		        enable
+	stats 		        uri /haproxy
+	stats 	        	refresh 5s
+	stats 	        	auth [challenge-username]:[challenge-password]
+	timeout 	        connect 5000ms
+	timeout 	        client 50000ms
+	timeout 	        server 50000ms
diff --git a/haproxy.cfg b/haproxy.cfg
@@ -0,0 +1,50 @@
+
+global
+      #debug
+      #daemon
+      log         127.0.0.1    local0
+
+  defaults
+      log global
+      option httplog
+
+  frontend unsecured *:80
+        mode  	            http
+      timeout		            client 86400000
+      redirect    	        prefix https://[ha-hostname] code 301 
+
+  frontend  secured
+        bind        	      0.0.0.0:443 ssl crt /path/to/your/cert/chain.pem
+        mode 		            tcp
+        log 	      	      global
+        option 		          tcplog
+        timeout 	          client   3600s
+        backlog 	          4096
+        maxconn 	          50000      
+	      default_backend     www_backend
+
+  backend www_backend
+        mode  		          tcp
+        option 		          log-health-checks
+        option 		          redispatch
+        option 		          tcplog
+        balance 	          source
+	      timeout 	          connect   1s
+        timeout             queue     5s
+        timeout 	          server    3600s
+
+      	#SERVERBEGIN
+      	     server     websocket-001 websocket-001.domain.com:8080 maxconn 1000 weight 10 check
+             server     websocket-002 websocket-002.domain.com:8080 maxconn 1000 weight 10 check
+             server     websocket-003 websocket-003.domain.com:8080 maxconn 1000 weight 10 check
+      	#SERVEREND
+
+  listen stats 0.0.0.0:8888
+        	mode 		          http
+	        stats 		        enable
+	        stats 		        uri /haproxy
+	        stats 	        	refresh 5s
+	        stats 	        	auth [challenge-username]:[challenge-password]
+	        timeout 	        connect 5000ms
+	        timeout 	        client 50000ms
+        	timeout 	        server 50000ms
diff --git a/update_haproxy_config.sh b/update_haproxy_config.sh
@@ -0,0 +1,85 @@
+#/bin/bash
+############################################################################################
+## Assumptions:
+##    - The EC2 Name on your instance for the haproxy is simply "haproxy.domain.com"
+##    - Your member servers are named "websocket-001.domain.com .. websocket-999.domain.com
+##    - Your using VPCs and yoru haproxy sits in the public subnet with an EIP
+##    - Your websocket servers are listening on 8080
+##
+## Your root crontab entry could look like this (run every 15 min):
+##    */15 * * * * /path/to/update_haproxy_config.sh > /dev/null 2>&1
+## 
+############################################################################################
+
+export EC2_CERT=/path/to/your/ec2/cert.pem
+export EC2_PRIVATE_KEY=/path/to/your/ec2/pk.pem
+MAXCONN=1000
+TMPTAGFILE=/tmp/websocket_tags
+TMPINSTANCES=/tmp/websocket_instances
+TMPHOSTS=/tmp/hosts
+TMPHACONFIG=/tmp/testconfig
+HACONFIG=/etc/haproxy/haproxy.cfg
+HACONFIGSERVERS=/tmp/haconfig
+echo "" > $HACONFIGSERVERS
+echo "" > $TMPHOSTS
+echo "" > $HACONFIGSERVERS
+
+##################################################################
+## Query the AWS EC2 API looking for servers named "socketio"
+## You can adjust this if you want to name your member servers
+## something different
+##################################################################
+
+echo "Getting EC2 Data..."
+ec2-describe-tags | grep Name | grep websocket | grep -v haproxy > $TMPTAGFILE
+ec2-describe-instances | grep INSTANCE  > $TMPINSTANCES
+while read line; do
+    NAME1=`echo $line | awk '{print $5}' | tr '.' ' ' | awk '{print $1}'`
+    NAME2=`echo $line | awk '{print $5}'`
+    INSTANCEID=`echo $line | awk '{print $3}'`
+    INTERNALIP=`cat $TMPINSTANCES | grep $INSTANCEID | awk '{print $15}'`
+    echo  "$INTERNALIP   $NAME1    $NAME2" >> $TMPHOSTS
+    echo  "     server     $NAME1 $NAME2:8080 maxconn $MAXCONN weight 10 check" >> $HACONFIGSERVERS
+    echo "" >> $HACONFIGSERVERS
+done < $TMPTAGFILE
+
+#############################################################
+## this modifies the /etc/hosts file so we can
+## use the internal ip (10.x.x.x) for traffic rather then
+## then EIP
+#############################################################
+if [ `cat $TMPHOSTS | wc -l` -gt 0 ]; 
+then
+  echo "Writing New Host File..."
+	echo "127.0.0.1    localhost   haproxy  haproxy.domain.com" > /etc/hosts
+	cat $TMPHOSTS | sed '/^$/d' | sort -k 2  >> /etc/hosts
+fi
+
+#############################################################
+##  This rewrites the haproxy.cfg file placing additional 
+##  servers between the two blocks:
+##      #SERVERBEGIN
+##          ....
+##      #SERVEREND
+##
+##  And then reloads the config
+#############################################################
+if [ `cat $HACONFIGSERVERS | wc -l` -gt 0 ]; 
+then
+	echo "Writing HA Proxy Config File..."
+	SUBSERVER=`cat $HACONFIGSERVERS | sort -u | sed '/^$/d' | sed -e 's/[\/&]/\\&/g'`
+	cat $HACONFIG | sed -e "/#SERVERBEGIN/,/#SERVEREND/c\\\t\#SERVERBEGIN\n\tSERVERPLACEHOLDER\n\t\#SERVEREND" | perl -p -i -e "s/SERVERPLACEHOLDER/${SUBSERVER}/g" > $TMPHACONFIG
+	cat $TMPHACONFIG > $HACONFIG
+
+	echo "Reloading HAProxy..."
+	/etc/init.d/haproxy reload
+fi
+
+#############################################################
+##  file cleanup
+#############################################################
+rm -f $TMPTAGFILE
+rm -f $TMPINSTANCES
+rm -f $HACONFIGSERVERS
+rm -f $TMPHOSTS
+rm -f $TMPHACONFIG