swamibluedata/Setting up haproxy as ssl proxy for rstudio

## Setting up haproxy as ssl proxy for rstudio
# Become super user
sudo su
# Install haproxy
yum install -y haproxy

# Generate a self-signed certificate
mkdir -p /etc/ssl/certs/haproxy
openssl genrsa -out /etc/ssl/certs/haproxy/server.key 1024
openssl req -new \
    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" \
    -key /etc/ssl/certs/haproxy/server.key -out /etc/ssl/certs/haproxy/server.csr
openssl x509 -req -days 3650 -in /etc/ssl/certs/haproxy/server.csr \
    -out /etc/ssl/certs/haproxy/server.crt \
    -signkey /etc/ssl/certs/haproxy/server.key

# Combine crt and key file into a pem file for haproxy
cat server.key server.crt > server.pem

# Create haproxy cfg for rstudio configuration. this will setup
# haproxy to listen on 8443 and redirect to rstudio through 127.0.0.1
cat > /etc/haproxy/haproxy.cfg <<EOF
global
  maxconn 1028
  daemon
  user haproxy
  group haproxy
  tune.ssl.default-dh-param 2048

defaults
  timeout connect 5000ms
  timeout client 50000ms
  timeout server 50000ms

frontend rstudio_https_frontend
  bind *:8443 ssl crt /etc/ssl/certs/haproxy/server.pem
  mode http
  option forwardfor
  option http-server-close
  option httpclose
  reqadd X-Forwarded-Proto:\ https
  default_backend rstudio_backend

backend rstudio_backend
  mode http
  timeout connect 5s
  timeout server 30s
  server rstudio 127.0.0.1:8787
EOF

# Start haproxy
service haproxy restart
	# Become super user
	sudo su
	# Install haproxy
	yum install -y haproxy

	# Generate a self-signed certificate
	mkdir -p /etc/ssl/certs/haproxy
	openssl genrsa -out /etc/ssl/certs/haproxy/server.key 1024
	openssl req -new \
	-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" \
	-key /etc/ssl/certs/haproxy/server.key -out /etc/ssl/certs/haproxy/server.csr
	openssl x509 -req -days 3650 -in /etc/ssl/certs/haproxy/server.csr \
	-out /etc/ssl/certs/haproxy/server.crt \
	-signkey /etc/ssl/certs/haproxy/server.key

	# Combine crt and key file into a pem file for haproxy
	cat server.key server.crt > server.pem

	# Create haproxy cfg for rstudio configuration. this will setup
	# haproxy to listen on 8443 and redirect to rstudio through 127.0.0.1
	cat > /etc/haproxy/haproxy.cfg <<EOF
	global
	maxconn 1028
	daemon
	user haproxy
	group haproxy
	tune.ssl.default-dh-param 2048

	defaults
	timeout connect 5000ms
	timeout client 50000ms
	timeout server 50000ms

	frontend rstudio_https_frontend
	bind *:8443 ssl crt /etc/ssl/certs/haproxy/server.pem
	mode http
	option forwardfor
	option http-server-close
	option httpclose
	reqadd X-Forwarded-Proto:\ https
	default_backend rstudio_backend

	backend rstudio_backend
	mode http
	timeout connect 5s
	timeout server 30s
	server rstudio 127.0.0.1:8787
	EOF

	# Start haproxy
	service haproxy restart