We faced a problem that we thought could use an automated strategy; our HAProxy configuration files were getting larger and more complicated and more prone to a small error resulting in the service not restarting appropriately. We currently use Buddy.Works to manage some of our code deployments and we’ve found a relatively simple way to accomplish this. We created a new repository, commited our base HAProxy configuration, setup our pipeline to grab the official haproxy docker instance and run the following:
groupadd haproxy && useradd -g haproxy haproxy
mkdir -p /etc/ssl/private/
cp dummy.pem /etc/ssl/private/dummy.pem
cp haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
This will create and add the appropriate user/group that our HAProxy runs under, copies over a dummy certificate to load, and finally attempts to validate our configuration. If this works successfully, we then can push that config out to our server and run our service reload command.