编译安装haproxy开启支持SSL
1、下载二进制包
wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.5.tar.gz
tar xvf haproxy-1.7.5.tar.gz -C /usr/local/src
cd /usr/local/src/haproxy-1.7.5
2、编译安装,开启支持SSL
yum groupinstall -y "Development Tools"
yum install -y openssl openssl-devel
uname -a
make TARGET=linux31 USE_OPENSSL=1 ADDLIB=-lz
make install PREFIX=/usr/local/haproxy
3、查看版本号和编译参数
-vv:Display HAProxy's version and all build options.
$ /usr/local/haproxy/sbin/haproxy -vv
HA-Proxy version 1.7.5 2017/04/03
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>
Build options :
TARGET = linux31
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
OPTIONS = USE_POLL=default USE_OPENSSL=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Encrypted password support via crypt(3): no
Built without compression support (neither USE_ZLIB nor USE_SLZ are set)
Compression algorithms supported : identity("identity")
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built without PCRE support (using libc's regex instead)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND
Available polling systems :
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 2 (2 usable), will use poll.
Available filters :
[COMP] compression
[TRACE] trace
[SPOE] spoe
4、创建用户和组
groupadd -r -g 149 haproxy
useradd -r -u 149 -g haproxy -s /sbin/nologin haproxy
5、提供配置文件(略)
# mkdir -pv /etc/haproxy
6、配置服务日志
$ vim /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-r -m 0 -c 2"
# vim /etc/rsyslog.conf
# Save haproxy.log
local3.* /mnt/haproxy_logs/haproxy.log
$ vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local3 info
$ systemctl restart rsyslog
7、检查配置文件
-c:Only checks config file and exits with code 0 if no error was found, or exits with code 1 if a syntax error was found.
$ /usr/local/haproxy/sbin/haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid
8:启动haproxy
/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg
9、导出环境变量
$ vim /etc/profile.d/haproxy.sh
export PATH=$PATH:/usr/local/haproxy/sbin
$ source /etc/profile.d/haproxy.sh
参考: