编译安装haproxy开启支持SSL

1、下载二进制包

wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.5.tar.gz
tar xvf haproxy-1.7.5.tar.gz -C /usr/local/src
cd /usr/local/src/haproxy-1.7.5

2、编译安装,开启支持SSL

yum groupinstall -y "Development Tools"
yum install -y openssl openssl-devel
uname -a
make TARGET=linux31 USE_OPENSSL=1 ADDLIB=-lz
make install PREFIX=/usr/local/haproxy

3、查看版本号和编译参数

-vv:Display HAProxy's version and all build options.

$ /usr/local/haproxy/sbin/haproxy -vv
HA-Proxy version 1.7.5 2017/04/03
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>

Build options :
  TARGET  = linux31
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
  OPTIONS = USE_POLL=default USE_OPENSSL=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): no
Built without compression support (neither USE_ZLIB nor USE_SLZ are set)
Compression algorithms supported : identity("identity")
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built without PCRE support (using libc's regex instead)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND

Available polling systems :
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 2 (2 usable), will use poll.

Available filters :
	[COMP] compression
	[TRACE] trace
	[SPOE] spoe

4、创建用户和组

groupadd -r -g 149 haproxy
useradd -r -u 149 -g haproxy -s /sbin/nologin haproxy

5、提供配置文件(略)

# mkdir -pv /etc/haproxy

6、配置服务日志

$ vim /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-r -m 0 -c 2"

# vim /etc/rsyslog.conf
# Save haproxy.log
local3.*                  /mnt/haproxy_logs/haproxy.log

$ vim /etc/haproxy/haproxy.cfg
global
        log 127.0.0.1 local3 info

$ systemctl restart rsyslog

7、检查配置文件

-c:Only checks config file and exits with code 0 if no error was found, or exits with code 1 if a syntax error was found.

$ /usr/local/haproxy/sbin/haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid

8:启动haproxy

/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg

9、导出环境变量

$ vim /etc/profile.d/haproxy.sh
export PATH=$PATH:/usr/local/haproxy/sbin

$ source /etc/profile.d/haproxy.sh

参考:

posted @ 2017-04-15 23:16  KeithTt  阅读(4164)  评论(0编辑  收藏  举报