CentOS 6.5 - haproxy致命错误

时间:2014-08-27 06:45:42

标签: https websocket centos haproxy

在CentOS 6.5中获取错误,HA-Proxy版本1.4.24 2013/06/17 请告知如何使它工作?我需要对localhost:8888做HTTPS,这是失败的。

# service haproxy start
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:18] : timeout 'tunnel': must be 'client', 'server', 'connect', 'check', 'queue', 'http-keep-alive', 'http-request' or 'tarpit'
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:22] : 'redirect' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was 'scheme').
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:24] : 'bind' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.
[ALERT] 238/084310 (24365) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 238/084310 (24365) : Fatal errors found in configuration.
Errors in configuration file, check with haproxy check.

我的配置是:

global
    log 127.0.0.1 local0 debug
    maxconn 8000
    user    haproxy
    group   haproxy
defaults
    log     global
    option  httplog
    option  dontlognull
    option  http-server-close
    option  redispatch
    retries 3
    mode    http
    maxconn         5000
    timeout connect  5s
    timeout client  30s
    timeout server  30s
    timeout tunnel  12h
frontend www
    bind     :80
    option   forwardfor
    redirect scheme https if !{ ssl_fc }
frontend lb
    bind   :443 ssl crt /etc/haproxy/sslkeys/cert.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA
    option forwardfor
    reqadd X-Forwarded-Proto:\ https
    default_backend  api
    acl is_websocket hdr(Upgrade)  -i WebSocket
    acl is_websocket hdr_beg(Host) -i ws
    acl is_api       hdr_beg(Host) -i api
    use_backend ws  if is_websocket
    use_backend api if is_api
backend api
    balance roundrobin
    server  service 127.0.0.1:5001 weight 1 maxconn 2500 check
backend ws
    balance roundrobin
    server  service 127.0.0.1:5001 weight 1 maxconn 2500 check

编辑:升级为http://silverdire.com/2014/03/19/haproxy-1-5-dev22-rpm-repo/ 但仍然给出错误

# service haproxy start
[ALERT] 238/085833 (25096) : parsing [/etc/haproxy/haproxy.cfg:22] : error detected in frontend 'www' while parsing redirect rule : error in condition: unknown fetch method 'ssl_fc' in ACL expression 'ssl_fc'.
[ALERT] 238/085833 (25096) : parsing [/etc/haproxy/haproxy.cfg:24] : 'bind :9999' unknown keyword 'ssl'. Registered keywords :
    [ TCP] defer-accept
    [ TCP] interface <arg>
    [ TCP] mss <arg>
    [ TCP] transparent
    [ TCP] v4v6
    [ TCP] v6only
    [STAT] level <arg>
    [UNIX] gid <arg>
    [UNIX] group <arg>
    [UNIX] mode <arg>
    [UNIX] uid <arg>
    [UNIX] user <arg>
    [ ALL] accept-proxy
    [ ALL] backlog <arg>
    [ ALL] id <arg>
    [ ALL] maxconn <arg>
    [ ALL] name <arg>
    [ ALL] nice <arg>
[ALERT] 238/085833 (25096) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 238/085833 (25096) : Fatal errors found in configuration.
Errors found in configuration file, check it with 'haproxy check'.

2 个答案:

答案 0 :(得分:10)

CentOS 7 (兼容) - 未使用SSL支持编译它。解决它:

第1步

yum remove haproxy
yum install openssl-devel pcre-devel 

OR

apt-get install libssl-dev libpcre3 

第2步

安装Haproxy稳定

$ wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.3.tar.gz
$ cd /var/tmp/haproxy-1.5.3
$ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1
$ make install
$ ./haproxy -vv
HA-Proxy version 1.5.3 2014/07/25
Copyright 2000-2014 Willy Tarreau <w@1wt.eu>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing
  OPTIONS = USE_LIBCRYPT=1 USE_CRYPT_H=1 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 7.8 2008-09-05
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

第3步

现在支持SSL

$ ./haproxy -f configfile.cfg

注意:

/etc/haproxy/sslkeys/cert.pem: this file should have Private key, Certificate, Intermediate certificate (optional) in one file

答案 1 :(得分:2)

我建议使用rpm-build,至少对于所有类似RHEL的发行版

准备环境

# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core)

# haproxy -v
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>

# yum install rpm-build make gcc-c++ openssl-devel pcre-devel
# cd /root/ && wget https://www.haproxy.org/download/1.8/src/haproxy-1.8.1.tar.gz

构建包

# USE_ZLIB=1 USE_LIBCRYPT=1 USE_OPENSSL=1 rpmbuild -ta haproxy-1.8.1.tar.gz
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.I61pDI
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd /root/rpmbuild/BUILD
+ rm -rf haproxy-1.8.1
+ /usr/bin/gzip -dc /root/haproxy-1.8.1.tar.gz
+ /usr/bin/tar -xf -
...
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64
Wrote: /root/rpmbuild/SRPMS/haproxy-1.8.1-1.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/haproxy-1.8.1-1.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/haproxy-debuginfo-1.8.1-1.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.jo5GXH
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd haproxy-1.8.1
+ '[' /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64 '!=' / ']'
+ /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64
+ exit 0

安装/升级软件包

# rpm -Uvh /root/rpmbuild/RPMS/x86_64/haproxy-1.8.1-1.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:haproxy-1.8.1-1                  ################################# [ 50%]
Cleaning up / removing...
   2:haproxy-1.5.18-6.el7             ################################# [100%]

检查输出

# haproxy -vv               
HA-Proxy version 1.8.1 2017/12/03
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>

Build options :
  TARGET  = linux26
  CPU     = generic
  CC      = gcc
  CFLAGS  = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label
  OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
    [SPOE] spoe
    [COMP] compression
    [TRACE] trace

对于基于systemd的系统,您应该安装systemd-devel包并传递USE_SYSTEMD = 1选项