在CentOS 6.5中获取错误,HA-Proxy版本1.4.24 2013/06/17 请告知如何使它工作?我需要对localhost:8888做HTTPS,这是失败的。
# service haproxy start
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:18] : timeout 'tunnel': must be 'client', 'server', 'connect', 'check', 'queue', 'http-keep-alive', 'http-request' or 'tarpit'
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:22] : 'redirect' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was 'scheme').
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:24] : 'bind' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.
[ALERT] 238/084310 (24365) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 238/084310 (24365) : Fatal errors found in configuration.
Errors in configuration file, check with haproxy check.
我的配置是:
global
log 127.0.0.1 local0 debug
maxconn 8000
user haproxy
group haproxy
defaults
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
mode http
maxconn 5000
timeout connect 5s
timeout client 30s
timeout server 30s
timeout tunnel 12h
frontend www
bind :80
option forwardfor
redirect scheme https if !{ ssl_fc }
frontend lb
bind :443 ssl crt /etc/haproxy/sslkeys/cert.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA
option forwardfor
reqadd X-Forwarded-Proto:\ https
default_backend api
acl is_websocket hdr(Upgrade) -i WebSocket
acl is_websocket hdr_beg(Host) -i ws
acl is_api hdr_beg(Host) -i api
use_backend ws if is_websocket
use_backend api if is_api
backend api
balance roundrobin
server service 127.0.0.1:5001 weight 1 maxconn 2500 check
backend ws
balance roundrobin
server service 127.0.0.1:5001 weight 1 maxconn 2500 check
编辑:升级为http://silverdire.com/2014/03/19/haproxy-1-5-dev22-rpm-repo/ 但仍然给出错误
# service haproxy start
[ALERT] 238/085833 (25096) : parsing [/etc/haproxy/haproxy.cfg:22] : error detected in frontend 'www' while parsing redirect rule : error in condition: unknown fetch method 'ssl_fc' in ACL expression 'ssl_fc'.
[ALERT] 238/085833 (25096) : parsing [/etc/haproxy/haproxy.cfg:24] : 'bind :9999' unknown keyword 'ssl'. Registered keywords :
[ TCP] defer-accept
[ TCP] interface <arg>
[ TCP] mss <arg>
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[STAT] level <arg>
[UNIX] gid <arg>
[UNIX] group <arg>
[UNIX] mode <arg>
[UNIX] uid <arg>
[UNIX] user <arg>
[ ALL] accept-proxy
[ ALL] backlog <arg>
[ ALL] id <arg>
[ ALL] maxconn <arg>
[ ALL] name <arg>
[ ALL] nice <arg>
[ALERT] 238/085833 (25096) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 238/085833 (25096) : Fatal errors found in configuration.
Errors found in configuration file, check it with 'haproxy check'.
答案 0 :(得分:10)
CentOS 7 (兼容) - 未使用SSL支持编译它。解决它:
第1步
yum remove haproxy
yum install openssl-devel pcre-devel
OR
apt-get install libssl-dev libpcre3
第2步
安装Haproxy
稳定
$ wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.3.tar.gz
$ cd /var/tmp/haproxy-1.5.3
$ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1
$ make install
$ ./haproxy -vv
HA-Proxy version 1.5.3 2014/07/25
Copyright 2000-2014 Willy Tarreau <w@1wt.eu>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing
OPTIONS = USE_LIBCRYPT=1 USE_CRYPT_H=1 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 7.8 2008-09-05
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
第3步
现在支持SSL
$ ./haproxy -f configfile.cfg
注意:强>
/etc/haproxy/sslkeys/cert.pem: this file should have Private key, Certificate, Intermediate certificate (optional) in one file
答案 1 :(得分:2)
我建议使用rpm-build,至少对于所有类似RHEL的发行版
准备环境
# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
# haproxy -v
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>
# yum install rpm-build make gcc-c++ openssl-devel pcre-devel
# cd /root/ && wget https://www.haproxy.org/download/1.8/src/haproxy-1.8.1.tar.gz
构建包
# USE_ZLIB=1 USE_LIBCRYPT=1 USE_OPENSSL=1 rpmbuild -ta haproxy-1.8.1.tar.gz
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.I61pDI
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd /root/rpmbuild/BUILD
+ rm -rf haproxy-1.8.1
+ /usr/bin/gzip -dc /root/haproxy-1.8.1.tar.gz
+ /usr/bin/tar -xf -
...
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64
Wrote: /root/rpmbuild/SRPMS/haproxy-1.8.1-1.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/haproxy-1.8.1-1.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/haproxy-debuginfo-1.8.1-1.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.jo5GXH
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd haproxy-1.8.1
+ '[' /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64 '!=' / ']'
+ /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64
+ exit 0
安装/升级软件包
# rpm -Uvh /root/rpmbuild/RPMS/x86_64/haproxy-1.8.1-1.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:haproxy-1.8.1-1 ################################# [ 50%]
Cleaning up / removing...
2:haproxy-1.5.18-6.el7 ################################# [100%]
检查输出
# haproxy -vv
HA-Proxy version 1.8.1 2017/12/03
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>
Build options :
TARGET = linux26
CPU = generic
CC = gcc
CFLAGS = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
对于基于systemd的系统,您应该安装systemd-devel包并传递USE_SYSTEMD = 1选项