环境

  • OS: CentOS7.7_x64
  • Haproxy: 2.0.111

1. 安装依赖

  • gcc
  • readline-devel
  • systemd-devel
  • openssl
  • openssl-devel
  • lua5.3
1
[root@centos7 ~] yum install gcc readline-devel systemd-devel openssl openssl-devel

安装lua5.3至/usr/local/lua

1
2
3
4
5
[root@centos7 ~] wget http://www.lua.org/ftp/lua-5.3.5.tar.gz
[root@centos7 ~] tar zxvf lua-5.3.5.tar.gz
[root@centos7 ~] cd lua-5.3.5
[root@centos7 ~] make linux
[root@centos7 ~] make INSTALL_TOP=/usr/local/lua install

2. 安装haproxy

下载并安装至/usr/local/haproxy

1
2
3
4
5
[root@centos7 ~] wget https://www.haproxy.org/download/2.0/src/haproxy-2.0.11.tar.gz
[root@centos7 ~] tar zxvf haproxy-2.0.11.tar.gz
[root@centos7 ~] cd haproxy-2.0.11
[root@centos7 ~] make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=1 LUA_LIB=/usr/local/lua/lib/ LUA_INC=/usr/local/lua/include/ USE_PCRE=1 USE_SYSTEMD=1
[root@centos7 ~] make install PREFIX=/usr/local/haproxy

创建配置文件/etc/haproxy/haproxy.cfg

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
global
# daemon
cpu-map 1 0
log 127.0.0.1 local2
nbproc 1
stats socket /var/run/haproxy.sock mode 600 level admin
stats timeout 2m
tune.ssl.default-dh-param 2048

defaults
backlog 100000
balance leastconn
log global
maxconn 14000
option redispatch
option tcpka
option http-keep-alive
option dontlog-normal
option dontlognull
option tcp-smart-accept
option tcp-smart-connect
retries 5
timeout http-request 2m
timeout queue 1m
timeout connect 1m
timeout client 7d
timeout server 7d
timeout check 10s
timeout tunnel 7d

frontend cmdt
bind *:8080
mode http
option httplog

# ACL ENVIRONMENTS
default_backend empty

backend empty
mode http

listen stats
mode http
bind 0.0.0.0:1080
stats enable
stats hide-version
stats uri /haproxy?status
stats realm Haproxy\ Statistics
stats auth admin:admin
stats admin if TRUE

listen mgmt-ssh
bind 0.0.0.0:222
mode tcp
balance roundrobin
option tcplog
option tcpka
server centos-test 192.168.1.88:22

3. 运行

指定配置文件运行haproxy

1
[root@centos7 ~] /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg

拷贝systemd服务配置文件

1
2
[root@centos7 ~] cd haproxy-2.0.11/contrib/systemd
[root@centos7 ~] cp haproxy.service.in /lib/systemd/system/haproxy.service

修改haproxy服务执行路径:

1
[root@centos7 ~] sed -i 's/@SBINDIR@/\/usr\/local\/haproxy\/sbin/g' /lib/systemd/system/haproxy.service

修改完后haproxy.service配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
[Unit]
Description=HAProxy Load Balancer
After=network.target

[Service]
EnvironmentFile=-/etc/default/haproxy
EnvironmentFile=-/etc/sysconfig/haproxy
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
ExecReload=/usr/local/haproxy/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
SuccessExitStatus=143
Type=notify

# The following lines leverage SystemD's sandboxing options to provide
# defense in depth protection at the expense of restricting some flexibility
# in your setup (e.g. placement of your configuration files) or possibly
# reduced performance. See systemd.service(5) and systemd.exec(5) for further
# information.

# NoNewPrivileges=true
# ProtectHome=true
# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
# any state files and any other files written using 'ReadWritePaths' or
# 'RuntimeDirectory'.
# ProtectSystem=true
# ProtectKernelTunables=true
# ProtectKernelModules=true
# ProtectControlGroups=true
# If your SystemD version supports them, you can add: @reboot, @swap, @sync
# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io

[Install]
WantedBy=multi-user.target

启动haproxy

1
2
[root@centos7 ~] systemctl daemon-reload
[root@centos7 ~] systemctl start haproxy