CentOS7源碼安裝部署HAProxy-1.9.7

目錄

• 0x01 操作系統版本及內核版本
• 0x01 下載lua及haproxy源碼包
• 0x02 解壓縮源碼包
• 0x03 編譯安裝 lua
• 0x03 編譯安裝 haproxy
• 0x01 添加HAProxy用戶和用戶組
• 0x02 配置錯誤頁面
• 0x03 配置HAProxy的systemd守護進程服務啟動文件
• 0x05 配置 HAProxy的systemd守護進程服務環境變量文件
• 0x06 創建 HAProxy配置文件目錄，並添加模板配置
• 0x07 配置HAProxy日志
• 0x08 配置HAProxy日志輪轉
• 0x09 配置定時任務
• 0x10 配置文件用戶和用戶組
• 0x11 啟動HAProxy
• 0x12 Web監控界面訪問

---

1. 環境說明

0x01 操作系統版本及內核版本

[root@haproxy ~]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

[root@haproxy ~]# uname -a
Linux haproxy 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18 15:06:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

---

2. 安裝依賴包

# yum install gcc openssl-devel readline-devel systemd-devel make pcre-devel

---

3. 源碼編譯安裝lua及haproxy

0x01 下載lua及haproxy源碼包

提示：haproxy包的下載需要梯子

# curl https://www.lua.org/ftp/lua-5.3.5.tar.gz > lua-5.3.5.tar.gz
# curl http://www.haproxy.org/download/1.9/src/haproxy-1.9.7.tar.gz > haproxy-1.9.7.tar.gz

0x02 解壓縮源碼包

# tar xf lua-5.3.5.tar.gz
# tar xf haproxy-1.9.7.tar.gz

0x03 編譯安裝 lua

# cd lua-5.3.5
# make INSTALL_TOP=/usr/local/lua-5.3.5 linux install

0x03 編譯安裝 haproxy

# cd haproxy-1.9.7
# make USE_NS=1 \
USE_TFO=1 \
USE_OPENSSL=1 \
USE_ZLIB=1 \
USE_LUA=1 \
USE_PCRE=1 \
USE_SYSTEMD=1 \
USE_LIBCRYPT=1 \
USE_THREAD=1 \
TARGET=linux2628 \
LUA_INC=/usr/local/lua-5.3.5/include \
LUA_LIB=/usr/local/lua-5.3.5/lib 
# make PREFIX=/usr/local/haproxy-1.9.7 install

---

4. 配置HAProxy

0x01 添加HAProxy用戶和用戶組

# groupadd -g 188 haproxy
# useradd -g 188 -u 188 -d /var/lib/haproxy -s /sbin/nologin -c haproxy haproxy

0x02 配置錯誤頁面

注意：拷貝解壓后的HAProxy中的源碼包中的errorfiles目錄下的文件至HAProxy安裝后的目錄下

# cp -r ~/haproxy-1.9.7/examples/errorfiles/ /usr/local/haproxy-1.9.7/

0x03 配置HAProxy的systemd守護進程服務啟動文件

# sudo tee /etc/systemd/system/haproxy-1.9.7.service <<EOF
[Unit]
Description=HAProxy 1.9.7
After=syslog.target network.target

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/haproxy-1.9.7
ExecStart=/usr/local/haproxy-1.9.7/sbin/haproxy -f \$CONFIG_FILE -p \$PID_FILE \$CLI_OPTIONS
ExecReload=/bin/kill -USR2 \$MAINPID
ExecStop=/bin/kill -USR1 \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

注意：以下配置文件中使用tee命令將內容寫入到 /etc/systemd/system/haproxy-1.9.7.service 配置文件中，上述文件內容中的 \ 符號為轉義符，若要直接粘貼內容到/etc/systemd/system/haproxy-1.9.7.service文件中，需要去掉轉義符號，請使用如下配置

[Unit]
Description=HAProxy 1.9.7
After=syslog.target network.target

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/haproxy-1.9.7
ExecStart=/usr/local/haproxy-1.9.7/sbin/haproxy -f $CONFIG_FILE -p $PID_FILE $CLI_OPTIONS
ExecReload=/bin/kill -USR2 $MAINPID
ExecStop=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target
EOF

0x05 配置 HAProxy的systemd守護進程服務環境變量文件

sudo tee /etc/sysconfig/haproxy-1.9.7 <<EOF
# Command line options to pass to HAProxy at startup
# The default is:  
#CLI_OPTIONS="-Ws"
CLI_OPTIONS="-Ws"

# Specify an alternate configuration file. The default is:
#CONFIG_FILE=/etc/haproxy/haproxy-1.9.7.cfg
CONFIG_FILE=/etc/haproxy/haproxy-1.9.7.cfg

# File used to track process IDs. The default is:
#PID_FILE=/var/run/haproxy-1.9.7.pid
PID_FILE=/var/run/haproxy-1.9.7.pid
EOF

重新加載systemd配置文件

# systemctl daemon-reload

0x06 創建 HAProxy配置文件目錄，並添加模板配置

# mkdir /etc/haproxy
# touch /etc/haproxy/haproxy-1.9.7.cfg

將如下配置添加到配置文件中：

global
    daemon
    maxconn 256
    user        haproxy
    group       haproxy
    chroot      /var/lib/haproxy
    log 127.0.0.1 local0 info
    log 127.0.0.1 local1 warning


defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    errorfile 400 /usr/local/haproxy/errorfiles/400.http
    errorfile 403 /usr/local/haproxy/errorfiles/403.http
    errorfile 408 /usr/local/haproxy/errorfiles/408.http
    errorfile 500 /usr/local/haproxy/errorfiles/500.http
    errorfile 502 /usr/local/haproxy/errorfiles/502.http
    errorfile 503 /usr/local/haproxy/errorfiles/503.http
    errorfile 504 /usr/local/haproxy/errorfiles/504.http
    log global

frontend http
    bind *:8000
    default_backend servers

backend servers
    server server 127.0.0.1:80


listen status
    bind *:1080
    stats refresh 30s
    stats uri /status
    stats realm HAProxy\ Stats
    stats auth admin:admin

0x07 配置HAProxy日志

創建日志目錄

# mkdir /var/log/haproxy

為 rsyslog 添加 haproxy 日志的配置

# tee /etc/rsyslog.d/haproxy.conf <<EOF
$ModLoad imudp
$UDPServerRun 514
$FileCreateMode 0644  #日志文件的權限
$FileOwner haproxy  #日志文件的owner
local0.*     /var/log/haproxy/haproxy.log  #local0接口對應的日志輸出文件
local1.*     /var/log/haproxy/haproxy_warn.log  #local1接口對應的日志輸出文件
EOF

修改 rsyslog 的啟動參數(/etc/sysconfig/rsyslog)

# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 2 -r -m 0"

重啟 rsyslog

# systemctlrestart rsyslog

0x08 配置HAProxy日志輪轉

# tee /etc/logrotate.d/haproxy <<EOF
/var/log/haproxy/*.log {  
    daily        #按天切分
    rotate 7     #保留7份
    create 0644 haproxy haproxy  #創建新文件的權限、用戶、用戶組
    compress     #壓縮舊日志
    delaycompress  #延遲一天壓縮
    missingok    #忽略文件不存在的錯誤
    dateext      #舊日志加上日志后綴
    sharedscripts  #切分后的重啟腳本只運行一次
    postrotate   #切分后運行腳本重載rsyslog，讓rsyslog向新的日志文件中輸出日志
    /bin/kill -HUP $(/bin/cat /var/run/syslogd.pid 2>/dev/null) &>/dev/null
    endscript
}
EOF

0x09 配置定時任務

# 0 0 * * * /usr/sbin/logrotate /etc/logrotate.d/haproxy

0x10 配置文件用戶和用戶組

# chown -R haproxy:haproxy /usr/local/haproxy-1.9.7
# chown -R haproxy:haproxy /usr/local/haproxy
# chown -R haproxy:haproxy /var/log/haproxy
# chown -R haproxy:haproxy /var/lib/haproxy
# chown haproxy:haproxy /etc/rsyslog.d/haproxy.conf 
# chown haproxy:haproxy /etc/systemd/system/haproxy-1.9.7.service 
# chown haproxy:haproxy /etc/logrotate.d/haproxy
# chown haproxy:haproxy /etc/sysconfig/haproxy-1.9.7

0x11 啟動HAProxy

# systemctl start haproxy-1.9.7
# systemctl enable haproxy-1.9.7

查看端口

# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      6461/sshd           
tcp        0      0 0.0.0.0:1080            0.0.0.0:*               LISTEN      5184/haproxy        
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      6830/master         
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      5184/haproxy        
tcp6       0      0 :::22                   :::*                    LISTEN      6461/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      6830/master 

0x12 Web監控界面訪問

ip:1080/status