Instalar HAProxy desde el código fuente

En esta entrada se verá como compilar e instalar HAProxy desde las fuentes.

Dependencias necesarias

En RedHat/CentOS se requieren los siguientes paquetes: make, gcc, pcre-devel, openssl-devel y zlib-devel. Se pueden instalar con:

yum install make gcc pcre-devel openssl-devel zlib-devel

Los errores que recibirá en caso de carecer de alguna de las dependencias son:

• pcre-devel, si no tiene este paquete instalado recibirá un error similar a:

In file included from include/types/proxy.h:33:0,
                 from include/proto/log.h:32,
                 from include/common/cfgparse.h:29,
                 from src/haproxy.c:65:
include/common/regex.h:31:18: fatal error: pcre.h: No such file or directory
 #include <pcre.h>
                  ^
compilation terminated.
make: *** [src/haproxy.o] Error 1

• openssl-devel, si no tiene este paquete instalado recibirá un error similar a:

In file included from include/types/acl.h:33:0,
                 from include/types/proxy.h:38,
                 from include/proto/log.h:32,
                 from include/common/cfgparse.h:29,
                 from src/haproxy.c:65:
include/types/server.h:29:25: fatal error: openssl/ssl.h: No such file or directory
 #include <openssl/ssl.h>
                         ^
compilation terminated.
make: *** [src/haproxy.o] Error 1

• zlib-devel, es una dependencia de openssl-devel.

Descargar, compilar e instalar HAProxy

Para facilitar las actualizaciones, la instalación se hará en /opt/haproxy-1.7.2/ y se creará el enlace simbólico /opt/haproxy/. Todas las referencias se harán hacia /opt/haproxy/.

Con este despliegue, el cambio de versión tan solo requerirá cambiar el enlace simbólico de /opt/haproxy/ y reiniciar el demonio.

cd /tmp/
wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.2.tar.gz -O /root/hapoxy-1.7.2.tar.gz
tar -xzf haproxy-1.7.2.tar.gz
cd haproxy-1.7.2/
make TARGET=linux2628 USE_PCRE=1 USE_ZLIB=1 USE_OPENSSL=1
mkdir /opt/haproxy-1.7.2
sed -i 's|DESTDIR =|DESTDIR =/opt/haproxy-1.7.2|g' Makefile
make install
cp haproxy-systemd-wrapper /opt/haproxy-1.7.2/usr/local/sbin/
ln -s /opt/haproxy-1.7.2/ /opt/haproxy
ln -s /opt/haproxy/usr/local/sbin/haproxy /sbin/

Comprobar la instalación

[root@HAProxy haproxy-1.7.2]# /opt/haproxy-1.7.2/usr/local/sbin/haproxy -vv
HA-Proxy version 1.7.2 2017/01/13
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>
 
Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
  OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
 
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
 
Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.
 
Available filters :
	[COMP] compression
	[TRACE] trace
	[SPOE] spoe

Configurar HAProxy

Si es una nueva instalación, es necesario crear el directorio y el archivo de configuración inicial.

mkdir /etc/haproxy
cat << 'EOF' >> /etc/haproxy/haproxy.cfg
global
	maxconn 100
 
defaults
	mode http
	timeout connect 5s
	timeout client 5s
	timeout server 5s
 
frontend myfrontend
	# primary cert is /etc/cert/server.pem
	# /etc/cert/certdir/ contains additional certificates for SNI clients
	bind :80
	default_backend mybackend
 
backend mybackend
	# a http backend
	server s3 10.0.0.3:80
EOF

Crear el servicio SystemD para HAProxy

cat << 'EOF' > /etc/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStart=/opt/haproxy/usr/local/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload

Comprobar el funcionamiento

[root@HAProxy haproxy-1.7.2]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/etc/systemd/system/haproxy.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@HAProxy haproxy-1.7.2]# systemctl start haproxy
[root@HAProxy haproxy-1.7.2]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/etc/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2017-02-26 11:21:54 CET; 5s ago
 Main PID: 1959 (haproxy-systemd)
   CGroup: /system.slice/haproxy.service
           ├─1959 /opt/haproxy/usr/local/sbin/haproxy-systemd-wrapper -...
           ├─1960 /opt/haproxy-1.7.2/usr/local/sbin/haproxy-master
           └─1961 /opt/haproxy-1.7.2/usr/local/sbin/haproxy -f /etc/hap...
 
Feb 26 11:21:54 HAproxy systemd[1]: Started HAProxy Load Balancer.
Feb 26 11:21:54 HAproxy systemd[1]: Starting HAProxy Load Balancer...
Feb 26 11:21:54 HAproxy haproxy-systemd-wrapper[1959]: haproxy-systemd-...
Hint: Some lines were ellipsized, use -l to show in full.

Entradas de interés

• Compilar HAProxy usando una biblioteca OpenSSL específica
• Obtener la IP del cliente en NGINX cuando está detrás de HAProxy