编译安装haproxy开启支持SSL

1、下载程序包

# wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.5.tar.gz
# tar xvf haproxy-1.7.5.tar.gz -C /usr/local/src
# cd /usr/local/src/haproxy-1.7.5

2、编译安装，开启支持SSL

# yum groupinstall -y "Development Tools"
# yum install -y openssl openssl-devel
# uname -a
# make TARGET=linux31 USE_OPENSSL=1 ADDLIB=-lz
# make install PREFIX=/usr/local/haproxy

3、查看版本号和编译参数

-vv：Display HAProxy's version and all build options.

# /usr/local/haproxy/sbin/haproxy -vv
HA-Proxy version 1.7.5 2017/04/03
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>

Build options :
  TARGET  = linux31
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
  OPTIONS = USE_POLL=default USE_OPENSSL=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): no
Built without compression support (neither USE_ZLIB nor USE_SLZ are set)
Compression algorithms supported : identity("identity")
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built without PCRE support (using libc's regex instead)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND

Available polling systems :
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 2 (2 usable), will use poll.

Available filters :
	[COMP] compression
	[TRACE] trace
	[SPOE] spoe

4、创建用户和组

# groupadd -r -g 149 haproxy
# useradd -r -u 149 -g haproxy -s /sbin/nologin haproxy

5、提供配置文件（略）

# mkdir -pv /etc/haproxy

6、配置服务日志

# vim /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-r -m 0 -c 2"

# vim /etc/rsyslog.conf
# Save haproxy.log
local3.*                                                /mnt/haproxy_logs/haproxy.log

# vim /etc/haproxy/haproxy.cfg
global
        log 127.0.0.1 local3 info

# systemctl restart rsyslog

7、检查配置文件

-c：Only checks config file and exits with code 0 if no error was found, or exits with code 1 if a syntax error was found.

# /usr/local/haproxy/sbin/haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid

8：启动haproxy

# /usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg

9、导出环境变量

# vim /etc/profile.d/haproxy.sh
export PATH=$PATH:/usr/local/haproxy/sbin
# source /etc/profile.d/haproxy.sh