环境:Ubuntu 20.04
第三方仓库安装
目标是安装haproxy-2.8
,但是官方仓库只有2.0。
apt show haproxy
添加 PPA 软件源
apt install software-properties-common && add-apt-repository ppa:vbernat/haproxy-2.8
更新软件列表后直接安装
apt update -y && apt install -y haproxy && haproxy -v
源码安装
环境:Debian 11
下载源码包
LATEST_HAPROXY=$(wget -qO- http://www.haproxy.org/download/2.8/src/ | egrep -o "haproxy-2\.[0-9]+\.[0-9]+" | head -1) && echo $LATEST_HAPROXY
wget http://www.haproxy.org/download/2.8/src/${LATEST_HAPROXY}.tar.gz
tar zxf ${LATEST_HAPROXY}.tar.gz
编译安装
编译之前先安装依赖包
apt install -y build-essential libpcre2-dev libssl-dev libsystemd-dev
安装
cd ${LATEST_HAPROXY}
make clean
make -j $(nproc) TARGET=linux-glibc \
USE_OPENSSL=1 USE_QUIC=1 USE_QUIC_OPENSSL_COMPAT=1 \
USE_SYSTEMD=1 USE_PCRE2=1
make install
添加 service 文件
cat <<EOF>/usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=network.target
[Service]
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid"
ExecStartPre=/usr/local/sbin/haproxy -f $CONFIG -c -q
ExecStart=/usr/local/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE
ExecReload=/usr/local/sbin/haproxy -f $CONFIG -c -q
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
SuccessExitStatus=143
Type=notify
[Install]
WantedBy=multi-user.target
EOF
加载服务
systemctl daemon-reload
后续创建并配置好/etc/haproxy/haproxy.cfg
就可以启动服务了。
配置
自定义用户管理 haproxy 服务,通过软件仓库安装的可能已经自动创建好了。
useradd haproxy -r -s /sbin/nologin
getent passwd haproxy
编辑配置文件/etc/haproxy/haproxy.cfg
,这是基于源码安装的配置文件,若通过软件仓库安装,一些文件路径会有差异,例如socket
,别改动你默认生成的路径就可以了。
global
log /dev/log local0 info
log /dev/log local1 warning
chroot /var/lib/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
option http-server-close
retries 3
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
maxconn 18000
frontend kube-apiserver
bind *:9443
mode tcp
option tcplog
maxconn 10000
default_backend kube-apiserver-nodes
backend kube-apiserver-nodes
mode tcp
balance roundrobin
server k8s-master-node1 192.168.100.1:6443 check
server k8s-master-node2 192.168.100.2:6443 check
listen stats
bind *:1080
stats enable
stats refresh 10s
stats uri /stats
stats realm HAProxy\ Stats
stats auth admin:admin
创建相应的 errors 文件
mkdir /etc/haproxy/errors
touch /etc/haproxy/errors/400.http
touch /etc/haproxy/errors/403.http
touch /etc/haproxy/errors/408.http
touch /etc/haproxy/errors/500.http
touch /etc/haproxy/errors/502.http
touch /etc/haproxy/errors/503.http
touch /etc/haproxy/errors/504.http
配置完成后检查下配置文件
haproxy -f /etc/haproxy/haproxy.cfg
启动服务并使其开机自启
systemctl start haproxy && systemctl enable haproxy
评论区