+1-1+1-1+1-1+1-1...
HaProxy 설치 - 컴파일 설치 본문
728x90
설치 환경 : RedHat Linux 7.3
※ Yum 설치도 가능하나 최진 버전을 설치하려면 컴파일 설치를 해야함
1. 설치전 필요한 util 설치
[root@localhost /]# yum -y install make gcc perl pcre-devel zlib-devel openssl-devel
......
Installed:
gcc.x86_64 0:4.8.5-44.el7 openssl-devel.x86_64 1:1.0.2k-21.el7_9 pcre-devel.x86_64 0:8.32-17.el7 zlib-devel.x86_64 0:1.2.7-18.el7
Dependency Installed:
cpp.x86_64 0:4.8.5-44.el7 glibc-devel.x86_64 0:2.17-317.el7 glibc-headers.x86_64 0:2.17-317.el7 kernel-headers.x86_64 0:3.10.0-1160.11.1.el7
keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-50.el7 libcom_err-devel.x86_64 0:1.42.9-19.el7 libkadm5.x86_64 0:1.15.1-50.el7
libmpc.x86_64 0:1.0.1-3.el7 libselinux-devel.x86_64 0:2.5-15.el7 libsepol-devel.x86_64 0:2.5-10.el7 libverto-devel.x86_64 0:0.2.5-4.el7
mpfr.x86_64 0:3.1.1-4.el7
Updated:
make.x86_64 1:3.82-24.el7
Dependency Updated:
e2fsprogs.x86_64 0:1.42.9-19.el7 e2fsprogs-libs.x86_64 0:1.42.9-19.el7 glibc.x86_64 0:2.17-317.el7 glibc-common.x86_64 0:2.17-317.el7
krb5-libs.x86_64 0:1.15.1-50.el7 libcom_err.x86_64 0:1.42.9-19.el7 libgcc.x86_64 0:4.8.5-44.el7 libgomp.x86_64 0:4.8.5-44.el7
libselinux.x86_64 0:2.5-15.el7 libselinux-python.x86_64 0:2.5-15.el7 libselinux-utils.x86_64 0:2.5-15.el7 libsepol.x86_64 0:2.5-10.el7
libss.x86_64 0:1.42.9-19.el7 openssl.x86_64 1:1.0.2k-21.el7_9 openssl-libs.x86_64 1:1.0.2k-21.el7_9 pcre.x86_64 0:8.32-17.el7
zlib.x86_64 0:1.2.7-18.el7
Complete!
2. 설치 파일 다운로드
[root@localhost /]# cd /tmp/
[root@localhost tmp]# wget -c http://www.haproxy.org/download/2.3/src/haproxy-2.3.4.tar.gz
--2021-01-20 10:40:08-- http://www.haproxy.org/download/2.3/src/haproxy-2.3.4.tar.gz
Resolving www.haproxy.org (www.haproxy.org)... 51.15.8.218, 2001:bc8:35ee:100::1
Connecting to www.haproxy.org (www.haproxy.org)|51.15.8.218|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2909672 (2.8M) [application/x-tar]
Saving to: ‘haproxy-2.3.4.tar.gz’
100%[================================================================================================================================>] 2,909,672 588KB/s in 4.8s
2021-01-20 10:40:14 (588 KB/s) - ‘haproxy-2.3.4.tar.gz’ saved [2909672/2909672]
3. 압축 해제
[root@localhost tmp]# tar xvzf haproxy-2.3.4.tar.gz
....
haproxy-2.3.4/tests/test-str2sa.cfg
haproxy-2.3.4/tests/test-time.cfg
haproxy-2.3.4/tests/test-timeout.cfg
haproxy-2.3.4/tests/test-url-hash.cfg
haproxy-2.3.4/tests/test-valid-names.cfg
haproxy-2.3.4/tests/test.c
haproxy-2.3.4/tests/test_hashes.c
haproxy-2.3.4/tests/test_pools.c
haproxy-2.3.4/tests/testinet.c
haproxy-2.3.4/tests/uri_hash.c
[root@localhost tmp]# cd haproxy-2.3.4
[root@localhost haproxy-2.3.4]# ls
BRANCHES CONTRIBUTING LICENSE Makefile ROADMAP VERDATE contrib examples reg-tests src
CHANGELOG INSTALL MAINTAINERS README SUBVERS VERSION doc include scripts tests
4. 바이너리 파일 생성을 위한 Make 명령 실행 및 설치
# 2.0 이상 버전에서는 TARGET=linux2628 을 더 이상 사용할 수 없음, TARGET=linux-glibc로 설정
[root@localhost haproxy-2.3.4]# make TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
...
CC src/ebimtree.o
CC src/uri_auth.o
CC src/freq_ctr.o
CC src/ebsttree.o
CC src/ebistree.o
CC src/auth.o
CC src/wdt.o
CC src/http_acl.o
CC src/hpack-enc.o
CC src/hpack-huff.o
CC src/ebtree.o
CC src/base64.o
CC src/hash.o
CC src/dgram.o
CC src/version.o
LD haproxy
[root@localhost haproxy-2.3.4]# make install
`haproxy' -> `/usr/local/sbin/haproxy'
`doc/haproxy.1' -> `/usr/local/share/man/man1/haproxy.1'
install: creating directory `/usr/local/doc'
install: creating directory `/usr/local/doc/haproxy'
`doc/configuration.txt' -> `/usr/local/doc/haproxy/configuration.txt'
`doc/management.txt' -> `/usr/local/doc/haproxy/management.txt'
`doc/seamless_reload.txt' -> `/usr/local/doc/haproxy/seamless_reload.txt'
`doc/architecture.txt' -> `/usr/local/doc/haproxy/architecture.txt'
`doc/peers-v2.0.txt' -> `/usr/local/doc/haproxy/peers-v2.0.txt'
`doc/regression-testing.txt' -> `/usr/local/doc/haproxy/regression-testing.txt'
`doc/cookie-options.txt' -> `/usr/local/doc/haproxy/cookie-options.txt'
`doc/lua.txt' -> `/usr/local/doc/haproxy/lua.txt'
`doc/WURFL-device-detection.txt' -> `/usr/local/doc/haproxy/WURFL-device-detection.txt'
`doc/proxy-protocol.txt' -> `/usr/local/doc/haproxy/proxy-protocol.txt'
`doc/linux-syn-cookies.txt' -> `/usr/local/doc/haproxy/linux-syn-cookies.txt'
`doc/SOCKS4.protocol.txt' -> `/usr/local/doc/haproxy/SOCKS4.protocol.txt'
`doc/network-namespaces.txt' -> `/usr/local/doc/haproxy/network-namespaces.txt'
`doc/DeviceAtlas-device-detection.txt' -> `/usr/local/doc/haproxy/DeviceAtlas-device-detection.txt'
`doc/51Degrees-device-detection.txt' -> `/usr/local/doc/haproxy/51Degrees-device-detection.txt'
`doc/netscaler-client-ip-insertion-protocol.txt' -> `/usr/local/doc/haproxy/netscaler-client-ip-insertion-protocol.txt'
`doc/peers.txt' -> `/usr/local/doc/haproxy/peers.txt'
`doc/close-options.txt' -> `/usr/local/doc/haproxy/close-options.txt'
`doc/SPOE.txt' -> `/usr/local/doc/haproxy/SPOE.txt'
`doc/intro.txt' -> `/usr/local/doc/haproxy/intro.txt'
5. 설치 확인
[root@localhost haproxy-2.3.4]# haproxy -version
HA-Proxy version 2.3.4-10189c9 2021/01/13 - https://haproxy.org/
Status: stable branch - will stop receiving fixes around Q1 2022.
Known bugs: http://www.haproxy.org/bugs/bugs-2.3.4.html
Running on: Linux 3.10.0-514.el7.x86_64 #1 SMP Wed Oct 19 11:24:13 EDT 2016 x86_64
6. 시스템 계정 할당 및 세팅
[root@localhost haproxy-2.3.4]# groupadd --gid 980 haproxy
[root@localhost haproxy-2.3.4]# useradd --gid 980 --uid 980 -r haproxy # -r : 시스템 계정
7. HAProxy 설정 파일 생성 및 권한 할당
[root@localhost examples]# mkdir -p /etc/haproxy # -p : 상위 디렉토리까지 자동 생성
# 설정 파일 생성
[root@localhost examples]# touch /etc/haproxy/haproxy.cfg
# 소유권 변경 - 시스템 계정
[root@localhost examples]# chown -R haproxy:haproxy /etc/haproxy/
8. HAPorxy 상태 정보 파일 생성 및 권한 할당, sbin에 심볼 링크
[root@localhost haproxy-2.3.4]# mkdir -p /var/lib/haproxy
# 상태 정보 파일 생성
[root@localhost haproxy-2.3.4]# touch /var/lib/haproxy/stats
[root@localhost haproxy-2.3.4]# chown -R haproxy:haproxy /var/lib/haproxy
# sbin에 심볼릭 링크 생성 -> 없으면 서비스 시작시 에러남
[root@localhost haproxy-2.3.4]# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy9. 부팅시 자동시작 등록 - init.d 폴더에 실행 스크립트를 복사, 서비스 등록
[root@localhost haproxy-2.3.4]# cp ./examples/haproxy.init /etc/init.d/haproxy
# 실행 권한 부여
[root@localhost haproxy-2.3.4]# chmod 755 /etc/init.d/haproxy
#부팅시 자동시작 옵션 세팅
[root@localhost haproxy-2.3.4]# chkconfig haproxy on
10. HAProxy 서비스 시작 - no listener 에러 -> 설정 파일 작성 필요
[root@localhost haproxy-2.3.4]# systemctl start haproxy
Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.
# 설정 파일 유무 점검
[root@localhost haproxy-2.3.4]# haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file has no error but will not start (no listener) => exit(2).
# 설정 파일 에러 점검
[root@localhost haproxy-2.3.4]# haproxy -f /etc/haproxy/haproxy.cfg
[NOTICE] 019/111358 (14836) : haproxy version is 2.3.4-10189c9
[NOTICE] 019/111358 (14836) : path to executable is /usr/local/sbin/haproxy
[ALERT] 019/111358 (14836) : [haproxy.main()] No enabled listener found (check for 'bind' directives) ! Exiting.
11. haproxy.cfg 설정 파일 편집
[root@localhost ~]# vi /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2 info
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.sock mode 666 level admin
maxconn 4000
user haproxy #설치 시 생성한 시스템 계정
group haproxy #설치 시 생성한 시스템 계정
daemon
stats socket /var/lib/haproxy/stats #상태 정보 기록
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
bind :::8888 v4v6 #관리자 페이지 접속 포트
mode http
stats enable
stats hide-version
stats uri /
stats realm Haproxy\ Statistics
stats auth user:password #관리자 페이지 로그인 계정
############ WEB_Service 프론트-백엔드 설정#####################
frontend WEB_Service
bind :::80 v4v6 # 80포트 바인딩
option http-server-close
# dns명이 apachtestlab.net -> access control list에 apache 할당
acl apache hdr(host) -i apache.testlab.net
# acl > apache 이면 backend_apache 실행
use_backend backend_apache if apache
# 그외 default_backend 실행
default_backend default
backend default
balance roundrobin
server server1 192.168.60.6:8888 check
backend backend_apache
balance roundrobin
server server1 192.168.60.11:80 check
server server2 192.168.60.13:80 check
############ WEB_Service 프론트-백엔드 설정 끝##################
# 설정 파일 유효성 점검
[root@localhost haproxy-2.3.4]# haproxy -f /etc/haproxy/haproxy.cfg
[root@localhost haproxy-2.3.4]# haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
12. HAProxy 서비스 시작, 관리자(port 8888), 서비스(HTTP) 웹 방화벽 오픈
[root@localhost haproxy-2.3.4]# systemctl restart haproxy
# 관리자 접속 포트 Listening 확인
[root@localhost haproxy-2.3.4]# netstat -an | grep ":8888"
tcp 0 0 192.168.60.6:8888 192.168.60.6:47398 SYN_RECV
tcp6 0 0 :::8888 :::* LISTEN
# 서비스 접속 포트 Listening 확인
[root@localhost haproxy-2.3.4]# netstat -an | grep ":80"
tcp6 0 0 :::80 :::* LISTEN
# 관리자 및 서비스 접속 방화벽 오픈
[root@localhost haproxy-2.3.4]# firewall-cmd --permanent --add-port=8888/tcp
success
[root@localhost haproxy-2.3.4]# firewall-cmd --permanent --add-service=http
success
[root@localhost haproxy-2.3.4]# firewall-cmd --reload
success
[root@localhost haproxy-2.3.4]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client http ssh
ports: 8888/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
#윈도우 클라이언트 telnet 접속 테스트
C:\Users\administrator>telnet 192.168.60.6 8888
Microsoft Telnet Client 시작
이스케이프 문자: 'CTRL+]'
Microsoft Telnet>
C:\Users\administrator>telnet 192.168.60.6 80
Microsoft Telnet Client 시작
이스케이프 문자: 'CTRL+]'
Microsoft Telnet>
반응형
'Linux > Haproxy' 카테고리의 다른 글
| Haproxy - SNI TLS 통한 Backend 분기 처리 (0) | 2021.02.06 |
|---|---|
| HAProxy - ssh (0) | 2021.02.05 |
| TLS Setting with Haproxy (0) | 2021.02.05 |
| SSL Termination vs Paththrough (0) | 2021.02.05 |
| HaProxy - KeepAlived 이중화 설정 (0) | 2021.01.20 |