HAProxy RPM SPECS与HTTPS Load配置分享
话不多说,具体内容如下:
haproxy-1.5.17.spec
Name: haproxy
Version: 1.5.17
Release: el6
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
Group: System Environment/Daemons
License: GPL
URL: https://www.awsgood.com
Source: haproxy-1.5.17.tar.gz
Vendor: Willy Tarreau
BuildRequires: gcc gcc-c++ autoconf automake cmake openssl openssl-devel pcre pcre-devel pcre-static
Requires: pcre pcre-devel pcre-static openssl openssl-devel
%description
HAProxy is a free, very fast and reliable solution offering high availability,
load balancing, and proxying for TCP and HTTP-based applications.
%prep
tar xzvf $RPM_SOURCE_DIR/haproxy-1.5.17.tar.gz
%build
cd haproxy-1.5.17/
make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CPU_AFFINITY=1
%install
rm -rf $RPM_BUILD_ROOT
cd haproxy-1.5.17/
make install DESTDIR=$RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/etc/init.d
cp examples/haproxy.init $RPM_BUILD_ROOT/etc/init.d/haproxy
chmod 755 $RPM_BUILD_ROOT/etc/init.d/haproxy
mkdir -p $RPM_BUILD_ROOT/etc/haproxy
cp examples/examples.cfg $RPM_BUILD_ROOT/etc/haproxy/haproxy.cfg
mkdir -p $RPM_BUILD_ROOT/var/lib/haproxy
touch $RPM_BUILD_ROOT/var/lib/haproxy/stats
%clean
rm -rf $RPM_BUILD_DIR/haproxy-1.5.17
%preun
rm -f /usr/sbin/haproxy
%postun
userdel haproxy
%files
/etc/haproxy
/etc/init.d/haproxy
/usr/local/doc/haproxy
/usr/local/sbin/haproxy
/usr/local/share/man/man1/haproxy.1
/var/lib/haproxy
%post
useradd haproxy -M -d /var/lib/haproxy
ln -sf /usr/local/sbin/haproxy /usr/sbin/haproxy
%changelog
haproxy.cfg
global
# /etc/sysconfig/syslog
# local2.* /var/log/haproxy.log
log 127.0.0.1 local2 notice
maxconn 100000
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats level admin
stats bind-process 1
nbproc 6
debug
# default ciphers to use on SSL-enabled listening sockets
ssl-default-bind-ciphers ALL:!SSLv2:!SSLv3:!LOW:!EXP:!MD5:!aNULL:!eNULL
# fix the Logjam issue
tune.ssl.default-dh-param 2048
defaults
mode http
log global
option httplog
option forwardfor except 127.0.0.0/8
option dontlognull
option abortonclose
option redispatch
retries 3
timeout http-request 30s
timeout queue 30s
timeout connect 30s
timeout client 30s
timeout server 30s
timeout http-keep-alive 30s
timeout check 5s
maxconn 100000
listen stats 0.0.0.0:9000
stats uri /haproxy_stats
stats hide-version
frontend http-in
bind 0.0.0.0:80
default_backend webapp-http
frontend https-in
bind 0.0.0.0:443 ssl crt /etc/haproxy/www.awsgood.com.pem
reqadd X-Forwarded-Proto:\ https
reqadd X-SSL-Secure:\ true
option forwardfor
default_backend webapp-http
backend webapp-http
mode http
option httplog
option forwardfor except 127.0.0.0/8
balance leastconn
cookie JSESSIONID prefix
option httpchk HEAD /keepalive.html HTTP/1.0 # health check file
server webapp1 10.192.1.11:80 cookie webapp1 check maxconn 5000 weight 2
server webapp2 10.192.1.12:80 cookie webapp2 check maxconn 5000 weight 2
server webapp3 10.192.1.13:80 cookie webapp3 check maxconn 5000 weight 2
server webapp4 10.192.1.14:80 cookie webapp4 check maxconn 5000 weight 2
server webapp5 10.192.1.15:80 cookie webapp5 check maxconn 5000 weight 2