+86 135 410 16684 如果你在使用中有任何aws上云服务器维护问题,可以随时联系我们!AWSOK你最好的合作伙伴!Mon. - Fri. 10:00-22:00

HAProxy RPM SPECS与HTTPS Load配置分享

HAProxy RPM SPECS与HTTPS Load配置分享

话不多说,具体内容如下:
haproxy-1.5.17.spec

Name: haproxy
Version: 1.5.17
Release: el6
Summary: The Reliable, High Performance TCP/HTTP Load Balancer

Group: System Environment/Daemons
License: GPL
URL: http://www.awsok.com
Source: haproxy-1.5.17.tar.gz

Vendor: Willy Tarreau

BuildRequires: gcc gcc-c++ autoconf automake cmake openssl openssl-devel pcre pcre-devel pcre-static
Requires: pcre pcre-devel pcre-static openssl openssl-devel

%description
HAProxy is a free, very fast and reliable solution offering high availability,
load balancing, and proxying for TCP and HTTP-based applications.

%prep
tar xzvf $RPM_SOURCE_DIR/haproxy-1.5.17.tar.gz

%build
cd haproxy-1.5.17/
make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CPU_AFFINITY=1

%install
rm -rf $RPM_BUILD_ROOT
cd haproxy-1.5.17/
make install DESTDIR=$RPM_BUILD_ROOT

mkdir -p $RPM_BUILD_ROOT/etc/init.d
cp examples/haproxy.init $RPM_BUILD_ROOT/etc/init.d/haproxy
chmod 755 $RPM_BUILD_ROOT/etc/init.d/haproxy

mkdir -p $RPM_BUILD_ROOT/etc/haproxy
cp examples/examples.cfg $RPM_BUILD_ROOT/etc/haproxy/haproxy.cfg

mkdir -p $RPM_BUILD_ROOT/var/lib/haproxy
touch $RPM_BUILD_ROOT/var/lib/haproxy/stats

%clean
rm -rf $RPM_BUILD_DIR/haproxy-1.5.17

%preun
rm -f /usr/sbin/haproxy

%postun
userdel haproxy

%files
/etc/haproxy
/etc/init.d/haproxy
/usr/local/doc/haproxy
/usr/local/sbin/haproxy
/usr/local/share/man/man1/haproxy.1
/var/lib/haproxy

%post
useradd haproxy -M -d /var/lib/haproxy
ln -sf /usr/local/sbin/haproxy /usr/sbin/haproxy

%changelog

haproxy.cfg

global
# /etc/sysconfig/syslog
# local2.* /var/log/haproxy.log
log 127.0.0.1 local2 notice

maxconn 100000
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats level admin
stats bind-process 1

nbproc 6

debug

# default ciphers to use on SSL-enabled listening sockets
ssl-default-bind-ciphers ALL:!SSLv2:!SSLv3:!LOW:!EXP:!MD5:!aNULL:!eNULL

# fix the Logjam issue
tune.ssl.default-dh-param 2048

defaults
mode http
log global
option httplog
option forwardfor except 127.0.0.0/8
option dontlognull
option abortonclose
option redispatch
retries 3
timeout http-request 30s
timeout queue 30s
timeout connect 30s
timeout client 30s
timeout server 30s
timeout http-keep-alive 30s
timeout check 5s
maxconn 100000

listen stats 0.0.0.0:9000
stats uri /haproxy_stats
stats hide-version

frontend http-in
bind 0.0.0.0:80
default_backend webapp-http

frontend https-in
bind 0.0.0.0:443 ssl crt /etc/haproxy/www.awsok.com.pem
reqadd X-Forwarded-Proto:\ https
reqadd X-SSL-Secure:\ true
option forwardfor
default_backend webapp-http

backend webapp-http
mode http
option httplog
option forwardfor except 127.0.0.0/8
balance leastconn
cookie JSESSIONID prefix
option httpchk HEAD /keepalive.html HTTP/1.0 # health check file
server webapp1 10.192.1.11:80 cookie webapp1 check maxconn 5000 weight 2
server webapp2 10.192.1.12:80 cookie webapp2 check maxconn 5000 weight 2
server webapp3 10.192.1.13:80 cookie webapp3 check maxconn 5000 weight 2
server webapp4 10.192.1.14:80 cookie webapp4 check maxconn 5000 weight 2
server webapp5 10.192.1.15:80 cookie webapp5 check maxconn 5000 weight 2