Nginx and HAProxy has the problem that you can’t use http2 because centos 6 comes with openssl-1.0.1. HTTP2 (or more precise ALPN) becomes possible with openssl-1.0.2.
Please note: any prerequisites are ignored
NGiNX
Nginx needs only the sources of openssl.
# wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
# tar xzf openssl-1.0.2j.tar.gz
And add additional to your configure params of nginx
--with-openssl=path
with the path to that openssl sources.
HAProxy
HAProxy needs openssl as compiled form.
# download wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz extract tar xzf openssl-1.0.2j.tar.gz cd openssl-1.0.2j # configure ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl no-shared zlib-dynamic # compile make # install without docs .. nobody need docs on disk, they are online everywhere make install_sw
Also note: before 1.8 only http2 passthrough is available
# download wget "http://www.haproxy.org/download/1.8/src/haproxy-1.8.8.tar.gz" # extract tar xzf haproxy-1.8.8.tar.gz cd haproxy-1.8.10/ # build with newer openssl make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 SSL_INC=/usr/local/openssl/include SSL_LIB=/usr/local/openssl/lib USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 ARCH=native
Init script, to daemonized haproxy.
You have to modify the path/exec param to your haproxy binary.
#!/bin/sh
#
# haproxy
#
# chkconfig: - 85 15
# description: HAProxy is a free, very fast and reliable solution \
# offering high availability, load balancing, and \
# proxying for TCP and HTTP-based applications
# processname: haproxy
# config: /etc/haproxy/haproxy.cfg
# pidfile: /var/run/haproxy.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
exec="/usr/local/sbin/haproxy"
prog=$(basename $exec)
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
lockfile=/var/lock/subsys/haproxy
check() {
$exec -c -V -f /etc/$prog/$prog.cfg
}
start() {
$exec -c -q -f /etc/$prog/$prog.cfg
if [ $? -ne 0 ]; then
echo "Errors in configuration file, check with $prog check."
return 1
fi
echo -n $"Starting $prog: "
# start it up here, usually something like "daemon $exec"
daemon $exec -D -f /etc/$prog/$prog.cfg -p /var/run/$prog.pid
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
# stop it here, often "killproc $prog"
killproc $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
$exec -c -q -f /etc/$prog/$prog.cfg
if [ $? -ne 0 ]; then
echo "Errors in configuration file, check with $prog check."
return 1
fi
stop
start
}
reload() {
$exec -c -q -f /etc/$prog/$prog.cfg
if [ $? -ne 0 ]; then
echo "Errors in configuration file, check with $prog check."
return 1
fi
echo -n $"Reloading $prog: "
$exec -D -f /etc/$prog/$prog.cfg -p /var/run/$prog.pid -sf $(cat /var/run/$prog.pid)
retval=$?
echo
return $retval
}
force_reload() {
restart
}
fdr_status() {
status $prog
}
case "$1" in
start|stop|restart|reload)
$1
;;
force-reload)
force_reload
;;
check)
check
;;
status)
fdr_status
;;
condrestart|try-restart)
[ ! -f $lockfile ] || restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
exit 2
esac