Nginx and HAProxy has the problem that you can’t use http2 because centos 6 comes with openssl-1.0.1. HTTP2 (or more precise ALPN) becomes possible with openssl-1.0.2.
Please note: any prerequisites are ignored
NGiNX
Nginx needs only the sources of openssl.
# wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
# tar xzf openssl-1.0.2j.tar.gz
And add additional to your configure params of nginx
--with-openssl=path
with the path to that openssl sources.
HAProxy
HAProxy needs openssl as compiled form.
|
1 2 3 4 5 6 7 8 9 10 11 |
# download wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz extract tar xzf openssl-1.0.2j.tar.gz cd openssl-1.0.2j # configure ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl no-shared zlib-dynamic # compile make # install without docs .. nobody need docs on disk, they are online everywhere make install_sw |
Also note: before 1.8 only http2 passthrough is available
|
1 2 3 4 5 6 7 |
# download wget "http://www.haproxy.org/download/1.8/src/haproxy-1.8.8.tar.gz" # extract tar xzf haproxy-1.8.8.tar.gz cd haproxy-1.8.10/ # build with newer openssl make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 SSL_INC=/usr/local/openssl/include SSL_LIB=/usr/local/openssl/lib USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 ARCH=native |
Init script, to daemonized haproxy.
You have to modify the path/exec param to your haproxy binary.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
#!/bin/sh # # haproxy # # chkconfig: - 85 15 # description: HAProxy is a free, very fast and reliable solution \ # offering high availability, load balancing, and \ # proxying for TCP and HTTP-based applications # processname: haproxy # config: /etc/haproxy/haproxy.cfg # pidfile: /var/run/haproxy.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 exec="/usr/local/sbin/haproxy" prog=$(basename $exec) [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog lockfile=/var/lock/subsys/haproxy check() { $exec -c -V -f /etc/$prog/$prog.cfg } start() { $exec -c -q -f /etc/$prog/$prog.cfg if [ $? -ne 0 ]; then echo "Errors in configuration file, check with $prog check." return 1 fi echo -n $"Starting $prog: " # start it up here, usually something like "daemon $exec" daemon $exec -D -f /etc/$prog/$prog.cfg -p /var/run/$prog.pid retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " # stop it here, often "killproc $prog" killproc $prog retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { $exec -c -q -f /etc/$prog/$prog.cfg if [ $? -ne 0 ]; then echo "Errors in configuration file, check with $prog check." return 1 fi stop start } reload() { $exec -c -q -f /etc/$prog/$prog.cfg if [ $? -ne 0 ]; then echo "Errors in configuration file, check with $prog check." return 1 fi echo -n $"Reloading $prog: " $exec -D -f /etc/$prog/$prog.cfg -p /var/run/$prog.pid -sf $(cat /var/run/$prog.pid) retval=$? echo return $retval } force_reload() { restart } fdr_status() { status $prog } case "$1" in start|stop|restart|reload) $1 ;; force-reload) force_reload ;; check) check ;; status) fdr_status ;; condrestart|try-restart) [ ! -f $lockfile ] || restart ;; *) echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}" exit 2 esac |