CentOS 6.5 - haproxy-schwerwiegender Fehler

Immer Fehler in CentOS 6.5, HA-Proxy-version 1.4.24 2013/06/17
Bitte beraten, wie es funktioniert? ich brauche HTTPS " localhost:8888 , das ist Versagen.

# service haproxy start
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:18] : timeout 'tunnel': must be 'client', 'server', 'connect', 'check', 'queue', 'http-keep-alive', 'http-request' or 'tarpit'
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:22] : 'redirect' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was 'scheme').
[ALERT] 238/084310 (24365) : parsing [/etc/haproxy/haproxy.cfg:24] : 'bind' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.
[ALERT] 238/084310 (24365) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 238/084310 (24365) : Fatal errors found in configuration.
Errors in configuration file, check with haproxy check.

Meine config ist:

global
    log 127.0.0.1 local0 debug
    maxconn 8000
    user    haproxy
    group   haproxy
defaults
    log     global
    option  httplog
    option  dontlognull
    option  http-server-close
    option  redispatch
    retries 3
    mode    http
    maxconn         5000
    timeout connect  5s
    timeout client  30s
    timeout server  30s
    timeout tunnel  12h
frontend www
    bind     :80
    option   forwardfor
    redirect scheme https if !{ ssl_fc }
frontend lb
    bind   :443 ssl crt /etc/haproxy/sslkeys/cert.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA
    option forwardfor
    reqadd X-Forwarded-Proto:\ https
    default_backend  api
    acl is_websocket hdr(Upgrade)  -i WebSocket
    acl is_websocket hdr_beg(Host) -i ws
    acl is_api       hdr_beg(Host) -i api
    use_backend ws  if is_websocket
    use_backend api if is_api
backend api
    balance roundrobin
    server  service 127.0.0.1:5001 weight 1 maxconn 2500 check
backend ws
    balance roundrobin
    server  service 127.0.0.1:5001 weight 1 maxconn 2500 check

EDIT: aktualisiert auf http://silverdire.com/2014/03/19/haproxy-1-5-dev22-rpm-repo/
aber immer noch gibt Fehler

# service haproxy start
[ALERT] 238/085833 (25096) : parsing [/etc/haproxy/haproxy.cfg:22] : error detected in frontend 'www' while parsing redirect rule : error in condition: unknown fetch method 'ssl_fc' in ACL expression 'ssl_fc'.
[ALERT] 238/085833 (25096) : parsing [/etc/haproxy/haproxy.cfg:24] : 'bind :9999' unknown keyword 'ssl'. Registered keywords :
    [ TCP] defer-accept
    [ TCP] interface <arg>
    [ TCP] mss <arg>
    [ TCP] transparent
    [ TCP] v4v6
    [ TCP] v6only
    [STAT] level <arg>
    [UNIX] gid <arg>
    [UNIX] group <arg>
    [UNIX] mode <arg>
    [UNIX] uid <arg>
    [UNIX] user <arg>
    [ ALL] accept-proxy
    [ ALL] backlog <arg>
    [ ALL] id <arg>
    [ ALL] maxconn <arg>
    [ ALL] name <arg>
    [ ALL] nice <arg>
[ALERT] 238/085833 (25096) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 238/085833 (25096) : Fatal errors found in configuration.
Errors found in configuration file, check it with 'haproxy check'.
  • Diese Frage scheint off-topic, da es nicht um ein Programmier-problem, aber wie wählen Sie die richtige version von einem loadbalancer-software.
InformationsquelleAutor YumYumYum | 2014-08-27
  1. 10

    CentOS 7 (kompatibel) - Nicht kompiliert es mit SSL-Unterstützung. Um es zu beheben:

    Schritt 1 

    yum remove haproxy
yum install openssl-devel pcre-devel

    ODER

    apt-get install libssl-dev libpcre3

    Schritt 2

    Installieren Haproxy stabil 

    $ wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.3.tar.gz
$ cd /var/tmp/haproxy-1.5.3
$ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1
$ make install
$ ./haproxy -vv
HA-Proxy version 1.5.3 2014/07/25
Copyright 2000-2014 Willy Tarreau <[email protected]>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing
  OPTIONS = USE_LIBCRYPT=1 USE_CRYPT_H=1 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 7.8 2008-09-05
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

    Schritt 3

    SSL wird nun unterstützt

    $ ./haproxy -f configfile.cfg

    HINWEIS:

    /etc/haproxy/sslkeys/cert.pem: this file should have Private key, Certificate, Intermediate certificate (optional) in one file
    • Thx. Auch möchte ich hinzufügen, dass compilling auf mac osx ausstellen kann ld: library not found for -lcrypt als osx nicht unterstützt -lcrypt. Um dieses Problem zu lösen, entfernen USE_LIBCRYPT=1 von der make-Befehl ausführen. Aber das Ergebnis wird in Encrypted password support via crypt(3): no auf haproxy -vv
    InformationsquelleAutor YumYumYum
  2. 2

    Ich würde empfehlen die Verwendung von rpm-build statt, zumindest für alle RHEL-Distributionen wie

    Vorbereiten Umgebung

    # cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core)

# haproxy -v
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <[email protected]>

# yum install rpm-build make gcc-c++ openssl-devel pcre-devel
# cd /root/&& wget https://www.haproxy.org/download/1.8/src/haproxy-1.8.1.tar.gz

    Bauen Sie das Paket

    # USE_ZLIB=1 USE_LIBCRYPT=1 USE_OPENSSL=1 rpmbuild -ta haproxy-1.8.1.tar.gz
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.I61pDI
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd /root/rpmbuild/BUILD
+ rm -rf haproxy-1.8.1
+ /usr/bin/gzip -dc /root/haproxy-1.8.1.tar.gz
+ /usr/bin/tar -xf -
...
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64
Wrote: /root/rpmbuild/SRPMS/haproxy-1.8.1-1.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/haproxy-1.8.1-1.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/haproxy-debuginfo-1.8.1-1.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.jo5GXH
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd haproxy-1.8.1
+ '[' /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64 '!=' /']'
+ /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/haproxy-1.8.1-1.x86_64
+ exit 0

    Installieren/aktualisieren Sie das Paket

    # rpm -Uvh /root/rpmbuild/RPMS/x86_64/haproxy-1.8.1-1.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating /installing...
   1:haproxy-1.8.1-1                  ################################# [ 50%]
Cleaning up /removing...
   2:haproxy-1.5.18-6.el7             ################################# [100%]

    Überprüfen Ausgabe

    # haproxy -vv               
HA-Proxy version 1.8.1 2017/12/03
Copyright 2000-2017 Willy Tarreau <[email protected]>

Build options :
  TARGET  = linux26
  CPU     = generic
  CC      = gcc
  CFLAGS  = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label
  OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
    [SPOE] spoe
    [COMP] compression
    [TRACE] trace

    Für systemd basiertes system, das Sie installieren sollten, systemd-devel-Paket und übergeben Sie USE_SYSTEMD=1 option

    InformationsquelleAutor ALex_hha
Schreibe einen Kommentar