...
How to install the latest version of haproxy on centos 7
Installation Procedure
Prepare the Build Environment and Download HAProxy
...
Regarding CentOS 7.9
...
Install the packages needed to compile HAProxy from source (note the package ‘systemd-devel’, this is needed for systemd integration for HAProxy when it’s built):
| Code Block |
|---|
yum -y install gcc-c++ openssl-devel pcre-static pcre-devel systemd-devel |
Next, download the HAProxy version that you want to build (versions available can be found here, in our example we will build version 2.6.6):
| Code Block |
|---|
wget https://www.haproxy.org/download/2.6/src/haproxy-2.6.6.tar.gz |
Unpack the file and change directory into where it was unpacked:
| Code Block |
|---|
tar xvfz haproxy-2.6.6.tar.gz
cd haproxy-2.6.6/ |
Once in the main source directory, build HAProxy using the build flags outlined below (note the build directive for USE_SYSTEMD=1, this is needed for systemd integration). Note also that we add the flag USE_PROMEX=1 to enable the built-in Prometheus exporter for HAProxy:
| Code Block |
|---|
make TARGET=linux-glibc USE_PCRE=1 USE_PROMEX=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 USE_SYSTEMD=1 |
Create the directory /etc/haproxy in preparation for performing install of the binaries and as a home for the haproxy.cfg we will need to create, then perform the installation:
| Code Block |
|---|
mkdir /etc/haproxy
make install |
After that step, you should see haproxy installed in /usr/local/sbin on the server, you can then run a quick version check to make sure it can execute:
...
and OpenSSL
The reader should be aware that the latest version of OpenSSL available in the CentOS 7.9 repo is “OpenSSL 1.0.2k-fips”:
| Code Block |
|---|
[root@ebony2 haproxy-2.6.6]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
[root@ebony2 haproxy-2.6.6]# |
Per the vulnerabilities page on the OpenSSL web site (found here):
“Note: All OpenSSL versions before 1.1.1 are out of support and no longer receiving updates. Extended support is available for 1.0.2 from OpenSSL Software Services for premium support customers.”
If you do plan to use CentOS 7.9 in production with HAProxy encapsulating traffic with SSL/TLS, you will need to bear this in mind.
Installation Procedure
Prepare the Build Environment and Download HAProxy
Log into your CentOS 7.9 Server as ‘root’ user and perform the following…
Install the packages needed to compile HAProxy from source (note the package ‘systemd-devel’, this is needed for systemd integration for HAProxy when it’s built):
| Code Block |
|---|
yum -y install gcc-c++ openssl-devel pcre-static pcre-devel systemd-devel |
Next, download the HAProxy version that you want to build (versions available can be found here, in our example we will build version 2.6.6):
| Code Block |
|---|
wget https://www.haproxy.org/download/2.6/src/haproxy-2.6.6.tar.gz |
Unpack the file and change directory into where it was unpacked:
| Code Block |
|---|
tar xvfz haproxy-2.6.6.tar.gz
cd haproxy-2.6.6/ |
Once in the main source directory, build HAProxy using the build flags outlined below (note the build directive for USE_SYSTEMD=1, this is needed for systemd integration). Note also that we add the flag USE_PROMEX=1 to enable the built-in Prometheus exporter for HAProxy:
| Code Block |
|---|
make TARGET=linux-glibc USE_PCRE=1 USE_PROMEX=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 USE_SYSTEMD=1 |
Create the directory /etc/haproxy in preparation for performing install of the binaries and as a home for the haproxy.cfg we will need to create, then perform the installation:
| Code Block |
|---|
mkdir /etc/haproxy
make install |
After that step, you should see haproxy installed in /usr/local/sbin on the server, you can then run a quick version check to make sure it can execute:
| Code Block |
|---|
[root@haproxy-test ~]# which haproxy
/usr/local/sbin/haproxy
[root@haproxy-test ~]# haproxy -v
HAProxy version 2.6.6-274d1a4 2022/09/22 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.6.html
Running on: Linux 3.10.0-1160.83.1.el7.x86_64 #1 SMP Wed Jan 25 16:41:43 UTC 2023 x86_64
[root@haproxy-test ~]# |
...
| Code Block |
|---|
[root@haproxy-test ~]# ps ax | grep haproxy 26178 ? Ss 0:00 /usr/local/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid 26181 ? Sl 0:00 /usr/local/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid 26192 pts/0 S+ 0:00 grep --color=auto haproxy [root@haproxy-test ~]# cat /proc/26178/limits | grep open Max open files 222 4096 files [root@haproxy-test ~]# cat /proc/26181/limits | grep open Max open files 4096 4096 files [root@haproxy-test ~]# vi /etc/systemd/system/haproxy.service.d/limits.conf [root@haproxy-test ~]# systemctl daemon-reload [root@haproxy-test ~]# systemctl restart haproxy [root@haproxy-test ~]# ps ax | grep haproxy 26270 ? Ss 0:00 /usr/local/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid 26272 ? Sl 0:00 /usr/local/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid 26281 pts/0 S+ 0:00 grep --color=auto haproxy [root@haproxy-test ~]# cat /proc/26270/limits | grep open Max open files 222 500000 files [root@haproxy-test ~]# cat /proc/26272/limits | grep open Max open files 500000 500000 files files [root@haproxy-test ~]# cat /etc/systemd/system/haproxy.service.d/limits.conf [Service] LimitNOFILE=500000 [root@haproxy-test ~]# |
Regarding CentOS 7.9 and OpenSSL
The reader should be aware that the latest version of OpenSSL available in the CentOS 7.9 repo is “OpenSSL 1.0.2k-fips”:
| Code Block |
|---|
[root@ebony2 haproxy-2.6.6]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
[root@ebony2 haproxy-2.6.6]# |
Per the vulnerabilities page on the OpenSSL web site (found here):
“Note: All OpenSSL versions before 1.1.1 are out of support and no longer receiving updates. Extended support is available for 1.0.2 from OpenSSL Software Services for premium support customers.”
...
500000 files
[root@haproxy-test ~]# cat /etc/systemd/system/haproxy.service.d/limits.conf
[Service]
LimitNOFILE=500000
[root@haproxy-test ~]# |