yum install -y openssl openssl-devel readline-devel pcre-devel libssl-dev libpcre3
#解压
tar -zxvf haproxy-1.6.9.tar.gz
cd haproxy-1.6.9
#安装
make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 ARCH=x86_64 PREFIX=/usr/local/haproxy
make install PREFIX=/usr/local/haproxy
#参数说明
TARGET=linux26 #内核版本,使用uname -r查看内核,如:2.6.18-371.el5,此时该参数就为linux26;kernel 大于2.6.28的用:TARGET=linux2628
ARCH=x86_64 #系统位数
PREFIX=/usr/local/haprpxy #/usr/local/haprpxy为haprpxy安装路径
haproxy -vv
[root@templatetest08 haproxy]# sbin/haproxy -f conf/haproxy4.cfg
[ALERT] 162/151234 (25776) : parsing [conf/haproxy4.cfg:140] : 'bind *:1081' : unable to load SSL private key from PEM file '/etc/ssl/emqttd/emq.pem'.
[ALERT] 162/151234 (25776) : Error(s) found in configuration file : conf/haproxy4.cfg
[ALERT] 162/151234 (25776) : Proxy 'mqtt-ssl': no SSL certificate specified for bind '*:1081' at [conf/haproxy4.cfg:140] (use 'crt').
[ALERT] 162/151234 (25776) : Fatal errors found in configuration
解决方案是将server-key.pem和server-cert.pem合在一个文件中
[root@templatetest08 haproxy]# touch emq.pem
[root@templatetest08 haproxy]# find / -name server-key.pem
/usr/share/doc/perl-IO-Socket-SSL-1.94/certs/server-key.pem
[root@templatetest08 haproxy]# find / -name server-cert.pem
/usr/share/doc/perl-IO-Socket-SSL-1.94/certs/server-cert.pem
You have new mail in /var/spool/mail/root
[root@templatetest08 haproxy]# cp /usr/share/doc/perl-IO-Socket-SSL-1.94/certs/server-key.pem .
[root@templatetest08 haproxy]# cp /usr/share/doc/perl-IO-Socket-SSL-1.94/certs/server-cert.pem .
[root@templatetest08 haproxy]# ll
total 8
drwxr-xr-x. 2 root root 100 Jun 12 14:49 conf
drwxr-xr-x. 3 root root 20 Jun 12 15:05 doc
drwxr-xr-x. 2 root root 81 Jun 4 14:24 errorfiles
drwxr-xr-x. 2 root root 20 Jun 12 15:08 sbin
-rw-r--r--. 1 root root 3597 Jun 12 15:16 server-cert.pem
-rw-r--r--. 1 root root 887 Jun 12 15:16 server-key.pem
-rw-r--r--. 1 root root 0 Jun 12 15:20 emq.pem
drwxr-xr-x. 3 root root 16 Jun 12 15:05 share
[root@templatetest08 haproxy]# mkdir -p /etc/ssl/emqttd/
[root@templatetest08 haproxy]# cd /etc/ssl/emqttd/
[root@templatetest08 emqttd]# ll
total 0
[root@templatetest08 emqttd]# touch emq.pem
[root@templatetest08 haproxy]# cat server-cert.pem > emq.pem
You have new mail in /var/spool/mail/root
[root@templatetest08 haproxy]# ll
total 12
drwxr-xr-x. 2 root root 100 Jun 12 14:49 conf
drwxr-xr-x. 3 root root 20 Jun 12 15:05 doc
-rw-r--r--. 1 root root 3597 Jun 12 15:22 emq.pem
drwxr-xr-x. 2 root root 81 Jun 4 14:24 errorfiles
drwxr-xr-x. 2 root root 20 Jun 12 15:08 sbin
-rw-r--r--. 1 root root 3597 Jun 12 15:16 server-cert.pem
-rw-r--r--. 1 root root 887 Jun 12 15:16 server-key.pem
drwxr-xr-x. 3 root root 16 Jun 12 15:05 share
[root@templatetest08 haproxy]# cat server-key.pem >> emq.pem
[root@templatetest08 haproxy]# ll
total 16
drwxr-xr-x. 2 root root 100 Jun 12 14:49 conf
drwxr-xr-x. 3 root root 20 Jun 12 15:05 doc
-rw-r--r--. 1 root root 4484 Jun 12 15:23 emq.pem
drwxr-xr-x. 2 root root 81 Jun 4 14:24 errorfiles
drwxr-xr-x. 2 root root 20 Jun 12 15:08 sbin
-rw-r--r--. 1 root root 3597 Jun 12 15:16 server-cert.pem
-rw-r--r--. 1 root root 887 Jun 12 15:16 server-key.pem
drwxr-xr-x. 3 root root 16 Jun 12 15:05 share
[root@templatetest08 haproxy]# cat emq.pem
-----BEGIN CERTIFICATE-----
MIIDVzCCAsCgAwIBAgIJANbX4bSzMJHwMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNV
BAYTAkRFMQ8wDQYDVQQIEwZCYXllcm4xETAPBgNVBAcTCE11ZW5jaGVuMRcwFQYD
VQQKEw5XaGF0ZXZlciBpdCBpczEgMB4GA1UEAxMXSU86OlNvY2tldDo6U1NMIERl
bW8gQ0EwHhcNMDgwMTAxMDAwMDAxWhcNMTkwMzMwMDcwNTQ0WjBhMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmF5ZXJuMREwDwYDVQQHEwhNdWVuY2hlbjEXMBUGA1UE
ChMOV2hhdGV2ZXIgaXQgaXMxFTATBgNVBAMTDHNlcnZlci5sb2NhbDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAn5hzSzSqT8JaPD268FRV5tWKoI/klFpyRzSa
YVDM0IGNN8SODHm05NkNcQY9B00q/7Vq79s28L7tsrAuGK/zNZJxFYT1KssYvX7b
JhjBTjEqAbgbyanfbGJ0IElNURST9NYYB/M92ffcEDPkAKJsYrBZfl/5jralr632
++b635sCAwEAAaOCAQowggEGMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBS8gTh7Ysndqbpe
nESqrnE5eoHJ6DCBngYDVR0jBIGWMIGTgBTeZQEWGS5R4JpRGjdQlH05KSpCLKFw
pG4wbDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjERMA8GA1UEBxMITXVl
bmNoZW4xFzAVBgNVBAoTDldoYXRldmVyIGl0IGlzMSAwHgYDVQQDExdJTzo6U29j
a2V0OjpTU0wgRGVtbyBDQYIJAOetiwdVihcnMAsGA1UdDwQEAwIF4DANBgkqhkiG
9w0BAQUFAAOBgQAirLOgZ+vCQDaaVnEg/C5LPduxg/OWWjOb2zPeUtycgDZ4m+OQ
6mPMDKwPvQEgJo9HJ4MjqZC2rlzYPCAnygS0XpuF/DSvXpFgO9Lftwau4wEJH4mv
ChgKP+9D1j1uFnQyswbwivSAYffxg4XoLB24g/aBh7PNKwuIGvk/FXc7zA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCfmHNLNKpPwlo8PbrwVFXm1Yqgj+SUWnJHNJphUMzQgY03xI4M
ebTk2Q1xBj0HTSr/tWrv2zbwvu2ysC4Yr/M1knEVhPUqyxi9ftsmGMFOMSoBuBvJ
qd9sYnQgSU1RFJP01hgH8z3Z99wQM+QAomxisFl+X/mOtqWvrfb75vrfmwIDAQAB
AoGBAJmJZ7m9U+/hkUANPzAAYpftbi1j4Urb7L8WG0NuIWyihgJVxTa5S88yBZ1r
nADPO4O/u74/Tg60ECdtGRvFAhtNwQA1DWIqoVat9kaFsXaJDRqalSFVNyJL94C8
NEDNkBOfL0LNDfbLdekHrsEx16Sk4Cb3+GwPcQlCBj83Oft5AkEA0QXrySU0/+yb
2M30SOe5m9h5G42RQHJ5wFz7e3NwN9iFd6rIcYAKaJ2vNjN67fYV8TqdCncOL2+2
ZjkeHIeWpQJBAMN2uh1ma0JRGHBG0zK5IiL5C0tvajoF+cNAgOfl7vf1CtRx5KW9
x2aOZumfzm9t0NbcutmEjGB0XbZdCNg9CT8CQEbUetHuiccvpqARKnaKD5t//4oW
ruHn6NoGqDFtLNm/xXqHpOTRPrW0uWrkhwOcIFNeSVkCfwwUDvsU399LEwECQQCc
GpIBMO6wg/u0j5vUgq6Up7kxgcWgmW0jVrycd7ImLXl8uYkWJT6+1TOzmYFQ1K9Z
KefAGG/UCJtfLWYG7JgZAkBNooGdD0taYFyfAlxgbjVqNpgubgnpXvh3G4SRbm3J
itE3l4HvYIrLPQVBzG2fomU+AIH8T9NleyFQNRB0BZay
-----END RSA PRIVATE KEY-----
[root@templatetest08 haproxy]# mv emq.pem /etc/ssl/emqttd/
mv: overwrite ‘/etc/ssl/emqttd/emq.pem’? y
[root@templatetest08 haproxy]# cd cd /etc/ssl/emqttd/
-bash: cd: cd: No such file or directory
You have new mail in /var/spool/mail/root
[root@templatetest08 haproxy]# cd /etc/ssl/emqttd/
[root@templatetest08 emqttd]# ll
total 8
-rw-r--r--. 1 root root 4484 Jun 12 15:23 emq.pem
[root@templatetest08 haproxy]# sbin/haproxy -f conf/haproxy4.cfg
[WARNING] 162/153534 (27461) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.
[
#解压
tar -zxvf haproxy-1.6.9.tar.gz
cd haproxy-1.6.9
#安装
make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 ARCH=x86_64 PREFIX=/usr/local/haproxy
make install PREFIX=/usr/local/haproxy
#参数说明
TARGET=linux26 #内核版本,使用uname -r查看内核,如:2.6.18-371.el5,此时该参数就为linux26;kernel 大于2.6.28的用:TARGET=linux2628
ARCH=x86_64 #系统位数
PREFIX=/usr/local/haprpxy #/usr/local/haprpxy为haprpxy安装路径
haproxy -vv
[root@templatetest08 haproxy]# sbin/haproxy -f conf/haproxy4.cfg
[ALERT] 162/151234 (25776) : parsing [conf/haproxy4.cfg:140] : 'bind *:1081' : unable to load SSL private key from PEM file '/etc/ssl/emqttd/emq.pem'.
[ALERT] 162/151234 (25776) : Error(s) found in configuration file : conf/haproxy4.cfg
[ALERT] 162/151234 (25776) : Proxy 'mqtt-ssl': no SSL certificate specified for bind '*:1081' at [conf/haproxy4.cfg:140] (use 'crt').
[ALERT] 162/151234 (25776) : Fatal errors found in configuration
解决方案是将server-key.pem和server-cert.pem合在一个文件中
[root@templatetest08 haproxy]# touch emq.pem
[root@templatetest08 haproxy]# find / -name server-key.pem
/usr/share/doc/perl-IO-Socket-SSL-1.94/certs/server-key.pem
[root@templatetest08 haproxy]# find / -name server-cert.pem
/usr/share/doc/perl-IO-Socket-SSL-1.94/certs/server-cert.pem
You have new mail in /var/spool/mail/root
[root@templatetest08 haproxy]# cp /usr/share/doc/perl-IO-Socket-SSL-1.94/certs/server-key.pem .
[root@templatetest08 haproxy]# cp /usr/share/doc/perl-IO-Socket-SSL-1.94/certs/server-cert.pem .
[root@templatetest08 haproxy]# ll
total 8
drwxr-xr-x. 2 root root 100 Jun 12 14:49 conf
drwxr-xr-x. 3 root root 20 Jun 12 15:05 doc
drwxr-xr-x. 2 root root 81 Jun 4 14:24 errorfiles
drwxr-xr-x. 2 root root 20 Jun 12 15:08 sbin
-rw-r--r--. 1 root root 3597 Jun 12 15:16 server-cert.pem
-rw-r--r--. 1 root root 887 Jun 12 15:16 server-key.pem
-rw-r--r--. 1 root root 0 Jun 12 15:20 emq.pem
drwxr-xr-x. 3 root root 16 Jun 12 15:05 share
[root@templatetest08 haproxy]# mkdir -p /etc/ssl/emqttd/
[root@templatetest08 haproxy]# cd /etc/ssl/emqttd/
[root@templatetest08 emqttd]# ll
total 0
[root@templatetest08 emqttd]# touch emq.pem
[root@templatetest08 haproxy]# cat server-cert.pem > emq.pem
You have new mail in /var/spool/mail/root
[root@templatetest08 haproxy]# ll
total 12
drwxr-xr-x. 2 root root 100 Jun 12 14:49 conf
drwxr-xr-x. 3 root root 20 Jun 12 15:05 doc
-rw-r--r--. 1 root root 3597 Jun 12 15:22 emq.pem
drwxr-xr-x. 2 root root 81 Jun 4 14:24 errorfiles
drwxr-xr-x. 2 root root 20 Jun 12 15:08 sbin
-rw-r--r--. 1 root root 3597 Jun 12 15:16 server-cert.pem
-rw-r--r--. 1 root root 887 Jun 12 15:16 server-key.pem
drwxr-xr-x. 3 root root 16 Jun 12 15:05 share
[root@templatetest08 haproxy]# cat server-key.pem >> emq.pem
[root@templatetest08 haproxy]# ll
total 16
drwxr-xr-x. 2 root root 100 Jun 12 14:49 conf
drwxr-xr-x. 3 root root 20 Jun 12 15:05 doc
-rw-r--r--. 1 root root 4484 Jun 12 15:23 emq.pem
drwxr-xr-x. 2 root root 81 Jun 4 14:24 errorfiles
drwxr-xr-x. 2 root root 20 Jun 12 15:08 sbin
-rw-r--r--. 1 root root 3597 Jun 12 15:16 server-cert.pem
-rw-r--r--. 1 root root 887 Jun 12 15:16 server-key.pem
drwxr-xr-x. 3 root root 16 Jun 12 15:05 share
[root@templatetest08 haproxy]# cat emq.pem
-----BEGIN CERTIFICATE-----
MIIDVzCCAsCgAwIBAgIJANbX4bSzMJHwMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNV
BAYTAkRFMQ8wDQYDVQQIEwZCYXllcm4xETAPBgNVBAcTCE11ZW5jaGVuMRcwFQYD
VQQKEw5XaGF0ZXZlciBpdCBpczEgMB4GA1UEAxMXSU86OlNvY2tldDo6U1NMIERl
bW8gQ0EwHhcNMDgwMTAxMDAwMDAxWhcNMTkwMzMwMDcwNTQ0WjBhMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmF5ZXJuMREwDwYDVQQHEwhNdWVuY2hlbjEXMBUGA1UE
ChMOV2hhdGV2ZXIgaXQgaXMxFTATBgNVBAMTDHNlcnZlci5sb2NhbDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAn5hzSzSqT8JaPD268FRV5tWKoI/klFpyRzSa
YVDM0IGNN8SODHm05NkNcQY9B00q/7Vq79s28L7tsrAuGK/zNZJxFYT1KssYvX7b
JhjBTjEqAbgbyanfbGJ0IElNURST9NYYB/M92ffcEDPkAKJsYrBZfl/5jralr632
++b635sCAwEAAaOCAQowggEGMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBS8gTh7Ysndqbpe
nESqrnE5eoHJ6DCBngYDVR0jBIGWMIGTgBTeZQEWGS5R4JpRGjdQlH05KSpCLKFw
pG4wbDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjERMA8GA1UEBxMITXVl
bmNoZW4xFzAVBgNVBAoTDldoYXRldmVyIGl0IGlzMSAwHgYDVQQDExdJTzo6U29j
a2V0OjpTU0wgRGVtbyBDQYIJAOetiwdVihcnMAsGA1UdDwQEAwIF4DANBgkqhkiG
9w0BAQUFAAOBgQAirLOgZ+vCQDaaVnEg/C5LPduxg/OWWjOb2zPeUtycgDZ4m+OQ
6mPMDKwPvQEgJo9HJ4MjqZC2rlzYPCAnygS0XpuF/DSvXpFgO9Lftwau4wEJH4mv
ChgKP+9D1j1uFnQyswbwivSAYffxg4XoLB24g/aBh7PNKwuIGvk/FXc7zA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCfmHNLNKpPwlo8PbrwVFXm1Yqgj+SUWnJHNJphUMzQgY03xI4M
ebTk2Q1xBj0HTSr/tWrv2zbwvu2ysC4Yr/M1knEVhPUqyxi9ftsmGMFOMSoBuBvJ
qd9sYnQgSU1RFJP01hgH8z3Z99wQM+QAomxisFl+X/mOtqWvrfb75vrfmwIDAQAB
AoGBAJmJZ7m9U+/hkUANPzAAYpftbi1j4Urb7L8WG0NuIWyihgJVxTa5S88yBZ1r
nADPO4O/u74/Tg60ECdtGRvFAhtNwQA1DWIqoVat9kaFsXaJDRqalSFVNyJL94C8
NEDNkBOfL0LNDfbLdekHrsEx16Sk4Cb3+GwPcQlCBj83Oft5AkEA0QXrySU0/+yb
2M30SOe5m9h5G42RQHJ5wFz7e3NwN9iFd6rIcYAKaJ2vNjN67fYV8TqdCncOL2+2
ZjkeHIeWpQJBAMN2uh1ma0JRGHBG0zK5IiL5C0tvajoF+cNAgOfl7vf1CtRx5KW9
x2aOZumfzm9t0NbcutmEjGB0XbZdCNg9CT8CQEbUetHuiccvpqARKnaKD5t//4oW
ruHn6NoGqDFtLNm/xXqHpOTRPrW0uWrkhwOcIFNeSVkCfwwUDvsU399LEwECQQCc
GpIBMO6wg/u0j5vUgq6Up7kxgcWgmW0jVrycd7ImLXl8uYkWJT6+1TOzmYFQ1K9Z
KefAGG/UCJtfLWYG7JgZAkBNooGdD0taYFyfAlxgbjVqNpgubgnpXvh3G4SRbm3J
itE3l4HvYIrLPQVBzG2fomU+AIH8T9NleyFQNRB0BZay
-----END RSA PRIVATE KEY-----
[root@templatetest08 haproxy]# mv emq.pem /etc/ssl/emqttd/
mv: overwrite ‘/etc/ssl/emqttd/emq.pem’? y
[root@templatetest08 haproxy]# cd cd /etc/ssl/emqttd/
-bash: cd: cd: No such file or directory
You have new mail in /var/spool/mail/root
[root@templatetest08 haproxy]# cd /etc/ssl/emqttd/
[root@templatetest08 emqttd]# ll
total 8
-rw-r--r--. 1 root root 4484 Jun 12 15:23 emq.pem
[root@templatetest08 emqttd]#
You have new mail in /var/spool/mail/root[root@templatetest08 haproxy]# sbin/haproxy -f conf/haproxy4.cfg
[WARNING] 162/153534 (27461) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.
[
解决方案是将
在以下全局配置里加一行(红色)
global
log 127.0.0.1 local0 info #[err warning info debug]
maxconn 65535
daemon
nbproc 2
user nobody
group nobody
tune.ssl.default-dh-param 2048