HAProxy with SSL, without root and no OpenSSL installed?
So you have an account as a regular linux user and you want to install HAProxy with SSL on a system that doesn’t have OpenSSL.
To make matters worst you don’t have glibc-static
so you can only build OpenSSL as a shared library but, as a regular user, you can’t place that library in the /lib
nor in the /usr/lib
directories.
The steps to get this to work are:
- download both HAProxy and OpenSSL source code
- configure, make and install both HAProxy and OpenSSL
- make
bash
assume a local folder as a shared libraries folder
If things go wrong just use make clean
to go back to default state.
a) Create the following directories:
– ~/openssl-src
, to put OpenSSL downloaded source code
– ~/openssl-bin
, to put compiled OpenSSL binaries
– ~/haproxy
, to put HAProxy source code and build the binary
– ~/lib
, folder that will have symlinks to shared libraries
b) Download and unzip source code:
Latest OpenSSL unzip to ~/openssl-src
Latest HAProxy unzip to ~/haproxy
c) Compile and Install OpenSSL
Go to the OpenSSL source directory and run the following commands:
./config --prefix=/home/username/openssl-bin --openssldir=/home/username/openssl-src && make -j $(nproc) && make install_sw
The -j $(nproc)
flag allows make
to parallelize tasks to the number of available processors. make install_sw
installs OpenSSL to the folder specified with --prefix
.
d) Create HAProxy binary
Just run the following command to build HAProxy with SSL and GZIP support.
make -j $(nproc) TARGET=generic USE_GZIP=1 USE_OPENSSL=1 SSL_INC=~/openssl-bin/include SSL_LIB=~/openssl-bin/lib
e) Link shared libraries
If you try to run ./haproxy
now you’ll get this error:
./haproxy: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
So in order to make bash load libraries from your own custom folder edit .bashrc
and insert the following line:
export LD_LIBRARY_PATH=~/lib
And then change directory to the created lib folder with cd ~\lib
and make symlinks of the required ssl libraries. Namely:
ln -s ~/openssl-bin/lib/libcrypto.so.1.1 libcrypto.so.1.1
ln -s ~/openssl-bin/lib/libssl.so.1.1 libssl.so.1.1
Done! You can now spin up the haproxy
binary.