Installing and updating haproxy from source

One of the tools that I use for my personal websites is haproxy. Here are some distilled instructions for installing it from source. I primarily use Ubuntu. If you have Ubuntu, all steps required are outlined below. I have done this on Mint and CentOS as well, but some of the steps for those systems are only described here, without explicit instructions.

The center of all this is a series of shell scripts that I use to automate the build and install.

fullstack script:
new-quic script:
new-haproxy script:

All commands shown here must be run as root. The scripts linked above go in /usr/local/src. These scripts will build the quictls variety of openssl3 and the current master branch of haproxy (2.7.x as of July 2022) with QUIC/HTTP3 support.

To prepare for this on Ubuntu, I install the build-essential package and git:

apt install build-essential git

On Ubuntu, the next commands requires uncommenting all the “deb-src” lines in /etc/apt/sources.list beforehand. On Linux Mint, you should open the Update Manager in the gui and have it add the source code repos instead of editing the sources.list file.

apt update
apt build-dep haproxy
apt build-dep openssl

These commands will clone the necessary repos:

cd /usr/local/src
git clone git-haproxy-master
git clone git-quictls

With the quictls repo cloned in /usr/local/src/git-quictls and the haproxy master branch cloned in git-haproxy-master, run the fullstack command.

cd /usr/local/src

The first time you install quictls and haproxy this way, you’ll need to install and activate the haproxy service in systemd. The following instructions should take care of it:

cd /usr/local/src/git-haproxy-master/admin/systemd
make haproxy.service
cp haproxy.service /etc/systemd/system/.
systemctl daemon-reload
systemctl enable haproxy
systemctl start haproxy

If you haven’t created /etc/haproxy/haproxy.cfg with a good config before running those commands, then starting the service will fail, and you’ll need to take care of that after installing a config. Also be aware that if you ask haproxy to listen on ports that another process is already listening on, the service start will also fail.

Installing the service with the commands above should work on an RPM-based distro as well as a DEB-based one. On an RPM-based distro, you will need this command before running my shell script:

yum groupinstall "Development Tools"

And you will need to install the development libraries for openssl, pcre2, zlib, and systemd.

Leave a Reply

Your email address will not be published.