@MorayM wrote:
I’m trying to add a new port for forwarding to HAProxy but whenever I try to restart the service with the new configuration I get the error
haproxy-systemd-wrapper[32276]: [ALERT] 092/112955 (32277) : Starting frontend my-service: cannot bind socket [<public IP>:4443]I’m running
haproxythroughsystemctlon CentOS7. Nothing else is using port 4443 (sudo netstat -apn | grep 4443comes up blank), and I’ve gotnet.ipv4.ip_forward = 1andnet.ipv4.ip_nonlocal_bind = 1set in sysctl.conf. I’ve also runsudo setsebool -P haproxy_connect_any=1.The relevant part of my
haproxy.cfglooks like this:frontend my-service bind <public_url>:4443 default_backend my-backendI’ve also got other frontends binding to 80, 443 and 8080.
My Global settings and defaults are:
#--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global log 127.0.0.1 local2 #Log configuration chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy #Haproxy running under user and group "haproxy" group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 15s timeout queue 30s timeout connect 5s timeout client 25s timeout server 5m timeout http-keep-alive 1s timeout check 10s timeout tunnel 3600s timeout tarpit 60s backlog 10000 maxconn 3000
Posts: 1
Participants: 1