@bwmetcalf wrote:
I'm attempting to chroot our haproxy setup running as root, but when doing so I only get 503s when hitting our frontend. Nothing is showing up in the logs to indicate what might be wrong. The relevant parts of my config look like
global tune.ssl.default-dh-param 2048 tune.ssl.cachesize 50000 pidfile /var/run/haproxy/haproxy.pid chroot /var/haproxy log 127.0.0.1 local1 frontend ft_foo_ssl mode http bind *:80 bind *:443 ssl crt /etc/haproxy/my.pem ciphers AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!RC4:!MD5:!PSK no-sslv3 no-tls-tickets http-request set-log-level silent maxconn 100000 redirect scheme https code 301 if !{ ssl_fc } default_backend bk_foo_ssl backend bk_foo_ssl mode http server ft_foo_sock unix@/var/run/haproxy/ft_foo.sock send-proxy-v2 frontend ft_foo mode http bind unix@/var/run/haproxy/ft_foo.sock accept-proxy maxconn 100000 use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/foo.map)]If I remove the chroot, everything works fine.
Posts: 2
Participants: 2