I am trying to make the Let's Encrypt plugin work with HAProxy and I ran into this situation:
When I start HAProxy from the UI it fails to start.
I SSH-ed into the firewall and tried to start it manually with:
/usr/local/etc/rc.d/haproxy startThen I got this alert:
Starting frontend *****: cannot bind socket *******From searching online, I found these possible solutions (although those seem to be for Linux, not BSD):
https://stackoverflow.com/questions/34793885/haproxy-cannot-bind-socket-0-0-0-08888
https://discourse.haproxy.org/t/solved-cannot-bind-socket/3180/4
They essentially suggest using this:
setsebool -P haproxy_connect_any=1So, my questions are:
- Why doesn't this detailed error, that I get in the console, appear on the management GUI? I only get a generic message saying that HAProxy failed to start. I have searched the log level settings, but nothing seems to provide more detailed information. Am I missing something?
- Is this suggested solution the proper one? I would expect that the HAProxy plugin should work out of the box, without manual fiddling into the OS. Is there any chance I caused the misconfiguration myself somehow? E.g. using the "System>Firmware>Updates" option?
UPDATE:On top of this, it turns out that 'setsebool' is an unknown command in my OpnSense box. Do I have to install something or use a different command?
Any idea how to troubleshoot this?
Does HAProxy's frontends usually work without manual intervention?
Why would I get such an error?
There is nothing listening on that port already, so it should work. :(
OK.
I found it:
Using 127.0.0.1:6945 as a listening address made it work.
It seems the hostname I was using was pointing to my public IP and that created a mess.
I remember that working differently on pfSense, but maybe I am wrong.
Or probably there is a setting for this, as mentioned on this Linux-related post: https://stackoverflow.com/a/41009557/964053
Anyhow.
Thanks for nothing. ;)
Your firewall abilities seem better, but your community seems pretty DEAD! :D
It feels I am the only one here.
But thanks for the firewall.
I might decide to contribute some code to it one day...