HAProxy Alert : Starting frontend *****: cannot bind socket

Started by Cangooroo7993, May 09, 2020, 04:20:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 09, 2020, 04:20:27 PM Last Edit: May 10, 2020, 01:27:27 PM by Cangooroo7993
I am trying to make the Let's Encrypt plugin work with HAProxy and I ran into this situation:

When I start HAProxy from the UI it fails to start.
I SSH-ed into the firewall and tried to start it manually with:

Code Select
/usr/local/etc/rc.d/haproxy start

Then I got this alert:

Code Select
Starting frontend *****: cannot bind socket *******

From searching online, I found these possible solutions (although those seem to be for Linux, not BSD):

https://stackoverflow.com/questions/34793885/haproxy-cannot-bind-socket-0-0-0-08888
https://discourse.haproxy.org/t/solved-cannot-bind-socket/3180/4

They essentially suggest using this:

Code Select
setsebool -P haproxy_connect_any=1

So, my questions are:


  • Why doesn't this detailed error, that I get in the console, appear on the management GUI? I only get a generic message saying that HAProxy failed to start. I have searched the log level settings, but nothing seems to provide more detailed information. Am I missing something?
  • Is this suggested solution the proper one? I would expect that the HAProxy plugin should work out of the box, without manual fiddling into the OS. Is there any chance I caused the misconfiguration myself somehow? E.g. using the "System>Firmware>Updates" option?


UPDATE:
On top of this, it turns out that 'setsebool' is an unknown command in my OpnSense box. Do I have to install something or use a different command?
May 12, 2020, 05:33:15 PM #1
Any idea how to troubleshoot this?
Does HAProxy's frontends usually work without manual intervention?
Why would I get such an error?
There is nothing listening on that port already, so it should work. :(
May 12, 2020, 08:13:28 PM #2 Last Edit: May 12, 2020, 08:17:21 PM by Cangooroo7993
OK.
I found it:

Using 127.0.0.1:6945 as a listening address made it work.
It seems the hostname I was using was pointing to my public IP and that created a mess.
I remember that working differently on pfSense, but maybe I am wrong.
Or probably there is a setting for this, as mentioned on this Linux-related post: https://stackoverflow.com/a/41009557/964053
Anyhow.

Thanks for nothing. ;)
Your firewall abilities seem better, but your community seems pretty DEAD! :D
It feels I am the only one here.

But thanks for the firewall.
I might decide to contribute some code to it one day...
Print
Go Up Pages1
User actions