Starting frontend xxxx: cannot bind socket

[vikozo]

Hello

i wished to add HAProxy to point to a VM on my Setup.
i followed this wonderfull tutorial in German https://schulnetzkonzept.de/opnsense
I think i have done it right but the HAProxy don^t start

/usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy

i have also a error like

kernel   arp: 32:ea:39:26:d2:c1 attempts to modify permanent entry for 10.147.42.195 on igb1

this ip would be the VM i wish to add to HAProxy

and another error but not sure if it belongs to my HAProxy error

configctl[67179]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out

any idea how to find out why HAProxy not start?

have a nice day
vinc

OPNsense 20.7.4-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
LibreSSL 3.1.4

[vikozo]

any idea how to find out why this happen
on all config done a [Test syntax] and [Apply] but never get a error

WARNING: failed to start haproxy

on the HAProxy -> Log File
is only
haproxy[27040]   Proxy Gitlab_backend started.

---------------------------
OPNsense 20.7.4-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
OpenSSL 1.1.1h 22 Sep 2020

[vikozo]

going to the terminal

# /usr/local/etc/rc.d/haproxy start
Starting haproxy.
[ALERT] 307/121028 (88262) : Starting frontend http_dmz_Wan: cannot bind socket [10.147.42.5:80]
[ALERT] 307/121028 (88262) : Starting frontend http_dmz_Wan: cannot bind socket [10.147.42.6:80]
[ALERT] 307/121028 (88262) : Starting frontend https_DMZ_WAN: cannot bind socket [10.147.42.5:443]
[ALERT] 307/121028 (88262) : Starting frontend https_DMZ_WAN: cannot bind socket [10.147.42.6:443]
[ALERT] 307/121028 (88262) : Starting frontend https_DMZ: cannot bind socket [10.147.42.6:443]
/usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy

[vikozo]

any idea to fix - the internet show only some way to fix it but not working on opnSense. because it is on BSD running

[vikozo]

Hello
because all the error where on the front end - i removed all of them, and yes HAProxy restarted again.
As soon i added something and did a reload it stop working.
But checking the Documentation there
https://docs.opnsense.org/manual/how-tos/haproxy.html

and removing all my config and just add the config with 0.0.0.0:81 and reload the HAProxy and there is no error!
So i changed back to my IP needed, and i got a error.

so why is it not working with my IP Adress, must this ip be somewhere added too?

have a nice day
and hope to get a feedback.

have a nice day
vinc

[tomtra]

Hello

I found this thread running into the same issue like the original poster and having errors like:

Code: [Select]

Starting frontend xxxx: cannot bind socket [x.x.x.x:80]
Starting frontend xxxx: cannot bind socket [x.x.x.x:443]

Trying around to find something that already binds the Port 80 (netstat wasn't really helpful here...) on my OPNsense appliance, I found the solution by chance and wanted to leave it here in case someone else find this information helpful.

The HTTP to HTTPS Redirect option of the OPNsense Web GUI was the reason in my case that binds to port 80 if enabled. 

To solve this: Go to System -> Settings -> Administration and make sure to disable the HTTP Redirect option for the Web GUI.

(TCP Port for HTTPS needs also be set to something non-standard, like 44443 if you use haproxy for HTTPS offloading).

See also the image attached for the settings to solve this.

[nope]

Also if you have dynamically assigned IP addresses on you WAN interface, check that the "Listen Addresses" for your HTTP Public Service does not contain an old WAN interface IP-address.

I added my WAN IP like "<wan-ip>:80" in the Listen Addresses and all worked fine until the external IP changed. As far as i understand you do not need to have the WAN IP in the Listen Addresses, only a domain. You will still be able to connect to http://<wan-ip> and have the connection be managed by HAproxy, if you so choose.


Sorry for necro, but this was one of the first hits on google for the error, hopefully it will help someone.