Binding on haproxy 1.8.8


#1

Hello,

I want to bind http entrance connection in HA-Proxy version 1.8.8-1ubuntu0.1.

I am using bind keyword, but it’s not functionnel.

The binding instruction is : bind *:80

Please help me.
Thanks in advance.


#2

Maybe you could elaborate the problem a little bit?


#3

Ok !

I’m configuring haproxy and i want to add the frontend part.
In this part, i want to bind the HTTP traffic,
I’m using the bind keyword but it’s not working.


#4

And what does not working mean? Do you get any error message while starting haproxy? If yes, it would be a good idea to share that error message.


#5

Thanks.

The whole configuration is

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

tune.ssl.default-dh-param 2048
maxconn 5000

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3

defaults
log global
mode http
option forwardfor
option http-server-close
option httplog
option dontlognull
timeout connect 2m
timeout client 2m
timeout server 2m
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend www-http
bind *:80
mode http
option forwardfor
option httpclose
option http-server-close
redirect prefix https://www.example.com if { hdr(host) -i example.com }

THe error when i start :

Process: 1982 ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS (code=exited, status=1/FAILURE)
Process: 1981 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS (code=exited, status=0/SUCCESS)
Main PID: 1982 (code=exited, status=1/FAILURE)

Sep 01 10:49:57 vps-2728-nextwab systemd[1]: haproxy.service: Service hold-off time over, scheduling restart.
Sep 01 10:49:57 vps-2728-nextwab systemd[1]: haproxy.service: Scheduled restart job, restart counter is at 5.
Sep 01 10:49:57 vps-2728-nextwab systemd[1]: Stopped HAProxy Load Balancer.
Sep 01 10:49:57 vps-2728-nextwab systemd[1]: haproxy.service: Start request repeated too quickly.
Sep 01 10:49:57 vps-2728-nextwab systemd[1]: haproxy.service: Failed with result ‘exit-code’.
Sep 01 10:49:57 vps-2728-nextwab systemd[1]: Failed to start HAProxy Load Balancer.


#6

Provide the output of:

  • haproxy -vv
  • haproxy -f /real/path/to/haproxy.cfg -c

#7

Thanks.

The result of haproxy -vv

HA-Proxy version 1.8.8-1ubuntu0.1 2018/05/29
Copyright 2000-2018 Willy Tarreau willy@haproxy.org

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O2 -fdebug-prefix-map=/build/haproxy-VmwZ9X/haproxy-1.8.8=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_NS=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017
Running on OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : yes
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw-deflate(“deflate”), gzip(“gzip”)
Built with network namespace support.

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace

And the result of haproxy -f /real/path/to/haproxy.cfg -c is :
Configuration file is valid


#8

I think you only triggered some systemd threshold that now impedes to start haproxy.

Wait a few seconds, and start haproxy (systemctl start haproxy).


#9

Thanks,
But it does not work.

Please, can you advise another solution?


#10

Do:

systemctl stop haproxy
sleep 60
systemctl start haproxy
systemctl status haproxy

#11

Thanks.
I was find the solution.
The problem was that i have installed apache service in same server.
So when hapoxy proxy try to bind trafic on 80 port, it could not because this port was already used by apache service.

I just stop apache service and haproxy starts correctly.

Thanks again for your help