I’m trying to add a new port for forwarding to HAProxy but whenever I try to restart the service with the new configuration I get the error
haproxy-systemd-wrapper[32276]: [ALERT] 092/112955 (32277) : Starting frontend my-service: cannot bind socket [<public IP>:4443]
I’m running haproxy
through systemctl
on CentOS7. Nothing else is using port 4443 (sudo netstat -apn | grep 4443
comes up blank), and I’ve got net.ipv4.ip_forward = 1
and net.ipv4.ip_nonlocal_bind = 1
set in sysctl.conf. I’ve also run sudo setsebool -P haproxy_connect_any=1
.
The relevant part of my haproxy.cfg
looks like this:
frontend my-service
bind <public_url>:4443
default_backend my-backend
I’ve also got other frontends binding to 80, 443 and 8080.
My Global settings and defaults are:
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2 #Log configuration
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy #Haproxy running under user and group "haproxy"
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 15s
timeout queue 30s
timeout connect 5s
timeout client 25s
timeout server 5m
timeout http-keep-alive 1s
timeout check 10s
timeout tunnel 3600s
timeout tarpit 60s
backlog 10000
maxconn 3000