I’m attempting to chroot our haproxy setup running as root, but when doing so I only get 503s when hitting our frontend. Nothing is showing up in the logs to indicate what might be wrong. The relevant parts of my config look like
global
tune.ssl.default-dh-param 2048
tune.ssl.cachesize 50000
pidfile /var/run/haproxy/haproxy.pid
chroot /var/haproxy
log 127.0.0.1 local1
frontend ft_foo_ssl
mode http
bind *:80
bind *:443 ssl crt /etc/haproxy/my.pem ciphers AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!RC4:!MD5:!PSK no-sslv3 no-tls-tickets
http-request set-log-level silent
maxconn 100000
redirect scheme https code 301 if !{ ssl_fc }
default_backend bk_foo_ssl
backend bk_foo_ssl
mode http
server ft_foo_sock unix@/var/run/haproxy/ft_foo.sock send-proxy-v2
frontend ft_foo
mode http
bind unix@/var/run/haproxy/ft_foo.sock accept-proxy
maxconn 100000
use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/foo.map)]
If I remove the chroot, everything works fine.