I had a question regarding the haproxy config when running inside docker.
We were running haproxy 2.2 version and our config was like
frontend lb
bind *:80
bind *:443
and we were binding ports from host 80->80 and 443->443 inside the docker.
But after haproxy 2.4 came out LTS, we wanted to try but we got some issues of permission denied as described in ticket https://github.com/docker-library/haproxy/issues/160
that binding the privileged ports inside docker are not allowed.
For fix, we should have the kernel running above (4.11), then adding --sysctl net.ipv4.ip_unprivileged_port_start=0 to the docker run should allow it to use “privileged” ports.
But since we are running debian9 which is below kernel 4.11, I did something mention in the github ticket: https://github.com/docker-library/haproxy/issues/160
So in the haproxy config i binded the non privileged ports and did post mapping to it from host, which allowed it to run. For example, 80 → 8888 and 443-> 8889 port mapping
new haproxy config
frontend lb
bind *:8888
bind *:8889
Is this a good approach ? Can it cause any issues to us on latency or any other which I cant think right now?
Alternatively I can pass --user=root (which was the initial user in early versions of haproxy)