Running haproxy as non root user i'd like to see logs


#1

Hi,
I am new to haproxy, running on CentOS 6.7. See haproxy version information below.
Previously i used stunnel and pen.
I run haproxy as a non root user and have managed to set up some instances with load balancing and SSL. Fine, It works.

Now I am trying to configure an instance to a remote machine with signed client authentication.

myservice----haproxy—ssl---->remote machine.

This does not work. When started in foreground mode i get an ssl handshake error.
This is the point where i noticed that haproxy gives me no log file.

I would like to see more information from haproxy: statistics, error mesages etc.
Where are the log files? How can I configure logging without being root?

I’ve read a lot in https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#8 but still have no clue.

Can someone please give me advice or an example config how to get a bit logging from haproxyß

Thanks in advance
MT

HA-Proxy version 1.5.4 2014/09/02
Copyright 2000-2014 Willy Tarreau w@1wt.eu

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing
OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 7.8 2008-09-05
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.


#2

How did you start HAProxy as a non root user ? . I get the following ALERT message : "Starting frontend GLOBAL: cannot bind UNIX socket [/location/to/the/stats]


#3

Hi, I think you are not answering my question but rather ask a new one…
anyway: hapoxy -f haproxy.conf starts the haproxy.

you should describe your problem and ask a new question.


#4

Something like this, make sure you have a syslog daemon listening:

global
 log 127.0.0.1 syslog debug
defaults
 log global
 mode http
 option httplog

Logging only sends syslog packets to the destination, there is no need for a privileged user like root (also, when started as root, haproxy can downgrade privileges and logging still works).

@ann starting without root works fine if you have the privilege to bind to the necessary sockets (port > 1024, file permissions on unix sockets). However it isn’t recommended; starting as root and after the bind downgrading via user and group directive is the recommended configuration, as it allows privileged binds while running the code with a low-privileged user.