[Solved] Cannot bind socket

Help!
1

I get the error “cannot bind socket [:::#port]” when trying to open a new port.
I can confirm that no other service is using that port but that does not seem to be the case.

I’ve encountered the same problem a few weeks ago but managed to find a bind-able port.

This time none of my guesses are doing any good.

This is how my configuration file looks:

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------

frontend  service1-in
        bind :::80 v4v6
        default_backend service1

frontend service2-in
        bind :::8080 v4v6
        default_backend service2

frontend service3-in
        bind :::9000 v4v6
        default_backend service3

frontend NAS-in
        bind :::8282 v4v6
        default_backend NAS

backend service2
        server service2 192.168.5.55:8080 check

backend portal
        server service1 192.168.5.58:80 check
#       server service1 192.168.5.57:80 check

backend service3
        server service3 192.168.5.65:80 check

backend NAS
        server NAS 192.168.5.254:80 check

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
#    balance     roundrobin
#    server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
#backend app
#   balance     roundrobin
#   server  app1 127.0.0.1:5001 check
#   server  app2 127.0.0.1:5002 check
#   server  app3 127.0.0.1:5003 check
#   server  app4 127.0.0.1:5004 check

Error message:

[root@haproxy jp]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 月 2018-11-05 02:45:01 EST; 2s ago
  Process: 115915 ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS (code=exited, status=1/FAILURE)
 Main PID: 115915 (code=exited, status=1/FAILURE)

11月 05 02:45:01 haproxy systemd[1]: Started HAProxy Load Balancer.
11月 05 02:45:01 haproxy systemd[1]: Starting HAProxy Load Balancer...
11月 05 02:45:01 haproxy haproxy-systemd-wrapper[115915]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /ru...pid -Ds
11月 05 02:45:01 haproxy haproxy-systemd-wrapper[115915]: [ALERT] 308/024501 (115916) : Starting frontend NAS-in: cannot bind socket [:::8282]
11月 05 02:45:01 haproxy haproxy-systemd-wrapper[115915]: haproxy-systemd-wrapper: exit, haproxy RC=1
11月 05 02:45:01 haproxy systemd[1]: haproxy.service: main process exited, code=exited, status=1/FAILURE
11月 05 02:45:01 haproxy systemd[1]: Unit haproxy.service entered failed state.
11月 05 02:45:01 haproxy systemd[1]: haproxy.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Thanks in advance.

Julian

2

This is your kernel telling haproxy that it cannot bind the socket on that port, there is not much todo here on the haproxy side.

What OS/kernel is this and can you provide the output of haproxy -vv?

3

2 things I encountered:

  1. a typo. Missed it 3 or 4 times, corrected & it worked.

  2. IPv6 was being an issue. Use a single : and no “v4” or “v6” for testing. I never figured out why I couldn’t bind to v6 ports. I was using ubuntu 18.04 on an OVH dedicated server, and v6 just wasn’t working right all-around. Similar setup on another host from another provider & v6 works fine shrug

4

Thanks Guys I was able to solve the problem.
Lukas you were right. It is the kernel giving me this message.

Output of “haproxy -vv”:

[root@haproxy ~]# haproxy -vv
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18
  OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

I found an article saying I have to modify the settings on selinux.
Having done that, all available ports became bind-able.

“setsebool -P haproxy_connect_any=1”

article:

Many thanks,
Julian

1 Like
5

Any idea how to do the same on FreeBSD, and on OpnSense in particular?
Because I have the same problem, but the ‘setsebool’ does not exist!

6

OK.
My problem was that I was binding with a domain and that domain pointed to my public address.
Although, I had the impression that this works on pfSense, it didn’t on OpnSense (probably there is a setting for this somewhere…) and it only worked when I used a loopback IP.