[Solved] Cannot bind socket

I get the error “cannot bind socket [:::#port]” when trying to open a new port.
I can confirm that no other service is using that port but that does not seem to be the case.

I’ve encountered the same problem a few weeks ago but managed to find a bind-able port.

This time none of my guesses are doing any good.

This is how my configuration file looks:

# Example configuration for a possible web application.  See the
# full configuration options online.
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt

# Global settings
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #    local2.*                       /var/log/haproxy.log
    log local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

# main frontend which proxys to the backends

frontend  service1-in
        bind :::80 v4v6
        default_backend service1

frontend service2-in
        bind :::8080 v4v6
        default_backend service2

frontend service3-in
        bind :::9000 v4v6
        default_backend service3

frontend NAS-in
        bind :::8282 v4v6
        default_backend NAS

backend service2
        server service2 check

backend portal
        server service1 check
#       server service1 check

backend service3
        server service3 check

backend NAS
        server NAS check

# static backend for serving up images, stylesheets and such
#backend static
#    balance     roundrobin
#    server      static check

# round robin balancing between the various backends
#backend app
#   balance     roundrobin
#   server  app1 check
#   server  app2 check
#   server  app3 check
#   server  app4 check

Error message:

[root@haproxy jp]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 月 2018-11-05 02:45:01 EST; 2s ago
  Process: 115915 ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS (code=exited, status=1/FAILURE)
 Main PID: 115915 (code=exited, status=1/FAILURE)

11月 05 02:45:01 haproxy systemd[1]: Started HAProxy Load Balancer.
11月 05 02:45:01 haproxy systemd[1]: Starting HAProxy Load Balancer...
11月 05 02:45:01 haproxy haproxy-systemd-wrapper[115915]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /ru...pid -Ds
11月 05 02:45:01 haproxy haproxy-systemd-wrapper[115915]: [ALERT] 308/024501 (115916) : Starting frontend NAS-in: cannot bind socket [:::8282]
11月 05 02:45:01 haproxy haproxy-systemd-wrapper[115915]: haproxy-systemd-wrapper: exit, haproxy RC=1
11月 05 02:45:01 haproxy systemd[1]: haproxy.service: main process exited, code=exited, status=1/FAILURE
11月 05 02:45:01 haproxy systemd[1]: Unit haproxy.service entered failed state.
11月 05 02:45:01 haproxy systemd[1]: haproxy.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Thanks in advance.


This is your kernel telling haproxy that it cannot bind the socket on that port, there is not much todo here on the haproxy side.

What OS/kernel is this and can you provide the output of haproxy -vv?

2 things I encountered:

  1. a typo. Missed it 3 or 4 times, corrected & it worked.

  2. IPv6 was being an issue. Use a single : and no “v4” or “v6” for testing. I never figured out why I couldn’t bind to v6 ports. I was using ubuntu 18.04 on an OVH dedicated server, and v6 just wasn’t working right all-around. Similar setup on another host from another provider & v6 works fine shrug

Thanks Guys I was able to solve the problem.
Lukas you were right. It is the kernel giving me this message.

Output of “haproxy -vv”:

[root@haproxy ~]# haproxy -vv
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

I found an article saying I have to modify the settings on selinux.
Having done that, all available ports became bind-able.

“setsebool -P haproxy_connect_any=1”


Many thanks,

1 Like

Any idea how to do the same on FreeBSD, and on OpnSense in particular?
Because I have the same problem, but the ‘setsebool’ does not exist!

My problem was that I was binding with a domain and that domain pointed to my public address.
Although, I had the impression that this works on pfSense, it didn’t on OpnSense (probably there is a setting for this somewhere…) and it only worked when I used a loopback IP.