HAProxy cannot bind socket [0.0.0.0:8888]
Asked Answered
L

11

26

I build a HAProxy on CentOS 7 and enable statistics page with port 8080. It seems work properly. When I set port as 8888, the HAProxy is not working and gives me some feedback.
After that, I tried many ways to solve this problem, but the problem is still there.

Does anyone can help me deal with this issue?

Here is the system information

haprxoy.cfg

/etc/haproxy/haproxy.cfg
Port 8080 is fine, 8888 is not working.

    # [HAPROXY DASHBOARD]
        listen  stats :8888
        mode http
        stats enable
        stats hide-version
        stats realm Haproxy\ Statistics
        stats uri /
        stats auth haproxy:haproxy
        stats refresh 10s

Service Status

service haproxy status

systemd[1]: Started HAProxy Load Balancer.
haproxy-systemd-wrapper[2358]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cf...id -Ds
haproxy-systemd-wrapper[2358]: [ALERT] 012/095413 (2359) : Starting proxy stats: cannot bind socket [0.0.0.0:8888]
haproxy-systemd-wrapper[2358]: haproxy-systemd-wrapper: exit, haproxy RC=256

/etc/sysctl.conf
Someone said that could be a Virtual IP problem, so I follow the instruction and add the setting below then run sysctl -p

net.ipv4.ip_nonlocal_bind=1

Network Confgiuration

ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:15:5d:0a:09:05 brd ff:ff:ff:ff:ff:ff
    inet 192.168.4.117/24 brd 192.168.4.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe0a:905/64 scope link
       valid_lft forever preferred_lft forever

Listening Ports

ss --listening

[root@localhost ~]# ss --listening
Netid State      Recv-Q Send-Q                                                                                  Local Address:Port                                                                                      Peer Address:Port
nl    UNCONN     0      0                                                                                                rtnl:NetworkManager/792                                                                                               *
nl    UNCONN     0      0                                                                                                rtnl:kernel                                                                                                *
nl    UNCONN     0      0                                                                                                rtnl:avahi-daemon/671                                                                                               *
nl    UNCONN     0      0                                                                                                rtnl:4195096                                                                                               *
nl    UNCONN     4352   0                                                                                             tcpdiag:ss/3772                                                                                               *
nl    UNCONN     768    0                                                                                             tcpdiag:kernel                                                                                                *
nl    UNCONN     0      0                                                                                                   6:kernel                                                                                                *
nl    UNCONN     0      0                                                                                                   7:kernel                                                                                                *
nl    UNCONN     0      0                                                                                                   7:systemd/1                                                                                               *      
nl    UNCONN     0      0                                                                                                   7:dbus-daemon/680                                                                                               *
nl    UNCONN     0      0                                                                                                   9:auditd/640                                                                                               *     
nl    UNCONN     0      0                                                                                                   9:kernel                                                                                                *
nl    UNCONN     0      0                                                                                                   9:systemd/1                                                                                               *      
nl    UNCONN     0      0                                                                                                  10:kernel                                                                                                *
nl    UNCONN     0      0                                                                                                  11:kernel                                                                                                *
nl    UNCONN     0      0                                                                                                  15:iprdump/723                                                                                               *    
nl    UNCONN     0      0                                                                                                  15:systemd/1                                                                                               *      
nl    UNCONN     0      0                                                                                                  15:-4124                                                                                                 *
nl    UNCONN     0      0                                                                                                  15:systemd-logind/679                                                                                               *
nl    UNCONN     0      0                                                                                                  15:NetworkManager/792                                                                                               *
nl    UNCONN     0      0                                                                                                  15:iprinit/713                                                                                               *    
nl    UNCONN     0      0                                                                                                  15:-4107                                                                                                 *
nl    UNCONN     0      0                                                                                                  15:-4125                                                                                                 *
nl    UNCONN     0      0                                                                                                  15:-4119                                                                                                 *
nl    UNCONN     0      0                                                                                                  15:iprupdate/710                                                                                               *  
nl    UNCONN     0      0                                                                                                  15:-4118                                                                                                 *
nl    UNCONN     0      0                                                                                                  15:kernel                                                                                                *
nl    UNCONN     0      0                                                                                                  15:-4117                                                                                                 *
nl    UNCONN     0      0                                                                                                  15:tuned/676                                                                                               *      
nl    UNCONN     0      0                                                                                                  16:kernel                                                                                                *
nl    UNCONN     0      0                                                                                                  18:kernel                                                                                                *
u_str LISTEN     0      128                                                                           /run/lvm/lvmetad.socket 11542                                                                                                * 0
u_str LISTEN     0      128                                                                       /run/systemd/journal/stdout 6697                                                                                                 * 0
u_dgr UNCONN     0      0                                                                         /run/systemd/journal/socket 6700                                                                                                 * 0
u_dgr UNCONN     0      0                                                                                            /dev/log 6702                                                                                                 * 0
u_dgr UNCONN     0      0                                                                              /run/systemd/shutdownd 11321                                                                                                * 0
u_dgr LISTEN     0      128                                                                                 /run/udev/control 11338                                                                                                * 0
u_str LISTEN     0      100                                                                                      public/flush 18726                                                                                                * 0
u_str LISTEN     0      100                                                                                      public/showq 18741                                                                                                * 0
u_str LISTEN     0      30                                                               /var/run/NetworkManager/private-dhcp 17003                                                                                                * 0
u_dgr UNCONN     0      0                                                                   @/org/freedesktop/systemd1/notify 11259                                                                                                * 0
u_str LISTEN     0      100                                                                                    private/tlsmgr 18708                                                                                                * 0
u_str LISTEN     0      30                                                                    /var/run/NetworkManager/private 16518                                                                                                * 0
u_str LISTEN     0      128                                                                      /var/run/avahi-daemon/socket 13986                                                                                                * 0
u_str LISTEN     0      128                                                                   /var/run/dbus/system_bus_socket 13998                                                                                                * 0
u_str LISTEN     0      100                                                                                   private/rewrite 18711                                                                                                * 0
u_str LISTEN     0      100                                                                                    private/bounce 18714                                                                                                * 0
u_str LISTEN     0      100                                                                                     private/defer 18717                                                                                                * 0
u_str LISTEN     0      100                                                                                     private/trace 18720                                                                                                * 0
u_str LISTEN     0      100                                                                                    private/verify 18723                                                                                                * 0
u_str LISTEN     0      100                                                                                  private/proxymap 18729                                                                                                * 0
u_str LISTEN     0      100                                                                                private/proxywrite 18732                                                                                                * 0
u_str LISTEN     0      100                                                                                      private/smtp 18735                                                                                                * 0
u_str LISTEN     0      100                                                                                     private/relay 18738                                                                                                * 0
u_str LISTEN     0      100                                                                                     private/error 18744                                                                                                * 0
u_str LISTEN     0      100                                                                                     private/retry 18747                                                                                                * 0
u_str LISTEN     0      100                                                                                   private/discard 18750                                                                                                * 0
u_str LISTEN     0      100                                                                                     private/local 18753                                                                                                * 0
u_str LISTEN     0      100                                                                                   private/virtual 18756                                                                                                * 0
u_str LISTEN     0      100                                                                                      private/lmtp 18759                                                                                                * 0
u_str LISTEN     0      100                                                                                     private/anvil 18762                                                                                                * 0
u_str LISTEN     0      100                                                                                    private/scache 18765                                                                                                * 0
u_str LISTEN     0      100                                                                                     public/pickup 18697                                                                                                * 0
u_str LISTEN     0      100                                                                                    public/cleanup 18701                                                                                                * 0
u_str LISTEN     0      100                                                                                       public/qmgr 18704                                                                                                * 0
u_str LISTEN     0      30                                                                               /run/systemd/private 11261                                                                                                * 0
u_dgr UNCONN     0      0                                                                                                   * 14733                                                                                                * 6700
u_dgr UNCONN     0      0                                                                                                   * 15011                                                                                                * 6702
u_dgr UNCONN     0      0                                                                                                   * 12659                                                                                                * 12658
u_dgr UNCONN     0      0                                                                                                   * 18818                                                                                                * 6702
u_dgr UNCONN     0      0                                                                                                   * 15244                                                                                                * 6702
u_dgr UNCONN     0      0                                                                                                   * 16991                                                                                                * 6702
u_dgr UNCONN     0      0                                                                                                   * 12644                                                                                                * 6700
u_dgr UNCONN     0      0                                                                                                   * 12658                                                                                                * 12659
u_dgr UNCONN     0      0                                                                                                   * 19513                                                                                                * 6700
u_dgr UNCONN     0      0                                                                                                   * 29994                                                                                                * 6702
u_dgr UNCONN     0      0                                                                                                   * 13899                                                                                                * 6702
u_dgr UNCONN     0      0                                                                                                   * 16528                                                                                                * 6702
u_dgr UNCONN     0      0                                                                                                   * 30457                                                                                                * 6702
u_dgr UNCONN     0      0                                                                                                   * 18632                                                                                                * 6702
u_dgr UNCONN     0      0                                                                                                   * 16504                                                                                                * 6702
raw   UNCONN     0      0                                                                                                  :::ipv6-icmp                                                                                             :::*     
tcp   UNCONN     0      0                                                                                                   *:ipproto-5353                                                                                              *:*  
tcp   UNCONN     0      0                                                                                                   *:ipproto-50900                                                                                              *:* 
tcp   LISTEN     0      100                                                                                         127.0.0.1:smtp                                                                                                 *:*
tcp   LISTEN     0      128                                                                                                 *:ssh                                                                                                  *:*
tcp   LISTEN     0      100                                                                                               ::1:smtp                                                                                                :::*
tcp   LISTEN     0      128                                                                                                :::ssh                                                                                                 :::*
Lynnell answered 14/1, 2016 at 15:52 Comment(3)
have you checked if port is in use already? netstat -anp | grep ":8888"Vacla
I have already checked. Not in use.Lynnell
Check rule selinux, see /var/log/audit/audit.logHydrate
L
82

Thanks for you guys at first.
I have solved this issue by following command.
setsebool -P haproxy_connect_any=1

It works for me!

Lynnell answered 18/1, 2016 at 3:27 Comment(7)
If stack-overflow had a donate-a-dollar button, you would definitely be getting a dollar =). That would be an awesome feature actually - people would use the platform more and earn money!Pretense
I wish I could give this comment a dollar.Willhite
For reference: systutorials.com/docs/linux/man/8-haproxy_selinuxDissyllable
Unfortunately, that does not work on FreeBSD and OpnSense (no such command). :(Dissyllable
I guess a better approach would be Creating Custom SELinux Policy Modules with audit2allowSpindell
This does this : If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the authlogin_nsswitch_use_ldap boolean. Disabled by default.Bixler
will this setting persist after rebootYpres
E
17

Add net.ipv4.ip_nonlocal_bind=1 on /etc/sysctl.conf

sysctl -p

Restart the haproxy service(service restart haproxy). it will work.

Elsaelsbeth answered 7/12, 2016 at 4:42 Comment(0)
B
3

I would guess this is a SELinux issue. Try setenforce 0, then restart the HAProxy service. If HAProxy works after this change, restore the enforcing status with setenforce 1, and then run setsebool -P haproxy_connect_any to change the SELinux boolean that is probably affecting this, and restart the service again.

Bromate answered 28/2, 2019 at 6:56 Comment(0)
S
2

What worked for me is killing any service that was running on the port I wanted to use (6443):

$fuser -k 6443/tcp

Then I ran:

$sudo systemctl restart haproxy
Sedgewick answered 7/11, 2019 at 7:4 Comment(0)
A
2

In continuation of Code Man answer

setsebool -P haproxy_connect_any=1

I'm running RHEL, and the way to set a SELinux boolean has the following syntax:

setsebool -P haproxy_connect_any on

Amide answered 4/9, 2022 at 9:49 Comment(0)
N
1

setsebool shows the right direction. It is a SELinux issue. Try to install the toolchain for SELinux: yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

Press the "Record-Button" by typing "selinux permissive" and try to start the services. They fail. Then: grep haprox /var/log/audit/audit.log | audit2allow -M haproxy and activate the haproxy permissions by

semodule -i haproxy.pp

Done!

Needless answered 26/4, 2016 at 12:59 Comment(0)
T
1

You don't always need to dosetsebool -P haproxy_connect_any=1

For me issue was the port that I was unable to bind was actually running actively.

So in my case ( on ubuntu ) I use fuser tcp/8888 it was saying it is up on some XXXX port. So get rid of that fuser -k tcp/8888. In my case it started properly.

Tragacanth answered 13/3, 2020 at 11:27 Comment(0)
T
0

Code Man's answer works, but also you may manage selinux for your port with:

yum -y install policycoreutils-python
semanage port -m -t http_port_t -p tcp 8080
systemctl restart haproxy
systemctl status haproxy
Thurgau answered 27/9, 2018 at 13:18 Comment(0)
D
0

I was getting a similar message of Starting frontend <FrontendName>: cannot bind socket <IP:port> on an OpnSense firewall (FreeBSD).

I was binding to a domain name and it turns out that it was pointing to my public address and that was a problem. Using a loopback address made HAProxy work.

This Linux-related answer gives some hints as well: https://mcmap.net/q/512554/-haproxy-cannot-bind-socket-0-0-0-0-8888 ...because I remember this working on pfSense. There is probably more magic to be discovered here!

Dissyllable answered 12/5, 2020 at 18:24 Comment(0)
K
0

Append the line net.ipv4.ip_nonlocal_bind=1 to the /etc/sysctl.conf file Restart the haproxy service (service restart haproxy) with

sysctl -p

It will work.

Kyphosis answered 15/4 at 8:24 Comment(1)
Add more context and details to your answer. What is sysctl, what does the -p flag do? What is the net.ipv4.ip_nonlocal_bind=1 option doing and the different values it can have as well as side-effects? Remember, not only the OP will be reading your answer and if it is useful for others, they need to know why they are doing what you suggest and the results before doing them.Conflagration
D
-1

/etc/sysconfig/selinux SELINUX=permissive

reboot

worked for me

Devi answered 8/2, 2018 at 10:46 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.