Reputation: 8287
Haproxy health check permission denied
I am unable to add a backend server because the health check fails with log message
Health check for server mule/muleapp failed, reason: Layer4 connection problem, info: "General socket error (Permission denied)", check duration: 0ms, status: 0/2 DOWN.
I am however able to telnet into the same IP and host. And adding other backends works. I do not see what permission issue is. My configuration is very simplistic
backend mule
balance roundrobin
server muleapp x.x.x.x:64006 check
(substitute x with any number). I am running in HTTP mode. It should be noted that connecting to a local TCPMon port also does not work - but then there is not health check log statements.
Upvotes: 7
Views: 10635
Answers (2)
Reputation: 5969
With SELinux you can easily allow haproxy to connect to any remote backend port:
getsebool haproxy_connect_any # by default 0
setsebool -P haproxy_connect_any 1
This works immediately without haproxy restart.
Upvotes: 16
Reputation: 146
The problem is SELinux only allowing the web server to make outbound connections to a limited set of ports.
Fixed by doing:
semanage port --add --type http_port_t --proto tcp 8001
after installing semanage with
yum install policycoreutils-python
Reference: https://serverfault.com/questions/654599/weird-interaction-with-systemctl-with-haproxy-on-centos-7
Upvotes: 13
Related Questions
- Problem to health check HAProxy docker container
- HAProxy not running stats socket
- HAProxy Fails to Start
- HAProxy health check
- Haproxy fails to restart
- haproxy return empty response
- haproxy setup issue
- Haproxy Health Check port
- Haproxy external-check error code 255
- Using an HTTP healthcheck for a TCP server in HA Proxy