> Hi,
>
> I'm trying to use he option source of HAProxy in order to have the
> client's address from my web server.
>
> So i add this option in defaults : "source 0.0.0.0 usesrc clientip".
>
> When I restart HAProxy, i receive back this message : " Some
> configuration options require full privileges, so global.uid cannot be
> changed. "
>
> I found that is possible to use this option being root, with comment
> out following lines in conf : "&user haproxy
> &group haproxy "
>
> But for security reason, i need to use this option without being root,
> i would know if it's possible with changing a configuration?
The haproxy user needs to have the CAP_NET_ADMIN capability. That
way, you can drop privileges to non-root, but still use the usesrc keyword.
Lukas
