Hi All,
0
down vote
favorite
I am trying to configure haproxy 1.5 on Ubuntu 3.2.0-91-generic as a TLS proxy
for plain TCP traffic to a non-TLS server running on the same machine. The
local non-TLS server is running on port 9501, and I want haproxy to listen on
port 9500, decrypting incoming TLS connections on that port and forwarding the
unencrypted TCP traffic to the server on port 9501. I'm doing all this on
172.28.11.94, which is a local intranet address that's bound to my eth0
interface. My haproxy config looks like this:
listen rtt 172.28.11.94:9500
mode tcp
bind 172.28.11.94:9500 ssl crt /etc/haproxy/cert.pem
option tcplog
server rks 172.28.11.94:9501
haproxy reports that this is valid:
dlobron@bos-lpjbb:/etc/haproxy$ sudo haproxy -f haproxy.cfg -V -c
Configuration file is valid
But when I run haproxy, I get an error:
dlobron@bos-lpjbb:/etc/haproxy$ sudo haproxy -f haproxy.cfg -V
Available polling systems :
poll : pref=200, test result OK
select : pref=150, test result FAILED
Total: 2 (1 usable), will use poll.
Using poll() as the polling mechanism.
[ALERT] 011/114700 (6149) : Starting proxy rtt: cannot bind socket
[172.28.11.94:9500]
I verified that my local non-TLS server on port 9501 is fine:
dlobron@bos-lpjbb:/etc/haproxy$ telnet 172.28.11.94 9501
Trying 172.28.11.94...
Connected to bos-lpjbb (172.28.11.94).
Escape character is '^]'.
203 WELCOME
The warning about select() not working is a little strange, but it seems like
it's falling back to poll(), which should be fine. But I can't figure out why
it can't bind to port 9500 when I run it as root, as I'm doing here. Any help
would be much appreciated!
Thank you,
David