[Bug 2138647] Re: haproxy stops logging after reload with permission denied error

Mon, 26 Jan 2026 23:15:38 -0800 

Below is my sanitized haproxy config. The global and defaults sections
are unchanged from what the package provides out of the box except for
the 2 harden.reject-privileged-ports lines.

```
global
        log /dev/log local0
        log /dev/log local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: 
https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers 
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites 
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

        # Hardening:
        harden.reject-privileged-ports.tcp on
        harden.reject-privileged-ports.quic on

defaults
        log global
        mode http
        option httplog
        option dontlognull
        timeout connect 5000
        timeout client 50000
        timeout server 50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

listen listener-http
        bind         some_ip:80
        http-request deny unless { hdr(host) -i -f /etc/haproxy/all_domains }
        use-server   server1 if { hdr(host) -i domain1 }
        server       server1 server1_ip:80   no-check send-proxy-v2
        ...

listen listener-https
        bind        some_ip:443
        mode        tcp
        option      tcplog
        tcp-request inspect-delay 5s
        tcp-request content reject unless { req.ssl_hello_type 1 } { 
req.ssl_sni -i -f /etc/haproxy/all_domains }
        use-server  server1 if { req.ssl_sni -i domain1 }
        server      server1 server1_ip:443   no-check send-proxy-v2
        ...
```

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2138647

Title:
  haproxy stops logging after reload with permission denied error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/2138647/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to