---------------------------------------- > Date: Wed, 18 Mar 2015 01:49:47 +0100 > From: denni...@conversis.de > To: luky...@hotmail.com; jarno.huusko...@uef.fi > CC: haproxy@formilux.org > Subject: Re: send/accept-proxy over unix socket not working > > On 13.03.2015 18:44, Lukas Tribus wrote: >>> What version of haproxy are you using ? (And what OS) ? >>> >>>> In the first frontend I set: >>>> server clear /var/lib/haproxy/test send-proxy >>>> >>>> In the second frontend I set: >>>> bind /var/lib/haproxy/test accept-proxy >>> >>> Are you able to connect to the /var/lib/haproxy/test socket with >>> netcat or socat ? And/or do you have chroot in haproxy.cfg ? >> >> Also if you drop privileges, check permission with the haproxy user. >> >> If supported by your kernel, you could use abstract namespaces >> instead. > > According to the documentation abstract namespaces are not recommended > when using nbproc> 1. The reason I'm dealing with unix sockets at all > is that I want to get around the problem of losing the stick table > content on reload I posted about in another mail. The idea is to run two > instances. One with nbproc> 1 for ssl offloading and that forwards the > requests to the second instance that is using nbproc = 1 and contains > the http frontend and a backend. In theory this should allow me to > reload the config of the backend instance without losing the stick table > content. > > I'm using chroot /var/lib/haproxy but the behavior is the same without > this directive. Either way a socket gets created as > /var/lib/haproxy/test as intended but for some reason I keep getting 503 > when using a unix socket but everything works fine when using abstract > namespaces or an ip address. > > I've attached the configuration and the debug output in case that helps > to pinpoint the issue.
Comment user and group and run haproxy as root. If thats works, it means you have a permission problem. Lukas