----------------------------------------
> Date: Wed, 18 Mar 2015 01:49:47 +0100
> From: denni...@conversis.de
> To: luky...@hotmail.com; jarno.huusko...@uef.fi
> CC: haproxy@formilux.org
> Subject: Re: send/accept-proxy over unix socket not working
>
> On 13.03.2015 18:44, Lukas Tribus wrote:
>>> What version of haproxy are you using ? (And what OS) ?
>>>
>>>> In the first frontend I set:
>>>> server clear /var/lib/haproxy/test send-proxy
>>>>
>>>> In the second frontend I set:
>>>> bind /var/lib/haproxy/test accept-proxy
>>>
>>> Are you able to connect to the /var/lib/haproxy/test socket with
>>> netcat or socat ? And/or do you have chroot in haproxy.cfg ?
>>
>> Also if you drop privileges, check permission with the haproxy user.
>>
>> If supported by your kernel, you could use abstract namespaces
>> instead.
>
> According to the documentation abstract namespaces are not recommended
> when using nbproc> 1. The reason I'm dealing with unix sockets at all
> is that I want to get around the problem of losing the stick table
> content on reload I posted about in another mail. The idea is to run two
> instances. One with nbproc> 1 for ssl offloading and that forwards the
> requests to the second instance that is using nbproc = 1 and contains
> the http frontend and a backend. In theory this should allow me to
> reload the config of the backend instance without losing the stick table
> content.
>
> I'm using chroot /var/lib/haproxy but the behavior is the same without
> this directive. Either way a socket gets created as
> /var/lib/haproxy/test as intended but for some reason I keep getting 503
> when using a unix socket but everything works fine when using abstract
> namespaces or an ip address.
>
> I've attached the configuration and the debug output in case that helps
> to pinpoint the issue.
Comment user and group and run haproxy as root. If thats works, it means
you have a permission problem.
Lukas
