I do not believe I’m using the wrong ports, since everybody who uses HAProxy shows the same config file, e.g.
frontend http
bind *:80 #bind *:443
I’ve added this setting to IPFire, running in my testing environment and after a necessary restart, HAProxy successfully starts. Hence my question above for a safe way to add this option to my productive firewall as well.
A netstat does not reveal any used ports, btw.
I’m starting HAProxy from command line using
haproxy -f /etc/haproxy/haproxy.cfg
Anyway, I consider running HAProxy on a RaspberryPi in orange network now, for security reasons…
That’s correct but I’ve already tried everything so far, e.g. the IP address of the red interface:172.17.0.2 (IPFire is behind a Fritzbox 6591 as exposed host), the public IP address of my provider which does not work of course because of the exposed host setup.
Each of them caused the issue that 0.0.0.0:80 could not be bound by Haproxy.
So I’m curious, which IP address(es) will possibly apply? One of the other interfaces, orange, green, blue? Should I use 172.0.0.1?
An idea btw. it would be helpful to provide an appropriate example setup in the wiki on how to use Haproxy as a reverse proxy. This would probably avoid issues like the one I’m facing right now. But that’s a different story.
I’ve used several commands to find used port 80, e.g.
ss - tulw
netstat
lsof
None of them revealed any port 80. Hence I’m still confident the above option for sysctl.conf will do the job as already reported for my testing VM.
The sysctl option won’t help you at all. You can then bind to an IP address that the system does not have, but that is not going to help you to pass any packets through haproxy.
HAProxy will actually tell you why it cannot bind to what you want. So, what does it say?