Re: cannot bind socket Multiple backends tcp mode

From: Baptiste <bedis9#gmail.com>
Date: Thu, 3 Nov 2011 20:56:06 +0100


That's normal, your port 443 is binded by the first frontend. So when HAproxy wants to bind it for your second frontend, it can't...

The only solution, in the current case, is to have one frontend per IP. Furthermore, your ACL won't work since you're in TCP mode and the traffic is encrypted.

Cheers

On Thu, Nov 3, 2011 at 8:34 PM, Saul <saul#extremecloudsolutions.com> wrote:
> Hello List,
>
> I hope someone can shed some light with the following situation:
>
> Setup:
> HAproxy frontend proxy and apache SSL backends. I didn't want to use
> haproxy+stunnel or apache mod_ssl so I use straight TCP mode and
> redirects, it works fine with one backend. The only problem is when I
> try to add a second backend for a different farm of servers I get the
> following:
>
> "Starting frontend https-services-in: cannot bind socket"
>
> My understanding was that multiple backends could use the same
> interface, perhaps I was wrong, if that is the case, any suggestions
> on how to be able to have multiple backends running tcp mode on port
> 443 so I can match the url and redirect to the appropriate backend
> from my HAproxy?
>
> Thank You Very much in advance.
>
> Relevant configuration:
>
> ##--------------
> ##  HTTP FRONTEND
> ## ----------------
> frontend www
> mode http
> bind :80
>
> redirect prefix https://secure.mydomain.com if { hdr_dom(Host) -i
> secure.mydomain.com }
> redirect prefix https://services.mydomain.com if { hdr_dom(Host) -i
> services.mydomain.com }
>
> backend www
> mode http
> balance leastconn
> stats enable
> option httpclose
> option forwardfor
> option httpchk HEAD /ha.txt HTTP/1.0
>
> server nginx_1 10.10.1.1:80 weight 100 check
>
> ##--------------
> ##  HTTPS FRONTEND
> ## ----------------
>
>
> frontend https-in
> mode tcp
> bind :443
> default_backend https-secure-portal
>
> ##--------------
> ##  HEADER ACL'S
> ## ----------------
>
> acl secure1 hdr_dom(Host) -i secure.mydomain.com
> use_backend https-secure-portal if secure1
>
> backend https-secure-portal
> mode tcp
> balance leastconn
> option ssl-hello-chk
>
> server ssl_1 10.10.1.1:443 weight 100 check
>
> ##--------------
> ##  SERVICES FRONTEND
> ## ----------------
>
> frontend https-services-in
> mode tcp
> bind :443
> default_backend https-services
>
> acl services1 hdr_dom(Host) -i services.mydomain.com
> use_backend https-services if services1
>
> backend https-services
> mode tcp
> balance leastconn
> option ssl-hello-chk
> #option httpclose
> #option forwardfor
>
> server nginx2_ssl 10.10.1.110:443 weight 100 check
>
>
Received on 2011/11/03 20:56

This archive was generated by hypermail 2.2.0 : 2011/11/03 21:00 CET