Friday, June 10, 2016

haproxy on Centos 7 with SELinux

Setting up haproxy and varnish with reference to the configuration from these sites: http://sharadchhetri.com/2014/12/20/how-to-install-varnish-4-version-on-centos-7-rhel-7/ https://www.upcloud.com/support/haproxy-load-balancer-centos/ And finally can access plone on the server. But when I check the haproxy status, only client1 can be accessed. All other clients were down with general socket error, permission denied. Googling a bit I finally found out it was due to SELinux. Refer to this page: http://stackoverflow.com/questions/26420729/haproxy-health-check-permission-denied With the solution from that page, I installed policycoreutils-python and tried to run the command given:
semanage port --add --type http_port_t --proto tcp 8081
But that command failed with the error that the port was already defined. When I looked it up using:
semanage port -l | grep 8081
It belonged to some other type (transproxy_port_t). When I tried to delete the type using:
semanage port -d -t transproxy_port_t -p tcp 8081
Got the error that it belongs in the policy and cannot be deleted. After much frustation and further googling finally found out I can modify the port
semanage port -m -t http_port_t -p tcp 8081
And finally haproxy was able to use the other clients. Finally.....

2 comments:

zhang wei said...

I was so much frustation too! finally i use apache replace nginx, everthing is ok!

Scott Rosenberg said...

I wanted to thank you. This fixed a problem with an nginx proxy I have.
Feel appreciated.

Haiya ala Solah