Friday, June 10, 2016

haproxy on Centos 7 with SELinux

Setting up haproxy and varnish with reference to the configuration from these sites: And finally can access plone on the server. But when I check the haproxy status, only client1 can be accessed. All other clients were down with general socket error, permission denied. Googling a bit I finally found out it was due to SELinux. Refer to this page: With the solution from that page, I installed policycoreutils-python and tried to run the command given:
semanage port --add --type http_port_t --proto tcp 8081
But that command failed with the error that the port was already defined. When I looked it up using:
semanage port -l | grep 8081
It belonged to some other type (transproxy_port_t). When I tried to delete the type using:
semanage port -d -t transproxy_port_t -p tcp 8081
Got the error that it belongs in the policy and cannot be deleted. After much frustation and further googling finally found out I can modify the port
semanage port -m -t http_port_t -p tcp 8081
And finally haproxy was able to use the other clients. Finally.....


zhang wei said...

I was so much frustation too! finally i use apache replace nginx, everthing is ok!

Scott Rosenberg said...

I wanted to thank you. This fixed a problem with an nginx proxy I have.
Feel appreciated.

Haiya ala Solah