HAProxy has no server available

I am trying to setup a very simple HTTP load balancer with node.js backends in CentOS 7. The backends are all HTTP servers.

If I set both the backend to listen on port 80, and HAProxy to listen on port 80 and use port 80 on the backend, everything works just fine. This is how the configuration file looks in such a configuration:

global
    log         127.0.0.1 local2 info
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     256
    user        haproxy
    group       haproxy
    daemon

defaults
    mode               http
    log                global
    option             httplog
    timeout connect    10s
    timeout client     30s
    timeout server     30s

frontend http-in
    bind               :80
    default_backend    backend_servers
    option             forwardfor

backend backend_servers
    balance            roundrobin
    server             backend1 10.0.4.51:80 check
#    server             backend2 10.0.4.52:80 check
#    server             backend3 10.0.4.53:80 check
#    server             backend4 10.0.4.54:80 check
#    server             backend5 10.0.4.55:80 check
#    server             backend6 10.0.4.56:80 check

But, if I change all the ports to say 8124, HAProxy shows the following error on startup:

haproxy[3324]: backend backend_servers has no server available!

This is what the new configuration looks like

global
    log         127.0.0.1 local2 info
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     256
    user        haproxy
    group       haproxy
    daemon

defaults
    mode               http
    log                global
    option             httplog
    timeout connect    10s
    timeout client     30s
    timeout server     30s

frontend http-in
    bind               :8124
    default_backend    backend_servers
    option             forwardfor

backend backend_servers
    balance            roundrobin
    server             backend1 10.0.4.51:8124 check
#    server             backend2 10.0.4.52:8124 check
#    server             backend3 10.0.4.53:8124 check
#    server             backend4 10.0.4.54:8124 check
#    server             backend5 10.0.4.55:8124 check
#    server             backend6 10.0.4.56:8124 check

Certainly the backend node.js program is now listening on port 8124.

The firewall is open for port 8124 in the backend, and the following command:

wget http://10.0.4.51:8124/action

works perfectly from the load balancer, which indicates that the load balancer can indeed access the backend.

Under these circumstances, HAProxy seems to have failed to start, as I cannot see port 8124 in the LISTEN state when I use netstat -an.

This is the first time that I am using HAProxy, so I may be missing something really trivial.

Is there anything else I should check?


I just figured it out.

The problem is not in the configuration of HAProxy, but in SELinux, which is enabled and set to enforcing mode by default on CentOS 7. It seems like the default configuration of SELinux allows HAProxy only on port 80.

Setting SELinux to permissive mode, disabling it altogether, or otherwise letting SELinux allow HAProxy to use other ports solved the problem.

You can use semanage to allow HAProxy using the port:

sudo semanage port -a -p tcp -t http_port_t 8124