If the firewall is active, you must allow ports. If firewalld and selinux are disabled, skip this section.
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --permanent --zone=public --add-port=28443/tcp firewall-cmd --permanent --zone=public --add-port=28080/tcp firewall-cmd --permanent --zone=public --add-protocol=vrrp firewall-cmd --reload
firewall-cmd --list-all
[root@A59T6290 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: bond0 bond0.31 enp2s0f0 enp5s0f0 enp5s0f1 sources: services: dhcpv6-client http https ssh ports: 33833/tcp 443/tcp 80/tcp 9011/tcp 6611/tcp 9099/tcp 28080/tcp 28443/tcp 7072/tcp protocols: vrrp masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
setsebool -P haproxy_connect_any 1
/usr/sbin/getsebool -a | grep -i haproxy
[root@A59]# /usr/sbin/getsebool -a | grep -i haproxy haproxy_connect_any --> on