What does this haproxy statement mean: Unfortunately many administrators confuse "start as root" and "run as root"

Question

there is one statement in haproxy "Security consideration" section:

Unfortunately many administrators confuse "start as root" and "run as root", resulting in the uid change to be done prior to starting haproxy, and reducing the effective security restrictions. https://cbonte.github.io/haproxy-dconv/2.3/management.html#8

I don't get the point, by right, when we start the haproxy, for simplicity, let me use linux default nobody account:

we need to config it in /etc/haproxy/haproxy.cfg glboal section:
uid 99
gid 99

and then start haproxy
done

ps -lef|grep "haproxy"
5 S nobody   25613     1  0  80   0 -  6446 ep_pol 17:16 ?        00:00:00 /usr/local/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid

we can see that nobody is the process owner

I mean by right, the uid and gid config should be done prior to starting haproxy, why that statement suggest it's wrong to do so?

I'm trying to understand what it implies, I got this:

may be it suggest we should use root user for the config:
uid 0
gid 0
and then start haproxy, 
and then change uid and gid to another user,
and then restart it

Again, I don't understand the point.

Answer 1

On most UNIX system are ports below 1024 defined as privileged ports check this answer https://stackoverflow.com/a/10182831/6778826

When you want to bind to port 80/443 or any other port below 1024 HAPorxy must start as root. After the bind was done switch HAProxy to the defined unprivileged user which is defined in the config file.

From your steps is the last one not necessary.

may be it suggest we should use root user for the config:
uid 0
gid 0
and then start haproxy, 
and then change uid and gid to another user,
# and then restart it <= this is not necessary
listen on privileged ports and accept requests