# Create your first pool & Enroll your first member
## Create your first pool
### Step 1 — Add pool
1. Go to Pools → Add pool
2. Choose the HAProxy template
3. Name the pool (e.g. `production-edge`)
4. After create, you land in the pool with a setup banner
### Step 2 — Connect DNS (Settings)
ServerCTL needs API access to authoritative DNS to create/update the failover A record.
Cloudflare
- API token: Zone · DNS · Edit (+ zone read)
- Cloudflare Account ID
- Select the zone that will host your public hostname
cPanel / WHM
- WHM hostname and port (usually 2087 or 443)
- WHM username + API token
- Zone domain (apex), e.g. `example.com`
You can save reusable Cloudflare credentials under Settings → API providers and link them to pools without re-entering tokens.
### Step 3 — Enrol the first member
On Overview → Add member:
Field
Notes
Member template
HAProxy balancer
Hostname
Must match JSON `hostname` from the agent; set `BALCTL_HOSTNAME` on the VM if OS hostname differs
Allowed source IPs
VM outbound IPv4 to `serversctl.com` (egress), not necessarily SSH address
After creating, copy the one-shot install command **immediately and run it in the HAProxy Server** — the enrollment secret is shown once.
The command:
- Downloads the agent bundle
- Runs `balctl-agent.sh --enrol --key … --hostname …`
- Writes `/etc/balctl/agent.env`
- Installs and starts `balctl-heartbeat.service`
Within a few seconds, the member tab should show a green heartbeat.
### Step 4 — Set the public failover hostname
Settings or Managed DNS tab:
- Set DNS label (e.g. `lb` → `lb.example.com`)
- Choose orange-cloud (proxied) vs DNS-only as needed
- On Overview, Make active on the member that should receive traffic
### Step 6 — Add a standby (High Availability)
Repeat enrollment on a second VM. Enable Automatic failover in Settings when ready for unattended promotion.