Skip to main content

HAProxy operations

Install & lifecycle

Action Command ID Notes
Install HAProxy
haproxy.provision
Fresh VM
Re-install
haproxy.provision + force: true
Overwrite install path
Reload
haproxy.reload
After config edits
Provision standby from backup
standby.provision_from_backup
Clone config from backup onto standby

Jobs are enqueued to the API; the agent claims and runs them on the next heartbeat.

Admin stats socket (drain / ready)

Runtime backend control requires a Unix admin socket in haproxy.cfg:

stats socket /run/haproxy/admin.sock mode 600 level admin expose-fd listeners
stats timeout 2m

Enable via Recipe: Enable HAProxy admin stats socket or Enable admin stats socket action.

Requires socot + agent as root. This is not a public HTTP stats page.

Backend server states

From Management/topology table:

Action Command ID HAProxy runtime
Drain
haproxy.server_drain
set server … state drain
Ready
haproxy.server_ready
state ready
Maintenance
haproxy.server_maint
state maint


TLS (Let’s Encrypt on HAProxy)

Recipe: Let’s Encrypt (failover / HAProxy)

  • Uses DNS-01 via Cloudflare for the pool failover FQDN
  • Agent writes combined PEM: /etc/haproxy/certs/<hostname>.pem
  • One-time operator step: add ssl crt /etc/haproxy/certs/<hostname>.pem in config, validate, reload
  • Renew from Management or cron preset tls.acme_renew_force

The pool must have Cloudflare linked and a failover label set before the recipe applies.

Status tab

Shows live traffic from agent heartbeat enrichment — not a duplicate of the Overview topology diagram. Use for session rates, backend health columns, etc.

Back to top