# HAProxy operations ### Install & lifecycle
ActionCommand IDNotes
Install HAProxy
`haproxy.provision`
Fresh VM
Re-install
`haproxy.provision` + `force: true`
Overwrite install path
Reload
`haproxy.reload`
After config edits
Provision standby from backup
`standby.provision_from_backup`
Clone config from backup onto standby
Jobs are enqueued to the API; the agent claims and runs them on the next heartbeat. ### Admin stats socket (drain / ready) Runtime backend control requires a Unix admin socket in `haproxy.cfg`: ``` stats socket /run/haproxy/admin.sock mode 600 level admin expose-fd listeners stats timeout 2m ``` Enable via Recipe: Enable HAProxy admin stats socket or Enable admin stats socket action. **Requires socot + agent as root. This is not a public HTTP stats page.** ### Backend server states From Management/topology table:
ActionCommand IDHAProxy runtime
Drain
`haproxy.server_drain`
`set server … state drain`
Ready
`haproxy.server_ready`
`state ready`
Maintenance
`haproxy.server_maint`
`state maint`
### TLS (Let’s Encrypt on HAProxy) Recipe: Let’s Encrypt (failover / HAProxy) - Uses DNS-01 via Cloudflare for the pool failover FQDN - Agent writes combined PEM: `/etc/haproxy/certs/.pem` - One-time operator step: add `ssl crt /etc/haproxy/certs/.pem` in config, validate, reload - Renew from Management or cron preset `tls.acme_renew_force` The pool must have Cloudflare linked and a failover label set before the recipe applies. ### Status tab Shows live traffic from agent heartbeat enrichment — not a duplicate of the Overview topology diagram. Use for session rates, backend health columns, etc.