Learn more about HAProxy Maintenance Mode. Our HAProxy Support team is here to help you with your questions and concerns.

HAProxy Maintenance Mode 101

When running web applications using HAProxy, setting up maintenance pages for downtime or updates is essential. HAProxy provides a flexible way to show maintenance pages to users while allowing specific IPs to bypass them.

Today, we will take a look at how to configure maintenance pages, manage web application downtime, and use HAProxy’s dynamic maintenance mode with Unix sockets.

An Overview:

• Setting Up Maintenance Pages in HAProxy
• HAProxy Configuration
• Maintenance Page Setup
• Managing Maintenance Mode
• Dynamic Maintenance Page with Unix Sockets
• Draining Servers in HAProxy

Setting Up Maintenance Pages in HAProxy

To configure maintenance pages in HAProxy, follow these steps.

HAProxy Configuration

Here’s a sample configuration that shows how to manage maintenance mode using HAProxy. It covers routing normal traffic, managing SSL settings, and handling maintenance pages for specific web apps.

/etc/haproxy/haproxy.cfg
global
log /dev/log    local0
log /dev/log    local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
ssl-dh-param-file /etc/haproxy/dhparams.pem
defaults
log     global
mode    http
option  httplog
timeout connect 500
timeout client  5000
timeout server  5000
frontend terminator
bind PUBLIC_IP:80
bind PUBLIC_IP:443 ssl crt-list /etc/haproxy/certs alpn h2,http/1.1
acl maintenance_mode hdr(host),map(/etc/haproxy/maintenance) -m found
acl whitelist src -f /etc/haproxy/whitelist
use_backend %[req.hdr(host),lower,map(/etc/haproxy/maintenance)] if maintenance_mode !whitelist
use_backend %[req.hdr(host),lower,map(/etc/haproxy/backends)]
backend webapp1
server server1 127.0.0.1:8080
backend webapp2
server server1 127.0.0.1:8081
backend webapp1_maintenance
errorfile 503 /etc/haproxy/maintenance_pages/webapp1.http
backend webapp2_maintenance
errorfile 503 /etc/haproxy/maintenance_pages/webapp2.http
Copy Code

Maintenance Page Setup

In the `/etc/haproxy/maintenance_pages/` directory, create your maintenance pages. Example content:

HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>Maintenance</h1>
The system is undergoing maintenance, sorry for the inconvenience.
</body></html>
Copy Code

Managing Maintenance Mode

To enable maintenance mode for specific applications, uncomment the desired lines in `/etc/haproxy/maintenance`. For example:

/etc/haproxy/maintenance
#webapp1.com webapp1_maintenance
#webapp2.com webapp2_maintenance

This will serve the maintenance page for the selected web applications.

Dynamic Maintenance Page with Unix Sockets

HAProxy also allows dynamic maintenance mode switching using Unix sockets. This method provides a more flexible way to control maintenance without editing configuration files.

1. In the `haproxy.cfg` file, add the following line to enable HAProxy’s admin socket:

   global
   stats socket /tmp/haproxy/socket/haproxy.sock mode 666 level admin
   Copy Code
2. We will need `socat` to interact with the Unix socket. Install it using:

   sudo apt install socat
   Copy Code
3. Then, add the following ACL and backend in your HAProxy configuration:

   frontend frontend-http
   ACL maintenance path -i -u 9999 -m reg
   use_backend maintenance if maintenance
   backend maintenance
   server maintenance-nginx ip_address:port
   Copy Code
4. Next, use the following commands to dynamically switch maintenance mode on and off:
   • Enable Maintenance Mode:

     echo "add acl #9999 ^.*$" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdioCopy Code
   • Disable Maintenance Mode:

     echo "clear acl #9999" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdioCopy Code
5. To simplify managing maintenance mode, we can create a bash script:

   #!/bin/bash
   if [[ $1 == "on" ]]; then
   echo "clear acl #9999" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
   echo "add acl #9999 ^.*$" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
   elif [[ $1 == "off" ]]; then
   echo "clear acl #9999" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
   else
   echo "Usage: maintenance.sh [on, off]"
   fi
   Copy Code

   Then, make the script executable:

   chmod +x maintenance.shCopy Code

   Now you can toggle maintenance mode using:

   
   ./maintenance.sh on   # Enable maintenance mode
   ./maintenance.sh off  # Disable maintenance mode
   Copy Code

Draining Servers in HAProxy

If we want to drain traffic from a server before performing maintenance without dropping active sessions, we can use this command:

echo "set server backend/serv state drain" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
Copy Code

This will ensure that the server stops accepting new connections but continues serving existing ones.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

Using HAProxy, we can manage maintenance pages effectively and dynamically switch between maintenance and normal operation modes. Whether we are setting up simple static maintenance pages or dynamically controlling access with Unix sockets, HAProxy offers flexible options to ensure smooth operation and minimize disruption during downtime.

In brief, our Support Experts introduced us to HAProxy Maintenance Mode.