Bobcares
Client Area
Emergency Support
HAProxy | Latest

HAProxy Maintenance Mode 101

by | Oct 13, 2024

Learn more about HAProxy Maintenance Mode. Our HAProxy Support team is here to help you with your questions and concerns.

HAProxy Maintenance Mode 101

HAProxy Maintenance Mode 101When running web applications using HAProxy, setting up maintenance pages for downtime or updates is essential. HAProxy provides a flexible way to show maintenance pages to users while allowing specific IPs to bypass them.

Today, we will take a look at how to configure maintenance pages, manage web application downtime, and use HAProxy’s dynamic maintenance mode with Unix sockets.

An Overview:

Setting Up Maintenance Pages in HAProxy

To configure maintenance pages in HAProxy, follow these steps.

HAProxy Configuration

Here’s a sample configuration that shows how to manage maintenance mode using HAProxy. It covers routing normal traffic, managing SSL settings, and handling maintenance pages for specific web apps.

/etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
ssl-dh-param-file /etc/haproxy/dhparams.pem
defaults
log global
mode http
option httplog
timeout connect 500
timeout client 5000
timeout server 5000
frontend terminator
bind PUBLIC_IP:80
bind PUBLIC_IP:443 ssl crt-list /etc/haproxy/certs alpn h2,http/1.1
acl maintenance_mode hdr(host),map(/etc/haproxy/maintenance) -m found
acl whitelist src -f /etc/haproxy/whitelist
use_backend %[req.hdr(host),lower,map(/etc/haproxy/maintenance)] if maintenance_mode !whitelist
use_backend %[req.hdr(host),lower,map(/etc/haproxy/backends)]
backend webapp1
server server1 127.0.0.1:8080
backend webapp2
server server1 127.0.0.1:8081
backend webapp1_maintenance
errorfile 503 /etc/haproxy/maintenance_pages/webapp1.http
backend webapp2_maintenance
errorfile 503 /etc/haproxy/maintenance_pages/webapp2.http

Maintenance Page Setup

In the `/etc/haproxy/maintenance_pages/` directory, create your maintenance pages. Example content:

HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>Maintenance</h1>
The system is undergoing maintenance, sorry for the inconvenience.
</body></html>

Managing Maintenance Mode

To enable maintenance mode for specific applications, uncomment the desired lines in `/etc/haproxy/maintenance`. For example:

/etc/haproxy/maintenance
#webapp1.com webapp1_maintenance
#webapp2.com webapp2_maintenance

This will serve the maintenance page for the selected web applications.

Dynamic Maintenance Page with Unix Sockets

HAProxy also allows dynamic maintenance mode switching using Unix sockets. This method provides a more flexible way to control maintenance without editing configuration files.

  1. In the `haproxy.cfg` file, add the following line to enable HAProxy’s admin socket:

    global
    stats socket /tmp/haproxy/socket/haproxy.sock mode 666 level admin

  2. We will need `socat` to interact with the Unix socket. Install it using:

    sudo apt install socat

  3. Then, add the following ACL and backend in your HAProxy configuration:

    frontend frontend-http
    ACL maintenance path -i -u 9999 -m reg
    use_backend maintenance if maintenance
    backend maintenance
    server maintenance-nginx ip_address:port

  4. Next, use the following commands to dynamically switch maintenance mode on and off:
    • Enable Maintenance Mode:

      echo "add acl #9999 ^.*$" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio

    • Disable Maintenance Mode:

      echo "clear acl #9999" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio

  5. To simplify managing maintenance mode, we can create a bash script:

    #!/bin/bash
    if [[ $1 == "on" ]]; then
    echo "clear acl #9999" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
    echo "add acl #9999 ^.*$" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
    elif [[ $1 == "off" ]]; then
    echo "clear acl #9999" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
    else
    echo "Usage: maintenance.sh [on, off]"
    fi

    Then, make the script executable:

    chmod +x maintenance.sh

    Now you can toggle maintenance mode using:


    ./maintenance.sh on # Enable maintenance mode
    ./maintenance.sh off # Disable maintenance mode

Draining Servers in HAProxy

If we want to drain traffic from a server before performing maintenance without dropping active sessions, we can use this command:


echo "set server backend/serv state drain" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio

This will ensure that the server stops accepting new connections but continues serving existing ones.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

Using HAProxy, we can manage maintenance pages effectively and dynamically switch between maintenance and normal operation modes. Whether we are setting up simple static maintenance pages or dynamically controlling access with Unix sockets, HAProxy offers flexible options to ensure smooth operation and minimize disruption during downtime.

In brief, our Support Experts introduced us to HAProxy Maintenance Mode.

Related posts:

  1. HAProxy ACL Multiple Conditions: Guide
  2. Keepalived HAProxy check script | Set up Guide
  3. pfSense HAProxy reverse proxy | How to set up
  4. Kubernetes HAProxy Load Balancer: Setup Guide

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. HAProxy ACL Multiple Conditions: Guide
  2. Keepalived HAProxy check script | Set up Guide
  3. pfSense HAProxy reverse proxy | How to set up
  4. Kubernetes HAProxy Load Balancer: Setup Guide

Never again lose customers to poor
server speed! Let us help you.

GET STARTED