Learn more about HAProxy Maintenance Mode. Our HAProxy Support team is here to help you with your questions and concerns.
HAProxy Maintenance Mode 101
When running web applications using HAProxy, setting up maintenance pages for downtime or updates is essential. HAProxy provides a flexible way to show maintenance pages to users while allowing specific IPs to bypass them.
Today, we will take a look at how to configure maintenance pages, manage web application downtime, and use HAProxy’s dynamic maintenance mode with Unix sockets.
An Overview:
- Setting Up Maintenance Pages in HAProxy
- HAProxy Configuration
- Maintenance Page Setup
- Managing Maintenance Mode
- Dynamic Maintenance Page with Unix Sockets
- Draining Servers in HAProxy
Setting Up Maintenance Pages in HAProxy
To configure maintenance pages in HAProxy, follow these steps.
HAProxy Configuration
Here’s a sample configuration that shows how to manage maintenance mode using HAProxy. It covers routing normal traffic, managing SSL settings, and handling maintenance pages for specific web apps.
/etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
ssl-dh-param-file /etc/haproxy/dhparams.pem
defaults
log global
mode http
option httplog
timeout connect 500
timeout client 5000
timeout server 5000
frontend terminator
bind PUBLIC_IP:80
bind PUBLIC_IP:443 ssl crt-list /etc/haproxy/certs alpn h2,http/1.1
acl maintenance_mode hdr(host),map(/etc/haproxy/maintenance) -m found
acl whitelist src -f /etc/haproxy/whitelist
use_backend %[req.hdr(host),lower,map(/etc/haproxy/maintenance)] if maintenance_mode !whitelist
use_backend %[req.hdr(host),lower,map(/etc/haproxy/backends)]
backend webapp1
server server1 127.0.0.1:8080
backend webapp2
server server1 127.0.0.1:8081
backend webapp1_maintenance
errorfile 503 /etc/haproxy/maintenance_pages/webapp1.http
backend webapp2_maintenance
errorfile 503 /etc/haproxy/maintenance_pages/webapp2.http
Maintenance Page Setup
In the `/etc/haproxy/maintenance_pages/` directory, create your maintenance pages. Example content:
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>Maintenance</h1>
The system is undergoing maintenance, sorry for the inconvenience.
</body></html>
Managing Maintenance Mode
To enable maintenance mode for specific applications, uncomment the desired lines in `/etc/haproxy/maintenance`. For example:
/etc/haproxy/maintenance
#webapp1.com webapp1_maintenance
#webapp2.com webapp2_maintenance
This will serve the maintenance page for the selected web applications.
Dynamic Maintenance Page with Unix Sockets
HAProxy also allows dynamic maintenance mode switching using Unix sockets. This method provides a more flexible way to control maintenance without editing configuration files.
- In the `haproxy.cfg` file, add the following line to enable HAProxy’s admin socket:
global
stats socket /tmp/haproxy/socket/haproxy.sock mode 666 level admin
- We will need `socat` to interact with the Unix socket. Install it using:
sudo apt install socat
- Then, add the following ACL and backend in your HAProxy configuration:
frontend frontend-http
ACL maintenance path -i -u 9999 -m reg
use_backend maintenance if maintenance
backend maintenance
server maintenance-nginx ip_address:port
- Next, use the following commands to dynamically switch maintenance mode on and off:
- Enable Maintenance Mode:
echo "add acl #9999 ^.*$" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio - Disable Maintenance Mode:
echo "clear acl #9999" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
- Enable Maintenance Mode:
- To simplify managing maintenance mode, we can create a bash script:
#!/bin/bash
if [[ $1 == "on" ]]; then
echo "clear acl #9999" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
echo "add acl #9999 ^.*$" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
elif [[ $1 == "off" ]]; then
echo "clear acl #9999" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
else
echo "Usage: maintenance.sh [on, off]"
fi
Then, make the script executable:
chmod +x maintenance.shNow you can toggle maintenance mode using:
./maintenance.sh on # Enable maintenance mode
./maintenance.sh off # Disable maintenance mode
Draining Servers in HAProxy
If we want to drain traffic from a server before performing maintenance without dropping active sessions, we can use this command:
echo "set server backend/serv state drain" | socat unix-connect:/tmp/haproxy/socket/haproxy.sock stdio
This will ensure that the server stops accepting new connections but continues serving existing ones.
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
Using HAProxy, we can manage maintenance pages effectively and dynamically switch between maintenance and normal operation modes. Whether we are setting up simple static maintenance pages or dynamically controlling access with Unix sockets, HAProxy offers flexible options to ensure smooth operation and minimize disruption during downtime.
In brief, our Support Experts introduced us to HAProxy Maintenance Mode.
0 Comments