HAProxy 1.7 web interface checks for maintenance backends

jose · February 9, 2018, 1:06pm

Hi there!!

I’m new here and also in the HA world, in version 1.4 on the left of the web view of backends we had a check in order to disable them for maintenance…how can i get this on version 1.7?

Thks!!!

lukastribus · February 12, 2018, 8:44pm

I don’t see what’s different in haproxy 1.7 compared to 1.4; you need stats admin mode in both. Can you share you configuration please?

jose · February 13, 2018, 12:15pm

Hello
Thks for your response, the config is pretty simple:

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
#  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

#simple config
frontend localnodes
bind *:8080
mode http
default_backend node1

backend node1

stats enable
#stats hide-version
#stats scope   .
#stats uri     /admin?stats
#stats realm   Haproxy\ Statistics
#stats auth    admin1:admin1

mode http
balance roundrobin
option forwardfor
cookie SRV_ID insert indirect nocache #prefix
#email-alert mailers mailservers
#email-alert from HAproxy93@sicof.es
#email-alert to jose@etec.es
#http-request set-header X-Forwarded-Port %[dst_port]
#http-request add-header X-Forwarded-Proto https if { ssl_fc }
#option httpchk HEAD / HTTP/1.1\r\nHost:192.168.10.93
#server 82i1 192.168.10.82:28080 check cookie C
#server 82i2 192.168.10.82:28081 check cookie C2
#option http check
server i1 192.168.10.93:28080 check cookie D
server i2 192.168.10.93:28081 check cookie D2

listen stats
bind *:1936

listen stats :1936

mode http
stats enable
stats hide-version

stats scope www

stats scope node1

stats scope node2

stats uri /
stats realm Haproxy
stats auth haproxy:haproxy

clitimeout 100s

srvtimeout 100s

contimeout 100s

timeout queue 100s

stats refresh 20s

Only 2 http nodes, after I’ll need to know how to balance two https servers (forward only)

THKS!!

lukastribus · February 13, 2018, 3:47pm

Just like I suspected, you did not configure admin mode. Please refer to my previous post where you can find a link to the documentation explaining it.

jose · February 13, 2018, 3:59pm

Solved!!!

Thaks a lot

Topic		Replies	Views
What's the canonical way to handle port 80 and port 443? Help!	10	6570	August 23, 2018
Ssh timeout and sometimes not working Help!	3	3209	October 24, 2018
Http backend checks failing with http/400; but curl to same url gives http/200 as expected Help!	8	3936	December 2, 2021
HAProxy marks server as down while not being down - inexplicable healthcheck timeouts Help!	3	3305	March 20, 2020
Frontend MAINT back end DOWN Help!	0	412	October 2, 2020