Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAPROXY - disable backend server via command line

    Cache/Proxy
    2
    6
    10.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zirc75
      last edited by

      Hi,

      maybe this is a stupid question, is it possible to disable (state: inactive) one of the servers listed in a backend via command line?
      I found the Haproxy commands but it seems to me they're not for the PF plugin, just for the standalone version.

      Thanks

      Carlo

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        Hi Carlo,
        Yes its possible, haproxy socket is already used-created in /tmp/haproxy.socket. Only issue is that all examples use 'socat' which is not installed on pfsense by default, and is quite bloated imho.. ( pkg install socat )

        Other option is to make it listen on a tcp port with this setting on the settings tab advanced field:

        stats socket 127.0.0.1:3000 level admin

        Ten you could use telnet to query that socket.

        Anyway haproxy itself on pfsense supports it just like on any other haproxy installation.

        Regards,
        PiBa-NL

        1 Reply Last reply Reply Quote 0
        • Z
          Zirc75
          last edited by

          Hi, thanks for the tips, I've been able to disable a node using socat.
          To script all commands I created a new user in order to skip FPSense CLI initial screen.
          This user is member of admins, but when I try the following command I get a permission denied error from socat: E connect(5, LEN=21 AF=1 "/tmp/haproxy.socket", 21): Permission denied

          echo "disable server mypool/server2" | /usr/local/bin/socat unix-connect:/tmp/haproxy.socket stdio

          do I need to change the level in haproxy.cfg? (stats socket /tmp/haproxy.socket level admin)

          Thanks for helping me

          Carlo

          1 Reply Last reply Reply Quote 0
          • P
            PiBa
            last edited by

            Hi Carlo,

            I've never tried creating a different user and use the socket from there..

            Could try changing some of the settings made by haproxy on the socket using unix-bind option and put that into advanced options on the settings tab.
            http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#3.1-unix-bind

            Changing the actual haproxy.cfg is not wise as the file is recreated from scratch every time something is changed, or restarted..

            Regards
            PiBa-NL

            1 Reply Last reply Reply Quote 0
            • Z
              Zirc75
              last edited by

              Hi,

              I installed the sudo package, that solved my problem  8)

              echo "disable server mypool/server2" | sudo /usr/local/bin/socat unix-connect:/tmp/haproxy.socket stdio
              1 Reply Last reply Reply Quote 0
              • P
                PiBa
                last edited by

                Hi Carlo,

                I've been playing with it a bit think this might help.
                By putting the config setting below in the advanced settings of haproxy would allow socket access to users in the admins group:

                stats socket /tmp/haproxy.adminsocket group admins mode 0020 level admin

                echo "show sess" | socat stdio /tmp/haproxy.adminsocket

                That way at least the sudo wouldn't be needed.

                Regards
                PiBa-NL

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.