HAPROXY - disable backend server via command line

  • Hi,

    maybe this is a stupid question, is it possible to disable (state: inactive) one of the servers listed in a backend via command line?
    I found the Haproxy commands but it seems to me they're not for the PF plugin, just for the standalone version.



  • Hi Carlo,
    Yes its possible, haproxy socket is already used-created in /tmp/haproxy.socket. Only issue is that all examples use 'socat' which is not installed on pfsense by default, and is quite bloated imho.. ( pkg install socat )

    Other option is to make it listen on a tcp port with this setting on the settings tab advanced field:

    stats socket level admin 

    Ten you could use telnet to query that socket.

    Anyway haproxy itself on pfsense supports it just like on any other haproxy installation.


  • Hi, thanks for the tips, I've been able to disable a node using socat.
    To script all commands I created a new user in order to skip FPSense CLI initial screen.
    This user is member of admins, but when I try the following command I get a permission denied error from socat: E connect(5, LEN=21 AF=1 "/tmp/haproxy.socket", 21): Permission denied

    echo "disable server mypool/server2" | /usr/local/bin/socat unix-connect:/tmp/haproxy.socket stdio

    do I need to change the level in haproxy.cfg? (stats socket /tmp/haproxy.socket level admin)

    Thanks for helping me


  • Hi Carlo,

    I've never tried creating a different user and use the socket from there..

    Could try changing some of the settings made by haproxy on the socket using unix-bind option and put that into advanced options on the settings tab.

    Changing the actual haproxy.cfg is not wise as the file is recreated from scratch every time something is changed, or restarted..


  • Hi,

    I installed the sudo package, that solved my problemĀ  8)

    echo "disable server mypool/server2" | sudo /usr/local/bin/socat unix-connect:/tmp/haproxy.socket stdio

  • Hi Carlo,

    I've been playing with it a bit think this might help.
    By putting the config setting below in the advanced settings of haproxy would allow socket access to users in the admins group:

    stats socket /tmp/haproxy.adminsocket group admins mode 0020 level admin
    echo "show sess" | socat stdio /tmp/haproxy.adminsocket

    That way at least the sudo wouldn't be needed.


Log in to reply