The Runtime API allows changing the settings in real-time mode. You will have no downtime and no need to restart/reload the HAProxy service while using the Runtime API.
You could face the following issue: if you disable a frontend or a backend server, the changes will not be saved; this server will be rolled back on the next restart of HAproxy. If you tick the Save changes checkbox, the changes will be saved but won't be displayed in the configuration files so you may have some difficulties with debugging (or be confused at least).
Use the interface that works fine with the HAProxy Runtime API to avoid these problems. It allows editing the runtime configuration and save changes in the config file without downtime.
- 1. Choose a server.
- 2. Choose an action: disable, shutdown, enable, set, clear, add, get, show.
- 3. Type a keyword.
- 4. Press the Enter button.
Actual commands for HAProxy v2
| Action&Keyword: | Description: |
| prompt | toggle interactive mode with prompt on/off |
| quit | disconnect |
| show tls-keys [id|*] | show TLS keys references or remove TLS ticket keys when id is specified |
| set ssl tls-key [id|keyfile] tlskey | set the next TLS key for the id or keyfile listener to tlskey |
| show sess [id] | report the list of current sessions or dump this exact session |
| shutdown session | kill a specific session |
| shutdown sessions server | kill sessions on a server |
| clear counters | clear max statistics counters (add 'all' for all counters) |
| show info | report information about the running process |
| show stat | report counters for each proxy and server |
| show schema json | report the schema used for stats |
| disable agent | disable agent checks (use 'set server' instead) |
| disable health | disable health checks (use 'set server' instead) |
| disable server | disable a server for maintenance (use 'set server' instead) |
| enable agent | enable agent checks (use 'set server' instead) |
| enable health | enable health checks (use 'set server' instead) |
| enable server | enable a disabled server (use 'set server' instead) |
| set maxconn server | change the frontend's maxconn setting |
| set server | change a server's state, weight or address |
| get weight | report a server's current weight |
| set weight | change a server's weight (deprecated) |
| show resolvers [id] | dump counters from all resolvers section |
| associated name servers clear table | remove an entry from a table |
| set table [id] | update or create a table entry |
| show table [id] | report table usage stats or dump this table's contents |
| show peers [peers section] | dump some information about all the peers or this peers section |
| disable frontend | temporarily disable specific frontend |
| enable frontend | re-enable specific frontend |
| set maxconn frontend | change a frontend's maxconn setting |
| show servers state [id] | dump volatile server information (for backend id) |
| show backend | list backends in the current running config |
| shutdown frontend | stop a specific frontend |
| set dynamic-cookie-key backend | change a backend secret key for dynamic cookies |
| enable dynamic-cookie backend | enable dynamic cookies on a specific backend |
| disable dynamic-cookie backend | disable dynamic cookies on a specific backend |
| show errors | report last request and response errors for each proxy |
| set maxconn global | change the per-process maxconn setting |
| set rate-limit | change a rate limiting value |
| set severity-output [none|number|string] | set presence of severity level in feedback information |
| set timeout | change a timeout setting |
| show env [var] | dump environment variables known to the process |
| show cli sockets | dump list of cli sockets |
| show cli level | display the level of the current CLI session |
| show fd [num] | dump list of file descriptors in use |
| show activity | show per-thread activity stats (for support/developers) |
| operator | lower the level of the current CLI session to operator |
| user | lower the level of the current CLI session to user |
| show startup-logs | report logs emitted during HAProxy startup |
| show cache | show cache status |
| add acl | add acl entry |
| clear acl |
clear the content of this acl |
| del acl | delete acl entry |
| get acl | report the patterns matching a sample for an ACL |
| show acl [id] | report available acls or dump an acl's contents |
| add map | add map entry |
| clear map id | clear the content of this map |
| del map | delete map entry |
| get map | report the keys and values matching a sample for a map |
| set map | modify map entry |
| show map [id] | report available maps or dump a map's contents |
| show pools | report information about the memory pools usage |
| show profiling | show CPU profiling options |
| set profiling | enable/disable CPU profiling |
| show threads | show some threads debugging information |
Maxconn global
Dynamically change the global maxconn setting within the range defined by the initial global maxconn setting.
Increase the global maxconn setting value to accept pending connections immediately. Or set it below the current number of connections to delay this process until the threshold is reached. Set this value to zero to restore the initial setting.
Maxconn frontend
Dynamically change the specified frontend's maxconn setting. Any positive value including zero is allowed, but setting values larger than the global maxconn do not make any sense. Increase the setting value to accept pending connections immediately. Or set it below the current number of connections to delay this process until the threshold is reached.
Roxy-WI allows to change IP address and port number for backends without reloading or restarting the HAProxy service.
How you may do it:
- First step: select a server on which you would like to change the settings;
- Second step: select a necessary backend;
- Third step: select a server inside the backend (Roxy-WI shows the running settings, you can change them)
- Fourth step: press the Enter button
Changes will take effect for the running configuration and will be saved in the configuration file as well. This means changes will not be lost if you restart the HAProxy service.
HTTP requests are stateless by design. However, this raises some questions about tracking users activities, including malicious ones, in order you can collect metrics, block users, and make other decisions based on state. The only way to track user activities between requests is to add a mechanism for storing events and categorizing them (by client's IP address or other key metrics).
HAProxy gives you a fast in-memory storage which is called stick tables out of the box. Roxy-WI allows managing it via its GUI.
Block or allow the specified IP addresses with the help of a simple Access Control List and HAProxy.
