HAProxy Enterprise Documentation 2.1r1
The HAProxy Runtime API is built into the load balancer as a way to view and change its behavior without needing to reload the process. The HAProxy Data Plane API invokes Runtime API methods for some features to avoid a reload.
Enable the Runtime API
To enable the Runtime API, add a
stats socket directive to the
global section of your configuration. You can expose the API as either a UNIX socket, in which case you can access it only from the HAProxy Enterprise server, or as an IP address and port, in which case you can access it remotely.
To configure it as a UNIX socket, set the path where you would like the socket to be created, such as /var/run/hapee-2.1/hapee-lb.sock.
stats socket /var/run/hapee-2.1/hapee-lb.sock user hapee-lb group hapee mode 660 level admin expose-fd listeners
Or set an IP address and port:
stats socket email@example.com:9999 level admin expose-fd listeners
You can set the IP address to an asterisk to listen on all network interfaces.
This could inadvertently expose the API on a public IP address where it is available to unauthorized users.
If using this, be sure to block external access to port 9999 with your network firewall.
stats socket ipv4@*:9999 level admin expose-fd listeners
The parameters are as follows:
Sets the owner of the UNIX socket to the designated system user.
Sets the group of the UNIX socket to the designated system group.
Sets the octal mode used to define permissions on the UNIX socket.
Restricts the commands that you can be issued. Set it to one of the following values:
user - only non-sensitive stats can be read and no changes are allowed.
operator - [default] all data can be read and non-sensitive changes are allowed.
admin - everything is permitted.
Enables you to do a seamless reload of HAProxy Enterprise when
master-worker mode is enabled.
Access the Runtime API
You can send plain text commands to the API. An easy way to try it is by using the Linux
echo command and piping the result to
If you exposed a UNIX socket, use this format:
$ echo "help" | sudo socat stdio /var/run/hapee-2.1/hapee-lb.sock
If you exposed an IP address and port, use this format:
$ echo "help" | socat stdio tcp4-connect:127.0.0.1:9999
You can send multiple commands at once by separating them with semi-colons:
$ echo "show info;show stat" | socat stdio /var/run/hapee-2.1/hapee-lb.sock
You may also use the API interactively:
$ sudo socat readline /var/run/hapee-2.1/hapee-lb.sock
On some Linux distributions such as Debian and Ubuntu,
socat does not support
Next up abort ssl cert