HAProxy Enterprise Documentation 2.2r1

Prometheus

HAProxy Enterprise exposes a Prometheus endpoint that publishes metrics that you can scrape with a Prometheus-compatible agent such as the Prometheus server, Fluentd, Telegraf, and Metricbeat. It is enabled by default, so you only need to configure the IP address and port where it listens.

Configure the Prometheus exporter

Add a new frontend section to your configuration file:

  • Set the IP address and port where you would like to scrape metrics.

  • Include the http-request use-service prometheus-exporter directive to enable the Prometheus exporter.

In the following example, the Prometheus exporter page is available on all IP addresses at port 8405:

frontend prometheus
   bind *:8405
   http-request use-service prometheus-exporter
   no log

Optionally, add a conditional statement to the end of the line to show the metrics page only on a certain URL path. In the next example, the metrics are shown only at the URL path /metrics:

frontend prometheus
   bind *:8405
   http-request use-service prometheus-exporter if { path /metrics }
   no log

Enable scraping using the Prometheus server

Configure your Prometheus server to scrape the HAPRoxy Enterprise metrics page.

  1. Follow the First Steps with Prometheus guide to install the Prometheus server.

  2. Edit its prometheus.yml file so that it includes a job for scraping HAProxy Enterprise. Add the following to the scrape_configs section, replacing localhost with your load balancer's address. If you run multiple instances of HAProxy Enterprise, include them in the targets array.

    - job_name: 'haproxy-enterprise'
      static_configs:
        - targets: ['localhost:8405']

    By default, Prometheus server will scrape the URL /metrics.

Host the Prometheus endpoint over HTTPS

To serve the Prometheus endpoint over HTTPS, follow these steps:

  1. On the HAProxy Enterprise server, edit the load balancer configuration. Add the ssl parameter to the bind line to enable HTTPS. Also, set the crt parameter to the path where you've stored your TLS key and certificate file. See the TLS guide for more information.

    frontend prometheus
       bind *:8405 ssl crt /etc/hapee-2.2/certs/site.pem
       http-request use-service prometheus-exporter
       no log
  2. On the Prometheus server, edit the promethetus.yml configuration file. Set scheme to https. You can also configure the tls_config block to set a CA certificate for verifying the load balancer's certificate, enable client certificates, set a ServerName extension, or disable validation of the load balancer's certificate. See the Prometheus configuration documentation for more information.

    - job_name: 'haproxy-enterprise'
      scheme: https
      static_configs:
        - targets: ['localhost:8405']
      tls_config:
        # Disable validation of server certificate
        insecure_skip_verify: true

Next up

Send Metrics