Instruction to prepare a certificate file¶
For HaProxy to terminate SSL requests we require a single PEM file with all certificate components chained together.
The seqeuence of those compoenents is this:
- Private Key, e.g. example.com.key.pem
- Domain Certficate, e.g. example.com.crt.pem
- Intermediate Certificate, e.g. example.com.ca.crt.pem
Create an SSH tunnel to the haproxy host's port 7000 and then go to
http://127.0.0.1:7000/haproxy_stats to get live stats.
Talking to HaProxy Socket¶
HaProxy can communicate with the console through a socket and we provide a script called
hasocket which can be used for that purpose. You either call that from the proxy's console or run it through Ansible with this command:
Useful commands might be:
- "show info" show informations like haproxy version, PID, current connections, session rates, tasks, etc..
- "show stat" prints the stats about all frontents and backends (connection statistics etc) in a csv format
- "show errors" indeed the following prints informations about errors if there are any
- "show sess" show open sessions with the used backend/frontend, the source, etc..