During haproxy configuration I sometimes couldn’t figure why some of my configs weren’t working. Trying to debug those things proves challenging sometimes.
Using admin socket
Most of haproxy‘s configuration can be read and modified using its admin socket (if enabled). Look for the stat socket option in your configuration to find the right path:
linux # cat /etc/haproxy/conf/haproxy.cfg
global
<...>
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
<...>Once located you can query haproxy states using socat or nc:
linux # echo "show version" | socat /run/haproxy/admin.sock -
2.8.5-1ubuntu3.2
linux # echo "show version" | nc -U /run/haproxy/admin.sock
2.8.5-1ubuntu3.2One thing I was trying to figure out was about a haproxy map not working. So basically I wanted to replace this in your frontend configuration:
use_backend bk_web1 if { req.ssl_sni -i www.mydomain.de }
use_backend bk_web1 if { req.ssl_sni -i www2.mydomain.de }
use_backend bk_web2 if { req.ssl_sni -i blog.mydomain.de }
use_backend bk_web2 if { req.ssl_sni -i wordpress.mydomain.de }with that:
use_backend %[req.ssl_sni,map(/etc/haproxy/maps/hostname_backend.map)]Where the file /etc/haproxy/maps/hostname_backend.map looks like this:
www.mydomain.de bk_web1
www2.mydomain.de bk_web1
blog.mydomain.de bk_web2
wordpress.mydomain.de bk_web2BTW: The above example configs were meant for https traffic (using SNI) – if you want to use the same mapping for plain http you can use this instead:
use_backend %[req.hdr(Host),lower,map(/etc/haproxy/maps/hostname_backend.map)]
According to this haproxy site first of all I need to get the id of this mapping:
linux # echo "show map" | socat /run/haproxy/admin.sock -
# id (file) description
49 (/etc/haproxy/maps/hostname_backend.map) pattern loaded from file '/etc/haproxy/maps/hostname_backend.map' used by map at file '/etc/haproxy/conf/http.cfg' line 67. curr_ver=0 next_ver=0 entry_cnt=20So our id is 49. A successful search looks like this:
linux # echo "get map #49 www.mydomain.de" | socat /run/haproxy/admin.sock -
type=str, case=sensitive, found=yes, idx=tree, key="www.mydomain.de", value="bk_web1", type="str"A failed on like this:
linux # echo "get map #49 unknown.mydomain.de" | socat /run/haproxy/admin.sock -
type=str, case=sensitive, found=noSoon after that I found, that you can also directly use the map file like this:
linux # echo "get map /etc/haproxy/maps/hostname_backend.map www.mydomain.de" | socat /run/haproxy/admin.sock -
type=str, case=sensitive, found=yes, idx=tree, key="www.mydomain.de", value="bk_web1", type="str"While testing I often had the impression that for some reason the mapping failed in practice even if the above tests worked.
So make sure to restart the service after applying changes to config of mapping files – a reload (as I did) is not enough at least in some cases!
If you keep that in mind the mapping will work fine 🙂