Troubleshooting HAProxy Issues

45 minutes
  • 4 Learning Objectives

About this Hands-on Lab

Even well-designed and maintained HAProxy installations experience issues of all sorts; an HAProxy configuration issue, one or more servers down or misconfigured, content issues, application or site configuration issues — the possibilities are endless. HAProxy troubleshooting skills are key to maintaining a healthy and happy HAProxy environment. In this lab, we’re going to get hands-on with troubleshooting in an HAProxy environment. We have a number of issues to track down and fix in our HAProxy lab environment, and we will use a number of utilities and techniques that are available on a basic HAProxy installation to accomplish our goals. Upon completion of this lab, you will be able to track down and correct issues in an HAProxy environment.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Troubleshoot HAProxy Service Issues
HAProxy Troubleshooting Using systemctl.

The first thing we might want to check is the status of our haproxy service itself. If it’s not running, it’s not working. Our haproxy service is managed by systemctl.

Check the status of the haproxy service using systemctl. Ensure that the service is enabled and active. If it is not, fix it.

HAProxy Troubleshooting Using journalctl.

Both haproxy and systemd log to the systemd journal, so the next place we might want to check is there.

Check the systemd journal using journalctl for HAProxy errors. Address any issues you might find that prevent HAProxy from starting.

Troubleshoot HAProxy Configuration Issues
Checking the HAProxy Configuration File.

Sometimes we have one or more errors in our configuration file that prevent the haproxy service from starting. We can use the haproxy command to validate our configuration file.

Validate the /etc/haproxy/haproxy.cfg file using the haproxy command. Address any issues you find that would prevent HAProxy from working properly.

Troubleshooting HAProxy Issues Using the stats Interface
Using the stats Socket for Troubleshooting.

We might want to try using the stats socket directly to glean information about our environment. Let’s give it a try! Add some formatting to the stats socket output using cut and column, and a looping mechanism using watch. Use CTRL-C to exit. Address any issues you find.

Using the stats Web Interface for Troubleshooting.

If we want an easy-to-read interface to HAProxy’s stats facility, we can use the HAProxy stats web interface. Let’s open a web browser and connect to port 8050 on the public IP of our HAProxy server. Address any issues you find.

Troubleshoot HAProxy Using Log Information
HAProxy Troubleshooting Using HAProxy Logs and halog.

We can leverage the detailed and precise HAProxy logs for troubleshooting. When combined with the halog command, we can generate meaningful statistics that can help pinpoint issues.

Try extracting some data from the /var/log/haproxy-combined-traffic.log file using halog:

  • Pull data on per-server HTTP statistics.
  • List URLs with 404 errors.
  • List URLs by the number of errors generated.
  • Try some of your own! See what evidence you can find!
Examining HAProxy Logs Using grep.

We can use our old friend grep to hand-examine our HAProxy logs. We can use grep to look for pattern matches in the log files.

Try the following:

  • Look for elements with a DOWN status.
  • Find all the 404 error log entries.

Additional Resources

HAProxy is down!

Our HAProxy installation is down, and we need to get it back up ASAP! Our number one priority is service restoration, but we've also been tasked with keeping an eye out for any indications of other issues we might need to address.

Let's get to it!

You have been provided with an RHEL instance with HAProxy installed and configured. There are a number of problems in the environment that will need to be tracked down and fixed.

When the lab starts, you will want to open an SSH connection to your 3 lab instances:

ssh cloud_user@PUBLIC_IP_ADDRESS

Replace PUBLIC_IP_ADDRESS with either the public IP or DNS of the instance(s). The cloud_user password has been provided with the instance information.

Entries for,, and have been created in /etc/hosts that point to Additionally, SSL certificates for HAProxy have been generated in /etc/haproxy/certs/.

On our system, we have 2 sites, site1 and site2, configured, with 3 web server containers in each, running rootlessly by the cloud_user account. They've been prepopulated with a test text file at /test.txt that identifies which site and server we're accessing.

The HAProxy web stats page is configured to be available on port 8050 on the public IP address or DNS of the lab server.

The nginx containers are configured as follows:

  • site1_server1: web server accessible on port 8081
  • site1_server2: web server accessible on port 8082
  • site1_server3: web server accessible on port 8083
  • site2_server1: web server accessible on port 8084
  • site2_server2: web server accessible on port 8085
  • site2_server3: web server accessible on port 8086

The sshd container is configured as follows:

  • sshd1_server1: sshd server accessible on port 2223

Good luck and enjoy!

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?