Hello Shawn,
please keep the mailing-list in the loop. On 16 April 2018 at 16:53, Shawn Heisey <hapr...@elyograg.org> wrote: >> Having said that, you'd be better off setting the server to >> maintenance mode instead of letting the health check fail (via >> webinterface or stats socket): >> >> >> http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#9.2-set%20server > > > The back end servers don't know anything about the load balancer. And since > the load balancer does send them requests from the Internet, I think it > would be a potential security issue if it was able to affect the load > balancer -- that load balancer handles a lot more than just this service. I don't follow? Why is using a restricted admin socket a security issue? You are already exposing the admin socket locally in your configuration on line 16: stats socket /etc/haproxy/stats.socket level admin My suggestion was to use that admin interface to send the "set server" command. > The disable-on-404 setting that Jarno mentioned might do what we need. I > will give it a try. That's very easy to do in my application. Yes, that may be more elegant depending on the environment, the final result is the same: to put the server into maintenance mode. > I have placed a slightly redacted version of my config here: I think your original issue may be due to the "retries 1" configuration you have in there. I would recommend removing that. Regards, Lukas
