Comments (32)
from haproxy.
USR2 does not work, HUP works.
from haproxy.
Same problem here.
I'm running HAProxy 1.6-alpine at the moment (tried 1.6 just before) with the following Docker command line:
docker run -v /srv/haproxy/haproxy.cfg:/haproxy.cfg:ro -p 80:80 haproxy:1.6-alpine haproxy -f /haproxy.cfg
Sending the HUP signal produces the following logs:
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -f /haproxy.cfg -Ds
<5>haproxy-systemd-wrapper: re-executing on SIGHUP.
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -f /haproxy.cfg -Ds -sf 8
<5>haproxy-systemd-wrapper: re-executing on SIGHUP.
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -f /haproxy.cfg -Ds -sf 10
<5>haproxy-systemd-wrapper: re-executing on SIGHUP.
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -f /haproxy.cfg -Ds -sf 12
but it doesn't pick up the new configuration. Restarting the container altogether works though.
from haproxy.
Meh, OK, that was stupid of me.
I replaced the bind mount with the following:
docker run -v /srv/haproxy/:/data/:ro ... haproxy -f /data/haproxy.cfg
And that's much better. I'm using consul-template to regenerate the configuration file, and by default it erase the file and recreates a new one. Since the first version must be mounted somehow via my first docker run
command inside the container, it doesn't pick up the updated version. Mounting the parent directory instead fixes the problem...
from haproxy.
Does Haproxy reload config when it receives a signal like SIGHUP?
from haproxy.
Based on it's manpage, the answer is no. The key thing here is making sure we soft restart haproxy meaning that no connections get interrupted. The line I've provided allows for that. You can see why here.
from haproxy.
+1
from haproxy.
+1
from haproxy.
Seeing how this would require supervisor or something more complex, I am hesitant to add it to the official image. I think the docker way would be to start a new container and start routing connections through that.
from haproxy.
+1
I understand the official image must be as clean as possible.
However, not being able to reload configuration without breaking existing sessions will prevent many from using this image in production environment.
from haproxy.
I'm going to play with a bash script similar to below. I'll send a PR if I can get it to work.
#!/bin/bash
function reload
{
haproxy -f <config> -p <pidfile> -sf $(cat <pidfile>) &
wait
}
trap reload SIGHUP
trap "kill -TERM $(cat pidfile) || exit 1" SIGTERM SIGINT
haproxy -f <config> -p <pidfile> &
wait
from haproxy.
Maybe we can be inspired by what @million12 wrote :
https://github.com/million12/docker-haproxy/blob/master/container-files/bootstrap.sh
It includes a inotify monitoring on the config file to reload automatically.
The haproxy is loaded as a daemon using -D and the bash script is the entrypoint.
from haproxy.
+1
from haproxy.
@bharrisau any luck on creating one? I might try to tackle it later today or thursday, unless you beat me to it.
from haproxy.
I went with the million12 repo instead, I got it working but it doesn't
react to the hosts file updating and haproxy only maps hostnames to IP on
startup/reset.
On 15 Sep 2015 5:40 am, "yosifkit" [email protected] wrote:
@bharrisau https://github.com/bharrisau any luck on creating one? I
might try to tackle it later today or thursday, unless you beat me to it.β
Reply to this email directly or view it on GitHub
#5 (comment)
.
from haproxy.
+1
from haproxy.
Reloading is a must, especially when using HAProxy for service discovery purposes. Using a inotify monitoring daemon would mean running multiple processes in the container. Consider using Unix Socket commands and putting that .sock
file on a shared volume.
Might put something about this in the documentation so people can easily find it.
from haproxy.
Well, I might have to take this back. After some experimenting, it doesn't look like there is a Unix Socket command that will force HAProxy to re-evaluate it's config file. The reload command is great, but it does drop some (very few) packets. There is a lot of work in trying to achieve a "zero-downtime HAProxy reload"; so just codifying some kind of haproxy /reload might work for some, but not others.
from haproxy.
+1
from haproxy.
Maybe we could start haproxy with haproxy-systemd-wrapper
, then sending USR2 should restart haproxy.
from haproxy.
I opened a PR #17
from haproxy.
Hello,
So how to do reload with the haproxy:1.6 version?
from haproxy.
From #17:
Reload like docker kill --signal=USR2 or HUP
from haproxy.
It does not work. Is the version with reload feature pushed to docker hub?
from haproxy.
Sorry I have try HUP and it does not work I load also the config file as a volumen like this:
docker run -it -p 443:443 -v /etc/ssl/private:/etc/ssl/private -v haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg --name proxy --net mynetwork
am I doing something wrong?
docker kill --signal=HUP proxy
Like I try USR2, HUP and no luck
from haproxy.
@cemarta7 are you sure you've got the latest version of the haproxy
image? (did you docker pull
recently?) are you overwriting the default command?
from haproxy.
I tried with haproxy:1.6-alpine and haproxy:1.6.. will try with latest and let you know in a couple of mins
from haproxy.
Tried with latest,alpine and nothing.
this is the output
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -f /usr/local/etc/haproxy/haproxy.cfg -Ds
<5>haproxy-systemd-wrapper: re-executing on SIGHUP.
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -f /usr/local/etc/haproxy/haproxy.cfg -Ds -sf
but changes on the haproxy.cfg are not being display.
am I doing something wrong?
this is my Dockerfile
FROM haproxy:latest
ENV DNS_TCP_ADDR 127.0.0.11
ENV DNS_TCP_PORT 53
VOLUME /etc/ssl/private
VOLUME /usr/local/etc/haproxy/haproxy.cfg
COPY ./haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
like should I load the volume with :ro?
from haproxy.
I think issue should be reopen. no luck with "docker kill --signal=HUP container_name"
from haproxy.
COPY
cannot go after the VOLUME
or the file will not persist into the image (though this is irrelevant when you bind mount a local file into the container on that same path).
$ docker run -it -p 443:443 -v /etc/ssl/private:/etc/ssl/private -v haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg --name proxy --net mynetwork haproxy
Assuming this is your run line, if you start the container and edit the file locally with something like vim, then the container will be unable to see the change: (moby/moby#15793 (comment))
from haproxy.
How to reload haproxy with the new config
feature? It seems an config created by docker config create
can't be updated.
from haproxy.
not sure if this relates to moby/moby#35048
from haproxy.
Related Issues (20)
- The password of USER haproxy by defaultοΌ HOT 1
- I'm using this: HOT 2
- Release haproxy image with lua version >= 5.4.2 HOT 2
- High CPU usage with 2.6.3 (latest) docker image HOT 4
- Cannot open configuration file /usr/local/etc/haproxy/haproxy.cfg: No such file or directory HOT 6
- Memory exhaustion using haproxy image HOT 3
- OOM killed using haproxy image HOT 5
- core dumps not being stored HOT 7
- Use /var/run/docker.sock as backend server HOT 2
- Why build from source code? HOT 2
- [ALERT] (1) : [haproxy.main()] Cannot create pidfile /var/run/haproxy.pid HOT 2
- If you have a new enough kernel (`4.11`), then adding `--sysctl net.ipv4.ip_unprivileged_port_start=0` to the `docker run` should allow it to use "privileged" ports (https://github.com/moby/moby/issues/8460). HOT 1
- CVE-2023-25725 HOT 6
- How to deal with "Failed to drop supplementary groups"? HOT 2
- Vulnerable component detection issue HOT 3
- "ltime" converter does not reflect container timezone HOT 4
- Haproxy not reloading config in docker HOT 1
- Crtitical/high vulnerabilities in all haproxy:bullseye images HOT 3
- HAProxy crashing on start, thread 2 is about to kill the process. HOT 11
- Images contain `*-dev` packages that are used to build HAProxy but which are useless at runtime
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from haproxy.