How to Configure and Enable HAProxy Statistics Page for Real-time Monitoring


2 views

The stats module in HAProxy is essential for monitoring proxy performance and backend server health. Based on your configuration, you're missing the crucial listen or frontend/backend declaration specifically for the stats page.

global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice
    daemon
    user haproxy
    group haproxy
    maxconn 4096

defaults
    log global
    mode http
    option httplog
    option dontlognull
    timeout connect 5000
    timeout client 50000
    timeout server 50000

# Special stats endpoint configuration
listen stats
    bind *:8404
    stats enable
    stats uri /stats
    stats refresh 10s
    stats admin if LOCALHOST
    stats auth admin:securepassword
    stats show-legends
    stats show-desc HAProxy Statistics

frontend main
    bind *:80
    default_backend app_servers

backend app_servers
    balance roundrobin
    server s1 192.168.1.10:80 check
    server s2 192.168.1.11:80 check

Several critical components make the stats page work properly:

  • Separate listen block: The stats should be in their own dedicated endpoint
  • HTTP mode: Browser access requires HTTP mode, not TCP
  • Proper binding: Must bind to a port accessible from your network
  • Authentication: Always protect with basic auth credentials

After updating your config, validate and restart HAProxy:

haproxy -c -f /etc/haproxy/haproxy.cfg
systemctl restart haproxy

If you prefer not to expose the stats page via HTTP, consider these approaches:

# Unix socket access
socat /var/run/haproxy.sock readline

# CSV output via command line
echo "show stat" | socat /var/run/haproxy.sock stdio
  • Browser access fails: Verify port binding, firewall rules, and HTTP mode
  • Authentication problems: Check for special characters in passwords
  • Missing data: Ensure stats enable is properly configured
stats enable
stats hide-version
stats scope .
stats realm Haproxy\\ Statistics
stats uri /haproxy?stats
stats auth username:password

The key issue is that your current configuration only enables statistics for TCP mode, but doesn't properly expose them through HTTP. Since you're running in TCP mode for RTMP, you need to add a separate frontend specifically for HTTP statistics.

global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice
    daemon
    user haproxy
    group haproxy
    maxconn 4096
    stats socket /tmp/haproxy

defaults
    log global
    mode tcp
    option tcplog
    option dontlognull
    option redispatch
    option clitcpka
    option srvtcpka
    option tcpka
    retries 3
    maxconn 2000
    contimeout 10000
    clitimeout 50000
    srvtimeout 50000
    option contstats

# HTTP frontend for statistics
frontend http-in
    bind *:80
    mode http
    stats enable
    stats hide-version
    stats uri /haproxy?stats
    stats realm HAProxy\ Statistics
    stats auth admin:securepassword
    stats refresh 10s

# Your existing RTMP configuration
listen rtmp :1935
    mode tcp
    balance roundrobin
    server s1 xxx.xxx.xxx.xxx:1935 check
    server s2 xxx.xxx.xxx.xxx:1935 check

After applying this configuration:

  1. Restart HAProxy: sudo systemctl restart haproxy
  2. Check for errors: journalctl -u haproxy -f
  3. Access stats page at http://your-server-ip/haproxy?stats

If you already have an HTTP frontend, you can add the stats configuration there:

frontend www-http
    bind *:80
    mode http
    # Your existing HTTP rules...
    
    # Add stats at different path to avoid conflicts
    stats uri /haproxy-stats
    stats auth admin:password

For production environments:

  • Use HTTPS for stats page
  • Implement IP whitelisting
  • Rotate credentials regularly
  • Consider rate limiting
frontend secure-stats
    bind *:443 ssl crt /etc/ssl/certs/your-cert.pem
    mode http
    acl allowed_ips src 192.168.1.100 10.0.0.5
    http-request deny if !allowed_ips
    stats uri /private-stats
    stats auth admin:complexpassword