⚡ HAProxy Manager - Reverse Proxy Dashboard
Enterprise-grade reverse proxy management with automatic SSL certificates, vhost configuration, and backend health monitoring.
✨ Features
| Feature |
Description |
| 🌐 Vhost Management |
Create and manage virtual hosts |
| 🔒 ACME SSL |
Automatic Let's Encrypt certificates |
| ⚖️ Load Balancing |
Round-robin, least-conn, source |
| 🏥 Health Checks |
Backend server monitoring |
| 📊 Statistics |
Real-time traffic dashboard |
| 🔧 Config Generator |
Auto-generate HAProxy config |
| 🐳 LXC Container |
Runs isolated in container |
🚀 Quick Start
Create a Vhost
- Go to Services → HAProxy → Vhosts
- Click + Add Vhost
- Fill in:
- Domain:
app.example.com
- Backend: Select or create
- SSL: ✅ Enable
- ACME: ✅ Auto-certificate
- Click Save & Apply
Architecture
┌─────────────────────────────────┐
Internet │ HAProxy Container │
│ │ ┌─────────────────────────┐ │
▼ │ │ Frontend │ │
┌─────────┐ │ │ :80 → :443 redirect │ │
│ Port 80 │──────►│ │ :443 → SSL terminate │ │
│Port 443 │ │ └──────────┬──────────────┘ │
└─────────┘ │ │ │
│ ▼ │
│ ┌─────────────────────────┐ │
│ │ Backends │ │
│ │ app.example.com →:8080 │ │
│ │ api.example.com →:3000 │ │
│ │ blog.example.com→:4000 │ │
│ └─────────────────────────┘ │
└─────────────────────────────────┘
📊 Dashboard
┌──────────────────────────────────────────────────────┐
│ ⚡ HAProxy 🟢 Running │
├──────────────────────────────────────────────────────┤
│ │
│ 📊 Statistics │
│ ├─ 🌐 Vhosts: 5 active │
│ ├─ ⚙️ Backends: 8 configured │
│ ├─ 🔒 Certificates: 5 valid │
│ └─ 📈 Requests: 12.5K/min │
│ │
│ 🏥 Backend Health │
│ ┌────────────┬────────┬────────┬─────────┐ │
│ │ Backend │ Status │ Server │ Latency │ │
│ ├────────────┼────────┼────────┼─────────┤ │
│ │ webapp │ 🟢 UP │ 2/2 │ 12ms │ │
│ │ api │ 🟢 UP │ 1/1 │ 8ms │ │
│ │ blog │ 🟡 DEG │ 1/2 │ 45ms │ │
│ └────────────┴────────┴────────┴─────────┘ │
│ │
└──────────────────────────────────────────────────────┘
🌐 Vhost Configuration
Create Vhost
ubus call luci.haproxy create_vhost '{
"domain": "app.example.com",
"backend": "webapp",
"ssl": 1,
"ssl_redirect": 1,
"acme": 1,
"enabled": 1
}'
Vhost Options
| Option |
Default |
Description |
domain |
- |
Domain name (required) |
backend |
- |
Backend name to route to |
ssl |
1 |
Enable SSL/TLS |
ssl_redirect |
1 |
Redirect HTTP to HTTPS |
acme |
1 |
Auto-request Let's Encrypt cert |
enabled |
1 |
Vhost active |
List Vhosts
ubus call luci.haproxy list_vhosts
# Response:
{
"vhosts": [{
"id": "app_example_com",
"domain": "app.example.com",
"backend": "webapp",
"ssl": true,
"ssl_redirect": true,
"acme": true,
"enabled": true,
"cert_status": "valid",
"cert_expiry": "2025-03-15"
}]
}
⚙️ Backend Configuration
Create Backend
ubus call luci.haproxy create_backend '{
"name": "webapp",
"mode": "http",
"balance": "roundrobin"
}'
Add Server to Backend
ubus call luci.haproxy create_server '{
"backend": "webapp",
"name": "srv1",
"address": "192.168.255.10",
"port": 8080,
"weight": 100,
"check": 1
}'
Backend Modes
| Mode |
Description |
http |
Layer 7 HTTP proxy |
tcp |
Layer 4 TCP proxy |
Load Balancing
| Algorithm |
Description |
roundrobin |
Rotate through servers |
leastconn |
Least active connections |
source |
Sticky by client IP |
uri |
Sticky by URI hash |
🔒 SSL Certificates
ACME Auto-Certificates
When acme: 1 is set:
- HAProxy serves ACME challenge on port 80
- Let's Encrypt validates domain ownership
- Certificate stored in
/srv/haproxy/certs/
- Auto-renewal before expiry
Manual Certificate
# Upload certificate
ubus call luci.haproxy upload_certificate '{
"domain": "app.example.com",
"cert": "<PEM certificate>",
"key": "<PEM private key>"
}'
Certificate Status
ubus call luci.haproxy list_certificates
# Response:
{
"certificates": [{
"domain": "app.example.com",
"status": "valid",
"issuer": "Let's Encrypt",
"expiry": "2025-03-15",
"days_left": 45
}]
}
Request Certificate Manually
ubus call luci.haproxy request_certificate '{"domain":"app.example.com"}'
📊 Statistics
Get Stats
ubus call luci.haproxy get_stats
# Response:
{
"frontend": {
"requests": 125000,
"bytes_in": 1234567890,
"bytes_out": 9876543210,
"rate": 150
},
"backends": [{
"name": "webapp",
"status": "UP",
"servers_up": 2,
"servers_total": 2,
"requests": 45000,
"response_time_avg": 12
}]
}
Stats Page
Access HAProxy stats at:
http://192.168.255.1:8404/stats
🔧 Configuration
UCI Structure
# /etc/config/haproxy
config haproxy 'main'
option enabled '1'
option stats_port '8404'
config backend 'webapp'
option name 'webapp'
option mode 'http'
option balance 'roundrobin'
option enabled '1'
config server 'webapp_srv1'
option backend 'webapp'
option name 'srv1'
option address '192.168.255.10'
option port '8080'
option weight '100'
option check '1'
option enabled '1'
config vhost 'app_example_com'
option domain 'app.example.com'
option backend 'webapp'
option ssl '1'
option ssl_redirect '1'
option acme '1'
option enabled '1'
Generate Config
# Regenerate haproxy.cfg from UCI
ubus call luci.haproxy generate
# Reload HAProxy
ubus call luci.haproxy reload
Validate Config
ubus call luci.haproxy validate
# Response:
{
"valid": true,
"message": "Configuration is valid"
}
📡 RPCD API
Service Control
| Method |
Description |
status |
Get HAProxy status |
start |
Start HAProxy service |
stop |
Stop HAProxy service |
restart |
Restart HAProxy |
reload |
Reload configuration |
generate |
Generate config file |
validate |
Validate configuration |
Vhost Management
| Method |
Description |
list_vhosts |
List all vhosts |
create_vhost |
Create new vhost |
update_vhost |
Update vhost |
delete_vhost |
Delete vhost |
Backend Management
| Method |
Description |
list_backends |
List all backends |
create_backend |
Create backend |
delete_backend |
Delete backend |
create_server |
Add server to backend |
delete_server |
Remove server |
Certificates
| Method |
Description |
list_certificates |
List all certs |
request_certificate |
Request ACME cert |
upload_certificate |
Upload manual cert |
delete_certificate |
Delete certificate |
📁 File Locations
| Path |
Description |
/etc/config/haproxy |
UCI configuration |
/var/lib/lxc/haproxy/ |
LXC container root |
/srv/haproxy/haproxy.cfg |
Generated config |
/srv/haproxy/certs/ |
SSL certificates |
/srv/haproxy/acme/ |
ACME challenges |
/usr/libexec/rpcd/luci.haproxy |
RPCD backend |
/usr/sbin/haproxyctl |
CLI tool |
🛠️ CLI Tool
haproxyctl Commands
# Status
haproxyctl status
# List vhosts
haproxyctl vhosts
# Add vhost
haproxyctl vhost add app.example.com --backend webapp --ssl --acme
# Remove vhost
haproxyctl vhost del app.example.com
# List certificates
haproxyctl cert list
# Request certificate
haproxyctl cert add app.example.com
# Generate config
haproxyctl generate
# Reload
haproxyctl reload
# Validate
haproxyctl validate
🛠️ Troubleshooting
HAProxy Won't Start
# Check container
lxc-info -n haproxy
# Start container
lxc-start -n haproxy
# Check logs
lxc-attach -n haproxy -- cat /var/log/haproxy.log
503 Service Unavailable
- Check backend is configured:
ubus call luci.haproxy list_backends
- Verify server is reachable:
curl http://192.168.255.10:8080
- Check HAProxy logs
Certificate Not Working
- Ensure DNS resolves to your public IP
- Ensure ports 80/443 accessible from internet
- Check ACME challenge:
curl http://app.example.com/.well-known/acme-challenge/test
Config Validation Fails
# Show validation errors
lxc-attach -n haproxy -- haproxy -c -f /etc/haproxy/haproxy.cfg
🔒 Security
Firewall Rules
HAProxy needs ports 80/443 open from WAN:
# Auto-created when vhost uses SSL
uci show firewall | grep HAProxy
Rate Limiting
Add to backend config:
stick-table type ip size 100k expire 30s store http_req_rate(10s)
http-request deny deny_status 429 if { sc_http_req_rate(0) gt 100 }
📜 License
MIT License - Copyright (C) 2025 CyberMind.fr