Skip to main content

Automating HAProxy – Safe Deployment and Soft Restarts

Posted on by Linc

In my previous post, I demonstrated how to automatically generate HAProxy configurations from human-readable documentation. In this follow-up, I’ll walk through safely applying those configurations in a live environment.

As outlined in the haproxy_config_automation_example README, once the generated configuration has been reviewed and validated, it can be safely written to the active HAProxy config file by redirecting output:

python haproxy_config_generator.py > haproxy_config.cfg

This approach was chosen deliberately. By requiring manual redirection, the script encourages visibility into what changes are being made and enforces a clear, intentional step before applying them—minimizing the risk of silent misconfigurations.

HAProxy’s Graceful Reloads

One of HAProxy’s most powerful features is its ability to reload configurations gracefully. If the new configuration contains errors but the previous version is still in memory, HAProxy continues running with the last known-good config while logging the failure.

To initiate a soft reload and take advantage of this behavior, I send the following signal to the HAProxy container:

kill -HUP 1

This tells HAProxy to reload the configuration without restarting the process. If the new config is invalid, HAProxy logs the issue but keeps serving existing traffic. Here’s what a failure might look like in the logs:

[NOTICE]   (1) : Reloading HAProxy
...
[ALERT]    (1) : config : Fatal errors found in configuration.
[WARNING]  (1) : Loading failure!

If this had been a hard reload, everything would go down. Instead, we can troubleshoot with confidence, knowing that any previously working connections are still being served. (It never hurts to double-check, of course.)

Here’s what a successful reload looks like:

[NOTICE]   (1) : Reloading HAProxy
[WARNING]  (44) : Proxy http_front stopped (cumulated conns: FE: 205, BE: 0).
[WARNING]  (44) : Proxy https_front stopped (cumulated conns: FE: 555, BE: 0).
[WARNING]  (44) : Proxy catchall_backend stopped (cumulated conns: FE: 0, BE: 267).
...
[WARNING]  (44) : Proxy <HTTPCLIENT> stopped (cumulated conns: FE: 0, BE: 0).
[NOTICE]   (1) : New worker (73) forked
[NOTICE]   (1) : Loading success.
[NOTICE]   (1) : haproxy version is 2.7.8-58c657f
[WARNING]  (1) : Former worker (44) exited with code 0 (Exit)

One of the most impressive aspects of HAProxy’s reload process is how seamless it is for external clients. Once the new configuration is validated and the new worker process is active, HAProxy immediately begins routing traffic through the updated settings—without interrupting existing sessions.

This makes it especially effective in containerized environments. Changes can be staged and tested in isolation, then applied with a single signal. New requests are routed using the new configuration instantly, while the old worker continues to handle any remaining active connections until it shuts down cleanly.

If the config fails, HAProxy logs the error and rolls back to the last valid state automatically—allowing for rapid recovery and confident iteration with near-zero risk.