I put this script together from various places. What I am hoping is that it will do the following once run:
- Pause all "NEW" http traffic for ports 80 and 443 - just "pause" them, don't give any error
- gracefully restart haproxy when all "in process" requests are completed
- Un pause the http traffic and continue business as usual.
Is this how it will run? Have i missed anything? We have thousands of acl rules based on ip, stored in a file that haproxy references and we need to reload it several times a minute.
#!/bin/sh
# hold/pause new requests
iptables -I INPUT -p tcp --dport 80 --syn -j DROP
iptables -I INPUT -p tcp --dport 443 --syn -j DROP
sleep 1
# gracefully restart haproxy
/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid)
# allow new requests to come in again
iptables -D INPUT -p tcp --dport 80 --syn -j DROP
iptables -D INPUT -p tcp --dport 443 --syn -j DROP
Edit: I'd love to somehow test it, but we don't have any traffic as of yet (with the exception of me testing).
Sources:
http://www.forouzani.com/reload-haproxy-cfg-without-restarting.html
