Changes:
- Replace USR2 signal reload with HAProxy Runtime API for cert updates
- new ssl cert → set ssl cert → commit ssl cert
- No connection drops during certificate changes
- Add certificates.json for persistence (domain list only)
- Add haproxy_load_cert tool for manual certificate loading
- Auto-restore certificates on MCP startup
- Update startup sequence to load both servers and certificates
certificates.json format:
{
"domains": ["inouter.com", "anvil.it.com"]
}
Paths derived from convention:
- Host: /opt/haproxy/certs/{domain}.pem
- Container: /etc/haproxy/certs/{domain}.pem
Total MCP tools: 28 → 29
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New tools for SSL/TLS certificate management via acme.sh:
- haproxy_list_certs: List all certificates with expiry info
- haproxy_cert_info: Get detailed certificate info (expiry, issuer, SANs)
- haproxy_issue_cert: Issue new certificate via Cloudflare DNS validation
- haproxy_renew_cert: Renew specific certificate (with force option)
- haproxy_renew_all_certs: Renew all certificates due for renewal
- haproxy_delete_cert: Delete certificate from acme.sh and HAProxy
Features:
- Automatic PEM deployment to HAProxy certs directory
- HAProxy hot-reload after certificate changes (USR2 signal)
- Cloudflare DNS validation with CF_Token support
- Wildcard certificate support
Total MCP tools: 22 → 28
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update tool count: 20 → 21
- Add haproxy_set_domain_state to server management tools
- Add container status to health check example
- Update server.py description (~1600 lines, 21 tools)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Environment Variables table with all configurable options
- Add Health Check section with haproxy_health and haproxy_domain_health examples
- Update MCP Tools count from 17 to 19
- Add new Health Check tools section
- Update server.py description (line count and tool count)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove SSL/QUIC backend templates - all backends now use HTTP only
with SSL termination at HAProxy frontend. This improves performance
(~33% faster than HTTPS backends based on benchmarks).
Changes:
- server.py: Remove https_port parameter from all functions
- haproxy.cfg: Remove ssl/h3 server templates from pool backends
- CLAUDE.md: Update docs for HTTP-only backends and acme.sh
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Zero-reload domain management with map-based routing
- 100 pool backends with 10 server slots each
- Runtime API integration for dynamic configuration
- Auto-restore servers from persistent config on startup
- 17 MCP tools for domain/server management
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
