diff --git a/hieradata/roles/infra/halb/haproxy.yaml b/hieradata/roles/infra/halb/haproxy.yaml
index cd212ad..7a0cca7 100644
--- a/hieradata/roles/infra/halb/haproxy.yaml
+++ b/hieradata/roles/infra/halb/haproxy.yaml
@@ -15,6 +15,7 @@ profiles::haproxy::server::globals:
   stats:
     - timeout 30s
     - socket /var/lib/haproxy/stats
+    - socket /var/lib/haproxy/admin.sock mode 660 level admin
   ca-base: /etc/ssl/certs
   crt-base: /etc/ssl/private
   ssl-default-bind-ciphers: EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
@@ -89,3 +90,6 @@ profiles::haproxy::backends:
       http-request:
         - set-header X-Forwarded-Port %[dst_port]
         - add-header X-Forwarded-Proto https if { dst_port 443 }
+
+prometheus::haproxy_exporter::cnf_scrape_uri: unix:/var/lib/haproxy/stats
+prometheus::haproxy_exporter::export_scrape_job: true
diff --git a/hieradata/roles/infra/metrics/prometheus.yaml b/hieradata/roles/infra/metrics/prometheus.yaml
index 5ce72d4..5e29220 100644
--- a/hieradata/roles/infra/metrics/prometheus.yaml
+++ b/hieradata/roles/infra/metrics/prometheus.yaml
@@ -8,4 +8,5 @@ profiles::metrics::server::scrape_jobs:
   - bind
   - puppetdb
   - systemd
+  - haproxy
 profiles::metrics::server::localstorage: /data/prometheus
diff --git a/site/profiles/manifests/haproxy/server.pp b/site/profiles/manifests/haproxy/server.pp
index 3ac313e..b16da8e 100644
--- a/site/profiles/manifests/haproxy/server.pp
+++ b/site/profiles/manifests/haproxy/server.pp
@@ -55,6 +55,7 @@ class profiles::haproxy::server (
     include profiles::haproxy::frontends # create frontends
     include profiles::haproxy::backends  # create backends
     include profiles::haproxy::listeners # create listeners
+    include prometheus::haproxy_exporter # generate metrics
 
     Class['profiles::haproxy::certlist']
     -> Class['profiles::haproxy::dns']