spoa-mirror icon indicating copy to clipboard operation
spoa-mirror copied to clipboard

Published 20 hours ago verified publisher icon haproxytech

Traffic not mirrored

Open V3N0ME opened this issue 3 years ago • 2 comments

Haproxy version

HA-Proxy version 2.2.0 2020/07/07 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2025.
Known bugs: http://www.haproxy.org/bugs/bugs-2.2.0.html
Running on: Linux 4.19.0-14-cloud-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) x86_64

Haproxy Config

global
	log /dev/log	local0 err
#	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000

	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend stats
        bind *:8404
        option http-use-htx
        http-request use-service prometheus-exporter if { path /metrics }
        stats enable
        stats uri /stats
        stats refresh 10s

frontend http_front
        bind *:80
        filter spoe engine mirror config /etc/haproxy/mirror.conf
        default_backend http_back

backend http_back
        balance roundrobin
        server go-dev.greedygame.com 127.0.0.1:8000

backend mirroragents
    mode tcp
    balance roundrobin
    timeout connect 5s
    timeout server 5s
    server agent1 localhost:12345

Mirror Config

[mirror]
spoe-agent mirror
    log global
    messages mirror
    use-backend mirroragents
    timeout hello 500ms
    timeout idle 5s
    timeout processing 5s

spoe-message mirror
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    event on-frontend-http-request

Spoa Agent Run Command

sudo spoa-mirror --runtime 0 --mirror-url http://localhost:4000 --logfile w:mirror.log

Haproxy points to a simple python server (python -m http.server) and mirrors to another server running on a different port on the same machine.

Hitting the haproxy forwards traffic to the backend server but does not mirror the traffic to the second server.

V3N0ME avatar Mar 23 '21 10:03 V3N0ME

Hello @V3N0ME,

instead of 'server agent1 localhost:12345' write in the configuration 'server agent1 127.0.0.1:12345' because if you use 'localhost' then it is resolved as an ipv6 address.

Best regards.

zaga00 avatar Apr 19 '21 12:04 zaga00

@zaga00 I had the same issue, and this resolved my issue(I'm not an author). Thanks! Can you please provide example/article explaining this address resolve behavior, I would like to undestand it better? BR

riokuu avatar Mar 29 '23 11:03 riokuu