Haproxy traffic mirroring, how to pass real client ip/x-forwarded-for/x-real-ip to spoe agent

zagro · June 22, 2020, 6:11pm

Hi HAProxy community

Im trying to configure traffic mirroring from prod haproxy to stage haproxy instance for testing purpose
thanks to the article https://www.haproxy.com/blog/haproxy-traffic-mirroring-for-real-world-testing mirroring works, but i’m not able to transfer real client ip to target test haproxy instance
the source IP in access log is always IP of prod haproxy with spoe agent. The application behind haproxy require client ip headers.

Is there way to pass X-Forwarded-For or X-Real-IP header in the spoe engine mirror config?

haproxy.conf

global
  log /dev/log	local0
  log /dev/log	local1 notice
  chroot /var/lib/haproxy
  stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
  stats timeout 30s
  user haproxy
  group haproxy
  daemon
  master-worker
  ulimit-n 3100000
  maxconn 100000

defaults
  log	global
  mode	http
  option	httplog
  option	dontlognull
  errorfile 400 /etc/haproxy/errors/400.http
  errorfile 403 /etc/haproxy/errors/403.http
  errorfile 408 /etc/haproxy/errors/408.http
  errorfile 500 /etc/haproxy/errors/500.http
  errorfile 502 /etc/haproxy/errors/502.http
  errorfile 503 /etc/haproxy/errors/503.http
  errorfile 504 /etc/haproxy/errors/504.http

  maxconn 100000
  option dontlog-normal
  option http-keep-alive
  option redispatch
  retries 5
  timeout connect 1s
  timeout client 5s
  timeout server 10s
  timeout client-fin 500ms
  timeout server-fin 500ms
  timeout http-request 10s
  timeout http-keep-alive 300s

program mirror
  command spoa-mirror --runtime 0 --mirror-url http://<domain-name>

frontend http
  bind *:80
  filter spoe engine mirror config /etc/haproxy/mirror.conf
  default_backend nodes

backend nodes
  mode http
  balance roundrobin
  option forwardfor
  option httpchk HEAD / HTTP/1.1rnHost:localhost
  server host <ip>:<port>

backend mirroragents
  mode tcp
  balance roundrobin
  timeout connect 5s
  timeout server 5s
  server agent1 localhost:12345

mirror.conf

[mirror]
spoe-agent mirror
    log global
    messages mirror
    use-backend mirroragents
    timeout hello 500ms
    timeout idle 5s
    timeout processing 5s

spoe-message mirror
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    event on-frontend-http-request

cachedout · August 31, 2020, 8:20am

I have this very same problem. Were you ever able to discover a solution?

zagro · August 31, 2020, 8:41am

Hi, please check the recommended solution

cachedout · August 31, 2020, 9:03am

Than you, @zagro. I have added my use case there: https://github.com/haproxytech/spoa-mirror/issues/15#issuecomment-683658900

Topic		Replies	Views
HAProxy to retain client IP Help!	3	12569	July 2, 2019
Forwarding TLS traffic to staging using spoa-mirror Help!	0	420	February 28, 2024
HAProxy with TCP requests mirroring Help!	3	3066	December 3, 2020
How to pass the real address to Exchange Help!	1	394	March 4, 2024
HAProxy with PostgreSQL for Transparent IP Help!	2	2729	December 16, 2021

Haproxy traffic mirroring, how to pass real client ip/x-forwarded-for/x-real-ip to spoe agent

Related topics