HAProxy community

Haproxy traffic mirroring, how to pass real client ip/x-forwarded-for/x-real-ip to spoe agent

Hi HAProxy community

Im trying to configure traffic mirroring from prod haproxy to stage haproxy instance for testing purpose
thanks to the article https://www.haproxy.com/blog/haproxy-traffic-mirroring-for-real-world-testing mirroring works, but i’m not able to transfer real client ip to target test haproxy instance
the source IP in access log is always IP of prod haproxy with spoe agent. The application behind haproxy require client ip headers.

Is there way to pass X-Forwarded-For or X-Real-IP header in the spoe engine mirror config?


  log /dev/log	local0
  log /dev/log	local1 notice
  chroot /var/lib/haproxy
  stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
  stats timeout 30s
  user haproxy
  group haproxy
  ulimit-n 3100000
  maxconn 100000

  log	global
  mode	http
  option	httplog
  option	dontlognull
  errorfile 400 /etc/haproxy/errors/400.http
  errorfile 403 /etc/haproxy/errors/403.http
  errorfile 408 /etc/haproxy/errors/408.http
  errorfile 500 /etc/haproxy/errors/500.http
  errorfile 502 /etc/haproxy/errors/502.http
  errorfile 503 /etc/haproxy/errors/503.http
  errorfile 504 /etc/haproxy/errors/504.http

  maxconn 100000
  option dontlog-normal
  option http-keep-alive
  option redispatch
  retries 5
  timeout connect 1s
  timeout client 5s
  timeout server 10s
  timeout client-fin 500ms
  timeout server-fin 500ms
  timeout http-request 10s
  timeout http-keep-alive 300s

program mirror
  command spoa-mirror --runtime 0 --mirror-url http://<domain-name>

frontend http
  bind *:80
  filter spoe engine mirror config /etc/haproxy/mirror.conf
  default_backend nodes

backend nodes
  mode http
  balance roundrobin
  option forwardfor
  option httpchk HEAD / HTTP/1.1rnHost:localhost
  server host <ip>:<port>

backend mirroragents
  mode tcp
  balance roundrobin
  timeout connect 5s
  timeout server 5s
  server agent1 localhost:12345


spoe-agent mirror
    log global
    messages mirror
    use-backend mirroragents
    timeout hello 500ms
    timeout idle 5s
    timeout processing 5s

spoe-message mirror
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    event on-frontend-http-request

I have this very same problem. Were you ever able to discover a solution?

Hi, please check the recommended solution

Than you, @zagro. I have added my use case there: https://github.com/haproxytech/spoa-mirror/issues/15#issuecomment-683658900