In this guide, we will install spoa-mirror to mirror traffic via HAProxy to HyperTest
Read more about mirroring works in HAProxy over here and here
The user client sends a request to the load balancer frontend.
The frontend sends the request to the regular (production) backends and mirror backends.
The regular backend processes the request normally, sending the request to the production web servers.
The mirror backend copies the request, sending it to the SPOE mirror engine.
The SPOE mirror engine sends the request to the mirror server in the secondary environment used for testing, auditing, or other purposes.
Brief Steps:
Install spoa-mirror agent
Edit your HAPRoxy configuration to start HAProxy mirror agent when your HAProxy starts
Create a new SPOE configuration file for mirroring
Restart your HAProxy
Getting Started:
1. Install Agent
Clone the source code from here and build the agent
sudoaptupdatesudo apt install -y autoconf automake build-essential git libcurl4-openssl-dev libev-dev libpthread-stubs0-dev pkg-config
gitclonehttps://github.com/haproxytech/spoa-mirrorcdspoa-mirror./scripts/bootstrap./configuremakeallsudocp./src/spoa-mirror/usr/local/bin/## For Ubuntu system
Verify successful installation of spoa-agent via below command
spoa-mirror -V
2. Edit your HAProxy Configuration file to run mirror agent
Edit the configuration file and add the below sections
1. Program mirror directive
2. filter spoe in frontend directive
3. Backend mirroragents directive
Your configuration might be located in /etc/haproxy folder.
Take a backup of your existing configuration file, give location accordingly.
Only copy the parts from ## copy from this till ## to this. Rest is just sample configuration file.
Also, backend mirroragents runs on 12345 port by default. if you wish to run it on different port pass the port in command while starting spoa-mirror with -p flag.
For below example, we have a configuration file where we have added the above configuration.
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
## copy from this
program mirror
command spoa-mirror --runtime 0 --mirror-url http://<hypertest-vm-ip>:<hypertest-vm-port>
## to this
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend haproxy-main
bind *:5000
option forwardfor
option http-buffer-request
## copy from this
filter spoe engine mirror config /etc/haproxy/mirror.conf
## to this
default_backend apache_webservers
backend apache_webservers
balance roundrobin
server websvr1 65.0.67.125:80 check
## copy from this
backend mirroragents
mode tcp
balance roundrobin
timeout connect 5s
timeout server 5s
server server1 localhost:12345 check
## to this
3. Add mirrror configuration file
Next, we will add mirror conf file, we gave the location of this file in frontend directive.
