Using HAProxy

In this guide, we will install spoa-mirror to mirror traffic via HAProxy to HyperTest

Read more about mirroring works in HAProxy over here and here

  1. The user client sends a request to the load balancer frontend.

  2. The frontend sends the request to the regular (production) backends and mirror backends.

  3. The regular backend processes the request normally, sending the request to the production web servers.

  4. The mirror backend copies the request, sending it to the SPOE mirror engine.

  5. The SPOE mirror engine sends the request to the mirror server in the secondary environment used for testing, auditing, or other purposes.

Brief Steps:

  1. Install spoa-mirror agent

  2. Edit your HAPRoxy configuration to start HAProxy mirror agent when your HAProxy starts

  3. Create a new SPOE configuration file for mirroring

  4. Restart your HAProxy

Getting Started:

1. Install Agent

Clone the source code from here and build the agent

sudo apt update
sudo apt install -y autoconf automake build-essential git libcurl4-openssl-dev libev-dev libpthread-stubs0-dev pkg-config
git clone
cd spoa-mirror
make all
sudo cp ./src/spoa-mirror /usr/local/bin/  ## For Ubuntu system

Verify successful installation of spoa-agent via below command

spoa-mirror -V

2. Edit your HAProxy Configuration file to run mirror agent

Edit the configuration file and add the below sections 1. Program mirror directive 2. filter spoe in frontend directive 3. Backend mirroragents directive

Your configuration might be located in /etc/haproxy folder. Take a backup of your existing configuration file, give location accordingly.

cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy-backup.cfg

Only copy the parts from ## copy from this till ## to this. Rest is just sample configuration file. Also, backend mirroragents runs on 12345 port by default. if you wish to run it on different port pass the port in command while starting spoa-mirror with -p flag.

For below example, we have a configuration file where we have added the above configuration.

	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# See:
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

## copy from this
program mirror
    command spoa-mirror --runtime 0 --mirror-url http://<hypertest-vm-ip>:<hypertest-vm-port>
## to this

	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend haproxy-main
    bind *:5000
    option forwardfor
    option http-buffer-request
     ## copy from this
    filter spoe  engine mirror  config /etc/haproxy/mirror.conf  
    ## to this
    default_backend apache_webservers    

backend apache_webservers
    balance roundrobin
    server websvr1 check

## copy from this
backend mirroragents
    mode tcp
    balance roundrobin
    timeout connect 5s
    timeout server 5s
    server server1 localhost:12345 check
## to this

3. Add mirrror configuration file

Next, we will add mirror conf file, we gave the location of this file in frontend directive.

  • Create a file named haproxy-mirror.conf

touch /etc/haproxy/mirror.conf
vi /etc/haproxy/mirror.conf
  • Copy the following content and paste it into the haproxy-mirror.conf file created in above step.

spoe-agent mirror
    log global
    messages mirror
    use-backend mirroragents
    timeout hello 500ms
    timeout idle 5s
    timeout processing 5s

spoe-message mirror
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    event on-frontend-http-request

4. Restart Your HAProxy service

sudo systemctl restart haproxy
sudo systemctl status haproxy

Now hit some apis on your application and verify if HyperTest is receiving it.

Last updated