haproxytech / spoa-mirror

Mirror HTTP requests using the HAProxy SPOP
GNU Lesser General Public License v2.1
40 stars 16 forks source link

Use multiple mirror endpoints #37

Open jvinolas opened 1 year ago

jvinolas commented 1 year ago

Could this be modified (or it's already available) to mirror traffic to multiple servers?

The use case I would like to implement is in an scenario where I've got only one public IP but multiple servers not at default 80/443 port (of course) but want to get them to request and renew letsencrypt certificates. Letsencrypt default certbot renewal method only allows for default ports and executes a get to /.well-know... path to validate dns ownership.

So, if this mirror spoa could mirror this letsencrypt path to all the backend servers I will be able to request and renew them all, as only one of them will reply to the request when doing validation (it's then when the /.well-known.. server path will be available.

Just guessing if possible.

zaga00 commented 1 year ago

Hello @jvinolas,

of course, it is possible to mirror to several different URLs. In order for it to work, it is necessary to add as many SPOE mirror filters in the HAProxy configuration as we want different URLs for the mirror. Of course, this means that each mirror filter communicates with its spoa-mirror program (in the example below, there are two of them).

For example, something like this should be written in haproxy.cfg:

frontend spoe-mirror-frontend
    ..
    filter spoe engine mirror-1 config spoe.cfg
    filter spoe engine mirror-2 config spoe.cfg
    ..

backend mirroragents-1
    ..
    server mirror-server-1 127.0.0.1:12345

backend mirroragents-2
    ..
    server mirror-server-2 127.0.0.1:12346

whereas in spoe.cfg something like this should be written:

[mirror-1]
    ..
    use-backend mirroragents-1
    ..

[mirror-2]
    ..
    use-backend mirroragents-2
    ..

And finally, in order for it to work, one spoa-mirror program needs to be started on port 12345 (default) and the other on port 12346.