Skip to content


If your network configuration restricts outbound traffic from where you have installed the collectors, you can route all collectors traffic through a proxy. For instance, you can set up haproxy on another host and route all collectors traffic through that instance of haproxy.

Note that this proxy method only works for collectors running in the default sp_collector mode.

Configuring a Proxy

Before you begin: Install haproxy on another host.

  1. Configure /etc/haproxy/haproxy.cfg as following. Make sure to provide the ${AOC_HOST} variable.

    # Basic configuration
        log local0
        maxconn 4096
        stats socket /tmp/haproxy
    # Some sane defaults
        log     global
        option  dontlognull
        retries 3
        option  redispatch
        timeout client 5s
        timeout server 5s
        timeout connect 5s
    # This declares a view into HAProxy statistics, on port 3835
    # You do not need credentials to view this page and you can
    # turn it off once you are done with setup.
    listen stats :3835
        mode http
        stats enable
        stats uri /
    # Collectors will connect at the below endpoints.
    frontend forwarder
        bind *:443 # DTDG
        mode tcp
        default_backend aoc-stats
    # Any TCP request coming to the forwarder or watcher frontend defined above
    # will be proxied to the AOC backends below.
    # Replace ${AOC_HOST} with your AOC endpoint.
    backend aoc-stats
        balance roundrobin
        mode tcp
        option tcplog
        server mothership ${AOC_HOST}:443 check port 443
  2. Restart haproxy.

    sudo service haproxy restart
  3. When you install your collectors, specify the hostname of your proxy in the EPOCH_AOC_HOST variable.

    docker run -td \
           --name=epoch_collectors \
           --net=host \
           -v /var/run/docker.sock:/var/run/docker.sock:ro \
           -v /proc/:/host/proc/:ro \
           -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \
           --cap-add=NET_RAW \
           --cap-add=NET_ADMIN \
           -e EPOCH_AOC_HOST=<proxy_hostname> \
           -e DEPLOY_ENV="docker" \
           -e SD_BACKEND="docker" \