RE: FC8 - Stunnel - HAProxy

From: Jill Rochelle <>
Date: Tue, 18 Mar 2008 13:20:30 -0400

Ok .. I may be doing this all wrong ... here's what I want to accomplish

2 haproxy servers (for no single point of failure) - using dns round-robin   Have the proxies' route http and https requests to multiple backend web servers using round-robin or source since it's probably best not to switch servers in the middle of a session
  Have the SSL cert on the 2 proxies so we don't have to have multiple certificates for web servers or a wild card for the certificate

On FC4 I had this working with stunnel and haproxy ... or I thought I did. But I can not get this to work now. All https requests are changed to http.

After reading again, I'm beginning to think that what I was doing with stunnel and haproxy is not really what I need; but I'm so confused now I'm not sure.

Can anyone offer any guidance and suggestions? This is all still rather new to me and I think I'm just making this way more complicated than it is.


-----Original Message-----
From: Willy Tarreau []
Sent: Monday, March 17, 2008 1:47 PM
To: Jill Rochelle
Subject: Re: FC8 - Stunnel - HAProxy

On Mon, Mar 17, 2008 at 12:10:58PM -0400, Jill Rochelle wrote:
> Has anyone been able to get Fedora Core 8, Stunnel 4.20 and HAProxy 1.2.17
> to work together?
> I'm having a problem where as it doesn't appear that it's forwarding https
> although it asks to accept the self sign certificate. It remains http
> instead of https in the URL.
> Any ideas? (I did apply the patches from HAProxy site for Stunnel)

in the stunnel configuration, I'm used to add this :

TIMEOUTconnect = 5
TIMEOUTbusy = 25
TIMEOUTidle = 25

and this in the https section :

client = no

Hoping this helps,
Willy Received on 2008/03/18 18:20

This archive was generated by hypermail 2.2.0 : 2008/03/18 18:30 CET