I never was able to make STunnel work nicely for me so I changed to using nginx as a reverse-proxy. As it turns out this really was a better solution for me because over some time I've been able to take advantage of other nginx features. I use keepalived to monitor both haproxy and nginx for HA failover. I'm running all this on Debian, but my results should be applicable to FC.
On Mar 18, 2008, at 12:20 PM, Jill Rochelle wrote:
> Ok .. I may be doing this all wrong ... here's what I want to
> 2 haproxy servers (for no single point of failure) - using dns round-
> Have the proxies' route http and https requests to multiple backend
> servers using round-robin or source since it's probably best not to
> servers in the middle of a session
> Have the SSL cert on the 2 proxies so we don't have to have multiple
> certificates for web servers or a wild card for the certificate
> On FC4 I had this working with stunnel and haproxy ... or I thought
> I did.
> But I can not get this to work now. All https requests are changed
> to http.
> After reading again, I'm beginning to think that what I was doing with
> stunnel and haproxy is not really what I need; but I'm so confused
> now I'm
> not sure.
> Can anyone offer any guidance and suggestions? This is all still
> rather new
> to me and I think I'm just making this way more complicated than it
> -----Original Message-----
> From: Willy Tarreau [mailto:w#1wt.eu]
> Sent: Monday, March 17, 2008 1:47 PM
> To: Jill Rochelle
> Cc: haproxy#formilux.org
> Subject: Re: FC8 - Stunnel - HAProxy
> On Mon, Mar 17, 2008 at 12:10:58PM -0400, Jill Rochelle wrote:
>> Has anyone been able to get Fedora Core 8, Stunnel 4.20 and HAProxy
>> to work together?
>> I'm having a problem where as it doesn't appear that it's
>> forwarding https
>> although it asks to accept the self sign certificate. It remains
>> instead of https in the URL.
>> Any ideas? (I did apply the patches from HAProxy site for Stunnel)
> in the stunnel configuration, I'm used to add this :
> TIMEOUTconnect = 5
> TIMEOUTbusy = 25
> TIMEOUTidle = 25
> and this in the https section :
> client = no
> Hoping this helps,
Received on 2008/03/19 14:50
This archive was generated by hypermail 2.2.0 : 2008/03/19 15:00 CET