Re: FC8 - Stunnel - HAProxy

From: Willy Tarreau <>
Date: Thu, 20 Mar 2008 05:23:55 +0100

Hi Jill,

On Tue, Mar 18, 2008 at 01:20:30PM -0400, Jill Rochelle wrote:
> Ok .. I may be doing this all wrong ... here's what I want to accomplish
> 2 haproxy servers (for no single point of failure) - using dns round-robin
> Have the proxies' route http and https requests to multiple backend web
> servers using round-robin or source since it's probably best not to switch
> servers in the middle of a session
> Have the SSL cert on the 2 proxies so we don't have to have multiple
> certificates for web servers or a wild card for the certificate


> On FC4 I had this working with stunnel and haproxy ... or I thought I did.
> But I can not get this to work now. All https requests are changed to http.

That's what you want by using stunnel, or I'm missing something ?

> After reading again, I'm beginning to think that what I was doing with
> stunnel and haproxy is not really what I need; but I'm so confused now I'm
> not sure.

Well, do not get confused, what do you need *exactly* ? First for HTTP, then for HTTPS ?

> Can anyone offer any guidance and suggestions? This is all still rather new
> to me and I think I'm just making this way more complicated than it is.

It should not be complicated, I think it is mostly because you're doubting about what you really need or want. Take a paper and a pencil, and draw arrows between clients, stunnel, haproxy and servers marking HTTP and HTTPS on them. It will help you explain exactly what you need and how you expect your setup to work. It will be easier for us to help you with your config that way.

Willy Received on 2008/03/20 05:23

This archive was generated by hypermail 2.2.0 : 2008/03/20 05:30 CET