I concur, We don't worry about encrypting traffic that is sent from haproxy to the backends.
On Monday, July 16, 2012 at 3:39 PM, Gabriel Sosa wrote: > IMHO > > if you run your servers in a trusted network, **haproxy ==> stunnel > ==> server** part adds a lot of overhead > > we do > > client ==> stunnel ==> haproxy ==> server[0..N] > > also, take a look to stud [1] vs stunnel. I would recommend you also > to check the PROXY protocol which helps with all the XFF, client ip > address issue... > > saludos > > [1] https://github.com/bumptech/stud > > On Mon, Jul 16, 2012 at 4:13 PM, Baptiste <bed...@gmail.com > (mailto:bed...@gmail.com)> wrote: > > Hi, > > I agree with Chris. > > It's a common setup: > > client ==> stunnel ==> haproxy ==> stunnel ==> server > > > > First stunnel runs in server mode while second one runs in client more. > > that way, HAProxy sees traffic in clear but the connection from the > > client and to the server are encrypted. > > > > cheers > > > > -- > Gabriel Sosa > Si buscas resultados distintos, no hagas siempre lo mismo. - Einstein > >