RE: tcp-check for IMAP SSL ?
Right, I found older response from Baptiste. ...So, first, you must compile HAProxy with OpenSSL support (install first openssl librairies from your operating system). Then the configuration of IMAP health check can be scripted through the tcp-check feature: option tcp-check tcp-check connect port 143 tcp-check expect string *\ OK tcp-check connect port 993 ssl tcp-check expect string *\ OK ... I will try that first. thanks Thanks Amir Yosef From: Rainer Duffner [mailto:rai...@ultra-secure.de] Sent: Thursday, January 01, 2015 4:18 PM To: PiBa-NL Cc: Yosef Amir; HAProxy Subject: Re: tcp-check for IMAP SSL ? Am 01.01.2015 um 14:37 schrieb PiBa-NL piba.nl@gmail.commailto:piba.nl@gmail.com: Yosef Amir schreef op 1-1-2015 om 13:57: listen IMAP_SSL mode tcp bind :443 name VVM_SSL balance roundrobin tcp-check connect port 443 Maybe try the 'ssl' keyword as below. (i have not tested it at all..) tcp-check connect port 443 ssl option tcp-check tcp-check expect string ? server MIPS3 3.3.3.3 check server MIPS4 4.4.4.4 check Hi, Port 143 will actually be inline-TLS (STARTTLS). SSL is on port 993. The above answer should be correct, according to this: http://comments.gmane.org/gmane.comp.web.haproxy/19274 But only for SSL. Don't know about inline-TLS. Rainer This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: secur...@comverse.com. Thank You.
RE: tcp-check for IMAP SSL ?
My question is if HAProxy tcp-check can check the SSL and the check expect string and only if both working consider the server as healthy for service? I mean if HAProxy can perform SSL check (and accept any certificate) and after the SSL handshake use check expect string. Example - check expect string *\ OK\ IMAP4\ server\ ready\ (Multi\ Media\ IP\ Store) Thanks Amir Yosef From: PiBa-NL [mailto:piba.nl@gmail.com] Sent: Thursday, January 01, 2015 3:37 PM To: Yosef Amir; HAProxy Subject: Re: tcp-check for IMAP SSL ? Yosef Amir schreef op 1-1-2015 om 13:57: Hi , I have servers that listen for plain IMAP on port 143 and servers that listen for IMAP SSL on port 443. I have successfully tested HAProxy for tcp-check proxying to IMAP servers listen on port 143 . I don't know how to configure the option tcp-check on HAProxy proxying to IMAP servers working over SSL only. Any idea ? listen IMAP_PLAIN mode tcp bind :143 name VVM_PLAIN balance roundrobin tcp-check connect port 143 option tcp-check tcp-check expect string *\ OK\ IMAP4\ server\ ready\ (Multi\ Media\ IP\ Store) server MIPS1 1.1.1.1 check server MIPS2 2.2.2.2 check listen IMAP_SSL mode tcp bind :443 name VVM_SSL balance roundrobin tcp-check connect port 443 Maybe try the 'ssl' keyword as below. (i have not tested it at all..) tcp-check connect port 443 ssl option tcp-check tcp-check expect string ? server MIPS3 3.3.3.3 check server MIPS4 4.4.4.4 check Thanks Amir Yosef This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: secur...@comverse.commailto:secur...@comverse.com. Thank You. This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: secur...@comverse.com. Thank You.
Re: tcp-check for IMAP SSL ?
Yosef Amir schreef op 1-1-2015 om 13:57: Hi , I have servers that listen for plain IMAP on port 143 and servers that listen for IMAP SSL on port 443. I have successfully tested HAProxy for tcp-check proxying to IMAP servers listen on port 143 . I don’t know how to configure the option tcp-check on HAProxy proxying to IMAP servers working over SSL only. Any idea ? listen IMAP_PLAIN mode tcp bind :143 name VVM_PLAIN balance roundrobin tcp-check connect port 143 option tcp-check tcp-check expect string *\ OK\ IMAP4\ server\ ready\ (Multi\ Media\ IP\ Store) server MIPS1 1.1.1.1 check server MIPS2 2.2.2.2 check listen IMAP_SSL mode tcp bind :443 name VVM_SSL balance roundrobin tcp-check connect port 443 Maybe try the 'ssl' keyword as below. (i have not tested it at all..) tcp-check connect port 443 ssl option tcp-check tcp-check expect string ? server MIPS3 3.3.3.3 check server MIPS4 4.4.4.4 check Thanks Amir Yosef _ _ “This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: secur...@comverse.com. Thank You.”
Re: tcp-check for IMAP SSL ?
Am 01.01.2015 um 14:37 schrieb PiBa-NL piba.nl@gmail.com: Yosef Amir schreef op 1-1-2015 om 13:57: listen IMAP_SSL mode tcp bind :443 name VVM_SSL balance roundrobin tcp-check connect port 443 Maybe try the 'ssl' keyword as below. (i have not tested it at all..) tcp-check connect port 443 ssl option tcp-check tcp-check expect string ? server MIPS3 3.3.3.3 check server MIPS4 4.4.4.4 check Hi, Port 143 will actually be inline-TLS (STARTTLS). SSL is on port 993. The above answer should be correct, according to this: http://comments.gmane.org/gmane.comp.web.haproxy/19274 http://comments.gmane.org/gmane.comp.web.haproxy/19274 But only for SSL. Don’t know about inline-TLS. Rainer