-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Isn't network failover best achieved by your connect connecting to a vip i.e. a "eral" network managed failover and stunn just connects to the currently active one via the VIP?
Stu - ------ Original Message ------
From "Daphne Shaw" <[email protected]>
To [email protected] Date 06/09/2023 15:58:55 Subject [stunnel-users] Failover configuration using a proxy
Hello!
I have a configuration question around failover with stunnel as a https client (that is,
"client=yes"). The end goal here is a "Try to connect to host A, if that fails,
connect to host B, etc." type of setup. I can do that with multiple connect= options, one per
host, and it works as expected:
connect=x.x.x.x
connect=y.y.y.y
connect=z.z.z.z
The question I have is around doing the same thing with a proxy. In a proxy
configuration, connect= specifies the proxy (https in my case, so
"protocol=connect"), and protocolHost= specifies the host that I want to
connect to via that proxy. Unfortunately, it seems that protocolHost only allows a single
host and cannot be used multiple times, so I can't specify the hosts to failover to.
connect=my.proxy.ip
protocol=connect
protocolhost=x.x.x.x
protocolhost=y.y.y.y
protocolhost=z.z.z.z
That always attempts to connect to z.z.z.z (the last specified host) via the
proxy.
I am using stunnel 4.56 (stock stunnel from Centos 7), but happy to upgrade if
a newer version makes this possible (the manual suggests the latest version
works the same way).
Any suggestions? I'm sure I could accomplish this by wrapping stunnel in a
script that generates a new config file for each failover, but well, I'm hoping
to not have to do that.
Thanks,
Daphne
_______________________________________________
stunnel-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
-----BEGIN PGP SIGNATURE----- Version: BCPG C# v1.8.10.0 iQFIBAEBCAAyBQJk+LGGKxxTdGV3YXJ0IEFuZGVyc29uIDxzdHVzb25fMjAwMEB5 YWhvby5jby51az4ACgkQnk95UoOZmRATtAf/btAGZVMPsug0grk7XdRFfZRrms5o vpmZAqaXdTxja4CktKx3kdQJ4QiNyLM/zUV96WFDFkf4hMoHfaIBYKF03hKdv1/F RbhoP76Ss8K8ca1v8nSf4EBFEdZrXlDEk7EgyOEWkvyu5GUx4E0AkHvxPbSJfSBg 4RWZiBIqYjFnJJbuT4B3l+7zbDuXWa8mEv86noskvh6nTrbhqtlE4FUO4reaXaqN LnqLVViu/eNjEuHuSNtFIsK9SsrZy5n6k9KJ1XI9T7M8Low49LQzY81Yd7i7SZ0U P6UqJaYnoH/f6R51dfeSJz5uyhr5ua7CJ69NFHxJNaqyZTeR+XUgt2BGGQ== =exM6 -----END PGP SIGNATURE-----
[email protected]
Description: application/pgp-keys
_______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
