In this case, the hosts to be connected to have no relationship - not on the same network, not even hosted by the same companies. I don't have control of the server side here, just the client.
D. On Sep 6, 2023, at 1:06 PM, Stewart Anderson via stunnel-users <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Isn't network failover best achieved by your connect connecting to a vip > i.e. a "eral" network managed failover and stunn just connects to the > currently active one via the VIP? > > Stu > > > > > - ------ Original Message ------ >> From "Daphne Shaw" <[email protected]> > To [email protected] > Date 06/09/2023 15:58:55 > Subject [stunnel-users] Failover configuration using a proxy > >> Hello! >> >> I have a configuration question around failover with stunnel as a https >> client (that is, "client=yes"). The end goal here is a "Try to connect to >> host A, if that fails, connect to host B, etc." type of setup. I can do that >> with multiple connect= options, one per host, and it works as expected: >> >> connect=x.x.x.x >> connect=y.y.y.y >> connect=z.z.z.z >> >> The question I have is around doing the same thing with a proxy. In a proxy >> configuration, connect= specifies the proxy (https in my case, so >> "protocol=connect"), and protocolHost= specifies the host that I want to >> connect to via that proxy. Unfortunately, it seems that protocolHost only >> allows a single host and cannot be used multiple times, so I can't specify >> the hosts to failover to. >> >> connect=my.proxy.ip >> protocol=connect >> protocolhost=x.x.x.x >> protocolhost=y.y.y.y >> protocolhost=z.z.z.z >> >> That always attempts to connect to z.z.z.z (the last specified host) via the >> proxy. >> >> I am using stunnel 4.56 (stock stunnel from Centos 7), but happy to upgrade >> if a newer version makes this possible (the manual suggests the latest >> version works the same way). >> >> Any suggestions? I'm sure I could accomplish this by wrapping stunnel in a >> script that generates a new config file for each failover, but well, I'm >> hoping to not have to do that. >> >> Thanks, >> >> Daphne >> >> _______________________________________________ >> stunnel-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] > -----BEGIN PGP SIGNATURE----- > Version: BCPG C# v1.8.10.0 > > iQFIBAEBCAAyBQJk+LGGKxxTdGV3YXJ0IEFuZGVyc29uIDxzdHVzb25fMjAwMEB5 > YWhvby5jby51az4ACgkQnk95UoOZmRATtAf/btAGZVMPsug0grk7XdRFfZRrms5o > vpmZAqaXdTxja4CktKx3kdQJ4QiNyLM/zUV96WFDFkf4hMoHfaIBYKF03hKdv1/F > RbhoP76Ss8K8ca1v8nSf4EBFEdZrXlDEk7EgyOEWkvyu5GUx4E0AkHvxPbSJfSBg > 4RWZiBIqYjFnJJbuT4B3l+7zbDuXWa8mEv86noskvh6nTrbhqtlE4FUO4reaXaqN > LnqLVViu/eNjEuHuSNtFIsK9SsrZy5n6k9KJ1XI9T7M8Low49LQzY81Yd7i7SZ0U > P6UqJaYnoH/f6R51dfeSJz5uyhr5ua7CJ69NFHxJNaqyZTeR+XUgt2BGGQ== > =exM6 > -----END PGP SIGNATURE-----
[email protected]
Description: application/pgp-keys
> _______________________________________________ > stunnel-users mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
