Hi Tim, what you propose is difficult to test, since the HA proxy can only deliver the SSL ports (it routes based upon SNI, so SSL is mandatory for the routing). It won't work with plain tcp ports.
However, if I still use SSL but directly define mapped ports for both brokers in the network connector uri, thus bypassing the HA proxy, all works fine: uri="masterslave:(ssl://servername:something17,ssl://servername:something19)" where something17 and something19 are the mapped ports 61617 for both brokers. Also connection to the tcp ports this way works: uri="masterslave:(tcp://servername:something16,ssl://servername:something18)", something16 and something18 being the mapped port 61616 for the brokers. So it really looks like failover doesn't work with SSL if the SSL termination is done before the connection "reaches" the broker. If somebody has a clever solution to have redundant brokers behind such a proxy with the failover working anyways, this would be very welcome (the HA proxy bypassing is no option for me). Regads, Jochen -- View this message in context: http://activemq.2283324.n4.nabble.com/failover-masterslave-protocol-for-brokers-behind-HAProxy-tp4726787p4727511.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
