Using virtual IP with stunnel and haproxy

Posted by beardtwizzle on Server Fault See other posts from Server Fault or by beardtwizzle
Published on 2011-03-17T19:13:02Z Indexed on 2011/03/18 0:12 UTC
Read the original article Hit count: 557

Filed under:

load-balancing

|

haproxy

|

stunnel

Hi there,

We have a load-balancer setup, in which an HTTPS Request flows through the following steps:-

Client -> DNS -> stunnel on Load-Balancer -> HAProxy on LB -> Web-Server

This setup works perfectly when stunnel is listening to the local IP of the Load-Balancer.

However in our setup we have 2 load-balancers and we want to be able to listen to a virtual IP, which only ever exists on one LB at a time (keepalived flips the IP to the second LB if the first one falls over).

HAProxy has no problem in doing this (and I can ping the assigned virtual IP on the load-balancer I'm testing), but it seems stunnel hates the concept.

Has anyone achieved this before (below is my stunnel config - as you can see I'm actually listening for ALL traffic on 443):-

cert= /etc/ssl/certs/mycert.crt
key = /etc/ssl/certs/mykey.key
;setuid = nobody
;setgid = nogroup

pid = /etc/stunnel/stunnel.pid
debug = 3
output = /etc/stunnel/stunnel.log

socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1

[https]
accept=443
connect=127.0.0.1:8443
TIMEOUTclose=0
xforwardedfor=yes

Sorry for the long-winded question!

© Server Fault or respective owner

Related posts about load-balancing

Failover or load balancing configuration on Apple Xserve and Mac OS X Server Snow Leopard (10.6)

as seen on Server Fault - Search for 'Server Fault'
I'm currently installing a number of Apple Xserve boxes running Mac OS X Server (10.6). After poking and prodding for a while I can't find any obvious way, or documentation telling me how, to set up the 2 ethernet ports in a failover or load-balancing configuration. There seems to be an obvious… >>> More
Conceptually how does load-balancing on the EJB tier work in Glassfish/any ejb container

as seen on Stack Overflow - Search for 'Stack Overflow'
I am wondering conceptually how load-balancing works on the EJB-level (not web session replication) with Java EE containers like Glassfish. From what I have gleaned your remote interface is a proxy that delegates your call to one of many servers you may have in an environment. If things fail are… >>> More
Do i need a dedicated server for load balancing?

as seen on Server Fault - Search for 'Server Fault'
I'm completely new to the concept of load balancing so i hope this question isn't a "stupid question" because i've been searching around and im having a hard time understanding this. So to my understanding, in order to load balance, i need a separate machine with an ip address i can direct all traffic… >>> More
Load balancing and sessions

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi there, What is the better approach for load balancing on web servers? My services run in .NET and Mono, so they could be hosted on IIS or Apache2, and the will have to provide SSL connection. I've read two main approaches, store the state in a common server and use sticky sessions, there is any… >>> More
Loadbalancing outbound traffic while using openbgpd on freebsd

as seen on Server Fault - Search for 'Server Fault'
Hi, I am using openbgpd in freeBSD with 2 ISP connections. I have my own AS number and a /22 network. Currently I am advertising entire /22 to both networks. Inbound traffic comes in But my outbound traffic goes via a single link. I would like to either distribute my outbound traffic via both links… >>> More

Related posts about haproxy

HA Proxy Stick-table and tcp-connection configuration

as seen on Server Fault - Search for 'Server Fault'
I am using HA Proxy HA-Proxy version 1.4.18 2011/09/16 I am trying to insert the following into /etc/init.d/haproxy.cfg file # Use General Purpose Couter (gpc) 0 in SC1 as a global abuse counter # Monitors the number of request sent by an IP over a period of 10 seconds stick-table type ip size 1m… >>> More
Rotate haproxy logs

as seen on Server Fault - Search for 'Server Fault'
I tried few things but still not able to rotate haproxy logs efficiently. I need to rotate logs when log files crosses 500 MB size. Considering haproxy is serving large no. of static tcp connections, I can not restart haproxy process though a reload is doable. Daily haproxy log file size normally… >>> More
could not bind socket while haproxy restart

as seen on Server Fault - Search for 'Server Fault'
I m restarting HAproxy by following command haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid) but i get following message [ALERT] 183/225022 (9278) : Starting proxy appli1-rewrite: cannot bind socket [ALERT] 183/225022 (9278) : Starting proxy appli2-insert:… >>> More
Restarting Haproxy Gracefully

as seen on Server Fault - Search for 'Server Fault'
As per various blogs, HAproxy can be gracefully restarted using the following command: sudo haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid) TO verify this, I had set up a apache bench script which contiguously sent message to haproxy. Ideally, whenever… >>> More
HAProxy: Display a "BADREQ" | BADREQ's by the thousands

as seen on Server Fault - Search for 'Server Fault'
My HAProxy Configuration. #HA-Proxy version 1.3.22 2009/10/14 Copyright 2000-2009 Willy Tarreau <[email protected]> global maxconn 10000 spread-checks 50 user haproxy group haproxy daemon stats socket /tmp/haproxy log localhost local0 log localhost local1 notice defaults … >>> More