Hello.
I have a question about a strange stunnel configuration; specifically,
I'm like to use 'chained' stunnel instances, and I'm running into an
issue.
We have a conceptually simple setup: a client that connects to a
server. We use stunnel both for encryption and for the failover
mechanism. Here's a diagram of our simplest setup:
/----S1
/
C--st0-----S2
\
\----S3
We have a client that connects to stunnel. Our stunnel configuration
lists three connections with "prio" failover mode. So usually,
connections go from C thru st and onto Server 1. If S1 is down, st0
fails to connect to S1 and instead tries S2, and all is good.
However, sometimes we may place an optional second instance of stunnel
in front of the servers.
/----st1--S1
/
C--st0-----st2--S2
\
\----st3--S3
The failover mode of stunnel does not work so well in this
configuration. If S1 is down, st0's failover algorithm does not kick
in. Instead, st0 happily connects to st1, which is still alive and
running. st1 then detects S1 is down and immediately closes the
connection, but st0 does not care. Since the initial connection was
successful, it does not initiate the failover algorithm.
You may ask "why not change to round-robin mode?" The answer is that
S1 is a dedicated machine, and S2/S3 are underpowered backups that
have other primary responsibilities. We really want to direct all
connections to S1 and only use S2/S3 in emergencies.
You may also ask, "Why the second layer of stunnel?"--unfortunately,
there are several hairy implementation-specific details that make this
hard to change.
My question is: is there any stunnel configuration option that can
help us out? We would like the failover to work with and without the
second layer of stunnel. From looking at the source code, I think I'm
out of luck, but I figured it couldn't hurt to ask. Thanks!
Michael