On 01.03.24 05:39, caspernetherlands@gmail.com wrote:
What would the recommended setup for Stunnel look like for HA (high-availability)? All I need is basically to have two servers, one active and another one stand by and be able to fail over to the standby server when the active one becomes unavailable due to hardware failure, bad vmotion etc.
You're leaving a whole lot of details (like: what OS are you working on?) to guess, other than asking this on the *stunnel* mailinglist ...
If this is about HAing *the stunnel service itself*, as a Linux admin, my gut reaction would be to -- have both servers run stunnel simultaneously (should IMHO be possible in most, if not all, use cases) and -- add (just) VRRP and a floating IP to that with keepalived https://www.keepalived.org/
If you want the *remote end* of the stunnels to go HA, I'd still have a look at keepalived, but you'd need to re-evaluate whether the actual service can simply run on *both* servers, or needs to be started/stopped by keepalived as well as it does a failover.
(If the latter, then look into the question whether the time it needs to *start up* in a failover situation is in fact an acceptable outage duration, or you'll have to get inventive about *that*.)
What stunnel AFAIK does *not* do is check the backends for liveliness and do failovers *for them*. You'd need something external to keep tabs on the backends "remotely" (which keepalived doesn't do), and restart stunnel into different configs if necessary.
Kind regards,