On Tue, Mar 05, 2024 at 05:42:04PM +0100, Jochen Bern wrote: [snip]
The third possibility is that you want the frontends (to run stunnel and) switch from one backend to the other (assuming that they're separate machines, of course), like a load balancer would. Then your HA solution needs to remotely sense which backends are currently operational, and instruct the stunnels to switch away from a TILT one to one of the OK ones. keepalived is not particularly suited to do *that*, and restarting the stunnels would leave you with an additional (if very short) outage still.
...and that's why you can instruct a running stunnel instance to reload its configuration file without a service outage, either using the `-reload` option for Windows, or by sending it a HUP signal under Unix-like OSs. G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13