On Tue, Mar 05, 2024 at 05:42:04PM +0100, Jochen Bern wrote: [snip]
The third possibility is that you want the frontends (to run stunnel and) switch from one backend to the other (assuming that they're separate machines, of course), like a load balancer would. Then your HA solution needs to remotely sense which backends are currently operational, and instruct the stunnels to switch away from a TILT one to one of the OK ones. keepalived is not particularly suited to do *that*, and restarting the stunnels would leave you with an additional (if very short) outage still.
...and that's why you can instruct a running stunnel instance to reload its configuration file without a service outage, either using the `-reload` option for Windows, or by sending it a HUP signal under Unix-like OSs.
G'luck, Peter