Redis with stunnel, need to reset a client connection if the remote server drops

Hello all, I've spent some time digging through the archives, but have yet to turn up a solution to the issue I'm having. We're using Redis instances on 'cloud' resources, and have successfully gotten stunnel setup as a server on these nodes. Additionally an internal process runs and connects to a local stunnel client that then connects to the remote cloud instance. This is working well enough at the moment, however there is one issue I'm bumping into. If the remote EC2 node goes dark for a bit (ie: reboot), the local stunnel client will reconnect, however the internal process which is establishing its connection to the local stunnel client does not get disconnected and therefore doesn't know that redis became unavailable and needs to re-subscribe to the redis stream. I need to invalidate the established session when the remote reconnects. Can this be accomplished with either a TIMEOUT value or session statement? Below is a sample of the configuration: ########### [some-ec2-node.com] client = yes verify = 2 CApath = /etc/ssl/certs sslVersion = TLSv1 accept = 127.0.0.1:10008 connect = some-ec2-node.com:6379 ########### $ stunnel4 -version stunnel 4.53 on x86_64-pc-linux-gnu platform Compiled with OpenSSL 1.0.1e 11 Feb 2013 Running with OpenSSL 1.0.1f 6 Jan 2014 Update OpenSSL shared libraries or rebuild stunnel Threading:PTHREAD SSL:+ENGINE+OCSP Auth:LIBWRAP Sockets:POLL+IPv6 Global options: debug = daemon.notice pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes Service-level options: ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH curve = prime256v1 session = 300 seconds sslVersion = TLSv1 for client, all for server stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none -- Josh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cocytus wrote:
If the remote EC2 node goes dark for a bit (ie: reboot), the local stunnel client will reconnect, however the internal process which is establishing its connection to the local stunnel client does not get disconnected and therefore doesn't know that redis became unavailable and needs to re-subscribe to the redis stream. I need to invalidate the established session when the remote reconnects.
Do you see anything in your log files indicating that stunnel gets notified about the peer being disconnected? If not then stunnel does not make any difference for you. You would bump into the same issue without stunnel. Either way, you need some kind of keepalive. It may be implemented either at the application level by periodically sending a command (some no-op) to your redis server, or at the TCP level. Stunnel can help you with it. The stunnel.conf option is: socket = r:SO_KEEPALIVE=1 Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJVNUxGAAoJEC78f/DUFuAUy6YP/A5+8r0oncDT44qy+986qz7E 4jfN/LHZdH92N9F4jSjubP/0B/qTFO7Qif+isBSyle7AU0Ex/oimqynBbm1acsIl h0FL6mufP0s6e/OPb7wEZtAi5CIbngz1hx6iOh9K/tOVA9Bs0+JAoje5JgRMP6OI wwPcrd5ef5yIArywZjr5DBmVzPyxPUHH2R6eOgOf5xcs9idviabv32daHf0rVOvG c30j+VEoL8Zm61dbcKLMGnMBwjE5LVb/dhOcBdqEsofegcEdeKDkAZFSXqUeX9Ud ndkR8WXHVYngmx4jkSPEqV2+xtlgN+2wQBCQnLYJaEV0Wj1EfvxOH0epkT3Q8u3y F6uwkyMFCN6+1hN0feL/wekRW0w1nxp0hhfvT7nBTkomUAhzthE/DoU4u+7BrM3r O+0M5KYQUd4W3XOMcXnBqaIg3A7dzLGzFWK5tWrWo4Tk0PmvKlGdHqFeYGlUY2S1 JH0V8vYfLLsc2/Ty9YEosuJWdnmqv+gO+hZjKTvw8wO3O3au78MG9UY6HZwrujoq eJHxfNsXSL8FX5JX365ZU11UTDdeceLGyT7XWuI9A2dFbNCAhjatbuNEW0Lh50kQ fHk2lh/iZDAGYwnugjyFXRuqLBC6r3h6PnGUYnl6Tj2DZXEUcDyey8uvRwO0LW0h DLzYpnbPMHp9EKaVus06 =symg -----END PGP SIGNATURE-----
participants (2)
-
Cocytus
-
Michal Trojnara