Hello!
I have a configuration question around failover with stunnel as a https client (that is, "client=yes"). The end goal here is a "Try to connect to host A, if that fails, connect to host B, etc." type of setup. I can do that with multiple connect= options, one per host, and it works as expected:
connect=x.x.x.x connect=y.y.y.y connect=z.z.z.z
The question I have is around doing the same thing with a proxy. In a proxy configuration, connect= specifies the proxy (https in my case, so "protocol=connect"), and protocolHost= specifies the host that I want to connect to via that proxy. Unfortunately, it seems that protocolHost only allows a single host and cannot be used multiple times, so I can't specify the hosts to failover to.
connect=my.proxy.ip protocol=connect protocolhost=x.x.x.x protocolhost=y.y.y.y protocolhost=z.z.z.z
That always attempts to connect to z.z.z.z (the last specified host) via the proxy.
I am using stunnel 4.56 (stock stunnel from Centos 7), but happy to upgrade if a newer version makes this possible (the manual suggests the latest version works the same way).
Any suggestions? I'm sure I could accomplish this by wrapping stunnel in a script that generates a new config file for each failover, but well, I'm hoping to not have to do that.
Thanks,
Daphne
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Isn't network failover best achieved by your connect connecting to a vip i.e. a "eral" network managed failover and stunn just connects to the currently active one via the VIP?
Stu
- ------ Original Message ------ From "Daphne Shaw" dshaw@jabberwocky.com To stunnel-users@stunnel.org Date 06/09/2023 15:58:55 Subject [stunnel-users] Failover configuration using a proxy
Hello!
I have a configuration question around failover with stunnel as a https client (that is, "client=yes"). The end goal here is a "Try to connect to host A, if that fails, connect to host B, etc." type of setup. I can do that with multiple connect= options, one per host, and it works as expected:
connect=x.x.x.x connect=y.y.y.y connect=z.z.z.z
The question I have is around doing the same thing with a proxy. In a proxy configuration, connect= specifies the proxy (https in my case, so "protocol=connect"), and protocolHost= specifies the host that I want to connect to via that proxy. Unfortunately, it seems that protocolHost only allows a single host and cannot be used multiple times, so I can't specify the hosts to failover to.
connect=my.proxy.ip protocol=connect protocolhost=x.x.x.x protocolhost=y.y.y.y protocolhost=z.z.z.z
That always attempts to connect to z.z.z.z (the last specified host) via the proxy.
I am using stunnel 4.56 (stock stunnel from Centos 7), but happy to upgrade if a newer version makes this possible (the manual suggests the latest version works the same way).
Any suggestions? I'm sure I could accomplish this by wrapping stunnel in a script that generates a new config file for each failover, but well, I'm hoping to not have to do that.
Thanks,
Daphne
stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
In this case, the hosts to be connected to have no relationship - not on the same network, not even hosted by the same companies. I don't have control of the server side here, just the client.
D.
On Sep 6, 2023, at 1:06 PM, Stewart Anderson via stunnel-users stunnel-users@stunnel.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Isn't network failover best achieved by your connect connecting to a vip i.e. a "eral" network managed failover and stunn just connects to the currently active one via the VIP?
Stu
- ------ Original Message ------
From "Daphne Shaw" dshaw@jabberwocky.com
To stunnel-users@stunnel.org Date 06/09/2023 15:58:55 Subject [stunnel-users] Failover configuration using a proxy
Hello!
I have a configuration question around failover with stunnel as a https client (that is, "client=yes"). The end goal here is a "Try to connect to host A, if that fails, connect to host B, etc." type of setup. I can do that with multiple connect= options, one per host, and it works as expected:
connect=x.x.x.x connect=y.y.y.y connect=z.z.z.z
The question I have is around doing the same thing with a proxy. In a proxy configuration, connect= specifies the proxy (https in my case, so "protocol=connect"), and protocolHost= specifies the host that I want to connect to via that proxy. Unfortunately, it seems that protocolHost only allows a single host and cannot be used multiple times, so I can't specify the hosts to failover to.
connect=my.proxy.ip protocol=connect protocolhost=x.x.x.x protocolhost=y.y.y.y protocolhost=z.z.z.z
That always attempts to connect to z.z.z.z (the last specified host) via the proxy.
I am using stunnel 4.56 (stock stunnel from Centos 7), but happy to upgrade if a newer version makes this possible (the manual suggests the latest version works the same way).
Any suggestions? I'm sure I could accomplish this by wrapping stunnel in a script that generates a new config file for each failover, but well, I'm hoping to not have to do that.
Thanks,
Daphne
stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
-----BEGIN PGP SIGNATURE----- Version: BCPG C# v1.8.10.0
iQFIBAEBCAAyBQJk+LGGKxxTdGV3YXJ0IEFuZGVyc29uIDxzdHVzb25fMjAwMEB5 YWhvby5jby51az4ACgkQnk95UoOZmRATtAf/btAGZVMPsug0grk7XdRFfZRrms5o vpmZAqaXdTxja4CktKx3kdQJ4QiNyLM/zUV96WFDFkf4hMoHfaIBYKF03hKdv1/F RbhoP76Ss8K8ca1v8nSf4EBFEdZrXlDEk7EgyOEWkvyu5GUx4E0AkHvxPbSJfSBg 4RWZiBIqYjFnJJbuT4B3l+7zbDuXWa8mEv86noskvh6nTrbhqtlE4FUO4reaXaqN LnqLVViu/eNjEuHuSNtFIsK9SsrZy5n6k9KJ1XI9T7M8Low49LQzY81Yd7i7SZ0U P6UqJaYnoH/f6R51dfeSJz5uyhr5ua7CJ69NFHxJNaqyZTeR+XUgt2BGGQ== =exM6 -----END PGP SIGNATURE-----
stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
-
Daphne Shaw -
Stewart Anderson