Hey Guys,
Im trying to configure HAproxy ssl offload for Redis. In other words, have the ssl termination on the HAproxy. However, im not being able to achieve this and need some help.
For the certificates im using Vault PKI Engine to generate selfsign certificates with an Intermediate CA.
I tried compacting all in one file, ca certificate + intermediate + cert but still fails.
If i try to connect via redis-cli without specifying the --tls flag it connects but then when i try to run commands i just receive the following error:
Error: Server closed the connection
If i specify --tls flag i get SSL_connect failed: certificate verify failed
Not sure why but it does not show anything in the logs.
If anyone could help me i would appreciate.
Everything is running with docker. HAproxy is using tag 2.3
The HAproxy config file is the following:
defaults REDIS
mode tcp
timeout connect 3s
timeout server 3s
timeout client 3s
frontend ft_redis
mode tcp
bind *:6380 ssl crt /usr/local/etc/haproxy/ha.pem ca-file /usr/local/etc/haproxy/ca.crt crl-file /usr/local/etc/haproxy/crl.pem
default_backend bk_redis
backend bk_redis
mode tcp
option tcp-check
tcp-check send AUTH\ root\r\n
tcp-check expect string +OK
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:master
tcp-check send QUIT\r\n
tcp-check expect string +OK
server redis_node1 redis-master:6379 maxconn 4096 check inter 3s
server redis_node2 redis-replication_redis-replica_1:6379 maxconn 4096 check inter 3s
server redis_node3 redis-replication_redis-replica_2:6379 maxconn 4096 check inter 3s