I am new to haproxy and wanted to give it a try on centos 7.6.
I want to use haproxy to do the failover of a redis instance, which is located behind stunnel to enable tls on redis. On producer side I am using fielebeat and metricbeat which sends data tls encrypted to redis.
Stunnel and redis are located on the same box.
So my chain looks like this:
producer -> (TLS) -> haproxy (TLS passthrough) -> (TLS) -> stunnel -> redis.
Without encryption it healthcheck and connection via redis-cli from external to redis via haproxy is working fine.
That is the config for that: defaults REDIS mode tcp timeout connect 3s timeout server 6s timeout client 6s frontend ft_redis bind 0.0.0.0:16380 name redis default_backend bk_redis backend bk_redis option tcp-check tcp-check connect tcp-check send PING\r\n tcp-check expect string +PONG tcp-check send info\ replication\r\n tcp-check expect string role:master tcp-check send QUIT\r\n tcp-check expect string +OK server server1 localhost:7000 check inter 1s server server2 localhost:7001 check inter 1s
Now I want to do the same, but via accessing the stunnel ports (where I need to connect via TLS).
I changed the two server lines to:
server server1 localhost:7100 check-ssl inter 1s ssl verify none server server2 localhost:7101 check-ssl inter 1s ssl verify none
But looks like something is wrong. The healthcheck does not come back. The backend lines in stats are gray without any status.
Do you have any ideas how to solve the issue?
Thanks a lot, Andreas