I'm trying to setup a stunnel ssl farm load balanced by haproxy. It kinda looks like
haproxy -> many stunnels -> haproxy -> apache,nginx etc
Problem is to carry the original ip over to the final servers. It seems proxy-protocol is the perfect method but I have only been able to figure out how to send it from stunnel to haproxy
stunnel -> haproxy
when i put haproxy in tcp mode and use send-proxy towards the stunnel server, i geet ssl error
haproxy example:
frontend ssl_in
bind 1.1.1.1:443
mode tcp
default_backend stunnel_srv
backend stunnel_srv
mode tcp
server 1.1.1.2:443 check send-proxy
stunnel config:
[https]
cert = /etc/stunnel/certs/test.examaple.org/fullchain.cer
key = /etc/stunnel/certs/test.example.org/private.key
accept = 1.1.1.2:443
connect = 1.1.1.3:8085
protocol = proxy
TIMEOUTclose = 0
Seems stunnel doesn't want to receive proxy-protocol headers and can only send them. any ideas of a magical option to achieve that?
Cheers
