On Tue, Oct 30, 2018 at 2:45 AM Marcos Gonzalez <mgonza...@datumize.com> wrote: > > Hi list > > I'm using haproxy to redirect traffic directly to backend server. We are > looking how to load balance sql servers directly, and this works, but I don't > know how to add ssl support. > > I'm using this config setup and works fine > > listen mysql-cluster > > bind 0.0.0.0:3307 ssl crt /etc/ssl/certs/cert.pem > > mode tcp > > option mysql-check user admin > > server mysql1 192.168.1.110:3307 > > > The only point where is failing is justly ssl support. Can someone help me > with code to see where is the problem? > > Line around ssl only works If remove ssl cert: > > bind 0.0.0.0:3307 # ssl crt /etc/ssl/certs/cert.pem > > Haproxy only needs to connects to a beckend server with mysql using port 3307 > and our objective is to enable ssl support > in global section we have > > ssl-default-bind-ciphers > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS > ssl-default-bind-options no-sslv3 > > I can't see where can be the problem, any idea? > > Thanks > >
In tcp mode you will have to enable ssl in the mysql servers as it is pass-through.