INTERNAL Hi,
I am trying to get source IP recognition sorted to a percona cluster. Following a directive to configure the proxy/percona setup to correctly identify client operations by source address, I reconfigured percona backends with send-proxy. I now have: source-host - proxy-node - percona node (8.4.7) I installed mysql. If I connect to source to proxy-node:3306 I get:- ERROR 2026 (HY000): SSL connection error: error:0A00010B:SSL routines::wrong version number I did try (from source) openssl s_client and gave path to the directory where our certificates are. It is the same path on all installed hosts companywide and contains the same base certificates, including our own self-signed one(s). I do see verify error:num=19:self-signed certificate in certificate chain from the output but I am reluctant to admit this is the cause. I did try removing (commenting out) the ssl bind options fro HAproxy config and restarting but the same error (ERROR 2026) appears. I can find no 8.4.7 client from percona. HAPROXY for the front/back defaults pxc_d2 log global mode tcp option tcplog option dontlognull retries 3 timeout connect 10s timeout client 1h timeout server 1h frontend pxc-d2-frontend from pxc_d2 bind *:3306 use_backend pxc-d2-backend backend pxc-d2-backend from pxc_d2 default-server inter 1001 rise 3 fall 3 on-marked-down shutdown-sessions default-server port 9200 check send-proxy balance roundrobin server d2-db-node01 xx.xx.140.45:3306 server d2-db-node02 xx.xx.140.46:3306 backup server d2-db-node03 xx.xx.140.47:3306 backup Where would I see any access attempts from client to target? The haproxy.log shows nothing, only regular Zabbix connections. Initially I contacted percona thinking that it was a problem with TLS/SSL and their interactions may be seen here https://forums.percona.com/t/connecting-to-database-through-haproxy/40920 Any ideas would be helpful. Marc
