Hi, Our setup has stunnel and HAproxy running on same server. Our clients (postgresql clients) connect to port where stunnel is listening. Clients are sending encrypted data (setting sslmode=require in pgsql connection options). Stunnel listens to encrypted traffic and writes unencrypted traffic to another port on same host where HAproxy is listening. Then, HAProxy passes this request to one of many postgresql servers. These servers are custom written to implement postgresql protocol. We want IP of the postgresql clients to be captured at the server. HAProxy documentation says that proxy protocol is only way to pass original client IP for non-http traffic. Can you please suggest how we can configure Stunnel to listen to encrypted postgresql client traffic (pgsql protocol) and write unencrypted data to HAProxy instance in proxy protocol. Following are our current configurations for stunnel and HAProxy: Stunnel: foreground = yes debug = 5 socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 socket = l:SO_KEEPALIVE=1 socket = l:TCP_KEEPIDLE=120 socket = l:TCP_KEEPINTVL=30 socket = l:TCP_KEEPCNT=3 ciphers = HIGH:MEDIUM
[postgres-serverB] protocol = pgsql accept = 0.0.0.0:3255 connect = localhost:5433 retry = yes cert = /etc/stunnel/stunnel.crt delay = no sslVersion = TLSv1.2 HAProxy: listen pgsql mode tcp option tcplog bind *:5433 balance leastconn timeout server 1d timeout client 1d option tcp-check option clitcpka server qspgsqlsvr1 host.docker.internal:5432 check Thanks, Ashok
_______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-le...@stunnel.org
