Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code. One (or more) endpoint is run in server mode, the other endpoint is run in client mode. Stunnel is a SSL proxy designed to add TLS encryption to existing clients and servers without changes to the daemon's themselves. Frontend galeraclusterfrontend bind.:3307 mode tcp option tcplog defaultbackend galeraclusterbackend backend galeraclusterbackend mode tcp option tcpka option mysql-check user haproxy option dontlog-normal balance roundrobin server galera-01 127.0.0.1:13306 check weight 1 server galera-02 127.0.0.1:23306 check weight 1 server galera-03 127.0.0.1:33306 check weight 1 frontend stats bind. Stunnel can also allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
#Stunnel with myslq upgrade#
If you still get problems, I suggest you upgrade to 4.0 and see if the problems still exist.Stunnel is a program by Michal Trojnara that allows you to encrypt arbitrary TCP connections inside SSL. So if replication works without stunnel and does not with stunnel, this is not a MySQL bug.īut what you experienced is probably the "ignored port" problem mentioned above. A wrapper's job is to act behind the scene and be invisible to apps.
mysql -h127.0.0.1 -port=3307,ĬHANGE MASTER TO MASTER_HOST=127.0.0.1, MASTER_PORT=3307.Īs regards stunnel, it is supposed to be a wrapper. You should use 127.0.0.1 (or the real IP in this case, instead of localhost this will force the use of TCP/IP and not Unix sockets. Since stunnel deals in ssl connections, which implies the use of TCP rather than UDP, it is not unreasonable to assume the connections are meant to be long lived, and for those cases I have found JdeBP's answer to be absolutely correct it has become my reference point for the right way to do this kind of unit, in particular with Stunnel. Will silently direct you to 3306!! This is because when MySQL sees localhost it uses Unix sockets, not TCP/IP (this is why the TCP port is ignored). Mysql -port=3307 (localhost is used by default if you don't specify the host) If a mysqld is listening on port 3306 and another one is listening on port 3307, On Unix boxes, connecting to 'localhost' always ignores the port you specify. Tested and change the status back to "Open". Please change the version on this bug report to the version you If you are able to reproduce the bug with one of the latest versions, Problem with - the problem might already be fixed. You are not using a current version of the product your reported a Guilhem Bichot Thank you for taking the time to report a problem. Stunnel on slave: stunnel -D 6 -f -c -d 3307 -r :3307 Stunnel on master: stunnel -D 6 -f -p /usr/local/ssl/certs/74d20f41.0 -d 3307 -r localhost:3306
Traffic is definitely flowing as per debugging in stunnel. so traffic from slave 3307 goes to master 3307 then to master 3306. stunnel on master directs master port 3306 to port 3307, stunnel on slave connects slave port 3307 to 3307 on master.
If I use "localhost" as the master_host, then no traffic goes through the stunnel, if I use the name of the slave, it goes through the tunnel to the master, which sees it as localhost traffic. Master user info:| 127.0.0.1 | repl | 2c1cd098482d3ea1 | N | N | N | N | N | N | N | N | N | Y | N | N | N | NĬHANGE MASTER TO MASTER_HOST='', MASTER_PORT=3307, MASTER_USER='repl', MASTER_PASSWORD='trupw', MASTER_LOG_FILE='master-binlog-mysqld.006', MASTER_LOG_POS=79 GRANT FILE ON *.* TO IDENTIFIED BY 'trupw' Set up the repl user with 127.0.0.1 on master and slave: This appears to be some permission problem with replication I got that same message with non-stunnel replication if I used "%" when granting file perms, if I granted using IP address of slave, it worked. Using stunnel to encrypt traffic which appears to be weird handling of localhost permission.Įrror on COM_REGISTER_SLAVE: 1045 'Access denied for user: (Using password: YES)' I had replication working well over standard TCP/IP but am getting permission problems
0 kommentar(er)
