MySQL behind HAProxy
-
Hello
I have a very basic HAProxy setup for some webapps running for quite some time now. Now I wanted something new: Run a MySQL instance on a backend and offload SSL to HAProxy.
Steps I have done:- Configured backend to MySQL IP and port 3306;
- Configured health check (mode MySQL, timeout 1000 and a known-good username);
Health check fails, although I'm very sure the IP and port are correct. I can connect from any other device on my network to the MySQL server. pfSense can ping to the MySQL server.
I wanted to rule out that the MySQL check is not faulty so I changed it to a basic health check. All ok now.- Configured a new frontend on port 3306 with SSL ofloading enabled;
- Type: SSL/HTTPS (tcp)
- set the default backend to DB backend.
Result: Cannot connect from mysql client to hostname on port 3306.
I can telnet to hostname on port 3306 (so HAProxy seems to be listening)So MySQL really seems unreachable from HAProxy, I checked the logs but they are not giving useful information about what's going wrong with the health check.
Anyone with experience with this kind of setup?
Thanks!
-
It seems, per HAProxy documention, that the user needs to exist and it must be able to login without password.
This is against all our policies so I changed the mysql-check back to a basic ping check.This fixes the Health check, but not the biggest problem: No connection is possible trough HAProxy.