We have recently implemented tls and authentication in our redis setup, and are trying to get HAProxy back up and running, but are running into socket errors and can’t find any good documentation for how to troubleshoot the issues.
Since the traffic is encrypted captured packages has been difficult to easily decrypt, to find what response we are getting from our redis servers.
We have used many different configurations found online but none works.
This is our current config:
listen redis
mode tcp
bind :6379 ssl crt /path/to/server.crt ca-file /path/to/ca.crt
option tcplog
option tcp-check
tcp-check send AUTH\ user\ password\r\n
tcp-check expect string +OK
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:master
tcp-check send QUIT\r\n
tcp-check expect string +OK
server redis-0 <IP>:6379 maxconn 1024 check check-ssl inter 1s ssl verify required ca-file /path/to/ca.crt
server redis-1 <IP>:6379 maxconn 1024 check check-ssl inter 1s ssl verify required ca-file /path/to/ca.crt
This is what we get in /var/log/haproxy.log:
Jan 23 16:50:22 haproxy-0 haproxy[52253]: [WARNING] (52253) : Former worker #1 (2210121) exited with code 0 (Exit)
Jan 23 16:50:22 haproxy-0 haproxy[2210848]: Server redis/redis-0 is DOWN, reason: Socket error, info: " at step 2 of tcp-check (expect string '+OK')", check duration: 3ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jan 23 16:50:22 haproxy-0 haproxy[2210848]: [WARNING] (2210848) : Server redis/redis-0 is DOWN, reason: Socket error, info: " at step 2 of tcp-check (expect string '+OK')", check duration: 3ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jan 23 16:50:22 haproxy-0 haproxy[2210848]: [WARNING] (2210848) : Server redis/redis-1 is DOWN, reason: Socket error, info: " at step 2 of tcp-check (expect string '+OK')", check duration: 4ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jan 23 16:50:22 haproxy-0 haproxy[2210848]: Server redis/redis-0 is DOWN, reason: Socket error, info: " at step 2 of tcp-check (expect string '+OK')", check duration: 3ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jan 23 16:50:22 haproxy-0 haproxy[2210848]: Server redis/redis-1 is DOWN, reason: Socket error, info: " at step 2 of tcp-check (expect string '+OK')", check duration: 4ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue
Would appreciate some guidance from someone who has successfully setup a working HAProxy config to redis with tls and auth.
We had no problem using HAProxy to redis before tls was implemented.
HAProxy version 2.4.24-0ubuntu0.22.04.1
Redis server v=7.4.1
1 post - 1 participant