I’m cautiously optimistic that mTLS is now stable for me as it’s been up for more than a few days. So what’s changed? As a result of the thread Load balancing queries, I’ve reverted from this structure (from post mTLS under FreeBSD - #9 by francislavoie)…
# Secure backend communication
@mtls expression `{mtls} == "yes"`
reverse_proxy @mtls {backend} {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Forwarded-Host {host}
transport http {
tls
}
}
…to this structure (from post Load balancing queries - #19 by basil)…
(proxy-mtls) {
@{args.0} host {args.0}.udance.com.au
reverse_proxy @{args.0} https://{args.1} {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Forwarded-Host {host}
}
}
I’ll keep monitoring mTLS, but with each passing day, I’m feeling more confident that mTLS hasn’t gone loopy for me. If it’s still stable in a week or so, then it could be that there is something flaky with the long way of configuring the transport. I report back again just before this thread gets locked.