I have a MariaDB RDS set up in a VPC. The RDS is not publicly accessible. Therefore in order to access the RDS, I've decided to spawn an EC2 in the same VPC and configured HAProxy.
HAProxy is working fine and is listening to port 3306. However when I attempt to connect to RDS via HAProxy, I'm getting this error message:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 2
Here's my haproxy.cfg:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen rds
bind 0.0.0.0:3306
mode tcp
option mysql-check user haproxy_check
balance roundrobin
server rds test.dkd20slksdfkl.ap-southeast-1.rds.amazonaws.com:3306 check
In case you're wondering, I did edit /etc/default/haproxy and put ENABLED=1
I managed to connect to the RDS successfully by removing the check option. I'm not sure why but perhaps because there's no other RDS to load balance, therefore the check option would give problem instead.