Hi Matteo, thanks for the quick responses. What’s the best way to find the servers? Is there a way to obtain the server list from the LB? In this way, I should be able to build something that scales with CloudFlare’s cluster without manual entering IP-addresses.
Also, this means the connection won’t be protected between servers. This should be done with a VPN, but it’s another layer. I was wondering if CloudFlare has something for this purpose. Otherwise I could build N tunnels, one for the public requests backed by a LB, and one tunnel per server:
And then if server-2 must open a secure connection to the server 1, it could just use ‘origin-server-1’. Also, in this way, it doesn’t need to know the real IP address.
The issue here is that AFAIK, only HTTP is supported on top of the tunnels, not just TCP. So I should write an HTTP layer on top of the replication protocol.