MySQL Replication - Pt 3

And here's the stunnel config. The trick is that it has to be both ways, which is to say master has to be able to query slave and slave has to be able to query master. Thus, the same /etc/stunnel/stunnel.conf on both machines except for one value:

# logging
debug=4
output=/opt/stunnel/server.log
# setup
pid=/opt/stunnel/server.pid
foreground=no
setuid=nobody
setgid=nobody

[repliserver]
accept=3308
connect=127.0.0.1:3306
client=no
# ssl
cert=/etc/stunnel/server.pem
CAfile=/etc/stunnel/server.ca
verify=2

[repliclient]
accept=127.0.0.1:3307
connect=other_server:3308
client=yes
# ssl
cert=/etc/stunnel/server.pem

Remember, other_server is the only different on the two machines. Each point to the other. Even though the SSL certs are named the same, they are unique for each. The port listed in CHANGE TO MASTER will be the client accept (3307 in this example.)

To test, from both machines issue:

mysql -h 127.0.0.1 --port 3307 -e "SHOW DATABASES;"

Add user names and passwords as needed.

One last note: The ports (3307 in this example) can be anything, but absolutely must be the same port number on master and all slaves.