Start small: set up the active-passive HA described in this article over a weekend. Once you experience a transparent failover—where your curl command continues streaming data despite one server being yanked offline—you will never go back to standalone tunnels.
vrrp_script chk_realm script "/usr/local/bin/realm health check --port 8443" interval 2 fall 2 rise 2 realm host v2 ha tunnel
Enable and start:
Note: In a true HA setup, 0.0.0.0:8443 is bound on all nodes, but only the VIP owner routes traffic. Install Keepalived on both nodes: Start small: set up the active-passive HA described