On 9/29/10 11:09 AM, Willy Tarreau wrote:
> Hi,
>
> On Tue, Sep 28, 2010 at 08:55:45PM -0500, Alan Gutierrez wrote:
>> I'm to understand that in order to use HAProxy with SSL, you need to
>> put something like STunnel in front of HAProxy to decrypt the SSL
>> stream. I suppose you could also use nginx, STunnel is more flexible
>> and could decrypt other protocols besides HTTP.
>>
>> The current version of STunnel requires a patch to include the X-
>> Forwarded-For header when the request is an HTTPS request.
>>
>> I'm developing an application stack for Node.js and I want to support
>> WebSockets.
> You're probably aware that the WebSockets specification is still
> changing a lot and that both the handshake and the framing are still
> under active development. So unless you're developping with the goal
> of participating to the development of the protocol, it could be a
> waste of time to start a big development on this.
I disagree, of course. So, if we can agree to disagree, and you will
allow me to waste my time, I'd like to work on getting HAProxy ready for
WebSockets.
>> I'm developing for Ubuntu and it would be preferable to
>> use the stunnel4 package in Ubuntu, but it seems that a patch is
>> required to add the X-Forwarded-For header to make full use of HAProxy.
>>
>> Questions:
>>
>> * Is the STunnel in Ubuntu Lucid ready to go? (Maverick?) Can it be
>> made to work?
> I have no idea on this point.
The answer is no. I added the patch to a fork of the latest packaging.
I've not tested them at the time of this writing, but the patch applied cleanly and the project built. I'll report back if encounter any problems. Until then people are free to use this package (at their own risk.)
-- Alan Gutierrez - alan@prettyrobots.com - http://twitter.com/bigeasyReceived on 2010/09/29 20:59
This archive was generated by hypermail 2.2.0 : 2010/09/29 21:15 CEST