Hi, On Tue, Sep 28, 2010 at 08:55:45PM -0500, Alan Gutierrez wrote: > I'm to understand that in order to use HAProxy with SSL, you need to > put something like STunnel in front of HAProxy to decrypt the SSL > stream. I suppose you could also use nginx, STunnel is more flexible > and could decrypt other protocols besides HTTP. > > The current version of STunnel requires a patch to include the X- > Forwarded-For header when the request is an HTTPS request. > > I'm developing an application stack for Node.js and I want to support > WebSockets.
You're probably aware that the WebSockets specification is still changing a lot and that both the handshake and the framing are still under active development. So unless you're developping with the goal of participating to the development of the protocol, it could be a waste of time to start a big development on this. > I'm developing for Ubuntu and it would be preferable to > use the stunnel4 package in Ubuntu, but it seems that a patch is > required to add the X-Forwarded-For header to make full use of HAProxy. > > Questions: > > * Is the STunnel in Ubuntu Lucid ready to go? (Maverick?) Can it be > made to work? I have no idea on this point. > * If not, has someone repackaged stunnel4 with the X-Forwarded-For > patch applied? I'm sure that you'd find several packages on the net, some people package it for Debian. You don't necessarily need a totally up to date package, BTW. > * Is there an alternative to STunnel that would support WebSockets? I'm not aware of any, though it might be interesting to know. Do you really need SSL for your devs ? You might have enough work with the application to start with clear WS, and wait for finding an already patched stunnel package. I know we should have one for Debian at Exceliance in our HAPEE package, but the Debian version is not released yet. Regards, Willy
