On 9/29/10 11:09 AM, Willy Tarreau wrote:
Hi,
On Tue, Sep 28, 2010 at 08:55:45PM -0500, Alan Gutierrez wrote:
I'm to understand that in order to use HAProxy with SSL, you need to
put something like STunnel in front of HAProxy to decrypt the SSL
stream. I suppose you could also use nginx, STunnel is more flexible
and could decrypt other protocols besides HTTP.
The current version of STunnel requires a patch to include the X-
Forwarded-For header when the request is an HTTPS request.
I'm developing an application stack for Node.js and I want to support
WebSockets.
You're probably aware that the WebSockets specification is still
changing a lot and that both the handshake and the framing are still
under active development. So unless you're developping with the goal
of participating to the development of the protocol, it could be a
waste of time to start a big development on this.
I disagree, of course. So, if we can agree to disagree, and you will
allow me to waste my time, I'd like to work on getting HAProxy ready for
WebSockets.
I'm developing for Ubuntu and it would be preferable to
use the stunnel4 package in Ubuntu, but it seems that a patch is
required to add the X-Forwarded-For header to make full use of HAProxy.
Questions:
* Is the STunnel in Ubuntu Lucid ready to go? (Maverick?) Can it be
made to work?
I have no idea on this point.
The answer is no. I added the patch to a fork of the latest packaging.
* http://github.com/bigeasy/stunnel
* https://launchpad.net/~bigeasy/+archive/node-stack/+packages
I've not tested them at the time of this writing, but the patch applied
cleanly and the project built. I'll report back if encounter any
problems. Until then people are free to use this package (at their own
risk.)
--
Alan Gutierrez - [email protected] - http://twitter.com/bigeasy
