On Wed, Jul 13, 2011 at 11:04 PM, Christopher Ravnborg <christopher.ravnb...@gmail.com> wrote: > Hi > I'm looking for a solution which can do the following: > Client need to connect to https webserver via haproxy. Encryption all the > way. > Log on webserver needs to contain client ip, this can be done, at least on > http with forwardfor, that works fine. > I have setup haproxy and read about stunnel with a patch to do https to > haproxy, if i understand it right, stunnel will then decrypt/unwrap the > stream, and pass it on to the server. > If this is the case - does it send the non-https traffic to the https server > - and will this be possible at all or am i misunderstanding this totally ? > I just can't figure out how this can be done. > Is this possible for me to do at all ? > /Christopher
Hi Christopher, Purpose of using stunnel in front of HAProxy is to offload SSL processing from your backend servers and to take advantage of all wonderfull layer7 features from HAProxy since traffic will be in clear. HAProxy will get connected through HTTP to your backend server. If you don't want to bother with all this patching, at Exceliance, we provide HAPee, HAProxy Enterprise Edition which includes a patched stunnel for business and enterprise. More information here: http://www.exceliance.fr/en/products/hapee later
