Hi Phillip, Thank you very much for your response. But I am still not sure what are the code changes that I should do in the thrift client. How do I add the server certificate to the client for server validation. What is the protocol that I should use. I would appreciate if you can provide me some sample php client code.
On Sat, Jun 21, 2014 at 8:37 AM, Phillip Simbwa <[email protected]> wrote: > And don't forget to generate ssl certificates and include them in the nginx > config... > > https://library.linode.com/web-servers/nginx/configuration/ssl > > > On Sat, Jun 21, 2014 at 6:04 AM, Phillip Simbwa <[email protected]> wrote: > > > Hi Supun, > > > > You could consider running the server behind Nginx as the proxy. > > Then create a vhost configuration for port 443 and proxying to the java > > server port. > > > > Look at this example of nginx proxying for tornado servers (python) on > > port 80 to get an idea. > > https://gist.github.com/didip/802576 > > > > For the above gist, just change; > > > > 1. listen 80; to listen 443; > > 2. upstream frontends > > > > # Enumerate all the Tornado servers here > > > > upstream frontends { > > server 127.0.0.1:8000; > > server 127.0.0.1:8001; > > server 127.0.0.1:8002; > > server 127.0.0.1:8003; > > } > > > > to > > > > upstream frontends { > > server 127.0.0.1: <port number of your thrift server port>; > > > > > > } > > > > Then restart nginx and make sure your thrift server is running... > > > > That is it > > > > > > > > > > > > On Fri, Jun 20, 2014 at 10:53 PM, Supun Nakandala < > > [email protected]> wrote: > > > >> Hi All, > >> > >> I have a java based thrift server. I want to secure my thrift server > using > >> SSL security. I found this blog post[1] which explains how to secure a > >> thrift server and client communication using SSL security. The example > >> uses > >> a java server and a java client. But in my case I want to use a php > >> client. > >> I would appreciate if someone can provide me some pointers on how can I > >> incorporate SSL security to a PHP thrift client. > >> > >> Thank you. > >> Supun > >> > >> [1] - > >> > http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/ > >> > > > > > > > > -- > > - Phillip. > > > > "Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in > > waht > > oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the > frist > > and lsat ltteer are in the rghit pclae. > > The rset can be a toatl mses and > > you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed > > ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it > > out aynawy." > > > > > > > -- > - Phillip. > > "Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in > waht > oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist > and lsat ltteer are in the rghit pclae. > The rset can be a toatl mses and > you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed > ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it > out aynawy." > -- Thank you Supun Nakandala Dept. Computer Science and Engineering University of Moratuwa
