[stunnel-users] Stunnel configuration to forward IP address

Rajat Garg rajat at socialappshq.com
Sun Jan 29 08:51:10 CET 2012


Folks,

 

I have done a setup where I am using Stunnel to forward incoming HTTPS
requests to HaProxy. But, I am unable to get IP address at HaProxy level
(determined by looking at logs) - 

 

Here is the configuration file for Stunnel - 

 

cert = /etc/stunnel/ssl.crt

key = /etc/apache2/ssl.key/socialappshq.com.key

sslVersion = all

chroot = /var/lib/stunnel4/

setuid = stunnel4

setgid = stunnel4

pid = /stunnel.pid

 

; Some performance tunings

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1

 

CAfile = /etc/apache2/ssl.key/ca.pem

output = /var/log/stunnel4/stunnel.log

 

[proxy]

accept  = 443

connect = 81

TIMEOUTclose = 0

 

Here is the config file for HaProxy -

global

        log 127.0.0.1   local0

        log 127.0.0.1   local1 notice

        maxconn 4096

        user haproxy

        group haproxy

 

defaults

        log     global

        option  httplog

        option  dontlognull

        mode http

        stats enable

        retries 3

        option redispatch

        maxconn 2000

        timeout client 40s   # Client and server timeout must match the
longest

        timeout server 40s   # time we may wait for a response from the
server.

        timeout queue  40s   # Don't queue requests too long if saturated.

        timeout connect 20s   # There's no reason to change this one.

        timeout http-request 30s # A complete request may never take that
long.

 

frontend webfarm_ssl *:81 accept-proxy

       option httpclose

       option forwardfor

       acl is_social hdr_dom(host) -i socialappshq.com

       use_backend socialappshq_ssl if is_social

 

backend socialappshq_ssl

       balance roundrobin

       cookie JSESSIONID prefix

       option httpchk GET /check.txt HTTP/1.0

       server web2 ec2-XX.us-west-1.compute.amazonaws.com:8080 cookie B
check inter 2000 rise 2 fall 3

 

 

What else should I do so that IP address passes from Stunnel to Haproxy?

 

Your help will be extremely appreciated.

 

Thx

Rajat Garg

https://www.socialappshq.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120129/8a5af4b0/attachment.html>


More information about the stunnel-users mailing list