[stunnel-users] Stunnel configuration to forward IP address

Rajat Garg rajat at socialappshq.com
Sun Jan 29 08:51:10 CET 2012



I have done a setup where I am using Stunnel to forward incoming HTTPS
requests to HaProxy. But, I am unable to get IP address at HaProxy level
(determined by looking at logs) - 


Here is the configuration file for Stunnel - 


cert = /etc/stunnel/ssl.crt

key = /etc/apache2/ssl.key/socialappshq.com.key

sslVersion = all

chroot = /var/lib/stunnel4/

setuid = stunnel4

setgid = stunnel4

pid = /stunnel.pid


; Some performance tunings

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1


CAfile = /etc/apache2/ssl.key/ca.pem

output = /var/log/stunnel4/stunnel.log



accept  = 443

connect = 81

TIMEOUTclose = 0


Here is the config file for HaProxy -


        log   local0

        log   local1 notice

        maxconn 4096

        user haproxy

        group haproxy



        log     global

        option  httplog

        option  dontlognull

        mode http

        stats enable

        retries 3

        option redispatch

        maxconn 2000

        timeout client 40s   # Client and server timeout must match the

        timeout server 40s   # time we may wait for a response from the

        timeout queue  40s   # Don't queue requests too long if saturated.

        timeout connect 20s   # There's no reason to change this one.

        timeout http-request 30s # A complete request may never take that


frontend webfarm_ssl *:81 accept-proxy

       option httpclose

       option forwardfor

       acl is_social hdr_dom(host) -i socialappshq.com

       use_backend socialappshq_ssl if is_social


backend socialappshq_ssl

       balance roundrobin

       cookie JSESSIONID prefix

       option httpchk GET /check.txt HTTP/1.0

       server web2 ec2-XX.us-west-1.compute.amazonaws.com:8080 cookie B
check inter 2000 rise 2 fall 3



What else should I do so that IP address passes from Stunnel to Haproxy?


Your help will be extremely appreciated.



Rajat Garg


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120129/8a5af4b0/attachment.html>

More information about the stunnel-users mailing list