[stunnel-users] stunnel x forwarded not working

Janusz Dziemidowicz rraptorr at nails.eu.org
Tue Nov 5 10:04:19 CET 2013

2013/11/5 Libindas <libindas at gmail.com>:
> Hi all,
> We are facing problem with stunnel + HAproxy + Tomcat
> Client -----> Stunnel-----> HAProxy----> Tomcat { I need get client IP in
> Tomcat Servers}
> I have compiled(stunnel-4.32 + stunnel-4.32-xforwarded-for.diff) and
> installed but not working.

First, a warning, X-Forwarded-For stunnel patch is ugly, hackish and
not supported by stunnel author (it was written by someone else).

As for things that you might check:
- you must enable it in stunnel.conf
- you must make sure that X-Forwarded-For is properly passed by
haproxy and not replaced and/or removed
- you must make sure that HTTP keep-alive is disabled, this patch will
not work with keep-alive
- this patch is broken on older stunnel versions (it appears to work
but simply fails for some requests), I am not sure about 4.32 but
upgrading to the latest stunnel version is advisable

Janusz Dziemidowicz

More information about the stunnel-users mailing list