Hi guys,
I am releasing some enhancements to jetty which talks to the stunnel SSL decrypter.
You can now get the remote connection information via this bridge.
---
I have been working on a Startup, using jetty as the webserver. My preference was to offload the SSL component to stunnel .
This has the unfortunate side effect of removing valuable IP connection information.
My code understands the stunnel version of what they call the PROXY protocol. This is a text string that sits on the front of new connections, and relays the end connection details.
---
I've written a Jetty connector, based on the jetty source code ( 8.1.3 ). This parses the PROXY protocol and sets X-FORWARDED-FOR in the headers collection.
I have made the connector in the style of the jetty parsing… a state machine consuming tokens.
There doesn't seem to be a mechanism to reserve state ranges so I just took the lowest jetty state machine value and counted backwards.
If a jetty developer would like to have a look, please do, this attempt was my best-effort at replicating how I perceive you code.
---
If anyone thinks they would find this useful, I have created a launchpad project.
https://launchpad.net/jetty-stunnel-bridge
Apache 2.0 licensed.
Cheers,
Terry Lurie. |