Re: [jetty-dev] Jetty sitting behind stunnel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] Jetty sitting behind stunnel

From: Greg Wilkins <gregw@xxxxxxxxxxx>
Date: Thu, 7 Mar 2013 10:43:06 +1100
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

Hey Terry,

This sounds interesting, but unfortunately for you I think most of the
jetty developers brains have moved onto jetty-9, so the way we do
things in the IO layers is a bit different now.   Happy to advise you
on how to update for jetty-9 when the time comes.

Do you know if stunnel can support NPN?   If it can then it may be a
great optimization for handling SPDY connections and then you'll get
even more iterest.


cheers






On 11 February 2013 00:53, Terry Lurie <terry@xxxxxxxxxxxxxx> wrote:
> Hi guys,
>
> I am releasing some enhancements to jetty which talks to the stunnel SSL
> decrypter.
>
> You can now get the remote connection information via this bridge.
>
> ---
>
> I have been working on a Startup, using jetty as the webserver.  My
> preference was to offload the SSL component to stunnel .
>
> This has the unfortunate  side effect of removing valuable IP connection
> information.
>
> My code understands the stunnel version of what they call the PROXY
> protocol. This is a text string that sits on the front of new connections,
> and relays the end connection details.
>
> ---
>
> I've written a Jetty connector, based on the jetty source code ( 8.1.3 ).
> This parses the PROXY protocol and sets X-FORWARDED-FOR in the headers
> collection.
>
> I have made the connector in the style of the jetty parsing… a state machine
> consuming tokens.
>
> There doesn't seem to be a mechanism to reserve state ranges so I just took
> the lowest jetty state machine value and counted backwards.
>
> If a jetty developer would like to have a look, please do, this attempt was
> my best-effort at replicating how I perceive you code.
>
> ---
>
> If anyone thinks they would find this useful, I have created a launchpad
> project.
>
> https://launchpad.net/jetty-stunnel-bridge
>
> Apache 2.0 licensed.
>
>
> Cheers,
>
> Terry Lurie.
>
> _______________________________________________
> jetty-dev mailing list
> jetty-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>



-- 
Greg Wilkins <gregw@xxxxxxxxxxx>
http://www.webtide.com
Developer advice and support from the Jetty & CometD experts.
Intalio, the modern way to build business applications.

References:
- [jetty-dev] Jetty sitting behind stunnel
  - From: Terry Lurie

Prev by Date: [jetty-dev] Jetty 9.0.0 staged
Next by Date: Re: [jetty-dev] Jetty 9.0.0 staged
Previous by thread: [jetty-dev] Jetty sitting behind stunnel
Next by thread: [jetty-dev] disable expect continue support
Index(es):
- Date
- Thread

Breadcrumbs