There is no patch "required" to use Stunnel with HAProxy, regardless of the OS (i myself use the stunel and haproxy packages on several ubuntu servers).<div><br></div><div>The "patch" most people talk about in relation to stunnel and haproxy was to fix the issue where stunnel does not pass the originating IP address of the client (X-forwarded-for header) but that has been mostly take care of in recent versions by using the "PROXY" protocol, and really is only necessary if you need to track the originating https client IP address.</div>
<div><br></div><div>Hope this helps,</div><div>Mit</div><div><br></div><div><br><div class="gmail_quote">On Wed, Nov 23, 2011 at 4:07 PM, Thomas Manson <span dir="ltr"><<a href="mailto:thomas@123monsite.com">thomas@123monsite.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi,<div><br></div><div>I'm willing to use this kind of configuration :</div><div><br></div><div>https client -->stunnel --> haproxy --> 2 web servers in http (or more)</div>
<div><br></div><div>I've understand that haproxy can't handle the ssl part, that's why stunnel is needed.</div>
<div><br></div><div>I've read that a Patch is required for stunnel to work with haproxy in this kind of confirmation</div><div><br></div><div>"<span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">I run stunnel 4.32 with patch from�</span><a href="http://haproxy.1wt.eu/download/patches/" style="background-color:rgb(255,255,255);color:rgb(0,0,204);font-family:arial,sans-serif;font-size:13px" target="_blank">http://haproxy.1wt.eu/download/patches/</a><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">�on port 443 and forward it to port 81 on the same machine which is bound to haproxy."</span></div>
<div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">Can anyone tell me if this patch is now included in stunnel,�</span></div>
<div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">in particular, does Ubuntu 11.10 include it ?�</span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">I really would rather stay with package provided �by ubuntu in order to have easy upgrade/security fix.</span></div>
<div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">I've experiences the work overload of manually compiling everything in Apache for instance ;)</span></div><div>
<span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">Any advices on this kind of setup ? documentation pointers? best practices ?�</span></div>
<div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">Regards,</span></div>
<div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">Thomas.</span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px">here is the current package version on ubuntu 11.10</span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="background-color:rgb(255,255,255)"><div><font face="'courier new', monospace">thomas@daisybox:~/Documents$ aptitude show stunnel4</font></div>
<div><font face="'courier new', monospace">Package: stunnel4 � � � � � � � � � � � �</font></div><div><font face="'courier new', monospace">New: yes</font></div><div><font face="'courier new', monospace">State: not installed</font></div>
<div><font face="'courier new', monospace">Version: 3:4.35-2build1</font></div><div><font face="'courier new', monospace">Priority: optional</font></div><div><font face="'courier new', monospace">Section: universe/net</font></div>
<div><font face="'courier new', monospace">Maintainer: Ubuntu Developers <<a href="mailto:ubuntu-devel-discuss@lists.ubuntu.com" target="_blank">ubuntu-devel-discuss@lists.ubuntu.com</a>></font></div><div><font face="'courier new', monospace">Uncompressed Size: 541 k</font></div>
<div><font face="'courier new', monospace">Depends: libc6 (>= 2.11), libssl1.0.0 (>= 1.0.0), libwrap0 (>= 7.6-4~), openssl, netbase, perl-modules</font></div><div><font face="'courier new', monospace">PreDepends: adduser</font></div>
<div><font face="'courier new', monospace">Suggests: logcheck-database</font></div><div><font face="'courier new', monospace">Conflicts: stunnel4</font></div><div><font face="'courier new', monospace">Breaks: stunnel (< 3:4.20-3), stunnel (< 3:4.20-3)</font></div>
<div><font face="'courier new', monospace">Replaces: stunnel, stunnel</font></div><div><font face="'courier new', monospace">Provides: stunnel</font></div><div><font face="'courier new', monospace">Description: Universal SSL tunnel for network daemons</font></div>
<div><font face="'courier new', monospace">�The stunnel program is designed to work �as �SSL �encryption wrapper between remote client and local (inetd-startable) or remote server. The concept is that having non-SSL</font></div>
<div><font face="'courier new', monospace">�aware daemons running �on �your �system you can easily setup them to communicate with clients over secure SSL channel.�</font></div><div><font face="'courier new', monospace">�</font></div>
<div><font face="'courier new', monospace">�stunnel can be used to add �SSL �functionality �to �commonly used �inetd �daemons �like �POP-2, �POP-3 �and �IMAP servers without any changes in the programs' code.�</font></div>
<div><font face="'courier new', monospace">�</font></div><div><font face="'courier new', monospace">�This package contains a wrapper script for compatibility with stunnel 3.x</font></div><div><font face="'courier new', monospace">Homepage: <a href="http://www.stunnel.org/" target="_blank">http://www.stunnel.org/</a></font></div>
<div><font face="'courier new', monospace"><br></font></div><div><font face="'courier new', monospace">thomas@daisybox:~/Documents$ aptitude show stunnel</font></div><div><font face="'courier new', monospace">No current or candidate version found for stunnel</font></div>
<div><font face="'courier new', monospace">Package: stunnel</font></div><div><font face="'courier new', monospace">State: not a real package</font></div><div><font face="'courier new', monospace">Provided by: stunnel4</font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div></span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px"><br></span></div>
<br>_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="http://stunnel.mirt.net/mailman/listinfo/stunnel-users" target="_blank">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><span style="font-family:arial, sans-serif;font-size:13px;border-collapse:collapse"><span style="color:gray">Will 'Mit' Rowe<br>Stagename</span><i><br>
</i><span style="color:rgb(153, 153, 153)">1-866-326-3098</span><br><span style="color:rgb(153, 153, 153)"><a href="mailto:josh@stagename.com" style="color:rgb(42, 93, 176)" target="_blank">mit@stagename.com</a></span><br style="color:rgb(153, 153, 153)">
<span style="color:rgb(153, 153, 153)"><a href="http://www.stagename.com/" style="color:rgb(42, 93, 176)" target="_blank">www.stagename.com</a></span><br><span style="color:rgb(153, 153, 153)">Twitter: @stagename</span><br style="color:rgb(153, 153, 153)">
<br style="color:rgb(153, 153, 153)"><span style="font-size:8pt;color:rgb(153, 153, 153)"></span><i><span style="font-size:8pt;color:gray">The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this transmission in error, please contact the sender and delete all material contained herein from your computer.</span></i><span style="font-size:8pt;color:gray"></span>�</span><br>
</div>