I am new to stunnel and the ssl world. I'm trying to get stunnel to work with haproxy for load balancing https requests. In the haproxy documentation it says that the stunnel.conf should look like this
cert=/etc/stunnel/stunnel.pem setuid=stunnel setgid=proxy
socket=l:TCP_NODELAY=1 socket=r:TCP_NODELAY=1
[https] accept=192.168.1.1:443 connect=192.168.1.1:80 xforwardedfor=yes
However, when I try to start the stunnel service I get this
Starting stunnel: file /etc/stunnel/stunnel.conf line 9: Specified option name is not valid here
If I comment out the xforwardedfor parameter, it starts.
Any help is greatly appreciated.
Thank you,
Jill Rochelle
Around 2008-01-31 16:58 -0500, Jill Rochelle growled:
I am new to stunnel and the ssl world. I'm trying to get stunnel to work with haproxy for load balancing https requests. In the haproxy documentation it says that the stunnel.conf should look like this
cert=/etc/stunnel/stunnel.pem setuid=stunnel setgid=proxy socket=l:TCP_NODELAY=1 socket=r:TCP_NODELAY=1 [https] accept=192.168.1.1:443 connect=192.168.1.1:80 xforwardedfor=yes
You're probably reading documentation from someone who's patched stunnel to support X-Forwarded-For.
Quick google finds the following in some haproxy documentation above a snippet like yours:
"By default, stunnel does not process HTTP and does not add any X-Forwarded-For header, but there is a patch on the official haproxy site to provide this feature to recent stunnel versions."
I'd suggest you find and apply that patch if that's the road down which you wish to go.
Yeah ... It was an HAProxy patch for stunnel ... thanks!
-----Original Message----- From: Brian Hatch [mailto:bri@stunnel.org] Sent: Saturday, February 02, 2008 4:14 PM To: Jill Rochelle Cc: stunnel-users@mirt.net Subject: Re: [stunnel-users] xforwardedfor in config
Around 2008-01-31 16:58 -0500, Jill Rochelle growled:
I am new to stunnel and the ssl world. I'm trying to get stunnel to work with haproxy for load balancing https requests. In the haproxy documentation it says that the stunnel.conf should look like this
cert=/etc/stunnel/stunnel.pem setuid=stunnel setgid=proxy socket=l:TCP_NODELAY=1 socket=r:TCP_NODELAY=1 [https] accept=192.168.1.1:443 connect=192.168.1.1:80 xforwardedfor=yes
You're probably reading documentation from someone who's patched stunnel to support X-Forwarded-For.
Quick google finds the following in some haproxy documentation above a snippet like yours:
"By default, stunnel does not process HTTP and does not add any X-Forwarded-For header, but there is a patch on the official haproxy site to provide this feature to recent stunnel versions."
I'd suggest you find and apply that patch if that's the road down which you wish to go.
-
Brian Hatch -
Jill Rochelle