[stunnel-users] xforwardedfor in config

Brian Hatch bri at stunnel.org
Sat Feb 2 22:13:32 CET 2008


Around 2008-01-31 16:58 -0500, Jill Rochelle growled:

> I am new to stunnel and the ssl world.  I'm trying to get stunnel to work
> with haproxy for load balancing https requests.  In the haproxy
> documentation it says that the stunnel.conf should look like this
> 
>     cert=/etc/stunnel/stunnel.pem
>     setuid=stunnel
>     setgid=proxy
>  
>     socket=l:TCP_NODELAY=1
>     socket=r:TCP_NODELAY=1
>  
>     [https]
>     accept=192.168.1.1:443
>     connect=192.168.1.1:80
>     xforwardedfor=yes

You're probably reading documentation from someone who's patched
stunnel to support X-Forwarded-For.

Quick google finds the following in some haproxy documentation
above a snippet like yours:


"By default, stunnel does not process HTTP and does not add any
 X-Forwarded-For header, but there is a patch on the official
 haproxy site to provide this feature to recent stunnel versions."

I'd suggest you find and apply that patch if that's the road 
down which you wish to go.

-- 
Brian Hatch                  What's the best remote
   Systems and                administration tool for
   Security Engineer          Microsoft Windows?
http://www.ifokr.org/bri/    A car.

Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080202/861515ba/attachment.sig>


More information about the stunnel-users mailing list