Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-dev] Jetty sitting behind stunnel

Hi guys,

I am releasing some enhancements to jetty which talks to the stunnel SSL decrypter.

You can now get the remote connection information via this bridge.

---

I have been working on a Startup, using jetty as the webserver.  My preference was to offload the SSL component to stunnel .

This has the unfortunate  side effect of removing valuable IP connection information.

My code understands the stunnel version of what they call the PROXY protocol. This is a text string that sits on the front of new connections, and relays the end connection details.

---

I've written a Jetty connector, based on the jetty source code ( 8.1.3 ). This parses the PROXY protocol and sets X-FORWARDED-FOR in the headers collection.

I have made the connector in the style of the jetty parsing… a state machine consuming tokens.

There doesn't seem to be a mechanism to reserve state ranges so I just took the lowest jetty state machine value and counted backwards.

If a jetty developer would like to have a look, please do, this attempt was my best-effort at replicating how I perceive you code.

---

If anyone thinks they would find this useful, I have created a launchpad project.

https://launchpad.net/jetty-stunnel-bridge

Apache 2.0 licensed.


Cheers,

Terry Lurie.

Back to the top