[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Xavante webserver bugfix
- From: Jeff Sheets <jeff.sheets@...>
- Date: Mon, 23 Jan 2006 03:59:27 -0600
On Mon, 2006-01-23 at 03:05 -0600, Jeff Sheets wrote:
> > Have you tried stunnel's "transparent proxy mode"?
> >
> > "Re-write address to appear as if wrapped daemon is connecting from
> > the SSL client machine instead of the machine running stunnel."
> >
> > http://www.stunnel.org/faq/stunnel.html#servicelevel_options
>
> Yes, I have. However, it didn't work for me. Though it is possible my
> linux box isn't quite correctly configured for it... I'll look into it
> further.
>
> Regardless, I still think it would be a good idea if SSL was available
> in the luaSocket library. I'd start working on it myself, but I've got
> a number of other projects at the moment, so I can't immediately spare
> the time. :)
Okay, just spent an hour or two reading up on it. Transparent proxying
in stunnel will only work if (a) you can run the server in local mode
with stunnel, which I don't think Xavante supports (correct me if I'm
wrong), or (b) if you have an additional computer with a transparent
proxy running your stunnel, with your Xavante server running behind the
proxy. Everything else I've read indicates that it won't work any other
way.
To actually get the IP addresses accross a SSL/TLS connection, the best
solution would be integrated SSL support in, or an additional module
that seamlessley integrates with, luaSocket. Maybe if I get time I'll
start working on it.
--
JJS
"If Ignorance is Bliss, I'll take the Pain."