I've been using stunnel with the X-Forwarded-For patch. Is stud preferable to stunnel for some reason?
David -----Original Message----- From: "Brane F. Gračnar" [mailto:brane.grac...@tsmedia.si] Sent: Tuesday, December 13, 2011 1:36 PM To: John Lauro Cc: haproxy@formilux.org Subject: Re: SSL best option for new deployments On 12/13/2011 09:02 PM, John Lauro wrote: > Been using haproxy for some time… but have not used it with SSL yet. > > I do need to preserve the IP address of the original client. So > either transparent (is that possible when going through stunnel or > other and haproxy on the same box), or X-Forwarded-for or similar added. You should probably put stud (https://github.com/bumptech/stud) in front of haproxy. It supports sendproxy protocol from haproxy 1.5, supports ipv6 and scaling out. There's also a patch for sendproxy protocol that pplies to haproxy 1.4. However, you shouldn't be afraid of running haproxy 1.5-devXX, it is really, really very stable. Best regards, Brane