Hello, I'd like to use a proxy in front of Jetty for HTTP and HTTPS which merely proxies the TCP/IP stream. But I'd like to know the original client address.
HAProxy has defined a "PROXY protocol" [0] which adds a small header at the beginning of the connection. I don't think Jetty supports it, but looking at the code, it should be possible to write something which uses a similar technique to org.eclipse.jetty.io.ssl.SslConnection to intercept the stream, remove the header, passing on the rest of the data and make the client address available to code in the request handler. Before I write some code, I wonder if anyone can spot any flaws in my plan: * Is SslConnection the right thing to model this on? * What's the best way of configuring the server to use it? (I'm creating the server programatically rather than using the XML configuration.) * Why is the code to find the NPN extension in the SSL ClientHello for SPDY implemented as a .jar file you have to preload to override the platform SSL classes, rather than getting SslConnection to decode the ClientHello before passing it on to the Java SSLEngine? (which would also is a nice opportunity to implement SNI) Is there a disadvantage to this style of implementation? Thanks, Ben [0] http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
