[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Xavante webserver bugfix
- From: Jeff Sheets <jeff.sheets@...>
- Date: Mon, 23 Jan 2006 11:36:56 -0600
On Mon, 2006-01-23 at 07:07 -0500, Javier Guerra wrote:
> On Monday 23 January 2006 4:59 am, Jeff Sheets wrote:
> > Okay, just spent an hour or two reading up on it. Transparent proxying
> > in stunnel will only work if (a) you can run the server in local mode
> > with stunnel, which I don't think Xavante supports (correct me if I'm
>
> care to describe this "local mode"?
Stunnel's local mode is, I believe, similar to inetd. Stunnel acts as
the actual server, loading and executing whatever backend stunnel is
serving as a TLS layer for. So...
--------
When no clients are connected, stunnel is running, listening to the
appropriate host/port. Xavante is not running.
When a client connects to the computer, stunnel begins the TLS handshake
procedure and starts up Xavante. stunnel will expect one of two things,
depending on its configuration. Either (a) Xavante will react in the
same way as if it had been run by the inetd daemon, or (b) stunnel will
create a new pseudo-terminal and run Xavante in that tty. Xavante will
take all its input from stdin and send all output to stdout.
--------
However, stunnel is not ideal since it requires extra overhead for every
connection, by causing the entire set of lua code to be loaded every
connection. The second configuration, where stunnel communicates to its
backend with a pseudo-terminal, is especially unsuitable, since it will
have no information on the actual socket used.
Ultimately, though I may be wrong, I think it would be much better if
SSL wrapped sockets were available as a module that can be added to
luaSocket.
--
JJS
"If Ignorance is Bliss, I'll take the Pain."
