Permalink
Browse files

Merge pull request #113 from zenazn/master

Better PROXY support and SNI
  • Loading branch information...
2 parents 84797cc + b09da7e commit 0b8803948120c8034f446fc1dfd28c246e6fadc3 Jamie Turner committed Aug 10, 2012
Showing with 455 additions and 212 deletions.
  1. +13 −4 README.md
  2. +110 −71 configuration.c
  3. +7 −1 configuration.h
  4. +14 −15 shctx.c
  5. +311 −121 stud.c
View
@@ -19,9 +19,11 @@ maxmium connection behavior, availability of service, etc.
`stud` will optionally write the client IP address as the first few octets
(depending on IPv4 or IPv6) to the backend--or provide that information
-using HAProxy's PROXY protocol. In this way, backends who care about the
-client IP can still access it even though `stud` itself appears to be the
-connected client.
+using HAProxy's PROXY protocol. When used with the PROXY protocol, `stud` can
+also transparently pass an existing PROXY header to the cleartext stream. This
+is especially useful if a TCP proxy is used in front of `stud`. Using either of
+these techniques, backends who care about the client IP can still access it even
+though `stud` itself appears to be the connected client.
Thanks to a contribution from Emeric at Exceliance (the folks behind HAProxy),
a special build of `stud` can be made that utilitizes shared memory to
@@ -81,7 +83,11 @@ Usage
-----
The only required argument is a path to a PEM file that contains the certificate
-(or a chain of certificates) and private key.
+(or a chain of certificates) and private key. If multiple certificates are
+given, `stud` will attempt to perform SNI (Server Name Indication) on new
+connections, by comparing the indicated name with the names on each of the
+certificates, in order. The first certificate that matches will be used. If none
+of the certificates matches, the last certificate will be used as the default.
Detail about the entire set of options can be found by invoking `stud -h`:
@@ -129,6 +135,9 @@ Detail about the entire set of options can be found by invoking `stud -h`:
--write-proxy Write HaProxy's PROXY (IPv4 or IPv6) protocol line
before actual data
(Default: off)
+ --proxy-proxy Proxy HaProxy's PROXY (IPv4 or IPv6) protocol line
+ before actual data
+ (Default: off)
-t --test Test configuration and exit
-V --version Print program version and exit
Oops, something went wrong.

0 comments on commit 0b88039

Please sign in to comment.