thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Supun Nakandala <supun.nakand...@gmail.com>
Subject Re: Securing a Thrift Service
Date Sat, 21 Jun 2014 15:34:29 GMT
Hi Phillip,

Thank you very much for your response. But I am still not sure what are the
code changes that I should do in the thrift client. How do I add the server
certificate to the client for server validation. What is the protocol that
I should use. I would appreciate if you can provide me some sample php
client code.


On Sat, Jun 21, 2014 at 8:37 AM, Phillip Simbwa <simbwa@gmail.com> wrote:

> And don't forget to generate ssl certificates and include them in the nginx
> config...
>
> https://library.linode.com/web-servers/nginx/configuration/ssl
>
>
> On Sat, Jun 21, 2014 at 6:04 AM, Phillip Simbwa <simbwa@gmail.com> wrote:
>
> > Hi Supun,
> >
> > You could consider running the server behind Nginx as the proxy.
> > Then create a vhost configuration for port 443 and proxying to the java
> > server port.
> >
> > Look at this example of nginx proxying for tornado servers (python) on
> > port 80 to get an idea.
> > https://gist.github.com/didip/802576
> >
> > For the above gist, just change;
> >
> > 1. listen 80; to listen 443;
> > 2. upstream frontends
> >
> > # Enumerate all the Tornado servers here
> >
> > upstream frontends {
> >  server 127.0.0.1:8000;
> > server 127.0.0.1:8001;
> >  server 127.0.0.1:8002;
> > server 127.0.0.1:8003;
> >  }
> >
> > to
> >
> >     upstream frontends {
> >         server 127.0.0.1: <port number of your thrift server port>;
> >
> >
> >     }
> >
> > Then restart nginx and make sure your thrift server is running...
> >
> > That is it
> >
> >
> >
> >
> >
> > On Fri, Jun 20, 2014 at 10:53 PM, Supun Nakandala <
> > supun.nakandala@gmail.com> wrote:
> >
> >> Hi All,
> >>
> >> I have a java based thrift server. I want to secure my thrift server
> using
> >> SSL security. I found this blog post[1] which explains how to secure a
> >> thrift server and client communication using SSL security. The example
> >> uses
> >> a java server and a java client. But in my case I want to use a php
> >> client.
> >> I would appreciate if someone can provide me some pointers on how can I
> >> incorporate SSL security to a PHP thrift client.
> >>
> >> Thank you.
> >> Supun
> >>
> >> [1] -
> >>
> http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/
> >>
> >
> >
> >
> > --
> > - Phillip.
> >
> > "Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in
> > waht
> > oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the
> frist
> > and lsat ltteer are in the rghit pclae.
> >  The rset can be a toatl mses  and
> > you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed
> > ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it
> > out aynawy."
> >
> >
>
>
> --
> - Phillip.
>
> "Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in
> waht
> oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist
> and lsat ltteer are in the rghit pclae.
>  The rset can be a toatl mses  and
> you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed
> ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it
> out aynawy."
>



-- 
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message