thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Simbwa <sim...@gmail.com>
Subject Re: Securing a Thrift Service
Date Sat, 21 Jun 2014 03:04:23 GMT
Hi Supun,

You could consider running the server behind Nginx as the proxy.
Then create a vhost configuration for port 443 and proxying to the java
server port.

Look at this example of nginx proxying for tornado servers (python) on port
80 to get an idea.
https://gist.github.com/didip/802576

For the above gist, just change;

1. listen 80; to listen 443;
2. upstream frontends

# Enumerate all the Tornado servers here

upstream frontends {
server 127.0.0.1:8000;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
server 127.0.0.1:8003;
}

to

    upstream frontends {
        server 127.0.0.1: <port number of your thrift server port>;

    }

Then restart nginx and make sure your thrift server is running...

That is it





On Fri, Jun 20, 2014 at 10:53 PM, Supun Nakandala <supun.nakandala@gmail.com
> wrote:

> Hi All,
>
> I have a java based thrift server. I want to secure my thrift server using
> SSL security. I found this blog post[1] which explains how to secure a
> thrift server and client communication using SSL security. The example uses
> a java server and a java client. But in my case I want to use a php client.
> I would appreciate if someone can provide me some pointers on how can I
> incorporate SSL security to a PHP thrift client.
>
> Thank you.
> Supun
>
> [1] -
> http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/
>



-- 
- Phillip.

"Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht
oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist
and lsat ltteer are in the rghit pclae.
 The rset can be a toatl mses  and
you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed
ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it
out aynawy."

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message