thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Simbwa <sim...@gmail.com>
Subject Re: Securing a Thrift Service
Date Sat, 21 Jun 2014 03:07:39 GMT
And don't forget to generate ssl certificates and include them in the nginx
config...

https://library.linode.com/web-servers/nginx/configuration/ssl


On Sat, Jun 21, 2014 at 6:04 AM, Phillip Simbwa <simbwa@gmail.com> wrote:

> Hi Supun,
>
> You could consider running the server behind Nginx as the proxy.
> Then create a vhost configuration for port 443 and proxying to the java
> server port.
>
> Look at this example of nginx proxying for tornado servers (python) on
> port 80 to get an idea.
> https://gist.github.com/didip/802576
>
> For the above gist, just change;
>
> 1. listen 80; to listen 443;
> 2. upstream frontends
>
> # Enumerate all the Tornado servers here
>
> upstream frontends {
>  server 127.0.0.1:8000;
> server 127.0.0.1:8001;
>  server 127.0.0.1:8002;
> server 127.0.0.1:8003;
>  }
>
> to
>
>     upstream frontends {
>         server 127.0.0.1: <port number of your thrift server port>;
>
>
>     }
>
> Then restart nginx and make sure your thrift server is running...
>
> That is it
>
>
>
>
>
> On Fri, Jun 20, 2014 at 10:53 PM, Supun Nakandala <
> supun.nakandala@gmail.com> wrote:
>
>> Hi All,
>>
>> I have a java based thrift server. I want to secure my thrift server using
>> SSL security. I found this blog post[1] which explains how to secure a
>> thrift server and client communication using SSL security. The example
>> uses
>> a java server and a java client. But in my case I want to use a php
>> client.
>> I would appreciate if someone can provide me some pointers on how can I
>> incorporate SSL security to a PHP thrift client.
>>
>> Thank you.
>> Supun
>>
>> [1] -
>> http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/
>>
>
>
>
> --
> - Phillip.
>
> "Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in
> waht
> oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist
> and lsat ltteer are in the rghit pclae.
>  The rset can be a toatl mses  and
> you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed
> ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it
> out aynawy."
>
>


-- 
- Phillip.

"Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht
oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist
and lsat ltteer are in the rghit pclae.
 The rset can be a toatl mses  and
you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed
ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it
out aynawy."

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message