8

Thrift provides several different non-blocking server models, like TNonblockingServer, THsHaServer, and TThreadedSelectorServer. But, I'd like to enable SSL on the server. It seems SSL only works on blocking servers in Thrift.

Anyone has any clues of a non-blocking SSL server in Thrift? Java example would be highly appreciated.

Sam
  • 86,580
  • 20
  • 181
  • 179
ruichuan
  • 141
  • 1
  • 3
  • Great question, I'm also interested in this. – dyross Jun 10 '14 at 01:54
  • It says that thrift server is not supporting ssl in non blocking mode. look at this [test class](https://github.com/apache/thrift/blob/master/lib/java/test/org/apache/thrift/test/TestServer.java#L152) – lakshman Jun 10 '14 at 12:21

1 Answers1

4

One alternative to worrying about SSL in your Java App is to stand up something like nginx (http://wiki.nginx.org/SSL-Offloader) as a reverse proxy.

This has the upside of your application not needing to care about SSL but does require one more layer in your stack.

Clients will connect to the nginx server instead of directly to your client and nginx will forward those connections to your Thrift server.

You don't necessarily need two different servers for this approach, just configure your Thrift server to only listen on localhost (127.0.0.1 for ipv4) and have nginx listen on your external interfaces and forward to localhost.

Edit: client -> server in last paragraph

Bryan
  • 963
  • 4
  • 8
  • How would that work? The client still needs an SSL layer under the frame socket. – Navin Dec 27 '14 at 13:38
  • The question was specific to server-side. Based on the thrift doc, it appears that client-side ssl as a transport is already provided via the TSSLSocketFactory – Bryan Jan 08 '15 at 04:49
  • Ah, I see what you mean. – Navin Jan 08 '15 at 05:32