HTTPS & Seaside?
Locked
 
|
Does Seaside support HTTPS (with Squeak)? ---John
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Most often you would put apache or something like nginx infront of seaside to provide ssl, ansd leave seaside to handle http requests. On Apr 25, 2009 12:33 AM, "John Chludzinski" <[hidden email]> wrote: _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by John Chludzinski
Most often you would put apache or something like nginx infront of seaside to provide ssl, ansd leave seaside to handle http requests. On Apr 25, 2009 12:33 AM, "John Chludzinski" <[hidden email]> wrote: _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by John Chludzinski
John Chludzinski wrote:
> Does Seaside support HTTPS (with Squeak)? ---John > > Seaside doesn't know anything (besides the #serverProtocol and #serverPort preference that just outputs 443 and https when generating urls for links) about encryption. This is responsibility of other player, in this case the web server in front of Seaside, like Apache or lighttpd. Configure your web server to use ssl and port 443 and then in your seaside configuration make sure that you use the correct settings and all will be encrypted between web server and users. For example, this is from my root class initialize class method: Main class >> initialize "Nombre de la aplicacion" application := self registerAsApplication: self appName. "Our Custom session class" application preferenceAt: #sessionClass put: CustomSession. "Deployment mode" application preferenceAt: #deploymentMode put: true. "Remove WAStandardFiles library" application removeLibrary: WAStandardFiles. "Session timeout" application preferenceAt: #sessionExpirySeconds put: 20 minutes asSeconds. "Base URL for resources: images, styles, etc" application preferenceAt: #resourceBaseUrl put: self resourcesUrl. "Server Hostname" application preferenceAt: #serverHostname put: self serverHostname. "Server Path" application preferenceAt: #serverPath put: self serverPath. "Server protocol" application preferenceAt: #serverProtocol put: self serverProtocol. "Server port" application preferenceAt: #serverPort put: self serverPort. "Error handler" application preferenceAt: #errorHandler put: self errorHandler. "Configuration for Magma" application configuration addAncestor: WAMagmaConfiguration new. application preferenceAt: #location put: (MagmaRemoteLocation host: self magmaHost port: self magmaPort) And appName ^ 'myapp' serverPath ^ '' serverPort ^ 443 serverProtocol ^ #https serverHostname ^ self productionEnvironment ifTrue: [ 'example.com' ] ifFalse: [ 'dev.example.com' ] and in my lighttpd config, something like (isn't complete): $HTTP["host"] =~ "^www\.(.*)" { # no www for domains url.redirect = ( "^/(.*)" => "<a href="http://%1/$1">http://%1/$1" ) } $HTTP["host"] == "dev.example.com" { $HTTP["scheme"] == "http" { url.redirect = ( "^/(.*)" => "https://dev.example.com/$1" ) } } $SERVER["socket"] == "127.0.1.1:443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/dev.example.com.pem" server.name = "dev.example.com" server.document-root = "/home/miguel/proyectos/example/website/" # We'll use the resources directory to host static files: images, styles, etc # Rewrite the URL url.rewrite-once = ( "^/resources/(.*)" => "$0", # Unaltered "^/about/(.*)" => "$0", # Unaltered "^/(.*)" => "/seaside/myapp$1" # Rewritten ) # Anything with seaside/myapp pass to Seaside on port 8080 proxy.balance = "hash" proxy.server = ( "/seaside/myapp" => ( ( "host" => "127.0.0.1", "port" => 8080) ) ) } If you need more details, I can put the complete config. Cheers, Miguel Cobá > ------------------------------------------------------------------------ > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
This is great! I'd love to see a complete example.
2009/4/24 Miguel Enrique Cobá Martínez <[hidden email]>: > John Chludzinski wrote: >> >> Does Seaside support HTTPS (with Squeak)? ---John >> >> > Seaside doesn't know anything (besides the #serverProtocol and #serverPort > preference that just outputs 443 and https when generating urls for links) > about encryption. > > This is responsibility of other player, in this case the web server in front > of Seaside, like Apache or lighttpd. > > Configure your web server to use ssl and port 443 and then in your seaside > configuration make sure that you use the correct settings and all will be > encrypted between web server and users. > > For example, this is from my root class initialize class method: > > Main class >> initialize > "Nombre de la aplicacion" > application := self registerAsApplication: self appName. > > "Our Custom session class" > application preferenceAt: #sessionClass put: CustomSession. > > "Deployment mode" > application preferenceAt: #deploymentMode put: true. > > "Remove WAStandardFiles library" > application removeLibrary: WAStandardFiles. > > "Session timeout" > application preferenceAt: #sessionExpirySeconds put: 20 minutes > asSeconds. > > "Base URL for resources: images, styles, etc" > application preferenceAt: #resourceBaseUrl put: self resourcesUrl. > > "Server Hostname" > application preferenceAt: #serverHostname put: self serverHostname. > > "Server Path" > application preferenceAt: #serverPath put: self serverPath. > > "Server protocol" > application preferenceAt: #serverProtocol put: self serverProtocol. > > "Server port" > application preferenceAt: #serverPort put: self serverPort. > > "Error handler" > application preferenceAt: #errorHandler put: self errorHandler. > > "Configuration for Magma" > application configuration addAncestor: WAMagmaConfiguration new. > application preferenceAt: #location put: (MagmaRemoteLocation > > host: self magmaHost > > port: self magmaPort) > > And > > > appName > ^ 'myapp' > > serverPath > ^ '' > > serverPort > ^ 443 > > serverProtocol > ^ #https > > serverHostname > ^ self productionEnvironment > ifTrue: [ 'example.com' ] > ifFalse: [ 'dev.example.com' ] > > and in my lighttpd config, something like (isn't complete): > > $HTTP["host"] =~ "^www\.(.*)" { > # no www for domains > url.redirect = ( "^/(.*)" => "<a href="http://%1/$1">http://%1/$1" ) > } > > > $HTTP["host"] == "dev.example.com" { > $HTTP["scheme"] == "http" { > url.redirect = ( "^/(.*)" => "https://dev.example.com/$1" ) > } > } > > $SERVER["socket"] == "127.0.1.1:443" { > ssl.engine = "enable" > ssl.pemfile = "/etc/lighttpd/dev.example.com.pem" > server.name = "dev.example.com" > server.document-root = "/home/miguel/proyectos/example/website/" > > # We'll use the resources directory to host static files: images, styles, > etc > > # Rewrite the URL > url.rewrite-once = ( > "^/resources/(.*)" => "$0", # Unaltered > "^/about/(.*)" => "$0", # Unaltered > "^/(.*)" => "/seaside/myapp$1" # Rewritten > ) > > # Anything with seaside/myapp pass to Seaside on port 8080 > proxy.balance = "hash" > proxy.server = ( > "/seaside/myapp" => ( > ( "host" => "127.0.0.1", "port" => 8080) > ) > ) > } > > If you need more details, I can put the complete config. > > Cheers, > Miguel Cobá > >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by John Chludzinski
I'm a bit of a newbie to this and have been using Comanche (KomHttpServer). I've assumed this was the canonical choice. Saw some references to using Apache as a "frontend" to Comanche. Not sure how that might be done but it make sense that the web server, not the web-app framework (Seaside), provides support for HTTPS. ---John
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Hi!
John Chludzinski wrote: > I'm a bit of a newbie to this and have been using Comanche (KomHttpServer). > I've assumed this was the canonical choice. Saw some references to using > Apache as a "frontend" to Comanche. Not sure how that might be done but it > make sense that the web server, not the web-app framework (Seaside), > provides support for HTTPS. ---John Yes, a typical setup is to use a "regular" web server as a so called "reverse proxy" in front of KomHttpServer. It should be trivially google-able. You can also get load balancing using HAProxy or other solutions, should also be easy to find via Google, I know that Ramon has written about it at onsmalltalk.com. There is also another option if you feel adventurous, although in a state of "alpha" and that is to use Blackfoot: http://map.squeak.org/packagebyname/blackfoot ...my SimpleCGI implementation. I have only tested it so far with Cherokee (awfully fast new webserver with a nice admin UI) and Nginx (another very nice fast webserver, BUT the SCGI support in Nginx needs my patches and they have not been applied by the author in his Mercurial repo yet). Apache and Lighttpd should probably work too, not yet tested. If someone decides to play with Blackfoot+Nginx - mail me! :) The current Blackfoot (its on SM) seems to work quite fine with Seaside BUT I have not yet tested it much at all, like for example file uploads. The whole idea with Blackfoot is to get a faster, cleaner and smaller alternative to KomHttpServer, typically for deployment. regards, Göran _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Göran Krampe wrote:
> Hi! > > John Chludzinski wrote: >> I'm a bit of a newbie to this and have been using Comanche >> (KomHttpServer). >> I've assumed this was the canonical choice. Saw some references to >> using >> Apache as a "frontend" to Comanche. Not sure how that might be done >> but it >> make sense that the web server, not the web-app framework (Seaside), >> provides support for HTTPS. ---John > > Yes, a typical setup is to use a "regular" web server as a so called > "reverse proxy" in front of KomHttpServer. It should be trivially > google-able. You can also get load balancing using HAProxy or other > solutions, should also be easy to find via Google, I know that Ramon has > written about it at onsmalltalk.com. > > There is also another option if you feel adventurous, although in a > state of "alpha" and that is to use Blackfoot: > > http://map.squeak.org/packagebyname/blackfoot > > ...my SimpleCGI implementation. I have only tested it so far with > Cherokee (awfully fast new webserver with a nice admin UI) and Nginx > (another very nice fast webserver, BUT the SCGI support in Nginx needs > my patches and they have not been applied by the author in his Mercurial > repo yet). Apache and Lighttpd should probably work too, not yet tested. Blackfoot it is a very light and concise implemetation of scgi. Because of this it is very fast. I have test it with Seaside and lighttpd and worked pretty well. Very good job, Göran. I tested my app with varios setups: - direct Comanche serving - lighttpd with proxy (proxy to Comanche in port 8080) - lighttpd with FastCGI (from squeaksource) - lighttpd with SCGI (Blackfoot) With Blackfoot I didn't notice any problem with my app. This is a previous version I get from my subversion repo, and maybe don't work exactly as I have modified since those days: $HTTP["host"] == "example.com" { server.document-root = "/srv/www/example.com/" # We'll use the resources directory to host static files: images, styles, etc # Anything else is forward to Seaside with a proxy $HTTP["url"] !~ "/resources/" { proxy.balance = "hash" proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => 8080) ) ) } # Or we can use SCGI # check-local: disable searching the requested file in the document root # and forward the request to the SCGI hosts #$HTTP["url"] !~ "/resources/" { #scgi.server = ( #"" => ( #( "host" => "127.0.0.1", "port" => 4000, "check-local" => "disable") #) #) #} # Or we can use FastCGI # check-local: disable searching the requested file in the document root # and forward the request to the SCGI hosts #$HTTP["url"] !~ "/resources/" { #fastcgi.server = ( #"" => ( #( "host" => "127.0.0.1", "port" => 9000, "check-local" => "disable") #) #) #} } But it can give you an idea. Miguel Cobá > > If someone decides to play with Blackfoot+Nginx - mail me! :) > > The current Blackfoot (its on SM) seems to work quite fine with Seaside > BUT I have not yet tested it much at all, like for example file uploads. > > The whole idea with Blackfoot is to get a faster, cleaner and smaller > alternative to KomHttpServer, typically for deployment. > > regards, Göran > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
«
Return to Seaside General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |