stunnel secure access to seaside on Windows Server 2003 (IIS 6)
Locked
stunnel secure access to seaside on Windows Server 2003 (IIS 6)
 
|
Hello all,
This is my first post to this list and I am not an expert on either squeak, seaside or server administration, but I did some research before posting, so please bear with me :) I did a setup of the "one-click" version of squeak seaside on my home SBS server. I found a nice post about the headless setup as a service and got to the point that I can access my seaside from my client computers behind the Windows Server firewall (my intranet). Now I would like to allow (mostly myself) to access the seaside site from outside the firewall as well similar to my main website and other services. Just allowing port 8080 to go through the firewall seemed a bit risky as all information to and from seaside is unencrypted (right??), although i did setup a separate user for seaside with minimal rights and the service is running seaside under that account. My original idea was to use stunnel, similar to how I allow smtps to my server: Basically I setup stunnel to accept secure connections on some port and forward it to 8080 which seaside is listening to. That works for the initial pages nicely, but when I am following links like "examples" seaside (or some part of the package) replaces the https: in the URL again with an http. I found that under Configure I can set https and a port, but I am confused as the default port there is 80 and not the 8080 that the server is actually responding to. And by default nothing is configured there but the links work nicely from the intranet. I also found an old post that was talking about using apache as a true proxy server, but that seems a bit overkill, as the seaside server quite nicely remembers a port that I specify in my original URL and remembers the hostname as well, so I am hoping that I am just missing something and can easily make it remember the "https:" from my first request URL as well. So here are my questions: - Is there a "configuration how to" that I missed when browsing the site? - Or is there a way to actually search the previous posts about seaside (I can read the archives, but I haven't figured out how to search with gmane or pipermail. - Or can somebody tell me the little trick that I need to achive what I want (I hope my post is not too convoluted, I am not a native eglish speaker and may be put too much information in this). - Or can somebody give me a hint where to look for the URL generation in the code. I haven't searched yet as I am still trying to grasp basics of Pier and some more of Squeak itself. Best Regards Rainer Keller - in search for the ultimate software platform to replace my index cards with... _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: stunnel secure access to seaside on Windows Server 2003 (IIS 6)
|
|
Hi Rainer,
I only know answer to one of your queries. >Or is there a way to actually search the previous posts about >seaside (I can read the archives, but I haven't figured out how to >search with gmane or pipermail. http://www.nabble.com/Squeak-f14152.html There you can search Mailing list archives of Squeak/Seaside and other related stuffs HTH, Rajeev On Jan 6, 2008 1:50 AM, Rainer Keller <[hidden email]> wrote: Hello all, -- Rajeev Lochan Co-founder, AR-CAD.com http://www.ar-cad.com +91 9243468076 (Bangalore) 080 65355873 _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: stunnel secure access to seaside on Windows Server 2003 (IIS 6)
|
|
In reply to this post by driverwriter
2008/1/5, Rainer Keller <[hidden email]>:
> Hello all, > > This is my first post to this list and I am not an expert on either > squeak, seaside or server administration, but I did some research > before posting, so please bear with me :) > > I did a setup of the "one-click" version of squeak seaside on my home > SBS server. I found a nice post about the headless setup as a service > and got to the point that I can access my seaside from my client > computers behind the Windows Server firewall (my intranet). > > Now I would like to allow (mostly myself) to access the seaside site > from outside the firewall as well similar to my main website and other > services. Just allowing port 8080 to go through the firewall seemed a > bit risky as all information to and from seaside is unencrypted > (right??), although i did setup a separate user for seaside with > minimal rights and the service is running seaside under that account. Right, all traffic in unencrypted, this includes forms and passwords. > My original idea was to use stunnel, similar to how I allow smtps to > my server: > Basically I setup stunnel to accept secure connections on some port > and forward it to 8080 which seaside is listening to. That works for > the initial pages nicely, but when I am following links like > "examples" seaside (or some part of the package) replaces the https: > in the URL again with an http. Seaside itself is no webserver, it can not do https. These settings are only for the urls generated by Seaside, eg. the <a href="" stuff in the html. They do not affed the web server in any way. You'd need them for example if you run Seaside behind some proxies for example. > I found that under Configure I can set https and a port, but I am > confused as the default port there is 80 and not the 8080 that the > server is actually responding to. And by default nothing is configured > there but the links work nicely from the intranet. > > I also found an old post that was talking about using apache as a true > proxy server, but that seems a bit overkill, as the seaside server > quite nicely remembers a port that I specify in my original URL and > remembers the hostname as well, so I am hoping that I am just missing > something and can easily make it remember the "https:" from my first > request URL as well. IMHO using a reverse proxy is the way to go. Most people use Apache so you'll naturally find most information about it. However since you already have a webserver (IIS) installed, I'd rather use this one as a reverse proxy than install an other one. Cheers Philippe > So here are my questions: > - Is there a "configuration how to" that I missed when browsing the > site? > - Or is there a way to actually search the previous posts about > seaside (I can read the archives, but I haven't figured out how to > search with gmane or pipermail. > - Or can somebody tell me the little trick that I need to achive what > I want (I hope my post is not too convoluted, I am not a native eglish > speaker and may be put too much information in this). > - Or can somebody give me a hint where to look for the URL generation > in the code. I haven't searched yet as I am still trying to grasp > basics of Pier and some more of Squeak itself. > > Best Regards > Rainer Keller > - in search for the ultimate software platform to replace my index > cards with... > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
RE: stunnel secure access to seaside on Windows Server 2003(IIS 6)
|
|
> IMHO using a reverse proxy is the way to go. Most people use
> Apache so you'll naturally find most information about it. > However since you already have a webserver (IIS) installed, > I'd rather use this one as a reverse proxy than install an other one. > > Cheers > Philippe IIS, as a reverse proxy, LMAO, haven't used IIS much I see. See http://onsmalltalk.com/programming/smalltalk/running-seaside-apache-and-iis- on-windowsxp/, save yourself some effort, and just install Apache, IIS sucks. Apache can reverse proxy to IIS for anything that requires IIS. Ramon Leon http://onsmalltalk.com _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: stunnel secure access to seaside on Windows Server 2003 (IIS 6)
|
|
In reply to this post by Rajeev Lochan
Thank you very much !
- Rainer On Jan 6, 2008, at 8:57 AM, Rajeev Lochan wrote: Hi Rainer, _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: stunnel secure access to seaside on Windows Server 2003 (IIS 6)
|
|
In reply to this post by Philippe Marschall
Seaside itself is no webserver, it can not do https. These settings My current guess is that Seaside always generates http:// even if the original request came in as https:// But I am really a newbie in this, I will poke around in the code and get a better uderstanding before bugging people more :) IMHO using a reverse proxy is the way to go. Most people use Apache so Yes, I had read about that as well. And I had found comments similar to what Ramon posted in his reply ;) And I had looked through the IIS configuration pages. From my googling and poking around it seems that IIS is not a proxy server. You need to have ISA installed to get that. And ISA got too interfering with the access for my local clients, so I uninstalled it again. I just prefer to have as simple a server setup as possible, so I rather won't mess with adding apache on top of IIS. From what I understand stunnel is giving me what I need in regards to security. If I can figure out how to have seaside leave the https intact when generating URLs I thik I am set. And I might even not be the only one who would like that, I can imagine other people would like to be able to do a simple secure seaside configuration for their little home networks as well. I found a post on the seaside pages that looked interesting: In the FAQ is a entry about "How do I get the requester's IP address?". That apears to me a good starting point to find what seaside knows about incoming requests, right? And this means that the actual web servers in front of seaside are Korn, Swazoo or WebKit, right? Thanks for your answer! - Rainer
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
«
Return to Seaside General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |