mod_wasm: v0.12.0 release

2023-05-30 Thread Jesús González 
Hola,

We just released mod_wasm 
v0.12.0!

This new version introduces a new directive, WasmMapCGIFileNames, providing the 
ability to configure CGI applications using custom guest directories, 
eliminating the need for both the host and the guest to use the same paths. It 
also normalizes SCRIPT_FILENAME to use Unix-like forward slashes. This feature 
is particularly helpful when setting up Windows applications, as it allows for 
the use of paths that may not be compatible in Windows (with backslashes and 
drive letters).

Looking forward to your feedback.

Cheers,
Jesús

Re: mod_wasm: Contributing Upstream to Apache

2023-05-30 Thread José Carlos Chávez 
I think not making WASM a first class concern in a proxy or server is missing 
out, more so in those platforms where extensibility isn't trivial. Apache will 
remain running in current setups but having limited extensibility is something 
concerning these days as systems are getting more and more complex. Writing an 
apache module isn't something you do every day and it probably takes quite some 
time, writing a wasm app following certain ABI is something you can do in 
minutes, hence supporting mod_wasm as a first class concern could be a good 
point in the sustainability of an ecosystem when it comes to moving forward out 
of the status quo.

On 2022/11/14 06:37:34 Jesús González wrote:
> Hi everyone,
> 
> 
> 
> I’m Jesús González, and I am part of VMware’s Wasm Labs: 
> wasmlabs.dev, a group focused on creating open source 
> tools for WebAssembly.
> 
> We have created mod_wasm, an Apache module for running WebAssembly binaries 
> inside httpd, and we would like to contribute it upstream. Please see below 
> for more details. We would love to get your feedback and understand what 
> improvements would be needed (if any) before it could be considered for 
> contribution to the project.
> 
> 
> 
> 
> 
> The details:
> 
> 
> 
> WebAssembly (Wasm) is a new binary instruction 
> format that is open, portable, efficient, secure, and polyglot. It originated 
> in the browser but is increasingly used in server applications, in particular 
> NGINX, Apache APISIX, Istio provide Wasm-based plugin support (i.e.: 
> https://apisix.apache.org/docs/apisix/wasm/).
> 
> 
> 
> mod_wasm is a way to run WebAssembly modules inside Apache Server. This is 
> similar to how mod_php embeds a PHP runtime to run PHP code. This enables any 
> language that supports WebAssembly (including C++, Rust, Go but also Python, 
> PHP, Ruby) to run with mod_wasm and take advantage of the extra level of 
> security and sandboxing. To learn more about mod_wasm you can check out the 
> following resources:
> 
>   *   An overview article for 
> the original release.
>   *   We presented mod_wasm at ApacheCon this year and here are the 
> slides
>  and the source code: https://github.com/vmware-labs/mod_wasm.
>   *   CNCF Talk on mod_wasm showcasing how to run WordPress: 
> https://www.youtube.com/watch?v=jXe8kulUscQ
> 
> 
> 
> In terms of mod_wasm architecture, the module is split into two parts:
> 
>   *   mod_wasm.so is the extension module for Apache and it’s written in C.
>   *   An external dependency: libwasm_runtime.so, which is written in Rust 
> and needs to be installed into the system.
> 
> 
> 
> We modelled this after mod_tls, a module that is part of httpd and also has a 
> Rust dependency.
> 
> You can take a look at the architecture diagram and instructions on how to 
> build the module here: 
> https://github.com/vmware-labs/mod_wasm#%EF%B8%8F-building-mod_wasm
> 
> 
> 
> In terms of the actual contribution, please find a patch attached. We tried 
> to follow all existing conventions in terms of autoconf/automake, providing 
> module documentation, etc. Please let us know anything that you see missing 
> or could be improved. In particular, we do not know yet if it is better to 
> keep the Rust code separate, as an external dependency (like mod_tls does) or 
> in the Apache source code repository.
> 
> 
> 
> In summary, we believe mod_wasm is a worthy addition to httpd and it will 
> allow us to catch up to some of the other web servers already supporting 
> Wasm, like NGINX. We were encouraged by Rich Bowen, Jim Jagielski and 
> Jean-Frederic Clere to submit it for contribution upstream and we are looking 
> forward to your feedback.
> 
> 
> 
> Cheers!
> 
> Jesús
> 
> 
> 
> 
>

RE: mod_wasm: A way for creating Apache HTTPD modules securely and in many languages

2023-05-30 Thread José Carlos Chávez 
This is amazing. Being able to extend httpd through wasm opens up a lot of new 
use cases to be covered, simplification of setups by no need to combine 
different extensions to achieve something and relieve pressure on modifying 
legacy apps when it comes to security.

Keep the great work!

On 2023/05/26 13:05:16 Asen Alexandrov wrote:
> Hello everyone,
> 
> A quick update on this. Here's a picture that says this in a simpler way - 
> https://github.com/vmware-labs/mod_wasm/blob/9e85da9ba045fec36ad40f987c40b010aaa62793/examples/rust-src/edit_headers/docs/Apr_mod_wasm-overview.drawio.png
> 
> Also, we now have a multi-platform demo container which runs equally fast on 
> arm64 and amd64 (and has a more-intuitive color-coded output). Just run this 
> command to try it out.
> ```
> docker run --rm -d -p 8080:8080 --name mod-wasm-apr-demo 
> ghcr.io/vmware-labs/httpd-mod-wasm-experimental:latest && docker exec -ti 
> mod-wasm-apr-demo /usr/local/apache2/headers-filter/run_me.sh && docker rm -f 
> mod-wasm-apr-demo
> ```
> 
> Best regards,
> Asen
> 
> From: Asen Alexandrov 
> Sent: Wednesday, May 24, 2023 3:43 PM
> To: dev@httpd.apache.org
> Subject: mod_wasm: A way for creating Apache HTTPD modules securely and in 
> many languages
> 
> 
> Hello everyone,
> 
> 
> 
> We have been working on a new version of mod_wasm (introduced here - 
> https://lists.apache.org/thread/mo3onsk8odcw808dsr44l6kzo8lrkn57) that allows 
> you not only to run existing applications compiled to WebAssembly (ie 
> WordPress), but to extend the functionality of Apache itself with 
> WebAssembly. Basically, the ability to create modules securely and using any 
> programming language.
> 
> 
> 
> For context, back in January Joe Schaefer suggested that it would be cool if 
> we could expose the APR interface to Wasm modules 
> (https://lists.apache.org/thread/q3td45pf5mhpfv4t86w1k4qrbf2fyg8w).
> 
> 
> 
> This would bring two benefits:
> 
> - Wasm is sandboxed, so failures in any "APR based Apache module" running via 
> mod_wasm can be contained and difficult to exploit or destabilize the server.
> 
> - Many languages can compile to Wasm so the range of options to implement 
> some logic is highly increased - people can now reuse knowledge or 
> pre-existing code as opposed to needing to know C to write an Apache module.
> 
> 
> 
> This is similar in spirit to what mod_lua offers with .lua scripts but 
> extended to any language that would build for Wasm.
> 
> 
> 
> We have a working proof of concept of this approach (where we exposed 
> apr_table_get, apr_table_set and apr_table_unset for the headers in 
> request->headers_in) to the Wasm module. This is on-par with the 
> RequestHeader add/set/unset directive for mod_headers. The significant 
> difference, however, is that we can easily add programming logic around the 
> header modification.
> 
> 
> 
> You can see this in action by running
> 
> ```
> 
> docker run --rm -d -p 8080:8080 --name mod-wasm-apr-demo --platform 
> linux/amd64 ghcr.io/assambar/httpd-mod-wasm-experimental:latest && docker 
> exec -ti mod-wasm-apr-demo /usr/local/apache2/headers-filter/run_me.sh && 
> docker rm -f mod-wasm-apr-demo
> 
> ```
> 
> If you cannot run the above example, you can look at the self-descriptive 
> output (result from a test run available at 
> https://gist.github.com/ereslibre/fdf25c2a0c322483ecd074a3676e8571) and you 
> will see examples of how to use mod_wasm for:
> 
> 
> 
> - Modifying a 'target' header based on the value of an 'operation' header 
> with mod_headers
> 
> - The same, but with mod_wasm and edit_headers.wasm
> 
> - Evaluating a header's value with mod_wasm and edit_headers.wasm. Cannot do 
> with mod_headers
> 
> - Hashing a header's value with mod_wasm and edit_headers.wasm. Cannot do 
> with mod_headers
> 
> - Demo of division-by-zero and invalid-file-access in edit_headers.wasm, 
> which do not affect Apache's stability.
> 
> 
> 
> This new functionality is a proof of concept based of a subset of the Apache 
> API, and the code may need tweaking, but we wanted to share with you early on 
> to get your feedback.
> 
> 
> 
> The code for this can be found at mod_wasm's repo in this branch -  
> https://github.com/vmware-labs/mod_wasm/tree/assambar/apache2-apr. To get a 
> look at the specific code changes you can visit 
> https://github.com/vmware-labs/mod_wasm/compare/main...assambar/apache2-apr
> 
> 
> 
> This is also a steppingstone towards implementing proxy-wasm support in 
> Apache httpd, which would bring it on parity with Apisix / nginx 
> (https://api7.ai/blog/how-apisix-supports-wasm).
> 
> A talk from my coworkers Angel and Rafael on extending Istio with proxy-wasm 
> and other programming languages can be found here - 
> https://www.youtube.com/watch?v=_y3f18gf4FA
> 
> 
> 
> Looking forward to your feedback.
> 
> 
> 
> Asen
> 
>