subject:"Re\: https server side"

Re: https server side

2015-05-27 Thread Rick Hanson

> Thank you all for your contributions!

I quite agree.  I really learned a lot from everyone's responses.  Thanks!
-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: https server side

2015-05-27 Thread Luis P. Mendes

Thank you all for your contributions!


Luis

2015-05-27 9:03 GMT+01:00 Henrik Sarvell :
> I do WSS via httpGate with a CA signed certificate, see this article under
> the WSS section: http://picolisp.com/wiki/?Websockets
>
> On Wed, May 27, 2015 at 8:13 AM, Alexander Burger 
> wrote:
>>
>> On Wed, May 27, 2015 at 07:25:59AM +0200, Alexander Burger wrote:
>> > The file  holds a configuration for the servers to be started.
>> > This is the part which still needs to be documented.
>>
>> Hmm, actually this is rather simple.
>>
>>
>> Create a file with one server per line. For example, here some lines
>> from my config file for the wiki and some demo apps:
>>
>>app 8080 app  /home/app  log/app./pil app/main.l lib/app.l
>> -main app/_patch.l -go -wait
>>wiki5000 app  /home/app  log/wiki   ./pil wiki/main.l lib/app.l
>> -main wiki/_patch.l -go -wait
>>sushi  22000 app  /home/app  log/sushi  ./pil sushi/main.l lib/app.l
>> -main -go -wait
>>menu   24000 app  /home/app  log/menu   ./pil menu/main.l lib/app.l
>> -main -go -wait
>>canvas 27002 app  /home/app  log/canvas ./pil misc/canvas.l lib/app.l
>> -main app/_patch.l -go -wait
>>phone  27003 app  /home/app  log/phone  ./pil misc/phone.l lib/app.l
>> -main app/_patch.l -go -wait
>>osm27004 app  /home/app  log/osm./pil osm/main.l lib/app.l
>> -main app/_patch.l -go -wait
>>
>> i.e. the arguments, separated by spaces, are:
>>
>>1. The name of the application
>>2. The port where this server should listen at
>>3. The user name
>>4. The working directory of the server process
>>5. The log file where stdout and stderr should be redirected to
>>6. The command line to start the server process
>>
>> (For optimal access if you have really many servers, you should
>> 'balance' the contents of the config file. That's left as a task to the
>> reader)
>>
>>
>> When a client requests e.g.
>>
>>https://7fach.de/canvas
>>
>> this server will be started. That is, the name 'canvas' is looked up,
>> and 'httpGate' checks if a process is listening at 27002. If not, it
>> starts that process.
>>
>> The 'go' function of the server (see the example in "app/main.l") may
>> call
>>
>>(retire 20)
>>
>> This will cause this server to stop if there are no child processes and
>> no activities for 20 minutes.
>>
>> 'httpGate' sends the NAME of the application under which it was invoked,
>> and the PORT it should listen at, in environment variables. Thus, the
>> 'server' call is
>>
>>(server (or (format (sys "PORT")) 8080) "!work") )
>>
>> It uses the PORT passed in, or defaults to 8080.
>>
>>
>> In that way you may have thousands of client application running on a
>> single machine, each one only started and stopped as necessary.
>>
>> ♪♫ Alex
>> --
>> UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe
>
>
--
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: https server side

2015-05-27 Thread Henrik Sarvell

I do WSS via httpGate with a CA signed certificate, see this article under
the WSS section: http://picolisp.com/wiki/?Websockets

On Wed, May 27, 2015 at 8:13 AM, Alexander Burger 
wrote:

> On Wed, May 27, 2015 at 07:25:59AM +0200, Alexander Burger wrote:
> > The file  holds a configuration for the servers to be started.
> > This is the part which still needs to be documented.
>
> Hmm, actually this is rather simple.
>
>
> Create a file with one server per line. For example, here some lines
> from my config file for the wiki and some demo apps:
>
>app 8080 app  /home/app  log/app./pil app/main.l lib/app.l
> -main app/_patch.l -go -wait
>wiki5000 app  /home/app  log/wiki   ./pil wiki/main.l lib/app.l
> -main wiki/_patch.l -go -wait
>sushi  22000 app  /home/app  log/sushi  ./pil sushi/main.l lib/app.l
> -main -go -wait
>menu   24000 app  /home/app  log/menu   ./pil menu/main.l lib/app.l
> -main -go -wait
>canvas 27002 app  /home/app  log/canvas ./pil misc/canvas.l lib/app.l
> -main app/_patch.l -go -wait
>phone  27003 app  /home/app  log/phone  ./pil misc/phone.l lib/app.l
> -main app/_patch.l -go -wait
>osm27004 app  /home/app  log/osm./pil osm/main.l lib/app.l
> -main app/_patch.l -go -wait
>
> i.e. the arguments, separated by spaces, are:
>
>1. The name of the application
>2. The port where this server should listen at
>3. The user name
>4. The working directory of the server process
>5. The log file where stdout and stderr should be redirected to
>6. The command line to start the server process
>
> (For optimal access if you have really many servers, you should
> 'balance' the contents of the config file. That's left as a task to the
> reader)
>
>
> When a client requests e.g.
>
>https://7fach.de/canvas
>
> this server will be started. That is, the name 'canvas' is looked up,
> and 'httpGate' checks if a process is listening at 27002. If not, it
> starts that process.
>
> The 'go' function of the server (see the example in "app/main.l") may
> call
>
>(retire 20)
>
> This will cause this server to stop if there are no child processes and
> no activities for 20 minutes.
>
> 'httpGate' sends the NAME of the application under which it was invoked,
> and the PORT it should listen at, in environment variables. Thus, the
> 'server' call is
>
>(server (or (format (sys "PORT")) 8080) "!work") )
>
> It uses the PORT passed in, or defaults to 8080.
>
>
> In that way you may have thousands of client application running on a
> single machine, each one only started and stopped as necessary.
>
> ♪♫ Alex
> --
> UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe
>

Re: https server side

2015-05-26 Thread Alexander Burger

On Wed, May 27, 2015 at 07:25:59AM +0200, Alexander Burger wrote:
> The file  holds a configuration for the servers to be started.
> This is the part which still needs to be documented.

Hmm, actually this is rather simple.

Create a file with one server per line. For example, here some lines
from my config file for the wiki and some demo apps:

   app 8080 app  /home/app  log/app./pil app/main.l lib/app.l -main 
app/_patch.l -go -wait
   wiki5000 app  /home/app  log/wiki   ./pil wiki/main.l lib/app.l -main 
wiki/_patch.l -go -wait
   sushi  22000 app  /home/app  log/sushi  ./pil sushi/main.l lib/app.l -main 
-go -wait
   menu   24000 app  /home/app  log/menu   ./pil menu/main.l lib/app.l -main 
-go -wait
   canvas 27002 app  /home/app  log/canvas ./pil misc/canvas.l lib/app.l -main 
app/_patch.l -go -wait
   phone  27003 app  /home/app  log/phone  ./pil misc/phone.l lib/app.l -main 
app/_patch.l -go -wait
   osm27004 app  /home/app  log/osm./pil osm/main.l lib/app.l -main 
app/_patch.l -go -wait

i.e. the arguments, separated by spaces, are:

   1. The name of the application
   2. The port where this server should listen at
   3. The user name
   4. The working directory of the server process
   5. The log file where stdout and stderr should be redirected to
   6. The command line to start the server process

(For optimal access if you have really many servers, you should
'balance' the contents of the config file. That's left as a task to the
reader)

When a client requests e.g.

   https://7fach.de/canvas

this server will be started. That is, the name 'canvas' is looked up,
and 'httpGate' checks if a process is listening at 27002. If not, it
starts that process.

The 'go' function of the server (see the example in "app/main.l") may
call

   (retire 20)

This will cause this server to stop if there are no child processes and
no activities for 20 minutes.

'httpGate' sends the NAME of the application under which it was invoked,
and the PORT it should listen at, in environment variables. Thus, the
'server' call is

   (server (or (format (sys "PORT")) 8080) "!work") )

It uses the PORT passed in, or defaults to 8080.

In that way you may have thousands of client application running on a
single machine, each one only started and stopped as necessary.

♪♫ Alex
-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: https server side

2015-05-26 Thread Alexander Burger

On Wed, May 27, 2015 at 04:45:27AM +, Alexander Williams wrote:
> My approach uses stunnel4, which is available on most *NIX systems.
> 
> It launches an HTTPS listener on port 8443, and forwards to the regular
> PicoLisp HTTP server on port 8080.

The problem with tools like stunnel or nginx is that they are not aware
of the PicoLisp server.

'httpGate' transmits certain information to PicoLisp (via custom
"X-Pil:" headers in the HTTP transaction), so that it knows about the
nature of the connection, and can respond properly.

♪♫ Alex
-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: https server side

2015-05-26 Thread Alexander Burger

Hi Luis,

> that seems to imply that https/SSL has been implemented.
> So my question, can a https server application be build in Picolisp
> with a certificate signed by some CA?

Yes. PicoLisp application servers may use the 'httpGate' proxy that
comes with the distribution.

For example, the demo app in https://app.7fach.de uses a certificate for
7fach.de

In fact, also the PicoLisp Wiki runs on the same machine, and could be
called as https://picolisp.com, though this gives a warning because the
cert is issued only for 7fach.de.


httpGate has also other advantages, as presenting a single port
(typically 80 or 443) to the client, resulting in better XMLHttpRequest
behavior due to the same-origin policy. Also, it automatically starts
server processes whenever needed.


> If so, what part of the documentation am I missing?

Unfortunately, this is not fully documented yet :(

The basic call is (as root):

   /bin/httpGate 80 8080
   /bin/httpGate 443 8080 

This starts two proxies, one listening on 80 (http) and one on 443
(https). Both will connect to a PicoLisp server listening on 8080.


For automatically starting PicoLisp servers, you can call it instead as.

   /bin/httpGate 443  

The file  holds a configuration for the servers to be started.
This is the part which still needs to be documented.

♪♫ Alex
-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: https server side

2015-05-26 Thread Tomas Hlavaty

Hi Luis,

PicoLisp comes with httpGate, which is a http and https proxy using
openssl library.  It is usually run on port 80 and proxies connections
to PicoLisp processes.  I don't remember the exact command line
arguments.

I don't use httpGate, but use nginx instead, see
http://logand.com/blog/picolisp-behind-nginx-proxy.html

Cheers,

Tomas

"Luis P. Mendes"  writes:

> Hi,
>
>
> I couldn't find anything about the support of https in server side in
> 'Picolisp by Example' and in 'Picolisp Works' books.
> But, there's a thread
> http://t8373.lisp-picolisp-general.lispforum.info/picolisp-ssl-problem-t8373-20.html
> that seems to imply that https/SSL has been implemented.
> So my question, can a https server application be build in Picolisp
> with a certificate signed by some CA?
> If so, what part of the documentation am I missing?
>
> Luis
-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: https server side

2015-05-26 Thread Alexander Williams

Hi Luis,

My approach uses stunnel4, which is available on most *NIX systems.

It launches an HTTPS listener on port 8443, and forwards to the regular
PicoLisp HTTP server on port 8080.

# https.l
---
(de https-start ()
  (call '/usr/bin/stunnel4 "stunnel.conf") )

(de https-stop ()
  (call 'killall "stunnel4") )
---

# stunnel.conf
---
debug = 4
output = /home/alex/stunnel.log
pid = /home/alex/stunnel.pid
cert = /home/alex/https-server.pem
CApath = /etc/ssl/certs
sslVersion = all
options = NO_SSLv2
options = NO_SSLv3

[https]
accept  = 8443
connect = 8080
---


AW
*https://aw.github.io/picolisp *


On Tue, May 26, 2015 at 11:25 PM, Luis P. Mendes  wrote:

> Hi,
>
>
> I couldn't find anything about the support of https in server side in
> 'Picolisp by Example' and in 'Picolisp Works' books.
> But, there's a thread
>
> http://t8373.lisp-picolisp-general.lispforum.info/picolisp-ssl-problem-t8373-20.html
> that seems to imply that https/SSL has been implemented.
> So my question, can a https server application be build in Picolisp
> with a certificate signed by some CA?
> If so, what part of the documentation am I missing?
>
> Luis
> --
> UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe
>

Re: https server side

Re: https server side

Re: https server side

Re: https server side

Re: https server side

Re: https server side

Re: https server side

Re: https server side

8 matches

Site Navigation

Mail list logo

Footer information