Al, Yes, stunnel needs both a client and a server. The general public should not need to use a stunnel connection to access your web2py application though - they should just be using good old http://your_server.com. My suggestion was that *you* could use stunnel when you need to get remote access to the web2py admin screens.
Port redirection/forwarding of http://server_ip:8443 to http://server_ip:8000 (or 80 whatever port web2py is actually listening on) from the outside probably wouldn't accomplish the goal of being able to access web2py's admin without SSL - web2py will only allow non-SSL admin if the connection comes from localhost and even with port redirection you would not be connection from localhost. So you can't access http://server_ip/myfirstapp over stunnel without getting the prompt for the admin password? That doesn't make sense. Web2py should be behaving exactly the same whether or not you're using stunnel. What do you get when you do put in the admin password? Do you get your app or do you get the admin screen? Sorry, can't help with the Mac thing - don't have a Mac. ~Brian On Feb 18, 11:09 am, Al <[email protected]> wrote: > Brian, > > Thank you for your detailed instructions. I managed to get stunnel > working, though it is a lot more complicated than I thought > originally. On the windows server, the stunnel.conf file is setup as > server mode and redirect port 8443 to 8000. On the client side, I also > have to set up another stunnel as client mode and redirect > 127.0.0.1:80 to 192.168.1.11 - server's IP address. As this server > will be facing public, I cannot expect people to set up stunnel in > their machine in order to access my website. I was expecting a tool > which runs on the server side to do port redirection, and then when I > type inhttp://server_ip:8443from another machine, it will route me > to my target app. (note: I did NOT set up any SSL certificate to get > stunnel working) > > Also with stunnel, I still cannot access the target app without > entering the admin password, I cannot find any response.menu_auth to > remove. > > I also have another mac which I tried to set up stunnel, but when I > run sudo stunnel3 I got the following error: > anyone familiar with mac can give some tips on how to solve this: > > inetd mode must define a remote host or an executable > > Cheers > Al > On Feb 12, 8:09 am, Brian M <[email protected]> wrote: > > > > > Al, > > > You'd want to get rid of the "edit" " menu when you "Go Live" that's > > just there as a convenience while you're creating things. Just use > > this (or remove response.menu_edit from menu.py which does it once & > > for all): > > response.menu_edit = None > > If you don't want auth menu either do > > response.menu_auth = None > > > If you want to use the built-in server and be able to access on both > > port 80 and port 443 (SSL) without running two web2py server instances > > you could perhaps use a tunnel program likestunnel(www.stunnel.org). > > Set it up to listen on port 443 (or really any port) and re-direct to > > localhost:80. This way you should be able to get at admin and tickets > > - as far as web2py is concerned you're accessing from the local > > machine so tickets should work, but because it's tunneled it's also > > secured as it goes to your remote computer. > > > To get the general user to automatically go tohttp://myserver/myfirstapp > > when they type inhttp://myserver/youcan either work with routes or > > just take the lazy route and replace the welcome app's default/index > > with a redirect to whatever the home page of myfirstapp is. Of course > > this will break the welcome app, but do you really want/need it when > > deployed anyway? > > > #in the Welcome application's default.py controller > > def index(): > > redirect(URL(a='myfirstapp', c='default', f='index')) > > > Setting up web2py as a Windows Service is easy > > enough:http://www.web2py.com/AlterEgo/default/show/77 > > > ~Brian > > > On Feb 11, 9:54 am, Al <[email protected]> wrote: > > > > Thank you for your input. I am using Windows server so I cannot use > > > the ubuntu scripts you mentioned. How about my second part of the > > > question? I understand why web2py is designed in such a "secure" > > > fashion. I am just trying to find a way around it so that I can deploy > > > my first app. I theory I should be able to type from any > > > machinehttp://myserver/myfirstapp, but it gives me an internal error - > > > Ticket > > > issues. When I click the ticket link, it gives "Admin is disabled > > > because insecure channel". I have two instances of web2py running. I > > > can runhttp://myserver/exampleorhttps://myserver/myfirstappwithout > > > any issues. What's so special about the built-in examples app? Do I > > > have to cut out some code from my app to get rid of all the admin menu > > > and authentication for a general users? > > > > On Feb 10, 11:38 pm, mdipierro <[email protected]> wrote: > > > > > It depends. For development if you use the built in web server you > > > > need to start it twice for http and https. This is in general a > > > > security measure. You do not want the same process to listen to two > > > > sockets else if something happens (like a memory leak) you may get > > > > locked out. > > > > > In deployment you should be using apache+mod_wsgi > > > > > just download and run > > > > this:http://web2py.googlecode.com/hg/scripts/setup-web2py-ubuntu.sh > > > > > It will setup everything for you behind a single apache server. > > > > I think this easier than rails actually. > > > > > Massimo > > > > > On Feb 10, 9:27 am, Al <[email protected]> wrote: > > > > > > Hi, > > > > > > Now that I get my secure channel (using self-signed certificate) > > > > > working, I can remotely login from another computer to access the > > > > > admin interface thru https. Todeploythis app for general users for > > > > > http access, do I have to run another instance of web2py on another > > > > > port - say port 80? Also how do I make these 2 instances to run as a > > > > > service in windows 2003 server? Also do I have to change the code so > > > > > that the general user just get directly to that single app? This whole > > > > > thing seems a lot more complicated than ruby on rails. I would > > > > > appreciate if people can explain this in more detail to me or point me > > > > > to the right documentations. Thanks. > > > > > > Cheers > > > > > Al -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
