SSL with HTTPD Library?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL with HTTPD Library?

Geoff Canyon via use-livecode
Hi All,

I’m looking to use the HTTPD library with an SSL Cert if possible.

Is it possible?

TIA,

Steve MacLean

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL with HTTPD Library?

Geoff Canyon via use-livecode
Stephen MacLean wrote:

 > I’m looking to use the HTTPD library with an SSL Cert if possible.
 >
 > Is it possible?

AFAIK all of the HTTPd libs for LC/MC do not handle HTTPS.  It should be
possible to fork one of them to add that, but the effort would be
non-trivial.

What is the usage scenario you're aiming for?  Perhaps could be solved
through some other means.

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL with HTTPD Library?

Geoff Canyon via use-livecode
As it’s not documented I’m not 100% sure it works or anyone has tried it but it seems at some point `accept secure connections` was implemented.

The syntax declaration for `accept` should be:

accept [{ secure | datagram }] connections on port <port> with message <message> [{ with | without } verification]

I can see for sure there is a bug meaning you can’t turn on verification using `with verification`.

Really I think the command would need further enhancement to add the optional:

with certificate <file path> and private key <file path>

That would presume the rest of the certificate chain is in the sslCertificates I think.

See reports:
https://quality.livecode.com/show_bug.cgi?id=13410 <https://quality.livecode.com/show_bug.cgi?id=13410>
https://quality.livecode.com/show_bug.cgi?id=16871 <https://quality.livecode.com/show_bug.cgi?id=16871>
https://quality.livecode.com/show_bug.cgi?id=13681

Cheers

Monte

> On 2 Nov 2018, at 8:38 am, Richard Gaskin via use-livecode <[hidden email]> wrote:
>
> Stephen MacLean wrote:
>
> > I’m looking to use the HTTPD library with an SSL Cert if possible.
> >
> > Is it possible?
>
> AFAIK all of the HTTPd libs for LC/MC do not handle HTTPS.  It should be possible to fork one of them to add that, but the effort would be non-trivial.
>
> What is the usage scenario you're aiming for?  Perhaps could be solved through some other means.
>
> --
> Richard Gaskin
> Fourth World Systems
> Software Design and Development for the Desktop, Mobile, and the Web
> ____________________________________________________________________
> [hidden email]                http://www.FourthWorld.com
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL with HTTPD Library?

Geoff Canyon via use-livecode
In reply to this post by Geoff Canyon via use-livecode

> On Nov 1, 2018, at 5:38 PM, Richard Gaskin via use-livecode <[hidden email]> wrote:
>
> Stephen MacLean wrote:
>
> > I’m looking to use the HTTPD library with an SSL Cert if possible.
> >
> > Is it possible?
>
> AFAIK all of the HTTPd libs for LC/MC do not handle HTTPS.  It should be possible to fork one of them to add that, but the effort would be non-trivial.
>
> What is the usage scenario you're aiming for?  Perhaps could be solved through some other means.
>
> --
> Richard Gaskin
> Fourth World Systems
> Software Design and Development for the Desktop, Mobile, and the Web
> ____________________________________________________________________
> [hidden email]                http://www.FourthWorld.com


Hi Richard,

Thanks for the reply. Specifically I was referring to the HTTPD Library included with LC 9. And yes, it doesn’t look like it supports SSL, as Monte points out in a later email (I’m the submitter on 16871). It’s a shame, since it’s really light, FAST, and straight forward to implement.

My use case is a self-service ad sales and serving system. It would be strictly for handling JS calls and pointing to the ad image that’s served from a real web server, while recording the impression and click through. I need, as would others, this to be handled via SSL to keep browser security from yelling.

I realize that there are a number of other technologies I could use, but have been enjoying building so much in LC, was hoping to keep it all in the family. Yes, I could set up an LC server instance, i do have a business license, but am disappointed that it doesn’t work with IIS / I need to run Apache under Windows, or use it on Linux. Will I do run several linux (Unbuntu) instances, I’d prefer not to add another VM.

I would hope that these kinds of server uses are looked at really hard by LC. Direct server tech such as this is such natural fit for LC. LC server, can do it, but also suffers, from what I’ve read in my research, a speed penalty from CGI implementation vs direct sockets, etc.

Thanks again for the reply, appreciate all you do for the LC community. If you have any suggestions, I would appreciate hearing them.

Best,

Steve MacLean




_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL with HTTPD Library?

Geoff Canyon via use-livecode
In reply to this post by Geoff Canyon via use-livecode
Hi Monte,

Not sure on this, or if it was implemented… I was the submitter on 16871.

I agree with your enhancement to the command, pretty similar to other implementations I’ve seen.

Best,

Steve MacLean

> On Nov 1, 2018, at 8:02 PM, Monte Goulding via use-livecode <[hidden email]> wrote:
>
> As it’s not documented I’m not 100% sure it works or anyone has tried it but it seems at some point `accept secure connections` was implemented.
>
> The syntax declaration for `accept` should be:
>
> accept [{ secure | datagram }] connections on port <port> with message <message> [{ with | without } verification]
>
> I can see for sure there is a bug meaning you can’t turn on verification using `with verification`.
>
> Really I think the command would need further enhancement to add the optional:
>
> with certificate <file path> and private key <file path>
>
> That would presume the rest of the certificate chain is in the sslCertificates I think.
>
> See reports:
> https://quality.livecode.com/show_bug.cgi?id=13410 <https://quality.livecode.com/show_bug.cgi?id=13410>
> https://quality.livecode.com/show_bug.cgi?id=16871 <https://quality.livecode.com/show_bug.cgi?id=16871>
> https://quality.livecode.com/show_bug.cgi?id=13681
>
> Cheers
>
> Monte
>
>> On 2 Nov 2018, at 8:38 am, Richard Gaskin via use-livecode <[hidden email]> wrote:
>>
>> Stephen MacLean wrote:
>>
>>> I’m looking to use the HTTPD library with an SSL Cert if possible.
>>>
>>> Is it possible?
>>
>> AFAIK all of the HTTPd libs for LC/MC do not handle HTTPS.  It should be possible to fork one of them to add that, but the effort would be non-trivial.
>>
>> What is the usage scenario you're aiming for?  Perhaps could be solved through some other means.
>>
>> --
>> Richard Gaskin
>> Fourth World Systems
>> Software Design and Development for the Desktop, Mobile, and the Web
>> ____________________________________________________________________
>> [hidden email]                http://www.FourthWorld.com
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode



_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL with HTTPD Library?

Geoff Canyon via use-livecode
In reply to this post by Geoff Canyon via use-livecode
On 11/1/18 5:02 PM, Stephen MacLean via use-livecode wrote:
> LC server, can do it, but also suffers, from what I’ve read in my research, a speed penalty from CGI implementation vs direct sockets, etc.

Well that "speed penality" is theoretical. Our web site

https://www.himalayanacademy.com

uses Livacode server, and for all "gorilla dust" about LC's one thread,
open multiple CGIs, and how it is "old fashioned"

I don't ever see a speed penalty. Of course RevIgniter is beautifully
executed, thanks to Ralf Bitter.

Brahmanathaswami
Get the SivaSiva app, it's free:
https://www.himalayanacademy.com/apps/sivasiva

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL with HTTPD Library?

Geoff Canyon via use-livecode
In reply to this post by Geoff Canyon via use-livecode
Stephen,

If this is to be accessed from a server as in, you have a server running
some LC code that will reply to whatever needs to make that request the you
can use a "reverse proxy" in front of the LC server process such as caddy
or even just point a cloudflare instance to it and point your domain to
cloudflare.

I dont know what the use case is here but be aware that LC behind caddy,
apache or nginx will run circles around a LC desktop app serving stuff
using any of the available HTTPd libraries (including my own).

Om om
Andre

On Tue, Oct 30, 2018, 16:04 Stephen MacLean via use-livecode <
[hidden email] wrote:

> Hi All,
>
> I’m looking to use the HTTPD library with an SSL Cert if possible.
>
> Is it possible?
>
> TIA,
>
> Steve MacLean
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL with HTTPD Library?

Geoff Canyon via use-livecode
In reply to this post by Geoff Canyon via use-livecode
Aloha Swami and all,

That "speed penality" is not theoretical at all. It is very real and the
reason why most of the cutting-edge web ecosystem moved away from CGI.
The main technical appeal of NodeJS, WSGI, OpenResty, and others is that
they are FAST, non-blocking and don't require new process spawning for
each connection.

The one reason we don't notice this problem in our work and in most of
the work our community does is that we're not working in the scale where
it becomes a problem. We don't have enough users to make process
spawning an issue. But, that is a problem at scale, a very real problem
and it is very easy to quantify once you measure the amount of requests
per seconds you're able to handle, there is a point where you can't
handle as much requests as you need to make your web service responsive
and thats when such issues become very real.

There are mitigations with the modern web patterns such as PWAs which
will cache most of the front-end stuff onto the client thus making the
server load much lighter if you have recurring users.

Yes, RevIgniter is wonderful and LC Server is quite nice tool too, I
really like them both and they have a use case which is very clear, but
don't believe that just because it works for our scale, that the
problems of larger players are theoretical. Also, people paying for
servers based on CPU usage can benefit a lot from other approaches as
smaller servers can handle larger loads.

Cheers

andre

On 11/7/2018 11:18 PM, Sannyasin Brahmanathaswami via use-livecode wrote:

> On 11/1/18 5:02 PM, Stephen MacLean via use-livecode wrote:
>> LC server, can do it, but also suffers, from what I’ve read in my research, a speed penalty from CGI implementation vs direct sockets, etc.
> Well that "speed penality" is theoretical. Our web site
>
> https://www.himalayanacademy.com
>
> uses Livacode server, and for all "gorilla dust" about LC's one thread,
> open multiple CGIs, and how it is "old fashioned"
>
> I don't ever see a speed penalty. Of course RevIgniter is beautifully
> executed, thanks to Ralf Bitter.
>
> Brahmanathaswami
> Get the SivaSiva app, it's free:
> https://www.himalayanacademy.com/apps/sivasiva
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL with HTTPD Library?

Geoff Canyon via use-livecode
In reply to this post by Geoff Canyon via use-livecode
Sannyasin Brahmanathaswami wrote:

 > On 11/1/18 5:02 PM, Stephen MacLean via use-livecode wrote:
 >> LC server, can do it, but also suffers, from what I’ve read in my
 >> research, a speed penalty from CGI implementation vs direct sockets,
 >> etc.
 >
 > Well that "speed penality" is theoretical. Our web site
 >
 > https://www.himalayanacademy.com
 >
 > uses Livacode server, and for all "gorilla dust" about LC's one
 > thread, open multiple CGIs, and how it is "old fashioned"

In addition to Andre's comments earlier this morning, there is another,
perhaps more fundamental, difference between your setup and lcHTTPd:

You're still using Apache for most of the heavy lifting.


Consider the two setups, each with requests for different media types:

LC Server with .lc files:
Internet -> Apache -> LC Server

LC Server with images/CSS/everything that isn't .lc:
Internet -> Apache

lcHTTPd with LC scripts:
Internet -> LC

lcHTTPd with images/CSS/everything that isn't LC:
Internet -> LC


With LC Server, Apache handles all socket I/O and most file I/O. Indeed,
it's handling ALL file I/O for most media types, except the relatively
small subset of requests for .lc files where it still handles the
reading of the requested .lc script but from there any further file I/O
is of course up to your script.

With lcHTTPd, it must handle everything: all socket and file I/O, in
addition to whatever your script needs to do.


In short:

LC Server is a CGI that works in conjunction with dedicated HTTPd
software like Apache.

lcHTTPd does what LC Server does AND ALSO attempts to replace the role
of Apache for managing I/O and serving static files.


LC is a great language, and as Node.js and NGinX show us, being
single-threaded need not necessarily be a drawback.

But Apache, Node.js, and NGinX are written in languages compiled to
machine code, and by large teams focused on honing the engine for the
one specific set of tasks an HTTP broker needs to accomplish.

A scripted solution in a more general purpose tool like LC is unlikely
to compete favorably.

There is a role for custom HTTP handling, but with so many great tools
available that are specialized for that task the use cases where
choosing LC for that may be optimal are few.

The HTTPd lib included with LC is designed for one good use case: local
testing.

But for remote servers that need to handle public loads, better to do
what you're doing:  use Apache (or other dedicated HTTP broker) to
handle the I/O, and use LC for the dynamic application-specific stuff
where LC really shines.

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode