Rest HTTP Server, BiDirSocket and SSL

sakura · 2021-09-06 10:48:36

Hi,

before wanting to add web sockets, I would initialize the http rest server as follows:

  TRestHttpServer.Create('80', RestServer, 'localhost', useHttpApiRegisteringURI, nil, 32, secNone);
  TRestHttpServer.Create('443', RestServer, 'localhost', useHttpApiRegisteringURI, nil, 32, secSSL);

It worked just fine, resolving the http headers with and without SSL.

Changing it to

  TRestHttpServer.Create('80', RestServer, 'localhost', useBidirSocket, nil, 32, secNone);
  TRestHttpServer.Create('443', RestServer, 'localhost', useBidirSocket, nil, 32, secSSL);

it continues to work without SSL just fine, but using SSL it will not work anymore.

The error message (later on reads):
Project MYP.exe raised exception class $C0000005 with message 'access violation at 0x006786e1: read of address 0x00000000'.

The source of the problem seems to be in THttpServer.Process - reading values from http gives back either empty strings (for URL, InContent) or garbage for others (Method, InHeaders)

Cannot really look further, as, it this point, I am kindo out of my depth.

@ab: if you like remote access, let me know ;-)

Env: Running Delphi 10.4 on Windows 10.

Regards,
Daniel

ab · 2021-09-06 10:56:31

TLS is not supported directly by our servers.

The idea is to put a reverse-proxy - typically nginx - in front of it.
It is the best for stability and safety for a production environment, and also to use a free certificate like Let's Encrypt.

sakura · 2021-09-06 11:28:53

But it worked in mORMot1 with no problems. SSL certs I have and installed according to the mormot1 docs.

Last edited by sakura (2021-09-06 11:29:03)

ab · 2021-09-06 11:43:44

With useBidirSocket ?

I doubt it very much.

sakura · 2021-09-06 11:45:36

I'll check it, thx. Might just be the right direction. However, just being naughty, as the TRestHttpServer class offers it, why not implement it? :-D

ab · 2021-09-06 15:56:25

It offers it for the http.sys server, not for the socket server.

On Windows, it makes sense to use http.sys to publish TLS, but on Linux, it is much better to have a nginx front end, and connect locally over unix sockets.
At least for public services.

If you want to communicate securely between mORMot servers, do not use TLS but our WebSockets encryption layer over binary websockets.

sakura · 2021-09-06 16:12:00

ab wrote:

On Windows, it makes sense to use http.sys to publish TLS

So it should work, but doesn't - I only do Windows, never have a Linux system around me. ;-)

Remember, as written above, I had not yet used WebSockets on the project, just wanted to prepare for it, step by step.

ab wrote:

If you want to communicate securely between mORMot servers, do not use TLS but our WebSockets encryption layer over binary websockets.

I need WebSockets for Server-Browser-Communication. Not between mORMot-Servers - not yet anyway.

Regards,
Daniel

Last edited by sakura (2021-09-06 16:12:16)

ab · 2021-09-06 17:13:37

useBidirSocket never worked with TLS, even on Windows.

sakura · 2021-09-06 19:52:01

Okay, too bad.
Thx.

mORMot Open Source

#1 2021-09-06 10:48:36

Rest HTTP Server, BiDirSocket and SSL

#2 2021-09-06 10:56:31

Re: Rest HTTP Server, BiDirSocket and SSL

#3 2021-09-06 11:28:53

Re: Rest HTTP Server, BiDirSocket and SSL

#4 2021-09-06 11:43:44

Re: Rest HTTP Server, BiDirSocket and SSL

#5 2021-09-06 11:45:36

Re: Rest HTTP Server, BiDirSocket and SSL

#6 2021-09-06 15:56:25

Re: Rest HTTP Server, BiDirSocket and SSL

#7 2021-09-06 16:12:00

Re: Rest HTTP Server, BiDirSocket and SSL

#8 2021-09-06 17:13:37

Re: Rest HTTP Server, BiDirSocket and SSL

#9 2021-09-06 19:52:01

Re: Rest HTTP Server, BiDirSocket and SSL

Board footer