#1 2021-09-06 10:48:36

sakura
Member
From: Germany
Registered: 2018-02-21
Posts: 223
Website

Rest HTTP Server, BiDirSocket and SSL

Hi,

before wanting to add web sockets, I would initialize the http rest server as follows:

  TRestHttpServer.Create('80', RestServer, 'localhost', useHttpApiRegisteringURI, nil, 32, secNone);
  TRestHttpServer.Create('443', RestServer, 'localhost', useHttpApiRegisteringURI, nil, 32, secSSL);

It worked just fine, resolving the http headers with and without SSL.

Changing it to

  TRestHttpServer.Create('80', RestServer, 'localhost', useBidirSocket, nil, 32, secNone);
  TRestHttpServer.Create('443', RestServer, 'localhost', useBidirSocket, nil, 32, secSSL);

it continues to work without SSL just fine, but using SSL it will not work anymore.

The error message (later on reads):
Project MYP.exe raised exception class $C0000005 with message 'access violation at 0x006786e1: read of address 0x00000000'.

The source of the problem seems to be in THttpServer.Process - reading values from http gives back either empty strings (for URL, InContent) or garbage for others (Method, InHeaders)

Cannot really look further, as, it this point, I am kindo out of my depth.

@ab: if you like remote access, let me know ;-)

Env: Running Delphi 10.4 on Windows 10.

Regards,
Daniel

Offline

#2 2021-09-06 10:56:31

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,206
Website

Re: Rest HTTP Server, BiDirSocket and SSL

TLS is not supported directly by our servers.

The idea is to put a reverse-proxy - typically nginx - in front of it.
It is the best for stability and safety for a production environment, and also to use a free certificate like Let's Encrypt.

Offline

#3 2021-09-06 11:28:53

sakura
Member
From: Germany
Registered: 2018-02-21
Posts: 223
Website

Re: Rest HTTP Server, BiDirSocket and SSL

But it worked in mORMot1 with no problems. SSL certs I have and installed according to the mormot1 docs.

Last edited by sakura (2021-09-06 11:29:03)

Offline

#4 2021-09-06 11:43:44

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,206
Website

Re: Rest HTTP Server, BiDirSocket and SSL

With useBidirSocket ?

I doubt it very much.

Offline

#5 2021-09-06 11:45:36

sakura
Member
From: Germany
Registered: 2018-02-21
Posts: 223
Website

Re: Rest HTTP Server, BiDirSocket and SSL

I'll check it, thx. Might just be the right direction. However, just being naughty, as the TRestHttpServer class offers it, why not implement it? :-D

Offline

#6 2021-09-06 15:56:25

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,206
Website

Re: Rest HTTP Server, BiDirSocket and SSL

It offers it for the http.sys server, not for the socket server.

On Windows, it makes sense to use http.sys to publish TLS, but on Linux, it is much better to have a nginx front end, and connect locally over unix sockets.
At least for public services.

If you want to communicate securely between mORMot servers, do not use TLS but our WebSockets encryption layer over binary websockets.

Offline

#7 2021-09-06 16:12:00

sakura
Member
From: Germany
Registered: 2018-02-21
Posts: 223
Website

Re: Rest HTTP Server, BiDirSocket and SSL

ab wrote:

On Windows, it makes sense to use http.sys to publish TLS

So it should work, but doesn't - I only do Windows, never have a Linux system around me. ;-)

Remember, as written above, I had not yet used WebSockets on the project, just wanted to prepare for it, step by step.

ab wrote:

If you want to communicate securely between mORMot servers, do not use TLS but our WebSockets encryption layer over binary websockets.

I need WebSockets for Server-Browser-Communication. Not between mORMot-Servers - not yet anyway.

Regards,
Daniel

Last edited by sakura (2021-09-06 16:12:16)

Offline

#8 2021-09-06 17:13:37

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,206
Website

Re: Rest HTTP Server, BiDirSocket and SSL

useBidirSocket never worked with TLS, even on Windows.

Offline

#9 2021-09-06 19:52:01

sakura
Member
From: Germany
Registered: 2018-02-21
Posts: 223
Website

Re: Rest HTTP Server, BiDirSocket and SSL

Okay, too bad.
Thx.

Offline

Board footer

Powered by FluxBB