You are not logged in.
Since the beginning, we delegated the TLS encryption support to a reverse proxy server, mainly Nginx. Under Windows, you could setup the http.sys HTTPS layer as usual, as a native - even a bit complicated - solution.
Nginx has several advantages, the first being a proven and efficient technology, with plenty of documentation and configuration tips. It interfaces nicely with Let's Encrypt, and is very good for any regular website, using static content and PHP. This very blog and the Synopse web site is hosted via Ngnix on a small Linux server.
But in mORMot 2, we introduced a new set of asynchronous web server classes. So stability and performance are not a problem any more. Some benchmarks even consider this server to be faster than nginx (the stability issue mentioned in this post has been fixed in-between).
We just introduced TLS support of our socket-based servers, both the blocking and asynchronous classes. It would use OpenSSL if available, or the SChannel API layer of Windows. Serving HTTPS or WSS with a self-signed certificate is just a matter of a single parameter now, and performance seems pretty good, especially with OpenSSL.
This is the discussion forum thread for the following blog article:
https://blog.synopse.info/?post/2022/07 … WebSockets
Offline
Great job and congratulations!
Delphi XE4 Pro on Windows 7 64bit.
Lazarus trunk built with fpcupdelux on Windows with cross-compile for Linux 64bit.
Offline
Another excellent step ahead!
Is the server side ready for Android, IOS?
(I know, who runs a server on mobile? But in some of my use cases it does make sense. )
Last edited by Leslie7 (2022-07-10 07:49:45)
Offline
After updating mORMot2 (last version was from April or May) I get errors (10053) when using remote-logger under Win32/Delphi 10.4.
The remote-logger runs on the same Win2019 machine as the mORMot2 service.
Under linux/fpc I can't see this error.
Perhaps the remote-logger is closing the socket because of a wrong header. Let me know if I can test something. The remote-logger is compiled from the samples of mORMot1.
Offline
@Leslie7
It should work with Android with FPC, because at least it compiles with it - but I didn't test the result.
@daniel
Weird, can you debug a little more and see what may be wrong?
What is the exact header issue?
Are you sure the sent header supplied is in the write format? (try with trim and with trim + #13#10)
Offline
The header is always empty (='').
In mormot.net.sock line 3442 F.BufPtr has following value:
'HTTP/1.1 200 OK'#$D#$A'X-Powered-By: mORMot 1.18 synopse.info'#$D#$A'Server: mORMot (Windows)'#$D#$A'Content-Length: 0'#$D#$A'Content-Type: application/json; charset=UTF-8'#$D#$A'Accept-Encoding: synlz,gzip'#$D#$A'Connection: Keep-Alive'#$D#$A#$D#$A'0627055'
and size is 1024 (always).
In error case sock has following value:
($3A8, '127.0.0.1', '8091', '', '', $36EE460, nil, 30000, 91406, 134278, nil, 0, False, nlTcp, 'PUT /LogService/RemoteLog HTTP/1.1'#$D#$A'Host: 127.0.0.1:8091'#$D#$A'Accept: */*'#$D#$A'User-Agent: Mozilla/5.0 (Win; mORMot 2.0.3606 HCS)'#$D#$A'Keep-Alive: 20000'#$D#$A'Connection: Keep-Alive'#$D#$A'Content-Length: 24'#$D#$A'Content-Type: application/json; charset=UTF-8'#$D#$A#$D#$A'20220711 07315309 + '#9'02.498.812'#$D#$A'20220711 07303732 - 02.498.840Answer Interface=200 out=15 B in 2.49s'#$D#$A'20220711 07303732 ret '#9#9'mormot.rest.server.TRestServerRoutingRest(0a167520) {"result":[[]]}swer in=75 B'#$D#$A'20220711 07303501 call '#9#9'uRestServerDB.TSOneRestServerDB(03028dd0) IIntranet.PollWebRTCAnswer{"Params":{"user":"daniel","accesskey":"fc4eb1e37cf603a315a40e13e533c3a6"}} ENetSock {Message:"THttpClientSocket.SockRecvLn error 10053 after 0 chars"} [TRemoteLog LogService] at 6ac915 '#$D#$A'20220711 07241519 srvr '#9#9' 192.168.1.214 POST root/Intranet.PollWebRTCAnswer Interface=200 out=15 B in 23.03s'#$D#$A'20220711 07241519 ret '#9#9'mormot.rest.server.TRestServerRoutingRest(0a167520) {"result":[[]]}'#$D#$A'20220711 07241519 - '#9'23.037.594'#$D#$A'20220711 07241519 - 23.037.624cf603a315a40e13e533c3a6"}}'#$D#$A'20220711 06555037 srvr '#9#9' 192.168.1.214 POST root/Intranet.PollWebRTCAnswer Interface=200 out=15 B in 4.81ms'#$D#$A'20220711 06555037 ret '#9#9'mormot.rest.server.TRestServerRoutingRest(0a1670a0) {"result":[[]]}'#$D#$A'20220711 06555037 - '#9'00.004.826'#$D#$A'20220711 06555037 - 00.004.851'#$D#$A'20220711 06562747 EXC ENetSock {Message:"THttpClientSocket.SockRecvLn error 10053 after 0 chars"} [TRemoteLog LogService] at 6ac915 [TRemoteLog LogService] at 6ac915 0220711 06512160 - '#9'00.654.069'#$D#$A'20220711 06512160 - 00.654.089'#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0
In such cases len = -1 (line 1858 mormot.net.sock)
Perhaps it has nothing to do with updates of mORMot2, but with the body of my request. But I don't know how to get it.
Last edited by danielkuettner (2022-07-11 08:59:08)
Offline
Now I've debugged in LogViewer and first, procedure THttpServerResp.Execute was called periodically, but after I've added a log entry for it, it won't called for a while and the error 10053 is also away in that time window. After it will be called, error 10053 is coming up.
Last edited by danielkuettner (2022-07-11 16:06:12)
Offline
This is wonderful, congratulations and thanks.
I have a server running over http.sys on windows, but I'm starting a move to linux and I intend to use mormot 2. It really looks like fantastic.
One problem I have with htttp.sys is not being able to use more than one certificate on the same IP/port. So I use lets encrypt to issue certs with multiple domains. This works, but my clients don't really like to share the certificate.
Is there any way to solve this with mormot 2?
Example:
domain-A.com -> use cert 1 for [domain-A.com, blog.domain-A.com, api.domain-A.com]
api.domain-A.com -> use cert 1 for [domain-A.com, blog.domain-A.com, api.domain-A.com]
domain-B.com -> use cert 2 for [domain-B.com]
Offline
Isn't it a http.sys routing and TLS issue?
I guess you should search the net about this, and I am sure you may find the solution.
Within mORMot, there is no such thing as a certificate for http.sys.
Or do you mean that you want a single mORMot 2 server on Linux publishing several domains?
In this case, I would use nginx as reverse proxy front-end, and communicate over Posix Sockets between nginx and mORMot.
Such a configuration is easy with nginx, including Let's Encrypt support.
Offline
Yes, I want a single mormot server on linux. In that case I will use nginx as you suggested. I was just curious to know if it's possible, mainly due to mormot's excellent performance.
Offline
...
In this case, I would use nginx as reverse proxy front-end, and communicate over Posix Sockets between nginx and mORMot.
Such a configuration is easy with nginx, including Let's Encrypt support.
Ab, I'm following your advice and studying nginx... Do you think FastCGI is a way to go?
Offline
Ab, I'm following your advice and studying nginx... Do you think FastCGI is a way to go?
Better use Caddy Server. Caddy is fast, secure and easy to configure. Write the following caddyfile:
yourdomain.com {
reverse_proxy localhost:12345
}
Then run the mORMot server on this port. With these lines everything runs over https. Caddy automatically gets a certificate from Let's Encrypt and also manages (renews) it.
With best regards
Thomas
Offline
...
Better use Caddy Server. Caddy is fast, secure and easy to configure. Write the following caddyfile:yourdomain.com { reverse_proxy localhost:12345 }
Then run the mORMot server on this port. With these lines everything runs over https. Caddy automatically gets a certificate from Let's Encrypt and also manages (renews) it.
With best regards
Thomas
Thank you Thomas. I had never heard of it before but looks quite interesting! Is the performance comparable to nginx?
Offline
Is the performance comparable to nginx?
I have not done my own tests on this and before Caddy I only had experience with Apache. I have read reports that Nginx was slightly ahead of Caddy. My own opinion is that Caddy is very fast and easy to administer. That is the most important thing for me.
With best regards
Thomas
Last edited by tbo (2022-07-31 19:24:24)
Offline
Interesting, especially for auto renewing from LetsEncrypt, does it work on Windows as well?
Offline
Interesting, especially for auto renewing from LetsEncrypt, does it work on Windows as well?
I also have a server running Window Server 2019 and have not encountered any problems. Caddy manages certificates completely by itself. I have never had to worry about it. Before I had to do every single step myself. Caddy is brilliant.
With best regards
Thomas
Offline