s c h e m a t i c s : c o o k b o o k

/ Cookbook.HttpsWebservering

This Web

TOC (with recipes)

Other Webs



Schematics Home
Sourceforge Page
Original Cookbook

Scheme Links

Scheme FAQ
Scheme Cross Reference
Scheme48 SCM
MIT Scheme scsh
JScheme Kawa
Chicken Guile
Bigloo Tiny
Gambit LispMe

Lambda the Ultimate

Using apache as a HTTPS front end for the plt-web server


The plt web-server does not accept HTTPS connections on it's own.


Use apache to proxy the https requests for the plt web-server

First set up the plt web-web server on port 8080. Instructions for that are found here: WebPLTWebServer (http://schemecookbook.org/Cookbook/WebPLTWebServer)

Once that's running (and you've tested that it's working), then install apache2. Apache2 will normally install by default install on port 80 as a http server. Test it by going to http://localhost. you should be able to see the default apache page. Once you can see it, add: LoadModule? ssl_module modules/mod_ssl.so to /etc/apache2/httpd.conf and add the following options to apache2 -D SSL -D SSL_DEFAULT_VHOST {on gentoo this is found in /etc/conf.d/apache2, and looks like: APACHE2_OPTS="-D DEFAULT_VHOST -D SSL -D SSL_DEFAULT_VHOST"} This will load the https extentions, and will hopefully set up the default https page configuration for you. test it by going to https://localhost. If you see the default apache page, then it worked.

Now we need it to send requests to the plt server on port 8080. First, add the following module entries to /etc/apache2/httpd.conf : LoadModule? rewrite_module modules/mod_rewrite.so LoadModule? proxy_module modules/mod_proxy.so LoadModule? proxy_connect_module modules/mod_proxy_connect.so LoadModule? proxy_ftp_module modules/mod_proxy_ftp.so LoadModule? proxy_http_module modules/mod_proxy_http.so

and add the following directory entry to the same file (/etc/apache2/httpd.conf) Options Indexes MultiViews? FollowSymLinks? SymLinksIfOwnerMatch? AllowOverride? None Order allow,deny Allow from all RewriteEngine? On RewriteRule? ^(.*)$ http://localhost:8080/$1 [P]

Now test it by going to: lynx https://localhost/servlets/examples/add.ss Hopefully that works.

If that works, we still have a security issue. Go to https://localhost/servlets/configure.ss . This allows you to reconfigure your system from a webbrowser on the local machine. but since apache proxies the request through localhost, every request looks like it came from the local machine. We can stop this from happening. Do the following commands at the command shell on your system:

bash# ifconfig lo:2 bash# route add -host lo:2

(note, these settings will clear upon reboot. you need to add it to the networking configuration files for your system if you want it to say permanent)

Now, in /etc/apache2/httpd.conf, change the RewriteRule? to look like: RewriteRule? ^(.*)$$1 [P]

So the whole directory entry in /etc/apache2/httpd.conf should now look like: Options Indexes MultiViews? FollowSymLinks? SymLinksIfOwnerMatch? AllowOverride? None Order allow,deny Allow from all RewriteEngine? On RewriteRule? ^(.*)$$1 [P]


Other issues: 1. If you want apache to server pages other then the plt web server, you can change the direcory entry to use ``/plt-ws'' instead of root, and use a filter likeExtFilterDefine plt mode=output cmd="/usr/bin/sed 's/\\/servlets;/\\/plt-ws\\/servlets;/'" However this is non-ideal

2. You may want to make the plt web server so it only responds to, and localhost. (firewall/iptables, or plt config file?)

3. Can/Should localhost confguration be disabled via a plt web-server configuration file?

Comments about this recipe

This article isn't pretty. Everyone should feel free to fix up this article. However, If you want to add platform specific info, please add it as a seperate "alternate platform" thread, instead of breaking the current commands ;)


-- TempOne - 29 Nov 2005

TopicType: Recipe
ParentTopic: WebRecipes
TopicOrder: 055

Copyright © 2004 by the contributing authors. All material on the Schematics Cookbook web site is the property of the contributing authors.
The copyright for certain compilations of material taken from this website is held by the SchematicsEditorsGroup - see ContributorAgreement & LGPL.
Other than such compilations, this material can be redistributed and/or modified under the terms of the GNU Lesser General Public License (LGPL), version 2.1, as published by the Free Software Foundation.
Ideas, requests, problems regarding Schematics Cookbook? Send feedback.
/ You are Main.guest