Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 10 of 16 total
Thread EWB server / SSL & PHP..
Mon, Mar 16 2015 12:43 AMPermanent Link

Bruno Larochelle

I have a web application that currently uses this infrastructure :

1. Uses Microsoft IIS to do the HTML (and some PHP) processing. (HTTP, port 80)
2. Uses the EWB server to do the datasets. (HTTP, port 8088)

This is working fine.

Now, I would like to secure the data with SSL. I've done simple testing with 'stunnel' (www.stunnel.org) and that seems to work fine with the EWB server. (443 -> 80)

However, so far, I've not been able to have an HTTP (port 80) server (IIS) doing the forms and an HTTPS (port 443 -> 8088) server (EWB server) doing the data. I thought it was worth a try, but I realized I was probably asking a bit much..

The obvious answer now would be to drop IIS and just use the EWB server for both HTML and data, using HTTPS and 'stunnel'.

But.. on occasion, I want PHP to do some back-end processing (data retrieval from other servers, launch processes etc). That was easy with IIS as it supported it. But I gather the EWB server does not have PHP processing ability.

Any suggestions on the best / easiest path forward? Or do I just have to bite the bullet and 'teach' IIS how to handle the datasets (JSON etc)? Or should I explore the 'php datasets' (I've seen this in the example provided with EWB but have not explored in depth). Or something else altogether..

Basically, I want to have a web server that provides PHP support, all the while being able to secure my EWB data with SSL. On a windows based server.

thanks for giving it some thought!

Bruno
Logiciels Bitwise Software
Edmonton, AB, Canada
Mon, Mar 16 2015 5:12 AMPermanent Link

Matthew Jones

Bruno Larochelle wrote:

> However, so far, I've not been able to have an HTTP (port 80) server
> (IIS) doing the forms and an HTTPS (port 443 -> 8088) server (EWB
> server) doing the data. I thought it was worth a try, but I realized
> I was probably asking a bit much..

What is actually failing? What error messages? This sounds like the
security thing where the browser won't allow you to access data from
one site in a page served from another (the port counts as different
too). But you can tell the browser this is okay using some server
setting I forget. [fx: digs up code] Hmm, search about
Access-Control-Allow-Origin and the * value, which needs to be in the
server config. I used this to do direct REST to a different server from
my EWB code. If you search back in past messages here, you will see the
discussions.

--

Matthew Jones
Mon, Mar 16 2015 9:00 AMPermanent Link

Bruno Larochelle

"Matthew Jones" wrote:

Bruno Larochelle wrote:

> However, so far, I've not been able to have an HTTP (port 80) server
> (IIS) doing the forms and an HTTPS (port 443 -> 8088) server (EWB
> server) doing the data. I thought it was worth a try, but I realized
> I was probably asking a bit much..

What is actually failing? What error messages? This sounds like the
security thing where the browser won't allow you to access data from
one site in a page served from another (the port counts as different
too). But you can tell the browser this is okay using some server
setting I forget. [fx: digs up code] Hmm, search about
Access-Control-Allow-Origin and the * value, which needs to be in the
server config. I used this to do direct REST to a different server from
my EWB code. If you search back in past messages here, you will see the
discussions.

--

Matthew Jones


thanks Matthew for the prompt reply

i will have to investigate deeper, the client (browser) gives a 'dataset load response error', and stunnel.log does not indicate anything at all.

i will look at the browser settings.. but if i understand correctly that is something that would have to be set on any client.. which could be problematic

i may also try running this : html served with IIS on https (443) and data served with EWB on https (444 -> 8088). My first tests were using http/IIS for the html and https/EWB for the data.

anyway, thanks again, and i will do some searching on the forum for the REST discussion, as you suggested

regards.. Bruno
Logiciels Bitwise Software
Edmonton, AB, Canada
Mon, Mar 16 2015 9:25 AMPermanent Link

Matthew Jones

Bruno Larochelle wrote:

> but if i understand correctly that is something that would have to be
> set on any client.. which could be problematic

Then you don't! 8-) This is a server side thing. The server says it is
okay for the data to be accessed from other sites. I can't remember
whether it is the HTML server or the data server. Probably the data
server given we had to configure the Azure service. But once done, it
will all work properly for all clients.

--

Matthew Jones
Mon, Mar 16 2015 10:10 AMPermanent Link

Raul

Globestar Systems

Team Elevate Team Elevate

On 3/16/2015 12:43 AM, Bruno Larochelle wrote:
> However, so far, I've not been able to have an HTTP (port 80) server (IIS) doing the forms and an HTTPS (port 443 -> 8088) server (EWB server) doing the data. I thought it was worth a try, but I realized I was probably asking a bit much..

Like Matthew said it's"Cross-Origin Resource Sharing" (CORS) issue so
make sure in your EWB server you have this option checked (it's under
Content tab).

However since you have been able to use it in plain text mode i'm
guessing it is already on.

The other issue you will have is certificates - are you using
self-signed or CA issued ?

Even if you're using CA issued make sure you actually connect using the
full DNS name that is specified in the certificate (do not use IP etc).

Any CORS type requests will not prompt for any SSL errors but simply fail.

Raul


Mon, Mar 16 2015 3:45 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Bruno,

<< However, so far, I've not been able to have an HTTP (port 80) server
(IIS) doing the forms and an HTTPS (port 443 -> 8088) server (EWB server)
doing the data. I thought it was worth a try, but I realized I was probably
asking a bit much..  >>

If IIS is listening on port 443 for secure connections, then you will have
an issue with STunnel also listening on that port.  However, you should see
an error in STunnel's logs if it's having any issues listening on port 443.

Tim Young
Elevate Software
www.elevatesoft.com
Tue, Mar 17 2015 12:09 AMPermanent Link

Bruno Larochelle

"Tim Young [Elevate Software]" wrote:

Bruno,

<< However, so far, I've not been able to have an HTTP (port 80) server
(IIS) doing the forms and an HTTPS (port 443 -> 8088) server (EWB server)
doing the data. I thought it was worth a try, but I realized I was probably
asking a bit much..  >>

If IIS is listening on port 443 for secure connections, then you will have
an issue with STunnel also listening on that port.  However, you should see
an error in STunnel's logs if it's having any issues listening on port 443.

Tim Young
Elevate Software
www.elevatesoft.com


thank you kindly Mathew, Raul and Tim

Although I've not yet gotten this to work, I am hobbling down the path.

I did enabled CORS on IIS now (thanks Mathew), my EWB server already had this checked off (thanks Raul)

I had already disable my IIS listening to 443, and sTunnel appears to be working on simple tests (thanks Tim)

I'm using a self-signed certificate, and I do get prompted by the server in my simple tests (EWB only with https, 443->8088).

But when I'm trying to mix http (80, IIS listening) for the html with https (443->8088, EWB listening) for the data .. then I get a message that permission is denied (when trying to load data)

Hey.. I'm learning a lot! I'll report back when I get further along. Maybe I just got something else wired up incorrectly and have not noticed yet.

kind regards to this wonderful group for the generous help!

.. Bruno
Logiciels Bitwise Software
Edmonton, AB, Canada
Tue, Mar 17 2015 12:10 AMPermanent Link

Bruno Larochelle

Bruno Larochelle wrote:

MaTThew.. sorry! Smile
Logiciels Bitwise Software
Edmonton, AB, Canada
Tue, Mar 17 2015 4:49 AMPermanent Link

Matthew Jones

Bruno Larochelle wrote:

> MaTThew.. sorry! Smile

I've been called much worse! 8-)

--

Matthew Jones
Tue, Mar 17 2015 8:50 AMPermanent Link

Raul

Globestar Systems

Team Elevate Team Elevate

On 3/17/2015 12:09 AM, Bruno Larochelle wrote:
> I'm using a self-signed certificate, and I do get prompted by the server in my simple tests (EWB only with https, 443->8088).

Bruno,

For the duration of the testing i would suggest you add your
self-signing CA to your browser/OS trusted CA list so you do not get
prompted. This way you know it's not self-signed cert issues (and you
can then remove it once it all works and if issue reappears you know
what it is).

The other suggestion is to use the use the debugging tools in the
browser to see what actually happens underneath. All major browsers have
very powerful debugging/developer tools built-in

Please do let us know how it goes.

Raul
Page 1 of 2Next Page
Jump to Page:  1 2
Image