[Seaside] stunnel secure access to seaside on Windows Server 2003
(IIS 6)
Philippe Marschall
philippe.marschall at gmail.com
Sun Jan 6 17:20:44 UTC 2008
2008/1/5, Rainer Keller <driverwriter at mac.com>:
> Hello all,
>
> This is my first post to this list and I am not an expert on either
> squeak, seaside or server administration, but I did some research
> before posting, so please bear with me :)
>
> I did a setup of the "one-click" version of squeak seaside on my home
> SBS server. I found a nice post about the headless setup as a service
> and got to the point that I can access my seaside from my client
> computers behind the Windows Server firewall (my intranet).
>
> Now I would like to allow (mostly myself) to access the seaside site
> from outside the firewall as well similar to my main website and other
> services. Just allowing port 8080 to go through the firewall seemed a
> bit risky as all information to and from seaside is unencrypted
> (right??), although i did setup a separate user for seaside with
> minimal rights and the service is running seaside under that account.
Right, all traffic in unencrypted, this includes forms and passwords.
> My original idea was to use stunnel, similar to how I allow smtps to
> my server:
> Basically I setup stunnel to accept secure connections on some port
> and forward it to 8080 which seaside is listening to. That works for
> the initial pages nicely, but when I am following links like
> "examples" seaside (or some part of the package) replaces the https:
> in the URL again with an http.
Seaside itself is no webserver, it can not do https. These settings
are only for the urls generated by Seaside, eg. the <a href="" stuff
in the html. They do not affed the web server in any way. You'd need
them for example if you run Seaside behind some proxies for example.
> I found that under Configure I can set https and a port, but I am
> confused as the default port there is 80 and not the 8080 that the
> server is actually responding to. And by default nothing is configured
> there but the links work nicely from the intranet.
>
> I also found an old post that was talking about using apache as a true
> proxy server, but that seems a bit overkill, as the seaside server
> quite nicely remembers a port that I specify in my original URL and
> remembers the hostname as well, so I am hoping that I am just missing
> something and can easily make it remember the "https:" from my first
> request URL as well.
IMHO using a reverse proxy is the way to go. Most people use Apache so
you'll naturally find most information about it. However since you
already have a webserver (IIS) installed, I'd rather use this one as a
reverse proxy than install an other one.
Cheers
Philippe
> So here are my questions:
> - Is there a "configuration how to" that I missed when browsing the
> site?
> - Or is there a way to actually search the previous posts about
> seaside (I can read the archives, but I haven't figured out how to
> search with gmane or pipermail.
> - Or can somebody tell me the little trick that I need to achive what
> I want (I hope my post is not too convoluted, I am not a native eglish
> speaker and may be put too much information in this).
> - Or can somebody give me a hint where to look for the URL generation
> in the code. I haven't searched yet as I am still trying to grasp
> basics of Pier and some more of Squeak itself.
>
> Best Regards
> Rainer Keller
> - in search for the ultimate software platform to replace my index
> cards with...
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
More information about the seaside
mailing list