[Seaside] RE: Login form via ssl (https)
Paul DeBruicker
pdebruic at gmail.com
Sun Sep 23 20:51:27 UTC 2012
I'm away from my computer but I think outside of the server definitions I have something to the effect of:
upstream seaside {
127.0.0.1:8080
}
And inside the mySiteDetails.conf there's a location:
location @mySeasideApp {
proxy_pass http://seaside
}
On Sep 23, 2012, at 11:28 AM, Dav <lasmiste at gmail.com> wrote:
> Hi Paul,
> I can't make it work, probably due to my lack of knowledge of nginx
>
> Let's take the signin example. I wrote @mySeasideApp like this:
>
>
>
> That's because my seaside app is running on 8080, but unfortunately when I
> click on the signin anchor, my browser reply: "/signin not found"
> I think that nginx should remove the /signin extrapath when it redirects to
> 8080, but I don't know how.
> Can you help me?
> Thanks
> Dave
>
>
>
>
> Paul DeBruicker wrote
>> I think you can change it with two server definitions in nginx and never
>> mess with Seaside's https/http functionality at all, ever.
>>
>>
>> e.g. If the link is to http://example.com/signin
>> http://example.com/signup or http://example.com/backend and the client
>> attempts to connect via http I rewrite & redirect to https with nginx
>> and pass the request to Seaside. The SSL connections are terminated at
>> Nginx. All my links in my Seaside app are just regular anchors/buttons
>> with plain callbacks. The public site can be accessed via http or
>> https. The sign-in, sign-up and backend portions are always SSL.
>>
>> The signin form link becomes
>>
>> html anchor
>> useBaseUrl;
>> extraPath:'signin';
>> callback:[self showSignin];
>> with:'Sign In'.
>>
>>
>> Once the user authenticates it would seem to make sense to serve them
>> only via SSL for the duration of their session to increase the
>> probability that none of their info leaks. Plus the cost in engineering
>> time to forever maintain a mental model of which links should be secure
>> or not seems high relative to the cost of just the cpu time to just make
>> everything SSL.
>>
>>
>>
>>
>> The Nginx server directives I use are:
>> server {
>>
>> listen 80;
>> include sites-available/mySiteDetails.conf;
>>
>> location ^~ /backend {
>> rewrite ^/(.*)$ https://www.example.com/$1 redirect;
>> }
>>
>> location ^~ /signin {
>> rewrite ^/(.*)$ https://www.example.com/$1 redirect;
>> }
>> location ^~ /signup {
>> rewrite ^/(.*)$ https://www.example.com/$1 redirect;
>> }
>> }
>>
>> server {
>> listen 443 ssl;
>> ssl_certificate /usr/local/nginx/conf/myApp.cert;
>> ssl_certificate_key /usr/local/nginx/conf/myApp.key;
>> include sites-available/mySiteDetails.conf;
>> location ^~ /backend {
>> try_files $uri @mySeasideApp;
>> }
>> location ^~ /signin {
>> try_files $uri @mySeasideApp;
>> }
>> location ^~ /signup {
>> try_files $uri @mySeasideApp;
>> }
>> }
>>
>>
>> Hope this helps
>>
>> Paul
>>
>>
>>
>>
>>
>> On 09/23/2012 09:11 AM, Dav wrote:
>>> Hi Boris,
>>> Actually I have secured and not secured links, and it's a lot of work
>>> change it, so I prefer only to secure login. Is it really so difficult in
>>> seaside?
>>> Cheers
>>> Dave
>>>
>>>
>>> Boris Popov, DeepCove Labs (SNN) wrote
>>>> Any specific reason you don't just want your whole application to be
>>>> SSL-secured?
>>>>
>>>> -Boris
>>>
>>>
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://forum.world.st/Login-form-via-ssl-https-tp4648556p4648566.html
>>> Sent from the Seaside General mailing list archive at Nabble.com.
>>> _______________________________________________
>>> seaside mailing list
>>>
>
>> seaside at .squeakfoundation
>
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>
>>
>> _______________________________________________
>> seaside mailing list
>
>> seaside at .squeakfoundation
>
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
>
>
>
>
> --
> View this message in context: http://forum.world.st/Login-form-via-ssl-https-tp4648556p4648581.html
> Sent from the Seaside General mailing list archive at Nabble.com.
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
More information about the seaside
mailing list