Omnis App Server HTTPS

Phil (OmnisList) phil at pgpotter.co.uk
Fri Dec 9 17:22:19 UTC 2022 

As I understand Xavier,

His Omnis machine is not on the web server machine, or a local network 
from the Web Server, but on a web accessed machine, which he needs to 
use an encrypted connection.

Thus he is asking for encrypting between the web server and Omnis, which 
I have never heard of... except maybe via a VPN connection...

regards
Phil Potter
Based in Chester in the UK.

On 09/12/2022 16:41, Doug Easterbrook via omnisdev-en wrote:
> hi Alain,
>
> I agree with you.
>
>
> We use Nginx for all our web services that involve omnis.   It is built for speed, security and routing stuff..
>
>
> It means we embed it on every machine (much like you are suggesting) and thats how we get encryption outside networks AND inside networks.
>
>
> there is little point encrypting traffic after the Nginx server on a machine to an omnis server on the same machine.   If a bad guy has broached that machine and are watching traffic from one port to another, they have already compromised the machine and you are in a bad place already
>
>
>
> note:   replace Apache for Nginx in the above text if that is your preference for web servers.
>
>
>
>
>
> Doug Easterbrook
> Arts Management Systems Ltd.
> mailto:doug at artsman.com
> http://www.artsman.com
> Phone (403) 650-1978
>
>> On Dec 9, 2022, at 8:04 AM, Alain Stouder Omnis<omnis at smartway.ch>  wrote:
>>
>> Normally the omnisapi/cgibin redirector forwards the requests to Omnis in the server space.
>>
>> Apache, IIS or any web server that supports cgi handles http/s and the certificates part with the client side.
>>
>> I don’t see why the data forwarded to Omnis from the web server to your app server needs another separate encryption.
>>
>> The only security issue is the Omnis port which must open but restricted via some firewall settings.
>>
>>>> Learn something new every day !
>>
>>> On 9 Dec 2022, at 16:07, Phil (OmnisList)<phil at pgpotter.co.uk>  wrote:
>>>
>>> Xavier,
>>>
>>> Ok, not used such a deployment, clearly.
>>>
>>> Maybe this is one for Omnis themselves?
>>>
>>> Presumably it would need to be part of mod_omnis.so or nph-omniscgi if its present at all...
>>>
>>> regards
>>> Phil Potter
>>> Based in Chester in the UK.
>>>
>>>> On 09/12/2022 14:49, IT wrote:
>>>> Hi Phil,
>>>>
>>>> The Omnis web server resides in one host in the company and Apache web server is in another host in internet service provider.
>>>>
>>>> The connection is performed via internet.
>>>>
>>>> So, all data between omnis and Apache is not encrypted and is insecure.
>>>>
>>>> I have Omnis to Postgresql encrypted, Apache to client encrypted but Omnis to Apache no avail.
>>>>
>>>> There are one important requirement in this deployment. *ALL* connections must be encrypted. End to end encryption.
>>>>
>>>> regards
>>>>
>>>> xavier
>>>>
>>>>
>>>>>> El 9 dic 2022, a las 15:13, Phil (OmnisList)<phil at pgpotter.co.uk>   escribió:
>>>>> Xavier,
>>>>>
>>>>> So, are the web services and rest api going through the Apache webserver?
>>>>>
>>>>> In which case, why do you need HTTPS from Apache to Omnis?
>>>>>
>>>>> and if your not going through Apache to Omnis, why not?
>>>>>
>>>>> Don't you want a full blown apache web server as the first line of defence from the outside world? That can also handle HTTPS...
>>>>>
>>>>> To my recollection, except on dev machines, we always go through a full web server so we can get https and other security measures.
>>>>>
>>>>> regards
>>>>> Phil Potter
>>>>> Based in Chester in the UK.
>>>>>
>>>>> On 09/12/2022 10:33, IT wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I’m developing some web services in Omnis, compound of web server and restful api server.
>>>>>>
>>>>>> I need that all communications end to end are encrypted, but I’m unable how to force that Omnis App Server accepts https connections.
>>>>>>
>>>>>> I can set up web server Apache to use https easily but not Omnis App Server.
>>>>>>
>>>>>> HTTP Worker Client allow you to set up $setsecureoptions() but no similar settings for server side of Omnis App Server
>>>>>> I’m looking in the Remote Task properties, that I thought it mus’t be, but I can't find any where to set the certificate and key files to use.
>>>>>>
>>>>>> Very estrange that Omnis can’t serve over https nowadays, sure I’m missing something.
>>>>>>
>>>>>> Any one know how to enable SSL in Omnis App Server? Any clue?
>>>>>>
>>>>>> Thank you in advance.
>>>>>>
>>>>>> Xavier
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _____________________________________________________________
>>>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com    
>>>>> _____________________________________________________________
>>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com   
>>>> _____________________________________________________________
>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com   
>>> _____________________________________________________________
>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com  
>> _____________________________________________________________
>> Manage your list subscriptions athttps://lists.omnis-dev.com
>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com  
> _____________________________________________________________
> Manage your list subscriptions athttps://lists.omnis-dev.com
> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com

More information about the omnisdev-en mailing list