Omnis App Server HTTPS

Wayne Germann wgermann at PACIFIC.EDU
Fri Dec 9 17:28:54 UTC 2022 

I have never heard of that either.   As far as I know, the ssl has to be on the same machine as omnis.

Sent from my iPhone

> On Dec 9, 2022, at 9:22 AM, Phil (OmnisList) <phil at pgpotter.co.uk> wrote:
> 
> CAUTION: This email originated from outside of Pacific. Do not click any links or open attachments if this is unsolicited email.
> 
> As I understand Xavier,
> 
> His Omnis machine is not on the web server machine, or a local network
> from the Web Server, but on a web accessed machine, which he needs to
> use an encrypted connection.
> 
> Thus he is asking for encrypting between the web server and Omnis, which
> I have never heard of... except maybe via a VPN connection...
> 
> regards
> Phil Potter
> Based in Chester in the UK.
> 
>> On 09/12/2022 16:41, Doug Easterbrook via omnisdev-en wrote:
>> hi Alain,
>> 
>> I agree with you.
>> 
>> 
>> We use Nginx for all our web services that involve omnis.   It is built for speed, security and routing stuff..
>> 
>> 
>> It means we embed it on every machine (much like you are suggesting) and thats how we get encryption outside networks AND inside networks.
>> 
>> 
>> there is little point encrypting traffic after the Nginx server on a machine to an omnis server on the same machine.   If a bad guy has broached that machine and are watching traffic from one port to another, they have already compromised the machine and you are in a bad place already
>> 
>> 
>> 
>> note:   replace Apache for Nginx in the above text if that is your preference for web servers.
>> 
>> 
>> 
>> 
>> 
>> Doug Easterbrook
>> Arts Management Systems Ltd.
>> mailto:doug at artsman.com
>> http://www.artsman.com
>> Phone (403) 650-1978
>> 
>>>> On Dec 9, 2022, at 8:04 AM, Alain Stouder Omnis<omnis at smartway.ch>  wrote:
>>> 
>>> Normally the omnisapi/cgibin redirector forwards the requests to Omnis in the server space.
>>> 
>>> Apache, IIS or any web server that supports cgi handles http/s and the certificates part with the client side.
>>> 
>>> I don’t see why the data forwarded to Omnis from the web server to your app server needs another separate encryption.
>>> 
>>> The only security issue is the Omnis port which must open but restricted via some firewall settings.
>>> 
>>>>>> Learn something new every day !
>>> 
>>>> On 9 Dec 2022, at 16:07, Phil (OmnisList)<phil at pgpotter.co.uk>  wrote:
>>>> 
>>>> Xavier,
>>>> 
>>>> Ok, not used such a deployment, clearly.
>>>> 
>>>> Maybe this is one for Omnis themselves?
>>>> 
>>>> Presumably it would need to be part of mod_omnis.so or nph-omniscgi if its present at all...
>>>> 
>>>> regards
>>>> Phil Potter
>>>> Based in Chester in the UK.
>>>> 
>>>>> On 09/12/2022 14:49, IT wrote:
>>>>> Hi Phil,
>>>>> 
>>>>> The Omnis web server resides in one host in the company and Apache web server is in another host in internet service provider.
>>>>> 
>>>>> The connection is performed via internet.
>>>>> 
>>>>> So, all data between omnis and Apache is not encrypted and is insecure.
>>>>> 
>>>>> I have Omnis to Postgresql encrypted, Apache to client encrypted but Omnis to Apache no avail.
>>>>> 
>>>>> There are one important requirement in this deployment. *ALL* connections must be encrypted. End to end encryption.
>>>>> 
>>>>> regards
>>>>> 
>>>>> xavier
>>>>> 
>>>>> 
>>>>>>> El 9 dic 2022, a las 15:13, Phil (OmnisList)<phil at pgpotter.co.uk>   escribió:
>>>>>> Xavier,
>>>>>> 
>>>>>> So, are the web services and rest api going through the Apache webserver?
>>>>>> 
>>>>>> In which case, why do you need HTTPS from Apache to Omnis?
>>>>>> 
>>>>>> and if your not going through Apache to Omnis, why not?
>>>>>> 
>>>>>> Don't you want a full blown apache web server as the first line of defence from the outside world? That can also handle HTTPS...
>>>>>> 
>>>>>> To my recollection, except on dev machines, we always go through a full web server so we can get https and other security measures.
>>>>>> 
>>>>>> regards
>>>>>> Phil Potter
>>>>>> Based in Chester in the UK.
>>>>>> 
>>>>>> On 09/12/2022 10:33, IT wrote:
>>>>>>> Hi,
>>>>>>> 
>>>>>>> I’m developing some web services in Omnis, compound of web server and restful api server.
>>>>>>> 
>>>>>>> I need that all communications end to end are encrypted, but I’m unable how to force that Omnis App Server accepts https connections.
>>>>>>> 
>>>>>>> I can set up web server Apache to use https easily but not Omnis App Server.
>>>>>>> 
>>>>>>> HTTP Worker Client allow you to set up $setsecureoptions() but no similar settings for server side of Omnis App Server
>>>>>>> I’m looking in the Remote Task properties, that I thought it mus’t be, but I can't find any where to set the certificate and key files to use.
>>>>>>> 
>>>>>>> Very estrange that Omnis can’t serve over https nowadays, sure I’m missing something.
>>>>>>> 
>>>>>>> Any one know how to enable SSL in Omnis App Server? Any clue?
>>>>>>> 
>>>>>>> Thank you in advance.
>>>>>>> 
>>>>>>> Xavier
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> _____________________________________________________________
>>>>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com
>>>>>> _____________________________________________________________
>>>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com
>>>>> _____________________________________________________________
>>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com
>>>> _____________________________________________________________
>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com
>>> _____________________________________________________________
>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com
>> _____________________________________________________________
>> Manage your list subscriptions athttps://lists.omnis-dev.com
>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com
> _____________________________________________________________
> Manage your list subscriptions at https://lists.omnis-dev.com
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com

More information about the omnisdev-en mailing list