Omnis App Server HTTPS
IT
it at plastipol.com
Mon Dec 12 15:58:56 UTC 2022
Hi Bruno,
Thank you for you detailed Apache configuration.
I don’t want to use Omnis as web server. I want that Omnis communicate with Apache web server in another machine hosted in internet using https.
Because Omnis Server doesn’t support output https I will use a local Apache server installed in the same machine that Omnis Server that will communicate with internet real web server using https.
Thank you all for your assistance.
regards
xavier
> El 10 dic 2022, a las 10:01, Bruno Del Sol <bruno.delsol at bydesign.fr> escribió:
>
> Hi Xavier,
>
> Short answer is no. Using Omnis as your web server is not recommended, it is slow, and provides only a small set of features compared to a real http server. The recommended installation for Omnis Server is
>
> - always put apache on the host where Omnis resides to serve the static assets and Omnis
> - use an apache proxy in apache to insulate Omnis REST from the web as in
>
> httpd.conf
> -------------
>
> <VirtualHost *:443>
> ServerName www.xavier.com
> ...
> </VirtualHost>
>
> #proxy Apache modules
> LoadModule proxy_module lib/httpd/modules/mod_proxy.so
> LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
>
> # proxy timeout 10 minutes is needed for longish Omnis report printing
> ProxyTimeout 600
>
> <Location /omnisrest >
> SetHandler omnisrest
> </Location>
>
> <Location /myrestservice/ >
> ProxyPass http://127.0.0.1/omnisrest/ws/5990/api/
> ProxyPassReverse http://127.0.0.1/omnisrest/ws/5990/api/
> </Location>
>
> # now omnis is accessible from the internet at https://www.xavier.com/myrestservice/
> # as in https://www.xavier.com/myrestservice/MyLibrary/MyRemoteTask/MyUri
>
>
> This way you will be able to handle any kind of SSL or network complex setup within Apache, and pass only raw http to Omnis REST. By totally decoupling the network setup from the Omnis setup, it will greatly ease your dev and deploy phases.
>
> HTH
> Regards
> Bruno
>
> By Design
> http://www.bydesign.fr
> Bruno Del Sol
> bruno.delsol at bydesign.fr
> 46, rue de La Tour d'Auvergne
> 75009 Paris (France)
>
> Le 09/12/2022 à 21:33, IT a écrit :
>> Hi all,
>>
>> Forget any other pieces of the puzzle. No webserver, no SSH tunnels, no VPNs. All this is not in the scope of the question.
>>
>> Omnis acts as a web server or restful server and can serve http content.
>>
>> My question was, Omnis can serve https content ?
>>
>> I’m seeing that it can’t.
>>
>> Thank you all for your advices.
>>
>> regards
>>
>> xavier
>>
>>
>>
>>
>>> El 9 dic 2022, a las 20:07, Ben Butler <760.f563 at gmail.com> escribió:
>>>
>>> Hi,
>>>
>>> Just to add bonkers options:
>>>
>>> Https to web server A
>>> Web server A passes to local script 1 that hanfles the REST GET/POST
>>> Script 1 establishes SSH tunnel to server B anywhere on Internet, tha pipes
>>> curl http request into the encrypted SSH tunnel to server B
>>> server B handles the http un encrypted request to local Omnis server and
>>> issues response.
>>> Server A receives the response from server B through the SSH tunnel and
>>> replies to original client over its Https connection.
>>>
>>> Ben
>>>
>>>
>>> On Fri, 9 Dec 2022, 18:40 Miguel Garcia, <miguel.garcia at roig.com> wrote:
>>>
>>>> Hi Xavier,
>>>>
>>>> Alternatively, you can install nginx in Omnis web server host and
>>>> redirect https calls from Apache web server to http calls for Omnis web
>>>> server through nginx.
>>>>
>>>> We resolve all https calls to rest webservices through nginx. It works
>>>> fine. The nginx server and the Omnis Web server are on the some network
>>>> segment.
>>>>
>>>> I hope this helps you.
>>>>
>>>> Best regards.
>>>>
>>>> El 9/12/22 a las 15:49, IT escribió:
>>>>> Hi Phil,
>>>>>
>>>>> The Omnis web server resides in one host in the company and Apache web
>>>> server is in another host in internet service provider.
>>>>> The connection is performed via internet.
>>>>>
>>>>> So, all data between omnis and Apache is not encrypted and is insecure.
>>>>>
>>>>> I have Omnis to Postgresql encrypted, Apache to client encrypted but
>>>> Omnis to Apache no avail.
>>>>> There are one important requirement in this deployment. *ALL*
>>>> connections must be encrypted. End to end encryption.
>>>>> regards
>>>>>
>>>>> xavier
>>>>>
>>>>>
>>>>>> El 9 dic 2022, a las 15:13, Phil (OmnisList)<phil at pgpotter.co.uk>
>>>> escribió:
>>>>>> Xavier,
>>>>>>
>>>>>> So, are the web services and rest api going through the Apache
>>>> webserver?
>>>>>> In which case, why do you need HTTPS from Apache to Omnis?
>>>>>>
>>>>>> and if your not going through Apache to Omnis, why not?
>>>>>>
>>>>>> Don't you want a full blown apache web server as the first line of
>>>> defence from the outside world? That can also handle HTTPS...
>>>>>> To my recollection, except on dev machines, we always go through a full
>>>> web server so we can get https and other security measures.
>>>>>> regards
>>>>>> Phil Potter
>>>>>> Based in Chester in the UK.
>>>>>>
>>>>>> On 09/12/2022 10:33, IT wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I’m developing some web services in Omnis, compound of web server and
>>>> restful api server.
>>>>>>> I need that all communications end to end are encrypted, but I’m
>>>> unable how to force that Omnis App Server accepts https connections.
>>>>>>> I can set up web server Apache to use https easily but not Omnis App
>>>> Server.
>>>>>>> HTTP Worker Client allow you to set up $setsecureoptions() but no
>>>> similar settings for server side of Omnis App Server
>>>>>>> I’m looking in the Remote Task properties, that I thought it mus’t be,
>>>> but I can't find any where to set the certificate and key files to use.
>>>>>>> Very estrange that Omnis can’t serve over https nowadays, sure I’m
>>>> missing something.
>>>>>>> Any one know how to enable SSL in Omnis App Server? Any clue?
>>>>>>>
>>>>>>> Thank you in advance.
>>>>>>>
>>>>>>> Xavier
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _____________________________________________________________
>>>>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com
>>>>>> _____________________________________________________________
>>>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com
>>>>> _____________________________________________________________
>>>>> Manage your list subscriptions athttps://lists.omnis-dev.com
>>>>> Start a new message ->mailto:omnisdev-en at lists.omnis-dev.com
>>>> --
>>>> *Miguel Garcia Segui
>>>> DPTO Informatica
>>>> 971 65 71 73 Ext. 2044*
>>>>
>>>>
>>>> _____________________________________________________________
>>>> Manage your list subscriptions at https://lists.omnis-dev.com
>>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
>>>>
>>> _____________________________________________________________
>>> Manage your list subscriptions at https://lists.omnis-dev.com
>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
>> _____________________________________________________________
>> Manage your list subscriptions at https://lists.omnis-dev.com
>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
More information about the omnisdev-en
mailing list