PSGI, Plack et.al.

McA has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: PSGI, Plack et.al. by Corion (Patriarch) on Oct 24, 2012 at 11:29 UTC
I have written a toy "enforce-https" middleware, and also a toy "run two servers" middleware, but not yet released onto CPAN. To write a multiplexing server that can serve PSGI applications from two (or more) ports, you will have to look at the various backends. I chose AnyEvent, which is based on the idea of nonblocking handling. The existing implementations on CPAN (partially in Server::Starter I think) didn't work on Windows for me. One ugly part is that SSL does not work well on Windows+Strawberry+AnyEvent, I think because OpenSSL is linked to a different memory allocator than Strawberry Perl. I think SSL-enabling a server is basically only the process of "replacing" the socket the server reads from by a socket that knows SSL. AnyEvent did that nicely, but I don't know what other servers/frameworks do. Update: Plack::Handler::AnyEvent::HTTPD needs a small patch to allow SSL: https://github.com/miyagawa/Plack-Handler-AnyEvent-HTTPD/pull/2#issuecomment-7046948	[reply]
Re^2: PSGI, Plack et.al. by Corion (Patriarch) on Oct 24, 2012 at 18:06 UTC
I found that multi-server implementation. It does not only use AnyEvent, it also relies on Coro to make switching between server loops easy when they get blocked. The code was developed under Windows, but the SSL problems alluded to above still apply. #!perl -w use strict; use Coro; use AnyEvent; use AnyEvent::TLS; use Plack::Handler::AnyEvent::HTTPD; use Dancer (); use App::Regexplain; use Data::Dumper; my %config = ( 'http' => { host => '127.0.0.1', port => 8080, protocol => 'http', + proto => 'tcp' }, 'https' => { host => '127.0.0.1', port => 8443, ssl => { cert_file => 'C:/Projekte/App-Regexplain/certs/testcert.pem', key_file => 'C:/Projekte/App-Regexplain/certs/testkey-nopass.p +em', }, }, ); =begin other_api __PACKAGE__->run( port => [8080, "8443/ssl"], ipv => '*', # IPv6 if available SSL_key_file => '/my/key', SSL_cert_file => '/my/cert', ); =cut for my $serverkey (sort keys %config) { my $config = $config{ $serverkey }; my $runner = Plack::Runner::Multi->new; $runner->parse_options( '--server', 'AnyEvent::HTTPD', '-p', $config->{port}, '-o', $config->{host}, 'bin\\app.pl', ); if( $config->{ssl} ) { #$config->{ ssl } = AnyEvent::TLS->new( # %{$config->{ ssl }} #); push @{$runner->{options}}, ssl => $config->{ssl} }; my ($loader,$server,$app) = $runner->psgi_app(); async { $loader->preload_app($app); $loader->run($server); }; }; # Kick off the event loop AnyEvent->condvar->recv; package Plack::Runner::Multi; use strict; use parent 'Plack::Runner'; use Coro; use Data::Dumper; # Paste from Plack::Runner::run except the $loader->run at the end sub psgi_app { my $self = shift; #unless (ref $self) { # $self = $self->new; # $self->parse_options(@_); # return $self->run; #} unless ($self->{options}) { $self->parse_options(@_); }; my @args = @{$self->{argv}}; $self->setup; my $app = $self->locate_app(@args); $ENV{PLACK_ENV} \|\|= $self->{env} \|\| 'development'; if ($ENV{PLACK_ENV} eq 'development') { $app = $self->prepare_devel($app); } if ($self->{access_log}) { open my $logfh, ">>", $self->{access_log} or die "open($self->{access_log}): $!"; $logfh->autoflush(1); $app = $self->apply_middleware($app, 'AccessLog', logger => su +b { $logfh->print( @_ ) }); } my $loader = $self->loader; #warn "Loading Server with " . Dumper $self->{options}; my $server = $self->load_server($loader); #$loader->preload_app($app); return ($loader, $server, $app); #$loader->run($server); } 1; [download]	[reply] [d/l]
Re: PSGI, Plack et.al. by Anonymous Monk on Oct 24, 2012 at 11:45 UTC
HTTP::Server::PSGI there is no information concerning SSL I'm just saying, as a general rule, if HTTP::Server::PSGI doesn't say it supports HTTPS, it probably doesn't But, anything Plack/PSGI related probably does support SSL -- if you ask the author I'm sure he'll update the FAQ/docs with an example When you look at the code you can get the idea that this server is SSL capable. (Is starman SSL enabled?) Seeing how its a subclass of Net::Server, and there exists Net::Server::Proto::SSL, it probably is starman ssl_key_file -> http://wiki.catalystframework.org/wiki/deployment/perlbal-starman-psgi update: plackperl ssl -> http://www.slideshare.net/miyagawa/deploying-plack-web-applications-oscon-2011-8706659 HTTP::Server::PSGI • Plack Built-in • Pure Perl • Single-process, cross platform • Experimental IPv6, SSL • Automatic reloading with -r plackup https -> Gepok - PSGI server with built-in HTTPS support, Unix sockets, preforking	[reply]
Re^2: PSGI, Plack et.al. by McA (Priest) on Oct 24, 2012 at 14:09 UTC
Thank you, Anonymous Monk. The last hint was helpful. I'll have a look at Gepok. It seems promising. Update: I looked at it and as far as I can see it fulfills exactly what I want for development. Therefor a ++ to our Anonymous Monk. Best regards McA	[reply]
Re^3: PSGI, Plack et.al. by tobyink (Canon) on Oct 24, 2012 at 15:07 UTC
I really like Gepok. For Starman etc the advice is to place an HTTPS proxy (e.g. Apache) in front of the server. However, that means that the server misses out on all the transactional information in the HTTPS connection, such as client certificates. Gepok has the HTTPS built in, so you can use HTTPS certificates for authentication. `perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'`	[reply]
Re^4: PSGI, Plack et.al. by Anonymous Monk on Oct 24, 2012 at 16:13 UTC
Re^5: PSGI, Plack et.al. by tobyink (Canon) on Oct 24, 2012 at 21:17 UTC
Re^2: PSGI, Plack et.al. by Anonymous Monk on Oct 24, 2012 at 19:10 UTC
Actually, it does not matter. HTTP or HTTPS, the underlying protocol is exactly the same. In Apache, a different <virtualHost> definition will correspond to each. What each one of them does, if need be, could be exactly the same. (If the FastCGI servers are static, the traffic from both VHosts could in fact be sent without error to the same pool. So it CAN be done, should you actually want to do it, and the Perl code does not have to know or care.	[reply]
Re^3: PSGI, Plack et.al. by McA (Priest) on Oct 24, 2012 at 20:28 UTC
Hi, but you should not forget that there are circumstances where you want to know whether requests came via https or http. Just two examples: You want to generate absolute URL in the response to reflect the currently used protocol. You want to set the secure attribute on cookies when you know that the response is sent via https. Best regards McA	[reply]
Re^4: PSGI, Plack et.al. by Corion (Patriarch) on Oct 24, 2012 at 20:36 UTC
Re^4: PSGI, Plack et.al. by afoken (Chancellor) on Oct 25, 2012 at 05:28 UTC
Re^4: PSGI, Plack et.al. by Anonymous Monk on Oct 25, 2012 at 02:16 UTC
Re: PSGI, Plack et.al. by sundialsvc4 (Abbot) on Oct 24, 2012 at 12:59 UTC
So far as I know, once the data gets through the HTTP/HTTPS layer, the FastCGI layer doesn’t care. But what I have always done is to nevertheless clearly-separate the HTTPS from the HTTP traffic handlers, since one is thought of as secure and the other is not. I want to keep them at arm’s length and maybe on a different set of servers, due to the classification of the data which each one handles. Both sets of handlers actually `use` (or `require`) duplicate copies of the same code-base, however.


Your skill will accomplish what the force of many cannot
	PerlMonks