Re: [racket-users] using Racket web server behind Apache as proxied HTTPS app server

> On Sep 26, 2017, at 5:13 PM, Alexis King wrote: > > In fact, to elaborate a little bit more: what you probably want to do > is only support HTTPS, but you will not want to only listen on port 443 ... > What you will want to do instead is automatically redirect any users who > use HTTP to the e

Re: [racket-users] using Racket web server behind Apache as proxied HTTPS app server

I use UFW to configure iptables on my server. It's much less error prone than configuring iptables directly in my experience. SSH with key auth and http(s) are the only ways in. https://help.ubuntu.com/community/UFW On Tue, Sep 26, 2017, at 08:10 PM, 'Royall Spence' via Racket Users wrote:> Yeah

Re: [racket-users] using Racket web server behind Apache as proxied HTTPS app server

> On Sep 26, 2017, at 5:04 PM, Matthew Butterick wrote: > > What about the new HTTP port that the Racket web server has opened? > Should that be secured somehow (e.g., firewall)? Yes. For any server exposed to the internet, you want to make sure to only whitelist the appropriate ports. In fact,

Re: [racket-users] using Racket web server behind Apache as proxied HTTPS app server

Yeah, you'll want to allow connections only from the frontend webserver. That's probably 127.0.0.1, but it would be different if you're doing a frontend server with a pool of backends. On Tue, Sep 26, 2017, at 08:04 PM, Matthew Butterick wrote: > >> On Sep 26, 2017, at 3:45 PM, Alexis King >> wro

Re: [racket-users] using Racket web server behind Apache as proxied HTTPS app server

> On Sep 26, 2017, at 3:45 PM, Alexis King wrote: > > When an HTTPS request reaches Apache, it will use the certificate > that it knows about to perform SSL negotiation, then it will forward the > decrypted HTTP request to your Racket server over ordinary HTTP. It will > subsequently encrypt the

Re: [racket-users] using Racket web server behind Apache as proxied HTTPS app server

You almost certainly want to do SSL termination at the Apache level if you are running a Racket server behind Apache. This means that Apache will serve as a reverse proxy to your Racket web server, and all communications between Apache and the Racket process will be ordinary HTTP. When an HTTPS req

[racket-users] using Racket web server behind Apache as proxied HTTPS app server

The docs for "How do I use Apache with the Racket Web Server?" demonstrate how to set up proxying between Apache and the Racket web server within an .htaccess file. [1] That technique works. But only with ordinary HTTP. AFAICT it does not work for HTTPS. What's the best way to make this work