Al, I setup a stunnel server on Win7 which also had web2py's native server running on it. Then I setup a stunnel client on a Linux VM.
In Stunnel Server's stunnel.conf: [web2py] accept = 8443 connect = localhost:8000 In Stunnel Client's stunnel.conf: ; Use it for client mode client = yes [web2py] accept = 8443 connect = server_ip:8443 Visiting http://server_ip:8443/myapp brought up the web2py application as expected, no prompts for the admin password - same as if I'd visited http://server_ip:8000. Attempting to access the admin pages or to view a ticket brought up the admin password prompt (as it should) and I was able to use web2py's admin from the remote computer just fine without https (because web2py thought I was on localhost thanks to stunnel). I think the problem you're having on the Mac with "inetd mode must define a remote host or an executable " is due to trying to use the "stunnel" command (which is likely really stunnel3) instead of "stunnel4" at the command line. I found that I got the same error on linux. ~Brian On Feb 20, 11:31 pm, Brian M <bmere...@gmail.com> wrote: > Al, > > Yes, stunnel needs both a client and a server. The general public > should not need to use a stunnel connection to access your web2py > application though - they should just be using good oldhttp://your_server.com. > My suggestion was that *you* could use stunnel when you need to get > remote access to the web2py admin screens. > > Port redirection/forwarding ofhttp://server_ip:8443tohttp://server_ip:8000 > (or 80 whatever port web2py is actually listening on) from the outside > probably wouldn't accomplish the goal of being able to access web2py's > admin without SSL - web2py will only allow non-SSL admin if the > connection comes from localhost and even with port redirection you > would not be connection from localhost. > > So you can't accesshttp://server_ip/myfirstappover stunnel without > getting the prompt for the admin password? That doesn't make sense. > Web2py should be behaving exactly the same whether or not you're using > stunnel. What do you get when you do put in the admin password? Do you > get your app or do you get the admin screen? > > Sorry, can't help with the Mac thing - don't have a Mac. > > ~Brian > > On Feb 18, 11:09 am, Al <albertsec...@gmail.com> wrote: > > > > > Brian, > > > Thank you for your detailed instructions. I managed to get stunnel > > working, though it is a lot more complicated than I thought > > originally. On the windows server, the stunnel.conf file is setup as > > server mode and redirect port 8443 to 8000. On the client side, I also > > have to set up another stunnel as client mode and redirect > > 127.0.0.1:80 to 192.168.1.11 - server's IP address. As this server > > will be facing public, I cannot expect people to set up stunnel in > > their machine in order to access my website. I was expecting a tool > > which runs on the server side to do port redirection, and then when I > > type inhttp://server_ip:8443fromanother machine, it will route me > > to my target app. (note: I did NOT set up any SSL certificate to get > > stunnel working) > > > Also with stunnel, I still cannot access the target app without > > entering the admin password, I cannot find any response.menu_auth to > > remove. > > > I also have another mac which I tried to set up stunnel, but when I > > run sudo stunnel3 I got the following error: > > anyone familiar with mac can give some tips on how to solve this: > > > inetd mode must define a remote host or an executable > > > Cheers > > Al > > On Feb 12, 8:09 am, Brian M <bmere...@gmail.com> wrote: > > > > Al, > > > > You'd want to get rid of the "edit" " menu when you "Go Live" that's > > > just there as a convenience while you're creating things. Just use > > > this (or remove response.menu_edit from menu.py which does it once & > > > for all): > > > response.menu_edit = None > > > If you don't want auth menu either do > > > response.menu_auth = None > > > > If you want to use the built-in server and be able to access on both > > > port 80 and port 443 (SSL) without running two web2py server instances > > > you could perhaps use a tunnel program likestunnel(www.stunnel.org). > > > Set it up to listen on port 443 (or really any port) and re-direct to > > > localhost:80. This way you should be able to get at admin and tickets > > > - as far as web2py is concerned you're accessing from the local > > > machine so tickets should work, but because it's tunneled it's also > > > secured as it goes to your remote computer. > > > > To get the general user to automatically go tohttp://myserver/myfirstapp > > > when they type inhttp://myserver/youcaneither work with routes or > > > just take the lazy route and replace the welcome app's default/index > > > with a redirect to whatever the home page of myfirstapp is. Of course > > > this will break the welcome app, but do you really want/need it when > > > deployed anyway? > > > > #in the Welcome application's default.py controller > > > def index(): > > > redirect(URL(a='myfirstapp', c='default', f='index')) > > > > Setting up web2py as a Windows Service is easy > > > enough:http://www.web2py.com/AlterEgo/default/show/77 > > > > ~Brian > > > > On Feb 11, 9:54 am, Al <albertsec...@gmail.com> wrote: > > > > > Thank you for your input. I am using Windows server so I cannot use > > > > the ubuntu scripts you mentioned. How about my second part of the > > > > question? I understand why web2py is designed in such a "secure" > > > > fashion. I am just trying to find a way around it so that I can deploy > > > > my first app. I theory I should be able to type from any > > > > machinehttp://myserver/myfirstapp, but it gives me an internal error - > > > > Ticket > > > > issues. When I click the ticket link, it gives "Admin is disabled > > > > because insecure channel". I have two instances of web2py running. I > > > > can runhttp://myserver/exampleorhttps://myserver/myfirstappwithout > > > > any issues. What's so special about the built-in examples app? Do I > > > > have to cut out some code from my app to get rid of all the admin menu > > > > and authentication for a general users? > > > > > On Feb 10, 11:38 pm, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > > > > It depends. For development if you use the built in web server you > > > > > need to start it twice for http and https. This is in general a > > > > > security measure. You do not want the same process to listen to two > > > > > sockets else if something happens (like a memory leak) you may get > > > > > locked out. > > > > > > In deployment you should be using apache+mod_wsgi > > > > > > just download and run > > > > > this:http://web2py.googlecode.com/hg/scripts/setup-web2py-ubuntu.sh > > > > > > It will setup everything for you behind a single apache server. > > > > > I think this easier than rails actually. > > > > > > Massimo > > > > > > On Feb 10, 9:27 am, Al <albertsec...@gmail.com> wrote: > > > > > > > Hi, > > > > > > > Now that I get my secure channel (using self-signed certificate) > > > > > > working, I can remotely login from another computer to access the > > > > > > admin interface thru https. Todeploythis app for general users for > > > > > > http access, do I have to run another instance of web2py on another > > > > > > port - say port 80? Also how do I make these 2 instances to run as > > > > > > a > > > > > > service in windows 2003 server? Also do I have to change the code so > > > > > > that the general user just get directly to that single app? This > > > > > > whole > > > > > > thing seems a lot more complicated than ruby on rails. I would > > > > > > appreciate if people can explain this in more detail to me or point > > > > > > me > > > > > > to the right documentations. Thanks. > > > > > > > Cheers > > > > > > Al -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
