SSL/TLS (aka, https://) support in happstack-server now in dacrs
57 views
Skip to first unread message
Jeremy Shaw
Jan 17, 2012, 2:31:24 PM1/17/12
to ha...@googlegroups.com
Hello,
I just pushed a patch to happstack-server which adds support for https://.
I would love to get some feedback before I make a release on hackage. To enable https:// you simply need to add a valid TLSConf to the Conf that you pass to simpleHTTP.
Additionally, there are two new routing combinators,
> http :: (ServerMonad m, MonadPlus m) => m ()
> https :: (ServerMonad m, MonadPlus m) => m ()
https is enabled by default but can be disable by running configure with the -fdisable-https flag.
You can generate self-signed certificate by following these directions:
Note that when you are testing https:// on a non-standard port (such as 8443) you need to change both http:// -> https:// and :8000 -> :8443 in the url. If you only change one or the other it won't work.
Here is a very simple working example:
--------------------------------------
module Main where
import Control.Monad (msum)
import Happstack.Server
conf :: Conf
conf = nullConf { tls = Just $ TLSConf { tlsPort = 8443 -- port to listen on for https://
, tlsCert = "ssl/test.crt" -- path to ssl certificate
, tlsKey = "ssl/test.key" -- path to ssl private key
}
}
main :: IO ()
main =
simpleHTTP conf $ msum
[ dir "favicon.ico" $ notFound (toResponse ()) -- route matches http:// or https://
, msum [ do http -- this route will only match http://
ok $ toResponse "This is so insecure."
, do https -- this route will only match https://
ok $ toResponse "It's all secure!"
]
]
----------------------------------------
Any and all feedback would be appreciated. Everything about this is still open to change.
Also, it would be nice if someone looked over the implementation to make sure I did it right and have not created a false sense of security.
The key modules are:
Happy hacking!
- jeremy
Petter Bergman
Jan 19, 2012, 4:53:54 AM1/19/12
to ha...@googlegroups.com
This is awesome, looking forward to the day when I can exorcise Apache from my server ;-)
2012/1/17 Jeremy Shaw <jer...@n-heptane.com>
--
You received this message because you are subscribed to the Google Groups "HAppS" group.
To post to this group, send email to ha...@googlegroups.com.
To unsubscribe from this group, send email to happs+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/happs?hl=en.
Anatoly Yakovenko
Feb 3, 2012, 11:21:23 AM2/3/12
to HAppS
is it possible to run the server with an https socket only?
> http://patch-tag.com/r/mae/happstack/snapshot/current/content/pretty/...http://patch-tag.com/r/mae/happstack/snapshot/current/content/pretty/...
>
> Happy hacking!
> - jeremy
>
> Happy hacking!
> - jeremy
Jeremy Shaw
Feb 3, 2012, 11:46:16 AM2/3/12
to ha...@googlegroups.com
Unfortunately, not at this time. But I do think it would be a good idea. I have created a bug:
I was recently thinking that it might be nice if there was a simpleHTTP and a separate simpleHTTPS.
Unfortunately, there are already way too man simpleHTTP* functions in Happstack.Server.SimpleHTTP.
I guess what I can do is refactor the internals a bit and add a simpleHTTPS for now. Then later we can do a major refactoring of the simpleHTTP module to simplify things.
- jeremy
>
> Happy hacking!
> - jeremy
Anatoly Yakovenko
Feb 4, 2012, 12:56:00 PM2/4/12
to HAppS
HTTPS request failed with: ConnectionAbruptlyTerminated
HTTPS request failed with: ConnectionAbruptlyTerminated
HTTPS request failed with: ConnectionAbruptlyTerminated
HTTPS request failed with: ConnectionAbruptlyTerminated
HTTPS request failed with: ConnectionAbruptlyTerminated
HTTPS request failed with: ConnectionAbruptlyTerminated
SSL exception in https accept thread: ConnectionAbruptlyTerminated
SSL exception in https accept thread: ConnectionAbruptlyTerminated
SSL exception in https accept thread: ConnectionAbruptlyTerminated
SSL exception in https accept thread: ConnectionAbruptlyTerminated
do you guys see those errors? it seems the ssl thread dies after a
few minutes.
Thanks,
Anatoly
> >http://patch-tag.com/r/mae/happstack/snapshot/current/content/pretty/....
> > ..
HTTPS request failed with: ConnectionAbruptlyTerminated
HTTPS request failed with: ConnectionAbruptlyTerminated
HTTPS request failed with: ConnectionAbruptlyTerminated
HTTPS request failed with: ConnectionAbruptlyTerminated
HTTPS request failed with: ConnectionAbruptlyTerminated
SSL exception in https accept thread: ConnectionAbruptlyTerminated
SSL exception in https accept thread: ConnectionAbruptlyTerminated
SSL exception in https accept thread: ConnectionAbruptlyTerminated
SSL exception in https accept thread: ConnectionAbruptlyTerminated
do you guys see those errors? it seems the ssl thread dies after a
few minutes.
Thanks,
Anatoly
On Feb 3, 8:46 am, Jeremy Shaw <jer...@n-heptane.com> wrote:
> Unfortunately, not at this time. But I do think it would be a good idea. I
> have created a bug:
>
> http://code.google.com/p/happstack/issues/detail?id=165
>
> I was recently thinking that it might be nice if there was a simpleHTTP and
> a separate simpleHTTPS.
>
> Unfortunately, there are already way too man simpleHTTP* functions in
> Happstack.Server.SimpleHTTP.
>
> I guess what I can do is refactor the internals a bit and add a simpleHTTPS
> for now. Then later we can do a major refactoring of the simpleHTTP module
> to simplify things.
>
> - jeremy
>
> Unfortunately, not at this time. But I do think it would be a good idea. I
> have created a bug:
>
> http://code.google.com/p/happstack/issues/detail?id=165
>
> I was recently thinking that it might be nice if there was a simpleHTTP and
> a separate simpleHTTPS.
>
> Unfortunately, there are already way too man simpleHTTP* functions in
> Happstack.Server.SimpleHTTP.
>
> I guess what I can do is refactor the internals a bit and add a simpleHTTPS
> for now. Then later we can do a major refactoring of the simpleHTTP module
> to simplify things.
>
> - jeremy
>
> > ..
Jeremy Shaw
Feb 4, 2012, 6:58:41 PM2/4/12
to ha...@googlegroups.com
I have filed a bug and will investigate it later this week.
do you think the problem is time-related, or something that happens after a certain number of requests? Perhaps something is not being properly freed and a resource is being exhauo, sted?
The SSL code is still very new (obviously) and has not be tested very intensely yet.
Also, does everything appear to be working even though you get those errors? Or are you actually having connection problems? It's possible that the clients are leaving the connection open and the server is just killing them after they have been idle for 30 seconds. (If that is the case, it is perfectly normal and we should suppress the error message).
- jeremy
Daniel B Giffin
Feb 5, 2012, 1:11:40 AM2/5/12
to ha...@googlegroups.com
Jeremy Shaw wrote:
> Also, does everything appear to be working even though you get those
> errors? Or are you actually having connection problems? It's possible that
> the clients are leaving the connection open and the server is just killing
> them after they have been idle for 30 seconds. (If that is the case, it is
> perfectly normal and we should suppress the error message).
> Also, does everything appear to be working even though you get those
> errors? Or are you actually having connection problems? It's possible that
> the clients are leaving the connection open and the server is just killing
> them after they have been idle for 30 seconds. (If that is the case, it is
> perfectly normal and we should suppress the error message).
my browser seems to leave a keepalive connection open for
some period of time (something like 30 seconds), in case it
should need to make more requests. then it just closes the
connection.
presumably the server is waiting to parse the next request,
but is disappointed. as you say, this is perfectly normal
and needn't generate an error message.
Reply all
Reply to author
Forward
0 new messages