Thank you for the update. See my post to Brian. I need someone to say definitely that WEBSVC cannot handle SSL. Then I will need to continue with another option.
Original Message:
Sent: 09-12-2024 10:03
From: Patrick Payne
Subject: WEBSVC using a port and SSL
Sorry for the late reply, I have been traveling.
The solution to your problem if you wish to have ssl to OpenQM (or any other web server without https) is to establish a reverse proxy, the proxy service will serve up your https and proxy your requests to your http server. You can do this on the same box as QM and reverse proxy via localhost:8180 which is internally secure. You can also do this within your datacenter from another box. This is not a redirection, the proxy server takes the initial request (and handles https) and then does it's own call to the next server, the response is then returned to the proxy server and back via https to the client. This is a very common process and there are many tools to do this (most free).
Overall explanation: What is the difference between proxy and reverse proxy? (designgurus.io)
Apache Docs: Reverse Proxy Guide - Apache HTTP Server Version 2.4
Nginx Docs: NGINX Reverse Proxy | NGINX Documentation
IIS: Reverse Proxy with URL Rewrite v2 and Application Request Routing | Microsoft Learn
You will have to read up on that platforms rules and exactly how you wish to configure this. Most of the time we are exposing api endpoints and I typically specifiy a URL such as /api and redirect that to my Qm/jBASE/Universe/etc box. Keep in mind the MV box will think the call is coming from the proxy device and all these tools have options to add additional headers to get the original client information.
In addition, all of these tools have excellent https support including automated LetsEncrypt cert management. If you are in AWS or Azure they offer similiar tools.
If you are calling your api endpoints from a server language such as PHP or Python then the https is to that server and that server which should be inside your server datacenter can make http calls to your MV server if your security model allows it. If you must have https even internally then putting Apache/IIS/Nginx/Haproxy on your MV server and then follow the above rules. If you are exposing your MV server directly to the internet I then highly recommend you look at api gateways such as Kong or azure/aws api gateways to assist in protecting your endpoints.
GitHub - Kong/kong: 🦍 The Cloud-Native API Gateway and AI Gateway.
------------------------------
Patrick Payne
Chief Software Architect
Rocket Internal - All Brands
Original Message:
Sent: 09-11-2024 22:24
From: Brian Speirs
Subject: WEBSVC using a port and SSL
I'm a bit late here, but hopefully this will help.
We have a web system that uses PHP to provide the basic structure of each web page. If the initial page requires stuff from QM, then we make a call to http://localhost:8180 within the PHP to get that stuff.
All the PHP web pages can go through https without any issues - but note that the internal request to QM is strictly http. This is because all the PHP is evaluated on the server so the connection is strictly local.
The pages also contain dynamic content where we need the page to call QM for data. At this point, the call to QM is NOT local. The connection is https but we need to use http for the QM connection - and we can't mix the two because that fails cross-origin scripting tests (and defeats the purpose of using https).
What we do there is we get the web page to call a PHP script on the web server. So, the call there looks like this:
var url = 'https://servername/path/scriptname.php';
$.post(url,
$('#formname').serialize(),
function(data, status) {
var js = JSON.parse(data);
Do something here with returned js data
}
);
And the relevant part of 'scriptname.php' is:
if($_SERVER["REQUEST_METHOD"] == "POST") {
$ok = true;
$ch = curl_init();
$url = 'http://localhost:8180';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($_POST));
$json = curl_exec($ch);
Check for errors here
echo $json;
}
What happens here is the call to 'scriptname.php' is encrypted by the https connection, while the real call to the database goes through the standard http client (without encryption).
I hope that helps - or gives you some ideas.
Brian
------------------------------
Brian Speirs
Senior Analyst - Information Systems
Rush Flat Ltd
Wellington NZ
Original Message:
Sent: 09-05-2024 10:20
From: Tedmund Hurlbut
Subject: WEBSVC using a port and SSL
I have developed a website using WEBSVC and port 8180. After much trial and error, I have it working and continue to add to the site. Now I am trying to get SSL (https) working. Apache is serving my login page (does not use WEBSVC and port 8180). When the user logs in, now WEBSVC comes into action. Since WEBSVC is running, it starts a phantom that servers 8180. From the $COMO file, this is what I am getting when trying to connect.
$COMO PH173_050924_095317
4 line(s)
----: P
0001: COMO file activated to PH173_050924_095317
0002: Phantom 173 started at 09:53:17 05 SEP 2024
0003: HTTP/1.1 500 Internal server error 1 [7013, 2]
0004: Phantom 173 terminated at 09:53:47 5 SEP 2024
Bottom at line 4
This is how I am initially starting the WEBSVC phantom.
PHANTOM WEBSVC S.WEBSVC-14 DEBUGGING PORT 8180
Is there something I need to do to now tell WEBSVC that https is being used?
Thanks for any ideas or help,
Ted Hurlbut
------------------------------
Tedmund Hurlbut
Self Registered
Simpsonville SC US
------------------------------