SSL?

Help
Levia
2008-12-04
2013-04-25
  • Levia
    Levia
    2008-12-04

    Hello,

    I'm wondering whether SSL will ever be supported - or is there an existing way to do this. I use the Simple + XML-RPC package.

    Thanks!

    Lars

     
    • Greger Ohlson
      Greger Ohlson
      2008-12-04

      Hi,

      On the server side it is possible to use SSL if you add the XmlRpcServlet to a servlet container which has SSL enabled. Another way would be to use Nginx or something similar as a front-end to the Simple HTTP server (I had a closer look at the Simple HTTP server and could not find native support for SSL). With Nginx (small and fast webserver) as a proxy for Simple you can have your SSL certificates handled by Nginx and the clients use HTTPS up to Nginx which then upstreams the requests to the Simple server behind it using regular HTTP. This setup is also common when deploying Rails applications. If you are only conserned with the server side, I can try to document how this could be done in more detail.

      On the server side, things are not looking so good. There is currently no support for SSL. If you are interested in using the XmlRpcClient with SSL I can perhaps take a look at it today and see how much wok it would involve. Hopefully it will not require too much work and I can setup an addition to the library enabling SSL in the client.

      Best Regards,
      Greger.

       
    • Levia
      Levia
      2008-12-04

      Hey there

      Thanks alot for this information, I appreciate it. Let me tell you something about where I want to use SSL. I have a server, uses XmlRpcServer with the Simple HTTP server. In essence, simply using the 'Server' class that is described on the wiki. Now, a client could be anything, but my test client is simply using XmlRpcClient. I simply want the server to support SSL, so that only SSL connections can be made. This is to avoid sniffing.

      Server ----------------------------------- Client
                   This connection over SSL

      I kind of don't get what you told me about Nginx as frontend. Is Nginx a webserver on itself? Could you give some more information on how it would work?

      Thanks alot!!

      Lars

       
      • Greger Ohlson
        Greger Ohlson
        2008-12-04

        Hi,

        OK, then it should be solveable without modifying the library. Some background information;

        There is an XmlRpcServlet available that is used when you want to publish an XmlRpcServer in a servlet container like Jetty or Tomcat. Both these containers support SSL out-of-the-box. Until recently, this was the only way to publish XML-RPC services with Redstone XML-RPC. The Apache implementation includes its own home brewed HTTP server, as did the Marquee implementation on which the Redstone implementation is based. However, we felt that with all the excellent HTTP servers available (like Jetty) there was no need to maintain a separate server within the library.

        But as of a copule of months ago we added the Simple + XML-RPC package for those who want to get going directly with Redstone XML-RPC and who don't already have a web server running somewhere. Although it is very easy to just download Jetty and install the XmlRpcServlet in there, the Simple + XML-RPC package is even more simple.

        The Simple HTTP server, as far as I can see, does not support SSL. I might be wrong. But it is a very fast and competent server so we chose that one for the Simple package to be able to offer the same out-of-the-box functionality as can be found in the Apache library.

        Now, in the web application world it is often common to host scripted web applications in a particular server that is designed to work well with the particular framework in use. For Ruby on Rails many people host their applications in a server called Mongrel which serves the same role as the Simple HTTP scenario on this case. Often, people put another server in front of the Mongrel server which acts as a proxy for the servers behind it. Many use Nginx, Apache, Lighttpd, and others. Nginx, for instance, is a very small but fast webserver which supports SSL and many other things. So clients access the Nginx server which forwards requests to one or more (loadbalancing) Mongrel servers behind it, using regular HTTP.

        Client --(https)--> Nginx --(http)--> Mongrel/Simple/...

        In your case, though, it might be easier to use Jetty or Tomcat instead and use the XmlRpcServlet rather than the Simple package. Since these support SSL you can add your SSL certificates to those and SSL would work directly (following their documentation for this). That way you may also host any documentation for your services in these servers if you don't want to publish that somewhere else.

        Since not all XML-RPC clients support SSL you would have to test your secure service using a library that supports SSL. And, obviously, this restricts which clients that can use your service in production.

        Regards,
        Greger.

         
    • Levia
      Levia
      2008-12-04

      Thanks. That's helpful :)

      I'm not in the position to install Tomcat or Jetty, or any other application server. However, I do think Nginx will be fine.

      For others: http://blog.kovyrin.net/2006/05/18/nginx-as-reverse-proxy/
      Looks like a good guide.

      Thanks alot,
      Lars