11-30-2021, 03:52 PM
Hi! I have started experimenting with converting some existing web applications to http.sys and have some questions. Before I state them I want to explain what I want to accomplish, in case I am looking in the wrong direction (maybe there is a totally different approach?) and/or asking the wrong questions.
We have 6 services accessible via https running on the same server. Three of them are IntraWeb standalone web applications, two are RemObjects servers (built with Delphi), and one is a .NET REST service. The five Delphi services share the same SSL certificate *.pem files and use Indy / OpenSSL 1.0.2. For the the .NET service we have imported the same certificate (in pfx format) into Windows and it has a binding for it to the port it listens on. IIS is NOT used. All the 6 services listen on different ports. Externally however, the services are all accessed on the standard SSL port (443). This is accomplished by DNS records for different URLs (such as www.mydomain.com, m.mydomain.com, api.mydomain.com...) pointing to different (external) IP addresses on our site, and then a firewall redirecting the https traffic (on port 443) for these IPs to the different ports used internally on our server. While this works fine technically, we are wasting IP addresses with this approach, and when we now expand the server site with more servers and services we are running out of them.
So my idea was to try to use http.sys for at least the three IW applications so that they use the same port, but using e.g. mydomain.com/m/ rather than m.mydomain.com for our mobile friendly web application as an example. Another reason for looking at http.sys is that we are living on borrowed time with OpenSSL 1.0.2, and Indy support for newer OpenSSL versions still does not seem completed(?). So before answering my specific questions below, first please comment on if you think my idea with http.sys is good or if you know of some completely different approach that would accomplish the same thing.
1. When searching I found https://doc.atozed.com/en/iw15/develop/c...-intraweb/ and https://blog.boxofbolts.com/ssl/windows/...d-windows/ (not IntraWeb-specific). Are there some other good resources to look at (e.g. specific info on using multiple IntraWeb http.sys services with SSL)?
2. Is it possible that the main web application can be used with an empty UrlBase (but where the other two web applications have different, non-empty BaseUrl values)? If so, how do you set that up?
3. When doing some initial tests (locally, without https) I successfully got two of the web applications running (with two different BaseUrl values) on the same port. When I shutdown the applications I got loads of exceptions (access violations, invalid pointer operations) in the ServerController.OnDestroy handler (where we finalize various globally used resources), that I don't get when running it with Indy. It worked slightly better when run as a service, but there was still an access violation when freeing a data module (and it was not possible to get a call stack). Can you say anything general on these shutdown issues when running with http.sys?
4. When using a non-empty BaseUrl, I noticed various issues with (static) logout and session timeout pages (both having an <a href="/">Click here to login again.</a> element). Before diving in to details, is there anything in general I should know about when using non-empty BaseUrl (with relation to static pages)?
5. Do you think it is possible to use http.sys (and the same port) for the three other (non-IntraWeb) services as well?
Note: We are currently using IW 15.1.5 in production. Unless there are major restructures to how you use http.sys in 15.2.X, I would like to keep migration to the latest IW versions as a separate project.
Best regards
Magnus Oskarsson
We have 6 services accessible via https running on the same server. Three of them are IntraWeb standalone web applications, two are RemObjects servers (built with Delphi), and one is a .NET REST service. The five Delphi services share the same SSL certificate *.pem files and use Indy / OpenSSL 1.0.2. For the the .NET service we have imported the same certificate (in pfx format) into Windows and it has a binding for it to the port it listens on. IIS is NOT used. All the 6 services listen on different ports. Externally however, the services are all accessed on the standard SSL port (443). This is accomplished by DNS records for different URLs (such as www.mydomain.com, m.mydomain.com, api.mydomain.com...) pointing to different (external) IP addresses on our site, and then a firewall redirecting the https traffic (on port 443) for these IPs to the different ports used internally on our server. While this works fine technically, we are wasting IP addresses with this approach, and when we now expand the server site with more servers and services we are running out of them.
So my idea was to try to use http.sys for at least the three IW applications so that they use the same port, but using e.g. mydomain.com/m/ rather than m.mydomain.com for our mobile friendly web application as an example. Another reason for looking at http.sys is that we are living on borrowed time with OpenSSL 1.0.2, and Indy support for newer OpenSSL versions still does not seem completed(?). So before answering my specific questions below, first please comment on if you think my idea with http.sys is good or if you know of some completely different approach that would accomplish the same thing.
1. When searching I found https://doc.atozed.com/en/iw15/develop/c...-intraweb/ and https://blog.boxofbolts.com/ssl/windows/...d-windows/ (not IntraWeb-specific). Are there some other good resources to look at (e.g. specific info on using multiple IntraWeb http.sys services with SSL)?
2. Is it possible that the main web application can be used with an empty UrlBase (but where the other two web applications have different, non-empty BaseUrl values)? If so, how do you set that up?
3. When doing some initial tests (locally, without https) I successfully got two of the web applications running (with two different BaseUrl values) on the same port. When I shutdown the applications I got loads of exceptions (access violations, invalid pointer operations) in the ServerController.OnDestroy handler (where we finalize various globally used resources), that I don't get when running it with Indy. It worked slightly better when run as a service, but there was still an access violation when freeing a data module (and it was not possible to get a call stack). Can you say anything general on these shutdown issues when running with http.sys?
4. When using a non-empty BaseUrl, I noticed various issues with (static) logout and session timeout pages (both having an <a href="/">Click here to login again.</a> element). Before diving in to details, is there anything in general I should know about when using non-empty BaseUrl (with relation to static pages)?
5. Do you think it is possible to use http.sys (and the same port) for the three other (non-IntraWeb) services as well?
Note: We are currently using IW 15.1.5 in production. Unless there are major restructures to how you use http.sys in 15.2.X, I would like to keep migration to the latest IW versions as a separate project.
Best regards
Magnus Oskarsson