From 119ea76ad6b526beb108d70a528e53b80ef22980 Mon Sep 17 00:00:00 2001 From: Jay McCarthy Date: Mon, 18 Aug 2008 14:47:35 +0000 Subject: [PATCH] Adding HTTPS to tutorial svn: r11298 --- .../scribblings/tutorial/tutorial.scrbl | 89 +++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/collects/web-server/scribblings/tutorial/tutorial.scrbl b/collects/web-server/scribblings/tutorial/tutorial.scrbl index 0e17be7f2d..38f2ab7104 100644 --- a/collects/web-server/scribblings/tutorial/tutorial.scrbl +++ b/collects/web-server/scribblings/tutorial/tutorial.scrbl @@ -1172,6 +1172,95 @@ Third, to run your server, you can either press @onscreen{Run} in DrScheme, or t @scheme[serve/servlet] takes other options and there are more advanced ways of starting the Web Server, but you'll have to refer to the PLT Web Server Reference Manual for details. +@section{Using HTTPS} + +This final task that we'll cover is using the server in HTTPS mode. +This requires an SSL certificate and private key. This is very platform specific, but we will provide +the details for using OpenSSL on UNIX: + +@commandline{openssl genrsa -des3 -out host.key 1024} + +This will generate a new private key, but it will have a passphrase on it. You can remove this via: + +@commandline{openssl rsa -in host.key -out host.key} +@commandline{chmod 400 host.key} + +Now, we generate a self-signed certificate: + +@commandline{openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert} + +(Each certificate authority has different instructions for generating certificate signing requests.) + +If we move these files into our home directory: +@commandline{mv host.key host.cert ~/} + +We can now start the server with the following incantation: + +@(require (for-label scheme/unit) + (for-label net/ssl-tcp-unit) + (for-label net/tcp-sig) + (for-label net/tcp-unit) + (for-label web-server/web-server) + (for-label web-server/web-server-unit) + (for-label web-server/web-server-sig) + (for-label web-server/web-config-sig) + (for-label web-server/web-config-unit) + (for-label web-server/configuration/namespace)) + +@schememod[ +scheme + +@code:comment{Load the appropriate libraries to reimplement server} +(require scheme/unit + net/ssl-tcp-unit + net/tcp-sig + net/tcp-unit + web-server/web-server + web-server/web-server-unit + web-server/web-server-sig + web-server/web-config-sig + web-server/web-config-unit + web-server/configuration/namespace) + +@code:comment{Define the necessary parameters.} +(define port-no 8443) +(define SSL-path (find-system-path 'home-dir)) + +@code:comment{Load the standard configuration file, but augment the port.} +(define configuration + (configuration-table-sexpr->web-config@ + (build-path (collection-path "web-server") + "default-web-root" + "configuration-table.ss") + #:port port-no)) + +@code:comment{The configuration is a unit and this lets us treat it as one.} +(define-unit-binding config@ configuration + (import) (export web-config^)) + +@code:comment{This loads the SSL TCP interface with the appropriate keys.} +(define-unit-binding ssl-tcp@ + (make-ssl-tcp@ (build-path SSL-path "host.cert") + (build-path SSL-path "host.key") + #f #f #f #f #f) + (import) (export tcp^)) + +@code:comment{Combine the configuration with the TCP interface to get a server!} +(define-compound-unit/infer ssl-server@ + (import) + (link ssl-tcp@ config@ web-server@) + (export web-server^)) + +@code:comment{Invoke the server to get at what it provides.} +(define-values/invoke-unit/infer ssl-server@) + +@code:comment{Run the server.} +(serve) +(do-not-return) +] + +This is, admittedly, not the simplest imaginable way of setting up a server, but it gets the job done. + @section{Moving Forward} As you move forward on your own applications, you may find many useful packages on PLaneT. There are interfaces to other