I need a software load balancer in frontend, and two PHP servers in backend.
Clients will send request to the frontend using HTTPS.
I've read a lot of articles around this subject, but I can't verify if apache is able to loadbalance a https communication. This is not very clear for me.
Can I use apache for this ? Or which free loadbalancers supports ssl (HaProxy doesn't support it in its stable release) ?
Related
I had built a website as a dashboard (using 000webhost) to change the data in mySQL database via php which was working fine right now. After that, I have a Unity WebGL build uploaded on itch.io which was working fine as well until it need to get data from the database via php. When I was intended to get the data via accessing php files store in the 000webhost server, I got the following error show up in the web console from the accessing website.
Mixed Content: The page at 'https://.itch.io/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://:54998/'. This request has been blocked; this endpoint must be available over WSS
The link I was using to access the php files was using https instead of http. I am still new to these area, I would like to know can I change the WebSocket endpoint to wss instead of ws? Do I need a paid plan to solve this? I did saw that the Single Hosting plan did offer free SSL certificate. Please help me, I am open for any suggestion/advice, Thank You.
The Websocket Server itself need to setup the SSL Certificate. If it doesnt, you need a reverse proxy like nginx or apache to handle the SSL and forwarding to the unencrypted ws:// websocket.
Anyway, the websocket should run on default port 443/80 as well, since many firewalls are blocking non default ports for security reasons. In this case you will need the reverseproxy if you dont have a dedicated IP for the websocket server.
Use socket.io. Most of the problems are solved and there is no need to do more.
var socket = io.connect('https://www...', {secure: true});
I have a PHP application running with Nginx on a Linux server and it has a successful integration with my Active Directory using LDAP.
In the current scenario, the user is able to create a new login for the app or use his Windows credentials to log into the application.
Now, I'm trying to implement a complete Single-Sign On (SSO) and the user logged with his credentials in the Windows machine in the domain will be able to open the app logged without use the credentials again.
Doing some research on it, since my Linux server are not in the same domain, the best options is use NTLM (old and insecure), Kerberos protocol or Negotiate protocol (that will choose among NTLM and Kerberos for each request), depending on Windows version and what is implemented in the Domain Controller.
There is a lot of tutorials in the internet and also some good threads on the theme here in SO. This another link shows a good overview about the options using Apache as web server (for Kerberos option, I found a Nginx port, so this is not the main problem).
Well, I created some test application using these approaches (including all changes in the browser side, limited to Firefox), but all of then are dependents of Web Server (Apache, Nginx or even IIS). Since My app already has a complete integration with AD through LDAP, I'm interested in some Web Server independent solution. Are there any way to "bypass" the authentication in Web Server and get the information about the logged user direct on my PHP code (Client (Firefox) to Server (PHP))?
My best guesses for now are some type of "pure" PHP implementation of Kerberos, that needs of a PECL module or NTLM, that is insecure and still asks for the user credentials in the first request.
I know that maybe its impossible, but I'm asking it for the case that I missed something important information in this research. Is it possible to get the windows user info direct in PHP?
If you don't insist on nginx use Apache Web Server 2.4 with mod_auth_gssapi this is great, high quality code written by people who know what they do. I have been doing this for years for my PHP stuff.
I have two websites:
1)httpwebsite.com where I run my web application which uses APACHE, PHP and MYSQL;
2)wss.com where I run a nodeJS websocket server, used for a multiplayer game;
I want to host the javascript client-side files that communicate with the websocket server, on httpwebsite.com, so I dont have to configure a http server on nodeJS, for many reasons, like security and lack of experience with using nodeJS as HTTP server.
I want to use nodeJS only for the websocket server, for performance and flexibility reasons, among many others.
I've heard that Same-origin policy restricts communication from httpwebsite.com with wss.com , but can this be reconfigured to actually allow communication between two different domains that want to communicate with each other on purpose?
Do I have other options than actually running a HTTP server on the nodeJS server?
You can use CORS for secure requests from one domain to another domain.
http://www.html5rocks.com/en/tutorials/cors/
2 options:
You can add CORS headers to wss.com to allow access to website.com to load it's resources. The link Matt gave should explain how this works and you just need to add this HTTP Header to each Node server you need to access.
You can proxy your requests through your Apache server to the node server. So the web browser thinks it's talking to a service on the same origin. This is often used to only have your web server publically available and your app server (running node) not directly available and protected behind a firewall - though obviously Apache needs to be able to access it.
You can use this config in Apache to achieve option 2 to forward http://website.com/api calls to a service running in wss.com on port 3000.
#send all /api requests to node
ProxyPass /api http://wss.com:3000
#Optionally change all references to wss.com to this domain on return:
ProxyPassReverse /api http://wss.com:3000
Ok, I'm sure someone is going to tell me this is a really dumb idea but please humor me.
I have a php site that is hosted using Lighttpd. I have multiple domains that resolve to my website (for example...mysite.com and mysite2.com). These sites need to use https.
When either mysite.com or mysite2.com are requested I want my php page to respond with the correct certificate. So, to clarify, when the browser gets the response from my php page it will not complain about the certificate because it will use the correct certificate.
Is this possible? How?
Thanks!
EV
By the time PHP is running the SSL handshake has already been completed by your web server, so there's no way it can do anything about the certificate.
If you're using name-based virtual hosting but you still want to use different SSL certificates, you can leverage on SNI (an extension on SSL and TLS) which is supported by most browsers and web servers (requires OpenSSL >= 0.9.8), including Lighttpd.
I'm trying to use OpenID on my site but I get this error:
Protocol https not supported or
disabled in libcurl
Can anyone please tell what does it mean? My website is running on shared linux hosting.
I use this script: http://gitorious.org/lightopenid
Thanks in advance
It means exactly what is says! Your Open ID implementation (lightopenid) wants to communicate securely with an Open ID server over HTTPS - HTTPS is an optional feature in PHP/Curl and your web host has not enabled this feature. Your options are to ask your hosting provider to enable this feature or to find an alternative which doesn't use Curl. For the latter option, you'll probably find that alternatives also don't have the HTTPS option enabled.
Finally, you may be able to tell lightopenid to not use HTTPS, thus sidestepping this problem, however this doesn't seem like a very robust solution to me, use this only on dev sites, never with real users' accounts.