On Tue, Dec 14, 2010 at 2:38 PM, sawyer x <xsawyerx@gmail.com> wrote:
The SSL layer on top of HTTP (A.K.A. HTTPS) is handled by the web server.
You'll need to understand about the differences of layers. This is a bit long but it will help you.
A bit of theory: The specific server that Dancer uses depends on the environment you picked. Dancer is PSGI compatible which means you can pick any PSGI server (or server that supports PSGI interoperability). That means Twiggy, Starman (the common one) or Tatsumaki. There are a few servers for which there is a compatibility layer for PSGI, such as Apache or Perlbal (which supports a web server, not just a reverse proxy). Apache has support for SSL, so does Perlbal. I do believe the others have something along those lines but haven't checked.
Dancer uses HTTP::Server::Simple to provide you with an in-house web server for development purposes. This means that HTTP::Server::Simple should be able to handle SSL in that case, which it does not. However, if you'll read the docs, it states that you can provide a connection accept hook to handle SSL, such as:
sub accept_hook { my $self = shift; my $fh = $self->stdio_handle;
$self->SUPER::accept_hook(@_);
my $newfh = IO::Socket::SSL->start_SSL( $fh,
SSL_server => 1, SSL_use_cert => 1, SSL_cert_file => 'myserver.crt', SSL_key_file => 'myserver.key', ) or warn "problem setting up SSL socket: " . IO::Socket::SSL::errstr();
$self->stdio_handle($newfh) if $newfh; }
What to do: Either pick a web server that supports SSL (Apache, Perlbal) or put a reverse proxy on the front that will serve SSL to the user (Perlbal can do that do, Nginx is good at it, there's a few more to choose from).
Don't use HTTP::Server::Simple for production (even though it might seem tempting). Do a bit of research and decide what you feel most comfortable with.
I personally host a few websites on my server using Apache, so for me the best option is always through Apache's FastCGI layer. However, I'm considering changing to Nginx in the front (since it's very fast) to provide static content and SSL where needed.
Hope this didn't tire you :)
Good luck!
Sawyer.
On the contrary Sawyer, thanks for a clear explanation of the issues involved. Will get back with any questions after I do some research for what can be done. Also, the fact that you could use accept_hook to handle ssl connections in HTTP::Server::Simple was a new learning for me. Thank you