MARSWebServer Service config for HTTPS - MARS-Curiosity REST Library

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

谦虚好学的口罩 · How to Resolve the ...· 1 年前 ·

乐观的西装 · OpenCV调用海康威视等摄像头（处理rts ...· 1 年前 ·

打酱油的青蛙 · 上科大、IEEE Fellow ...· 2 年前 ·

重感情的沙滩裤 · IOS获取文件属性。（包括创建日期）_ite ...· 2 年前 ·

豁达的羊肉串 · 「存储文章的数据类型有」相关问答|文档|产品 ...· 2 年前 ·

procedure TWEBService.ServiceCreate(Sender: TObject); LScheduler: TIdSchedulerOfThreadPool; begin Name := TServerEngine.Default.Parameters.ByNameText('ServiceName', Name).AsString; DisplayName := TServerEngine.Default.Parameters.ByNameText('ServiceDisplayName', DisplayName).AsString; if WebRequestHandler <> nil then WebRequestHandler.WebModuleClass := WebModuleClass; FServer := TIdHTTPWebBrokerBridge.Create(nil); FIOHandler.SSLOptions.CertFile := 'certificate.crt'; FIOHandler.SSLOptions.KeyFile := 'private.key'; FIOHandler.SSLOptions.RootCertFile := 'SSLroot.crt'; FIOHandler.SSLOptions.Method := sslvSSLv23; FIOHandler.OnVerifyPeer := IOHandlerVerifyPeer; FServer.IOHandler := FIOHandler; FServer.OnQuerySSLPort := OnQuerySSLPort; FServer.DefaultPort := TServerEngine.Default.Port; LScheduler := TIdSchedulerOfThreadPool.Create(FServer); LScheduler.PoolSize := TServerEngine.Default.ThreadPoolSize; FServer.Scheduler := LScheduler; FServer.MaxConnections := LScheduler.PoolSize; FServer.OnParseAuthentication := ParseAuthenticationHandler; except FServer.Scheduler.Free; FServer.Scheduler := nil; raise; except FIOHandler.Free; FServer.Free; raise; I have stated in Server.Service.ServiceCreate()   or Server.Service.ServiceStart() :
FServer.Engine.Port := 0;
FServer.Engine.PortSSL := 8443; Therefore I copied the 3 files from bin folder (where they were as default and work for the ServerApplication
to an absolute path like C:\CERT\
and setup this by (I thought, maybee the Service is started in a different context):
(also in Server.Service.ServiceCreate() , just before setting FServer.Engine.PortSSL) FServer.SSLIOHandler.SSLOptions.RootCertFile := 'C:\CERT\localhost.pem';
FServer.SSLIOHandler.SSLOptions.CertFile     := 'C:\CERT\localhost.crt';
FServer.SSLIOHandler.SSLOptions.KeyFile      := 'C:\CERT\localhost.key';
still not working... (I am a complete newbee with services unfortunately; Any suggestions very wellcome)
Kind Regards,
ckranich Additional Info:
First thought it might have todo with the Certificates (However when run Server as App they work OK)
Recreated some fresh ones using XCA. no change.
This has definitively to do with enabling SSL.
As soon as a SSL Port is assigned by
FServer.Engine.PortSSL :=
the Startup stalls in MARShttpServerIndy.Startup (never finished)
SetupSSLIOHandler() exit OK
SetupThreadPooling() exit OK with 100 Threads
Any Ideas?
I know that Andrea suggests a Reverse Proxy etc for SSL (and doing only Http on the Rest server), but in this project a standalone Service App has been requested by customer ...
Kind Greetings,
ckranich
At first supposed it might have todo with certificates somehow
(or with user context versus local system context to access certificates)
- same certificates work if used from MARS Sercer compiled as VCL Application
- no change if service is started using local user instead of local system
- Datasnap REST server works OK running as Service using same (selfsigned) certificates and same OpenSSL dlls.
=> Indy seems to be able to use SSL from Service Application (DataSnap uses Indy too)
=> will have to dig deeper (traced until inherited call)
Problem solved.
CERTIFICATE LOCATIONS FOR WINDOWS SERVICE DIFFERENT TO WINDOWS APPLICATION!
(at least on Win10/Pro as I have) :
the cert files (supposed to be in bin/executable folder) MUST BE IN C:\Windows\SysWOW64\ folder
also a cert.pem is queried from C:\usr\local\ssl\cert     (i copied the root cert to this name, however not sure if necessary)
so if sticking with Indy default names, the files are:
C:\Windows\SysWOW64\localhost.pem        root cert
C:\Windows\SysWOW64\localhost.crt           cert
C:\Windows\SysWOW64\localhost.key          key
Selfsigned cert OK (created using XCA)
For copying to this folder, of course Admin rights are necessary.
If you are using a VMWare VM for Delphi 10.4.X, as I do, and the project files are in the shared VM drive outside the VM,
you need 2-step copy: 1) project/bin to local desktop 2) local desktop to SysWOW64
All the above is for WIN32 Service target, as I did not tryout X64 yet.
I am happy to be out of the swamp and back on the road (after fighting Windows and not Project)
I will duplicate this to new Topic for better visibility. Might it be helpful for others!
Kind Regards,
ckranich