MARSWebServer Service config for HTTPS - MARS-Curiosity REST Library

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

一身肌肉的莲藕 · 一點都不深入的了解 Compiler、 ...· 4 天前 ·

威武的茶叶 · 馮小剛：一段被遺忘的歷史一個必須面對的真實 ...· 2 月前 ·

冷冷的芒果 · js 数组元素累加的方法 - CSDN文库· 9 月前 ·

逆袭的芒果 · 东风万里绘宏图——习近平总书记指引数字中国建 ...· 10 月前 ·

可爱的山羊 · 《编辑部的故事》30年过去，女主已退圈，男主 ...· 1 年前 ·

procedure TWEBService.ServiceCreate(Sender: TObject); LScheduler: TIdSchedulerOfThreadPool; begin Name := TServerEngine.Default.Parameters.ByNameText('ServiceName', Name).AsString; DisplayName := TServerEngine.Default.Parameters.ByNameText('ServiceDisplayName', DisplayName).AsString; if WebRequestHandler <> nil then WebRequestHandler.WebModuleClass := WebModuleClass; FServer := TIdHTTPWebBrokerBridge.Create(nil); FIOHandler.SSLOptions.CertFile := 'certificate.crt'; FIOHandler.SSLOptions.KeyFile := 'private.key'; FIOHandler.SSLOptions.RootCertFile := 'SSLroot.crt'; FIOHandler.SSLOptions.Method := sslvSSLv23; FIOHandler.OnVerifyPeer := IOHandlerVerifyPeer; FServer.IOHandler := FIOHandler; FServer.OnQuerySSLPort := OnQuerySSLPort; FServer.DefaultPort := TServerEngine.Default.Port; LScheduler := TIdSchedulerOfThreadPool.Create(FServer); LScheduler.PoolSize := TServerEngine.Default.ThreadPoolSize; FServer.Scheduler := LScheduler; FServer.MaxConnections := LScheduler.PoolSize; FServer.OnParseAuthentication := ParseAuthenticationHandler; except FServer.Scheduler.Free; FServer.Scheduler := nil; raise; except FIOHandler.Free; FServer.Free; raise; I have stated in Server.Service.ServiceCreate()   or Server.Service.ServiceStart() :
FServer.Engine.Port := 0;
FServer.Engine.PortSSL := 8443; Therefore I copied the 3 files from bin folder (where they were as default and work for the ServerApplication
to an absolute path like C:\CERT\
and setup this by (I thought, maybee the Service is started in a different context):
(also in Server.Service.ServiceCreate() , just before setting FServer.Engine.PortSSL) FServer.SSLIOHandler.SSLOptions.RootCertFile := 'C:\CERT\localhost.pem';
FServer.SSLIOHandler.SSLOptions.CertFile     := 'C:\CERT\localhost.crt';
FServer.SSLIOHandler.SSLOptions.KeyFile      := 'C:\CERT\localhost.key';
still not working... (I am a complete newbee with services unfortunately; Any suggestions very wellcome)
Kind Regards,
ckranich Additional Info:
First thought it might have todo with the Certificates (However when run Server as App they work OK)
Recreated some fresh ones using XCA. no change.
This has definitively to do with enabling SSL.
As soon as a SSL Port is assigned by
FServer.Engine.PortSSL :=
the Startup stalls in MARShttpServerIndy.Startup (never finished)
SetupSSLIOHandler() exit OK
SetupThreadPooling() exit OK with 100 Threads
Any Ideas?
I know that Andrea suggests a Reverse Proxy etc for SSL (and doing only Http on the Rest server), but in this project a standalone Service App has been requested by customer ...
Kind Greetings,
ckranich
At first supposed it might have todo with certificates somehow
(or with user context versus local system context to access certificates)
- same certificates work if used from MARS Sercer compiled as VCL Application
- no change if service is started using local user instead of local system
- Datasnap REST server works OK running as Service using same (selfsigned) certificates and same OpenSSL dlls.
=> Indy seems to be able to use SSL from Service Application (DataSnap uses Indy too)
=> will have to dig deeper (traced until inherited call)
Problem solved.
CERTIFICATE LOCATIONS FOR WINDOWS SERVICE DIFFERENT TO WINDOWS APPLICATION!
(at least on Win10/Pro as I have) :
the cert files (supposed to be in bin/executable folder) MUST BE IN C:\Windows\SysWOW64\ folder
also a cert.pem is queried from C:\usr\local\ssl\cert     (i copied the root cert to this name, however not sure if necessary)
so if sticking with Indy default names, the files are:
C:\Windows\SysWOW64\localhost.pem        root cert
C:\Windows\SysWOW64\localhost.crt           cert
C:\Windows\SysWOW64\localhost.key          key
Selfsigned cert OK (created using XCA)
For copying to this folder, of course Admin rights are necessary.
If you are using a VMWare VM for Delphi 10.4.X, as I do, and the project files are in the shared VM drive outside the VM,
you need 2-step copy: 1) project/bin to local desktop 2) local desktop to SysWOW64
All the above is for WIN32 Service target, as I did not tryout X64 yet.
I am happy to be out of the swamp and back on the road (after fighting Windows and not Project)
I will duplicate this to new Topic for better visibility. Might it be helpful for others!
Kind Regards,
ckranich