NetTalk Central

Author Topic: Two big problems in NT 11 - at least for me  (Read 5877 times)

Wolfgang Orth

  • Sr. Member
  • ****
  • Posts: 251
    • View Profile
    • oData Wolfgang Orth
Two big problems in NT 11 - at least for me
« on: November 09, 2019, 10:45:32 AM »
Hello Bruce,

finally I am in the process to upgrade my major programs from Clarion 10 / Nettalk 9 to the most recent Clarion 11 / Nettalk 11. I am aware that there will be some work with chanking all the webclients, but before getting there, I ran into two other problems.

The communication between my clioent and server has (mostly) to be encrypted. And because the customers are hospitals, they might run my program in an isolated, "air-gapped" LAN. Hence I have to issue a self-signed certificate for the webserver. Which is fine so far, because the user works with a Clarion-written fat-client, where I can suppress the errors about this not-so-valid certificate.

Unfortunately there are two occasions I have to serve data on the regular insecure port (defaults to 80). In Nettalk 9 I was able to have my program running two webservers. That worked great!

The reason why I had to have that insecure webserver was, that they would be forced to add my self-issued certificate in their web of trust, to avoid warnings when the two occasions happen, as mentioned before. So it was prerfect for all participants.

While the secure server had a CSL set, the insecure one did not. Otherwise each thime a MESSAGE() pops up, telling that the connection is insecure. Not good for a server when running as a service.

Code: [Select]
"It will thus be necessary to remove the second object
in the WebServer procedure, and just set the two port numbers
for the primary object correctly."

https://www.capesoft.com/docs/NetTalk10/NetTalk10Upgrade.htm#ListeningOn2Ports

Unfortunately this is not possible for me!

Is there any way to sneak around this problem?

Because it is not a good idea to put two probably unrelated problems into one posting, I stop here and wtite a second post.


bshields

  • Sr. Member
  • ****
  • Posts: 392
    • View Profile
    • Inhabit
    • Email
Re: Two big problems in NT 11 - at least for me
« Reply #1 on: November 09, 2019, 03:14:19 PM »
Hi Wolfgang,

I'm not 100% sure if my solution is appropriate. But from NetTalk10 onwards I cannot run a server that needs to legitimately handle both Port80 and Port443 traffic.

I have a case like yours where I do not want (301s to 443). If I supplied an SSL certificate NT took it upon itself to try very hard to get clients from 80 to 443, which was often not suitable.

My solution (from Bruces advice). Was run two instances of the server. One with 0 for SSL Port and 80 for insecure, and another instance with 0 for the insecure and 443 for the SSL.

This effectively allows you to run two serves one for 80 and one for 443 (and disabling the other "built-in" server), without the two trying to interact.

Regards
Bill

Jane

  • Sr. Member
  • ****
  • Posts: 372
  • Expert on nothing with opinions on everything.
    • View Profile
    • Email
Re: Two big problems in NT 11 - at least for me
« Reply #2 on: November 09, 2019, 05:42:03 PM »
I have a similar situation to what Bill describes.  But in my case, it's not a real "server"... just a redirector on our internal WAN that takes simple URLS such as http://reports and does a 302 redirect (based on a data lookup) to something like https://myhost32.mynetwork.local:3211/reports

I've cloned that into two identical services, one listening on port 80 and the other on 443 (with a wildcard certificate for our local domain).


Wolfgang Orth

  • Sr. Member
  • ****
  • Posts: 251
    • View Profile
    • oData Wolfgang Orth
Re: Two big problems in NT 11 - at least for me
« Reply #3 on: November 10, 2019, 12:48:44 AM »

This effectively allows you to run two serves one for 80 and one for 443 (and disabling the other "built-in" server), without the two trying to interact.


Yes, that will be the way.

And the benfit of this solution is, that both services can monitor each other for being down accidently.

Thanks, Bill!

Wolfgang Orth

  • Sr. Member
  • ****
  • Posts: 251
    • View Profile
    • oData Wolfgang Orth
Re: Two big problems in NT 11 - at least for me
« Reply #4 on: November 10, 2019, 12:56:53 AM »

I've cloned that into two identical services, one listening on port 80 and the other on 443 (with a wildcard certificate for our local domain).


Yes, that is the way to go. And both services can monitor each other in case for being down accidently.

I need the insecure server for returning an HTML-page, that gets displayed with FileExplorer (=> IE) inside my Clarion fat-client. Getting a certificate warning for the user every time is so eeewwwwww!
And I can't rely on the IT-stuff to accept my shitty certificate. So we have to muddle behind the scenes.

Cloning is not that huge problem, because the source for these two purposes (my generated HTML and sometimes a PDF) will not be part or the secure server, so there is no duplicate code to maintain in the furture. Anything else I would file under nightmare.

Thanks, Jane!