SSL setup for Windows

  1. ‹ Older
  2. last week

    Kevin W

    Feb 15 Pre-Release Testers, Xojo Pro

    https://forum.xojo.com/8355-standalone-web-ssl

    http://blog.xojo.com/2014/01/14/at-long-last-web-standalone-ssl/

    Had an extra minute or two. I think the blog post and that forum thread are what I used to get my test working a couple of years ago. HTH.

  3. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Thanks, I'll take a look and give it a shot

  4. Tomas J

    Feb 15 Pre-Release Testers, Xojo Pro Europe (Germany)

    @Alan S Right now I am using IIS to point www.domainname.com to www.domainname.com:9000

    One big point: do not use other ports than standard port 80 and 443. Your website might be blocked away. And when finished with configuration do not forget to check your site with Mozilla Observatory and SSLabs.com

  5. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Wouldn't that mean that I could only run one website on my server?
    The port 9000 should be transparent to the user I think, but it's not my expertise so others can chime in.
    Alan

  6. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Let me get SSL working and I'll check those out since most of the errors I'm seeing on Mozilla is because it's not ssl

  7. Wayne G

    Feb 15 Pre-Release Testers, Xojo Pro New Zealand axisdirect.nz

    If you are using IIS URL rewrite then you are using IIS to proxy your web application. Get the certificate for the IIS website and bind port 443 to that site.

  8. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Wayne, if i do that do i still need to use command line options on the xojo app for secure socket, etc?

  9. Wayne G

    Feb 15 Pre-Release Testers, Xojo Pro New Zealand axisdirect.nz

    No. IIS will secure the connection back to the browser, the Web App will listen on its own port. So you're offloading the SSL work to IIS and leaving your app to do its thing.

  10. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Thanks, I'll give it a shot in the next few days and report back here how it works.

    I started using IIS because of the wanting to get rid of the port number so the user doesn't see it.

    Alan

  11. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    Wayne and others,
    The SSL is installed, and things are sort of working but not really.
    If anyone is willing to help me, I would appreciate it. I don't want to post the url here as it then becomes available to the world, but if you are able and willing to help me, please IM me here and I'll go over what's working and what's not.

    Thanks
    Alan

  12. Kevin W

    Feb 16 Pre-Release Testers, Xojo Pro

    If you don't need IIS for proxy then you can run on port 443 directly. Should make things simpler.

  13. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    Here is what I would like to have happen. Seems like a lot of normal websites work this way, so this is what I'm hoping that I can do.

    If the user types http://www.domain.com I want it to go to https://www.domain.com:9000 ( or whatever so my app running on port 9000 can run)
    If the user types https://www.domain.com I want it to go to https://www.domain.com:9000 ( or whatever so my app running on port 9000 can run)

    I would like to have the site show the pad lock so everything is indeed encrypted

    In addition I guess http://domain.com should also go to https://www.domain.com

    Is this all possible? If so, can someone explain what the best way to do it is, from an IIS standpoint and from the stand alone xojo app as far as if any command line options are needed?

  14. Kevin W

    Feb 16 Pre-Release Testers, Xojo Pro
    Edited last week by Kevin W

    For using the standalone app, you can just use MyWebApp --port=80 --secureport=443. Then put the MyWebApp.crt file in the same directory as the app.

    For redirect you could do something like this in the session.open event.

    if not session.secure then
    ShowURL "https://www.domain.com"
    end if

    Forgot to add that in order for that to work, those ports have to be free. So IIS would need to be shut down, and anything else that might happen to be using the default web ports of 80 and 443. HTH

  15. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    Kevin, By using port 80 does that mean I could only use one site on my server? It's a dedicated server and really will need to have many sites including php sites on it.

  16. Tomas J

    Feb 16 Pre-Release Testers, Xojo Pro Europe (Germany)

    @Oliver O made a good PDF how to implement Xojo Web behind an IIS, as far as I know he did this with URL Rewriter and Reverse Proxy Rules:

    Here's my copy of his PDF, maybe he's reading this and can add everything which is new:
    https://cloud.jakobssystems.de/u/tom/xojo/XojoOnIIS.pdf

  17. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    @Tomas, I have gotten the actual site to work on IIS using Reverse Proxy, so http://www.domain.com actually goes to http://www.domain.com:9000 but now I'm wanting to now use SSL and I don't think Olivers PDF addresses that.

  18. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    @Wayne, do you think if I continued to use my reverse proxy so that www.domain.com goes to www.domain.com:9000 and then tried running the app with secure port 443 would work?? I apologize for asking all these questions but I'm sure there is a perfect way to do this so if I ever need this again, it will be a piece of cake, but it's just not something I'm very familiar with.

  19. Kevin W

    Feb 16 Pre-Release Testers, Xojo Pro

    Yes, for multiple sites you need a front end of some kind. IIS should work for that, but I don't particularly care for it, and couldn't help you with it.

    If you plan on running a bunch of sites you really should consider the web server/load balancer question now. If you get down the road a ways with IIS and decide to switch to something else later, it could be a logistical problem switching sites over. Also if some of your sites need more robustness either due to load or reliability, you will want to run more than one instance of an app.

    I don't serve any websites on windows, but I'd probably look at nginx to start as I think there is a windows native version.

    Whatever you choose, the SSL would be handled by IIS or nginx or whatever. Your xojo apps would just run on some port of your choosing like 9000 and be connected to by the front end, or they would run in cgi mode.

    CGI mode is a little easier for some things because there is less configuration to get it running, but not so great for other things. It's not clear to me for instance, how you would make a cgi hosted app redundant or load balanced on a single server.

    There might be some more experienced hosters who can provide better advice when using windows.

  20. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    I am not tied to IIS, just trying to use something to get this going. Has anyone here used Abyss?? http://aprelium.com/abyssws/ I own an older copy and I'm fine with using something like that if I can figure out what properly needs to be setup on it and my xojo app to make it work. I'm not against CGI either, though I thought CGI was a bit slower, but my bottom line is getting this to work, and I am open to almost anything. I am running on WIndows 2012 R2 server, but that's about it.

    Alan

  21. Wayne G

    Feb 16 Pre-Release Testers, Xojo Pro New Zealand axisdirect.nz

    Sorry, I'm out of town at the moment,so a little slow on responses. Using IIS you would create a certificate request for your domain, use that request to purchase a certificate, install that certificate in IIS. Then use URL redirection to point requests to your Xojo web standalone instance. I would run the instance as a service application.

    To ensure secure access you would not bind port 80 to the IIS website.

    The whole process is not complicated, does not require installing 3rd party add-ons to windows and foes offload the SSL handling to the web server saving your app from doing the work.

    I am planning on presenting this process at a Xojo virtual user group meeting, but maybe not this month.

    I will be back in town on Monday and will be available to assist in the setup remotely if that will help. PM me.

or Sign Up to reply!