This is running on an OS X server which already has Apache running with a SSL certificate, so maybe I don’t really need or want the WebApp to do its own SSL.
Question 1: is there an easy way to have Apache handle the SSL for a Xojo standalone web-app running in regular (HTTP) mode? Is this where one would need a reverse-proxy?
Question 2: would there be any advantage to running this app in CGI mode? Does CGI mode fire up one instance of the app Per HTTP request? Or Per Session? Or just one instance total? I’m familiar with old-school CGI in which case every HTTP request starts then exists the app (which sounds bad to me).
Precisely that Apache would carry out SSL for you. Also, it starts/restarts automatically, hence you can use App.autoquit so when there is no session the app quits, then restarts as soon as a user hits the cgi.
I think he was saying that apache can proxy requests to the app and let the app handle everything in standalone mode vs running as cgi. Not that one is necessarily better than the other just that you have the option.
Personally I like running through haproxy. It’s a fantabulous piece of code.
You can deliberately run on multiple instances on different ports and then proxy each in your Apache config. Accidentally starting up multiple instances would be difficult since they all would try to start on the same port.
I posted this in your other thread - just putting it here for reference as well.
I know you are asking about Apache but HAproxy is a far more configurable load-balancer and is great for balancing multiple instances of Xojo apps along with SSL termination. You can still mix in Apache and serve static content - all routing through HAproxy.
There isn’t any Xojo issue here that I’m aware of- SSL overhead has a cost, it always has. You can run behind HAProxy if you like, but turning on SSL via your own app or a server in front will always increase your CPU workload. The nice thing about putting SSL separately via something like HAProxy is that an entirely different core- or if you like- an entirely different server can be taking that hit instead of your app.