On 2017-06-29 19:36, Christoph Rabel wrote:
Hi,

I have written an apache module that sometimes connects to a backend
server. Currently it does that through http, open a socket, send a get
request, get a response, process it. Nothing special.

Now we need to support https too and I am wondering, how that could be
accomplished.
Should I use openssl directly? Does that work? Are there any helper
functions I could use?

I tried to find examples, but it is quite difficult since most of the
examples cover configuration of ssl, not implementation of a ssl socket.

I was also looking at mod_proxy but I don't understand how that stuff with
the worker works. It's a lot of code and in the end I just need to open an
ssl socket and I guess I can do the rest the same way as before.

Any hints are appreciated.
I should support Apache 2.2, but I might be able to weaken that to support
only Apache 2.4, if that makes a huge difference.

How do you do it now, in plain http? I see two or three ways in which you do it: using apache subrequests (ap_sub_req_method_uri), using mod_proxy (no code, just conf, like ProxyPass), using a 3rd-party library, such as libcurl or libneon for example.

Or do you do it "manually", i.e. using the syscalls socket/connect/write, you write to the socket and implement the http protocol?

The good news about the first three options is that they work with ssl without code modification. You just configure the URL of the backend and it recognizes https and performs the SSL handshake and communication.

In my opinion (but it depends on your use case), the best option is mod_proxy. Check this generic way of configuring it:

<Location /your_url>

RewriteEngine On

RewriteCond  some_condition
RewriteRule  .*      https://remote.host/path/to/remote/resource?args [P]
</Location>

<Proxy https://remote.host/path/to/remote/resource>
ProxyPass https://remote.host/path/to/remote/resource keepalive=On timeout=5
</Proxy>

Your module processes requests to /your_url. If it has to make the request to the backend, then it sets some apache note or environment variable. The value of this variable is then checked in the RewriteCond. If the condition is satisfied then the request to /your_url is proxied to the remote.host backend. The response of the backend is then sent to your client.

If you want to modify the response of the backend, or to send a completely different response to the client (and then you just use some data from the backend's response) then you write a filter and you activate it with the SetOutputFilter conf directive.

This setup works with http and https. You just put the right scheme in the URLs in the conf.

Hope this helps,
Sorin


Tia,

Christoph


Reply via email to