Chicago Boss is a great Erlang Framework. It ships with many dependecies including mochiweb, yaws, and misultin. After installation, Chicago Boss runs a development server very well.I need to know which of the web servers it ships with, does it use by default ? and how can i change from one web server to another without compromising my Chicago Boss project ?
From CB Wiki:
All configuration takes place in boss.config in your project directory....
Webserver
port - The port to run the server on. Defaults to 8001.
server - The HTTP server to use. Valid values are:
mochiweb - The Mochiweb Web Server
misultin - The Misultin Web Server
So check in boss.config for which web server you use.
Hope this helps!
Related
A web application that generates dynamic content requires two components:
Web Servers - primarily communicate with clients, by handling HTTP requests and responses while serving content.
Application Servers - on the other hand, generally sit behind a web server. If the web server can not generate the requested content via static files, it then reaches the application server to generate the dynamic content.
Software Examples
Examples of web servers include Nginx and Apache
Examples of app servers include Puma and Unicorn
Web servers and application servers work together as components in typical web applications.
Running Rails in Production
When running a Rails app in production using passenger, some options include:
Running Passenger as a stand alone solution
Running Passenger as an app server and Apache/Nginx as the web server
Running Rails in Development
When running a Rails app in development, it is configured to use Puma by default - see Ruby Docs. Puma is an application server. How is it that by default, in Rails, Puma can run the entire web application on its own? There's no mention of a web server like Nginx or Apache in the application stack.
I don't understand how this is possible. Can someone please explain this? Puma has always been an application server, not a web server...
Thanks in advance.
The distinction between a "web server" and an "application server" is rather muddy and has a lot of implicit (and mostly historical) baggage.
Generally, a web server is understood as a software which communicates via HTTP (or HTTPS) to clients and send static files as a response to requests.
An application server on the other hand often does not communicate directly with clients (but instead with intermediate server systems in front of it, such as loadbalancers, proxy servers or well, web servers) and its main function is to respond to requests with dynamically generated content. Application servers sometimes communicate with those intermediate servers using protocols other than HTTP, such as FCGI or AJP.
Often, we will see classic webservers (such as nginx, Apache, lighttpd) used together with an application server such as Puma, Unicorn, Thin, or Passenger. The reason for that is that those webservers are more efficient in serving static files than the application servers which are more geared towards helping the application generate dynamic responses. Also, web servers might be better suited than application servers for buffering requests and responses from clients without using a lot of resources.
With that being said, in the last couple of decades, it became increasingly common to just use HTTP everywhere rather than to use e.g. FCGI internally. Thus, application servers are generally able to speak to HTTP clients on their own without strictly requiring an additional web server. Often, these application servers can also serve static files directly and thus take on most features of a webserver too.
However, as written above, most webservers are magnitudes faster and more scalable when serving static files. Also, some application servers such as Unicorn are not intended to be exposed to clients directly since Unicorn does not buffer requests and responses efficiently. Instead, they rely on a frontend server such as nginx for that.
Thus, as a conclusion: most Ruby application servers can be used without a webserver directly. With e.g. Puma this will work quite okay. To more efficiently serve static assets, or to loadbalance or protect your application, you can also introduce a webserver / proxy in front of your application server such as nginx or Apache.
I have developed a web application using the aiohttp module (the web part) and haven't encountered any issues so far.
Though, when I try to deploy it to my hosting service (NameCheap), I am asked for the "application startup file" (so I guess it is the Python script I run to start the website, in my case name.py) and the "application entry point" (as a hint, I'm given Setup wsgi callable object for your application). I'm clueless about that. I've seen some things about how to use uWSGI with Flask and Django but nothing for aiohttp.
Is there any way to make things work here, or should I get a VPS instead of a "regular" web hosting service?
aiohttp is not WSGI framework PEP 333 and PEP 3333 but TCP socket server.
I know nothing about NameCheap hosting, sorry. aiohttp deployment page provides basic information about aiohttp server deployment.
I have one application says "app1"(main application support login) which is deploy some different machine tomcat server and another application says "app2" which also deployed in another machine tomcat server. So, should i need to install siteminder web agent to both the machine or it is on only in "appl2"?
Depends on what kind of agent you are using- if you're using a web agent for a web server (IIS, Apache), you could just install it on that box assuming it handles requests to both app servers. If you are installing the agent for the app server, Siteminder could log the user into the app on the "app1" server, and then the app/app server token could be passed to "app2"
You can use a traditional reverse proxy (apache with mod_proxy) or SiteMinder Secure Proxy Server to handle the Web Agent work and forward traffic to the destination web/app servers.
Secure Proxy Server enables your Single Sign-On environment to have "agentless" capabilities. You will still have 1 or more SiteMinder Web Agents (depending on the number of proxies that are deployed), but the web and application servers will not need to have any agents installed. The web/app servers only need to be able to consume the HTTP Headers provided by SiteMinder.
Can I have both a page using ASP.NET MVC 4 and another using Django under the same hosting?
Yes , you can config your web server to serve django project at the same host with ASP.Net or with some php application
otherwise you can install apache with iis and config apache to load django project and iis to load ASP.Net application
you can manage it by manage their ports
for example port 80 for IIS and port 8080 for apache
if you want to do it you should install wsgi_mod in apache
you can see here : https://docs.djangoproject.com/en/1.2/howto/deployment/modwsgi/
Regards
Mohammad
Yes, just configure your web server to serve Django separately from ASP.NET application.
If you want to serve ASP.NET you need a Windows-based server. Serving Django from Windows is not a big problem, but you will probably not be able to do it from a shared hosting account. Shared windows hosting is usually locked down / limited so much that hosting Django is impossible.
I agree with Daniel Eriksson ... It will be difficult to control hosting environment for Django on shared server. Moreover, I do not see Django listed on Microsoft's Web Platform Installer (http://www.microsoft.com/web/gallery/categories.aspx) application list. That means, it might be difficult to setup & take true benefits of dJango application on Windows platform.
If you still decide to host asp.net + django on a windows platform, go for a VPS hosting.
We have just finished developing a new website for my company using the .NET MVC framework. The sql server supporting our application holds some critical data such as the profiles of other web users and we would like to make sure this data is never leaked due to a reputational risk to the company.
We have a number of ideas on things to do to secure our website but I would like to get the stackoverflow take on them. We will be using SSL for login screens and we prevent against basic attach methods such as sql injection, cross site scripting attacks.
However we are worried about the physical machine being taken over using some exploit. We will be running the webserver (Windows Server 2008 SP2 with IIS7) in a DMZ with only port 80 and 443 open to the internet. Currently the sql server sits on the webserver machine but we are considering if this is a security risk. Would hosting the sql server in a machine in a second DMZ help in security?
We also considered using an Ubuntu box running Apache with mod_proxy in one DMZ that will be "redirecting" the 80 or 443 requests to separate windows machine in a second DMZ that will do the web serving and sql server hosting.
Some other suggestions we are getting is to use a product such as WatchGuard that can apparently filter the http packets for standards compliance thus blocking dodgy packets from reaching the webserver.
What other things should we be looking to secure?
Thanks
Allowing only 80 and 443 is a very good idea. DMZ stands for Demilitarized Zone, this is to define a machine on a NAT that is accessible by all traffic and this should be avoided. Allowing SQL Server and port 445 will get you hacked, after all you are running windows and its only a matter of time before yet another RPC vulnerability comes out.
The most important thing you must do is TEST YOUR SECURITY. Its not enough to say that you are preventing xss and sql injection. All secuirty systems must be proven that they can stop attacks.
How do you test your system? I like Acunetix but it is over priced, however there is a free xss tester. For SQL Injection and other vulnerabilities i recommend using Wapiti which is free. I recommend using OpenVAS which is the new open source version of Nessus which is now a commercial product. OpenVAS will tell you if your server is misconfigured or if you are running old software. You should do a full port scan of the system to test your firewall, this command will work nmap -sT -p 1-65535 domain.com, this can also be done form OpenVas.
After testing your system. Then install a Web Application Firewall, mod_secuirty is a good choice for Apache, you can use a reverse proxy to get mod_security to work with IIS. Aqtronix is an open source WAF built for IIS, but i haven't used it.
1- Critical data must be encrypted in your tables.
2- Take care from all types of SQL Injections.
3- encrypt the connection string in web.config file