Reputation: 5856
Authentication and/or HTTPS with Plack/PSGI/Poet application
I need to build a simple web-application. I decided to do it with Poet (Mason2), which uses Plack.
The application should be allowed to use only by authenticated users, so I need build some login/password functionality.
There already is a Plack module Plack::Middleware::Auth::Basic that allows using Basic user auth that makes it possible to setup to check .htpasswd or similar. But the basic authentication is not very secure; anybody can grab the login password with packet capturing or the like.
Here are 2 possible solutions:
- running my app.psgi via HTTPS(443) - link level encryption
- or is there some better auth method that allow secure auth without https?
The questions:
- Regarding HTTPS - I have no idea how to run my
app.psgivia HTTPS. Do I need to modify my application somewhat? Any link what shows me how to runplackupover the https? - or for the second: is there some method (middleware/or perl module) what allows me build secure authentication over the standard unencrypted port?(80)
So, what is an relative easy way to achieve secure authentication with a Plack application?
PS: I don't care about the rest of communication. I only need secure auth that doesn't allow to grab the passwords.
PPS: https is easy with apache (and self-signed) certificate. But I have no idea how to do it with plackup (and or any other Plack based server)
Upvotes: 9
Views: 2086
Answers (3)
Reputation: 9544
Another more simple option is to use what's built into plackup, Starman, and Thrall:
plackup --enable-ssl --ssl-key-file=... --ssl-cert-file=...
(or)
starman --enable-ssl --ssl-key=... --ssl-cert=...
(or)
thrall --enable-ssl --ssl-key-file=... --ssl-cert-file=...
Upvotes: 12
Reputation: 567
The Apache config looks like this, if you go with Plack+Apache/mod_perl
<Location /path/myapp>
SetHandler perl-script
PerlResponseHandler Plack::Handler::Apache2
PerlSetVar psgi_app /path/to/my.psgi
</Location>
Upvotes: 3
Reputation: 47829
You could run your application behind some webserver like Apache that knows how to safely authenticate users.
To do this, you have two options:
- Use FastCGI
- Proxy requests to your app.
To go the FastCGI route, use plackup like this:
plackup -s FCGI myapp.psgi
And in your Apache config, use something like this:
LoadModule fastcgi_module libexec/mod_fastcgi.so
<IfModule mod_fastcgi.c>
FastCgiExternalServer /tmp/myapp.fcgi -host localhost:5000
Alias /myapp/ /tmp/myapp.fcgi/
</IfModule>
Alternatively, you can make Apache proxy requests to your app:
ProxyPass /myapp http://localhost:5000/
Since plackup is not recommended for production systems, you should look into Starman, which will limit your options to the proxy solution.
Upvotes: 4
Related Questions
- Is there a Perl PSGI/Plack server available that only speaks PSGI and not also HTTP?
- Handling authentication with Apache reverse proxy for plack/PSGI app
- Best way to run a Plack PSGI Perl application outside of Apache using FastCGI?
- How to do authenticated https access from perl
- How to do authentication and session management using Perl?
- How do I get my Poet web site running under Apache2?
- Perl HTTP Post Authentication
- How to serve static files (images etc.) for a PSGI / Plack web app (in Perl)?
- PSGI application with Apache2 using Plack::Handler::Apache2 results in 'not found'
- How do I stack Plack authentication handlers?