From Newsgroup: comp.lang.ada

On 2024-09-12 16:25, Marius Alves wrote:

Researching how to build an HTTP server (serving a website) on a local machine (MacOS) using AWS (Ada Web Server) and deploy it on a web
hosting provider (e.g. 1dollar-webhosting.com).

That depends on what the provider would allow you to upload to the host. Likely nothing executable... (:-))

If the host runs on Linux then cross-building (from MacOS to Linux) required, right? GNAT does that, right?

It is possible, but far simpler would be a virtual machine running
Linux. E.g. I compile for Linux targets on virtual machines. Only for
ARM I am using physical machines. You must know what kind of Linux your provider has in order to choose the right version of the libc etc.

The host is already running an HTTP server program (probably Apache).
Must it be turned off? How?

Ask the provider. You would need the ports free.

In general, can the executable be launched on a VPS (Virtual Private Server)? Which port?

No idea.

Will dynamic linking work? I'm guessing not, so, static; but then, will
GNAT integrate the right libraries for Linux in the executable?

If you ship the libraries together with the server. Then if the host
runs Apache it must have some TLS library installed. You must learn the version an link against it.
In any case you need either OpenSSL or else GNUTLS. The HTTP server from Simple Components can use both. I believe that either can be built as a
static library. I see no reason why AWS could not be linked statically.
BTW you must maintain certificates on the server.

Will "Community GNAT" do? (Instead of GNAT Pro.)

I am not sure if all-static build were possible, e.g. libc, libgnat.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

On Thu, 12 Sep 2024 18:22:28 +0200, Jeffrey R.Carter wrote:

Although we had a lot more Ada than JS, we spent a lot more effort
correcting JS errors than Ada errors.

Did you “use strict”?
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

On Thu, 12 Sep 2024 19:06:08 +0200, J-P. Rosen wrote:

But security breaches mainly use known bugs in Apache... If you write
your own server with AWS, the attacker knows nothing about the software
that answers!

That’s called “security through obscurity”. Not recommended.
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

On Thu, 12 Sep 2024 16:54:45 +0200, DrPi wrote:

Le 12/09/2024 à 16:25, Marius Alves a écrit :

The host is already running an HTTP server program (probably Apache).
Must it be turned off? How?

The usual way is to use Apache (or nginx or another one) as a front end.
Your application uses port 1080 (or something else) and the front end
relays this port to the external 80 port.

Yup, I do things this way for my Python+ASGI code, too. This called a “reverse proxy”, though I don’t know why -- I think “server-side proxy”
would be more accurate.

Make sure your back-end server is listening only on a loopback address: 127.0.0.0/8 (IPv4) or ::1 (IPv6). That way the only access to it from
outside the machine is through the public web-server front end.

(Question to ponder: why does Ipv4 offer over 16 million different
loopback addresses, while IPv6, which its much larger address space, has
to make do with only one?)

This way, the security stuff is manage by the front end, not your application. You can also run multiple applications, each being
redirected to its domain name/path.

Yup.
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

Le 13/09/2024 à 00:35, Lawrence D'Oliveiro a écrit :

On Thu, 12 Sep 2024 19:06:08 +0200, J-P. Rosen wrote:

But security breaches mainly use known bugs in Apache... If you write
your own server with AWS, the attacker knows nothing about the software
that answers!

That’s called “security through obscurity”. Not recommended.

No, AWS is public and there is nothing hidden. Just that, since there
are wayyyyy more users of Apache than of AWS, attackers will not bother
to try to break in
--
J-P. Rosen
Adalog
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
https://www.adalog.fr https://www.adacontrol.fr
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

On 2024-09-13 00:29, Lawrence D'Oliveiro wrote:

On Thu, 12 Sep 2024 18:22:28 +0200, Jeffrey R.Carter wrote:

Although we had a lot more Ada than JS, we spent a lot more effort
correcting JS errors than Ada errors.

Did you “use strict”?

I don't know. It was quite a while ago and I didn't work on the JS. But the point is that when you use Gnoga, you don't need any to create any JS.
--
Jeff Carter
"He had no conception of the instrument. He
was blowing into it."
Take the Money and Run
135
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

Marius,

As a professional web hoster, I strongly advise you to forget Apache and
use only Nginx, both as a proxy (in your case) and as a web server
(generic case). Not only does Apache have security problems, but its performance is pitiful compared to Nginx.

If you have several sites, the ideal solution is to enter everything in https/port 443 on the nginx proxy (which will be able to manage X509/TLS
https certificates) and exit on as many ports 8080, 8081, 8082, etc. as
you have websites.

All the best from here.
--
Stéphane Rivière
Ile d'Oléron - France

--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

Marius Alves wrote:

Researching how to build an HTTP server (serving a website) on a local machine (MacOS) using AWS (Ada Web Server) and deploy it on a web
hosting provider (e.g. 1dollar-webhosting.com).

I don't know about 1dollar, but a typical web hosting provider will
only let you upload static files (HTML, pictures et cetera), limited
snippets of web server configuration, and certain kinds of programs
that run under their web server's control. PHP is common. Some might
run Perl programs with mod_perl, or Python programs using WSGI.
Maybe some web hosts support CGI or FastCGI. Those interfaces can be implemented in Ada. I think you'll have limited use for AWS in that
case, as the HTTP parsing is handled by the web server.
I think it would be hard to find a web host that lets you run arbitrary network-facing daemons. To run your own web server you want a VPS (or a physical server in a collocation facility, but if your security needs
don't rule out a web host, then a VPS is also fine).

The host is already running an HTTP server program (probably Apache).
Must it be turned off? How?

A typical web host won't let you turn off their web server. They serve
many customers' content from the same Apache instance, so turning that
off would break all those websites.

In general, can the executable be launched on a VPS (Virtual Private Server)?

Sure. In a VPS you have the whole operating system to yourself (maybe
except for the kernel if the VPS provider uses OpenVZ). You install and
run whatever programs you want, just like on your own physical computer.
Maybe you'll be able to get a VPS with MacOS, if that's your preference.
In a VPS it's also your responsibility to install updates regularly,
and upgrade to a new major OS version from time to time. If you fail to
keep up, then criminals will take over your VPS and use it as a relay
when attacking others. Make sure that you'll be notified automatically
when there are updates to install.

If the host runs on Linux then cross-building (from MacOS to Linux) required, right? GNAT does that, right?

GCC – and thus GNAT – can be built as a cross-compiler. Perhaps you
can find one that someone has built and packaged for MacOS. Otherwise
you'll need to build your own from the GCC source code, configuring it
to be a cross-compiler. (That's theoretical knowledge. I have no
practical experience with cross-compilation).

Or, must the program be built in the host? (Thus requiring GNAT be there.)

No, but in my opinion it's much easier that way. Either build on the
computer you'll run on, or on another computer of the same processor architecture, running the same version of the same operating system.
That way you don't need to worry about getting the wrong version of
some library or build tool.

Will dynamic linking work? I'm guessing not, so, static; but then, will
GNAT integrate the right libraries for Linux in the executable?

Cross-compilation should be able to work with shared libraries.
Regardless of whether the libraries are shared or static, libraries for
the target machine must be available on the build host. I guess you
would either install packaged libraries on the target machine, and copy
those to the build host, or else cross-compile the libraries too. You
need to configure search paths carefully so that both the compiler and
the linker find the cross-libraries instead of the native ones. This is
one of the complications you avoid by building natively.

Which port?

Normally port 443, because of course you'll use HTTPS, won't you?
Optionally you can also have an HTTP server on port 80 that responds to
every request with a redirection to HTTPS.
If you choose to put AWS behind a reverse proxy like DrPi suggested,
then the reverse proxy listens on port 443 on your public IP address,
and you tell AWS to listen on some other port and only on the localhost address, ::1 or 127.0.0.1.
Björn Persson
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.

--8323329-1675829112-1726249004=:1108411
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

Aonix used Apache. WWW.PTC.com is not saying that it uses AWS. IBM is=20
using AkamaiGHost. OC Systems Inc (nice company) is using Apache. DDC-I,=20 Inc. is using nginx. Ada Core is using nginx-rc. WWW.BKsv.com uses=20 cloudflare. Green Hills Software and Irvine Compiler Corporation are using=
=20
Apache. Not good advertisements.

(RR Software, Inc. and Ada-Auth.org use RRS Ada HTTP Server.)

"Marius Alves" wrote yesterday:
"Anyone done that? [. . .]

Thanks.
_____

Some specific questions on my mind follow.

[. . .]

Are those the right questions?

Thanks, thanks, thanks, thanks, thanks, thanks and thanks."

I emailed in July 2010:
"Dear Marius Amado-Alves,

This is serious. I do not ever remember receiving a reply from you to the=
=20
email which I had sent for you in March 2008. Perhaps you had replied and=
=20
I somehow do not notice. [. . .] So, if you had replied, please advise me=
=20
of this. If you had not replied, then please answer: Do you object to=20
being identified in a paper documenting much of the supposed research=20 unsuitable for space and SystemC=C2=AE fraud which I discovered in Pisa, on= =20
account of how unhelpful you were? Do you wish to propose how to phrase a=
=20
mention of how you behaved in the paper?"

I ask "Will answers be given?" more fourteen years afterwards. --8323329-1675829112-1726249004=:1108411--
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

On Fri, 13 Sep 2024 16:33:15 +0200, Björn Persson wrote:

Maybe some web hosts support CGI or FastCGI.

Don’t do that.
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

"Lawrence D'Oliveiro" <ldo@nz.invalid> wrote in message news:vbvqb7$esm6$11@dont-email.me...

On Thu, 12 Sep 2024 19:06:08 +0200, J-P. Rosen wrote:

But security breaches mainly use known bugs in Apache... If you write
your own server with AWS, the attacker knows nothing about the software
that answers!

That's called "security through obscurity". Not recommended.

That's the wrong way to look at it. An Ada program is better thought of as "security by simplicity and correctness", because you are running an Ada
that only does a few things (and which can be throughly tested, checked with static analysis, and so on) rather than a general program that does a
zillion things (with many combinations that can't be tested).

The only place "obscurity" comes into it is that no one else is running the exact same program as you. So attacks that depend on any sort of knowledge
of the program cannot succeed.

In any case, there is no such thing as "secure", there are only levels, and for the sorts of non-critical stuff that we're doing, an Ada program is certainly secure enough. I wouldn't try to run a storefront on it (although that would be more because you'd have a hard time convincing your bank that
it is OK than any real problems), or anything that needs high-level
security.

Randy.


--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

Le 14/09/2024 à 00:09, Lawrence D'Oliveiro a écrit :

On Fri, 13 Sep 2024 16:33:15 +0200, Björn Persson wrote:

Maybe some web hosts support CGI or FastCGI.

Don’t do that.

Could you elaborate why you recommend to not use FastCGI ?

Thanks by advance.


PS

We use FastCGI with Nginx to host tons of Wordpress web sites via
PHP_FPM. FastCGI allows us to implement an extremely high-performance
FastCGI cache. Caching is essential for slow and interpreted PHP
applications and/or high-traffic applications, whatever the language used.
--
Stéphane Rivière
Ile d'Oléron - France

--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

On Sat, 14 Sep 2024 09:01:32 +0200, Stéphane Rivière wrote:

We use FastCGI with Nginx to host tons of Wordpress web sites via
PHP_FPM. FastCGI allows us to implement an extremely high-performance
FastCGI cache. Caching is essential for slow and interpreted PHP
applications and/or high-traffic applications, whatever the language
used.

I would use the server-side proxy approach.

I see that FastCGI is basically an alternative to this, using a special protocol to communicate with the proxy, instead of just regular HTTP. But
when I discovered that the “official website” (fastcgi.com) disappeared off the Web some years ago, I decided that the whole concept was becoming obsolescent and so best avoided.

Also, it appears FastCGI doesn’t support WebSockets. Whereas server-side proxying does. Another point in favour of the latter.
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

OK. Got it.

Actually, it depends on the problem to be solved. In the case I
mentioned (PHP websites), FastCGI is a must and the FastCGI cache a performance grall.

FastCGI can be useful, even in Ada, if the site has to serve large
quantities of static text and static images, that will make good use of
a FastCGI cache.

But for dynamic sites (without static datas) written without PHP, I
agree that the WebSockets protocol is indeed ideal.

WebSockets is a http1 only protocol. What doesn't matter. In most
dynamic sites, such as business software, http2 or http3 are useless.
--
Stéphane Rivière
Ile d'Oléron - France

--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

On Sat, 14 Sep 2024 10:51:50 +0200, Stéphane Rivière wrote:

In the case I mentioned (PHP websites), FastCGI is a must and the
FastCGI cache a performance grall.

OK, PHP doesn’t do WebSockets anyway, so that’s probably OK.

But for dynamic sites (without static datas) written without PHP, I
agree that the WebSockets protocol is indeed ideal.

WebSockets is essential for certain kinds of interactivity.

WebSockets is a http1 only protocol.

Apparently not <https://www.ietf.org/archive/id/draft-ietf-httpbis-h3-websockets-02.html>.
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

OK, PHP doesn’t do WebSockets anyway, so that’s probably OK.

It's just mandatory if you need maximum performance with PHP.

I deeply dislike PHP but it's a huge part of our business. Yes, it's a
bit schisophrenic.

But for dynamic sites (without static datas) written without PHP, I
agree that the WebSockets protocol is indeed ideal.

WebSockets is essential for certain kinds of interactivity.

for shure !

Apparently not <https://www.ietf.org/archive/id/draft-ietf-httpbis-h3-websockets-02.html>.

You're teaching me something ! Thank you. So WebSockets /was/, untill recently, a http1 only protocol. I'm probably influenced by our recent
work with Gnoga (https://v22.soweb.io).
--
Stéphane Rivière
Ile d'Oléron - France

--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

work with Gnoga (https://v22.soweb.io).

Runs on Android/IOS. Does that require an internet web server?
--
Regards, Kc
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

Runs on Android/IOS.

Yes v22.Gui/Gnoga is responsive. Tested with 5" smartphones as old as
Nexus 5 (with a browser more recent than the stock one to handle
websockets). Also tested on 43” 4K ;)

On some iOS devices, the menu bar is slightly offset. I didn't look too
hard. It's a Safari problem. It works fine with Firefox and Chrome.

Does that require an internet web server?

Not necessarily. v22.Gui/Gnoga supports itself X509 TLS https
certificates (tested). However, for various reasons (such as the
possibility of having several web applications on the same instance and
on the same 80/443 input port), in production, I've always chosen to
have a Nginx proxy on the front end, which is also more flexible and
handle automatic switching from http/80 to https/443.
--
Stéphane Rivière
Ile d'Oléron - France

--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

On 2024-09-14 15:00, Stéphane Rivière wrote:

Runs on Android/IOS.

Yes v22.Gui/Gnoga is responsive. Tested with 5" smartphones as old as Nexus 5
(with a browser more recent than the stock one to handle websockets). Also tested on 43” 4K ;)

Interesting. How do you compile for Android/IOS?

Incidentally, the screenshot you have for the Tic-Tac-Toe demo seems to be Othello.
--
Jeff Carter
"Damn it, Jim, I'm an actor, not a doctor."
124
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

Hi Jeffrey,

Interesting. How do you compile for Android/IOS?

There's some confusion, I'm having trouble expressing myself. v22.Gui is
a framework on top of Gnoga, with specific CSS, making it possible to
obtain a responsive and therefore Android/IOS compatible application,
through the smartphone's web browser.

The Ada application with the v22 framework/library is of course
installed on any server/pc.

Incidentally, the screenshot you have for the Tic-Tac-Toe demo seems to
be Othello.

Thanks for reporting this error. I'll correct ASAP.
--
Stéphane Rivière
Ile d'Oléron - France

--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: comp.lang.ada

On 2024-09-14 18:11, Stéphane Rivière wrote:

There's some confusion, I'm having trouble expressing myself. v22.Gui is a framework on top of Gnoga, with specific CSS, making it possible to obtain a responsive and therefore Android/IOS compatible application, through the smartphone's web browser.

I misunderstood. Of course a Gnoga web application can be connected to from any
platform with a browser.
--
Jeff Carter
"Damn it, Jim, I'm an actor, not a doctor."
124
--- Synchronet 3.20a-Linux NewsLink 1.114