From mboxrd@z Thu Jan 1 00:00:00 1970 Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Lawrence D'Oliveiro Newsgroups: comp.lang.ada Subject: Re: Ada/GNAT/AWS-friendly web hosting Date: Thu, 12 Sep 2024 22:40:35 -0000 (UTC) Organization: A noiseless patient Spider Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Fri, 13 Sep 2024 00:40:36 +0200 (CEST) Injection-Info: dont-email.me; posting-host="fe8eaca0c36637cab02c0b5baab677cf"; logging-data="488134"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18JcX2tYoG94IQfDgBrAhMi" User-Agent: Pan/0.160 (Toresk; ) Cancel-Lock: sha1:ZIjDc3wAzrMwIyjsWm4EBIxT1xo= Xref: news.eternal-september.org comp.lang.ada:66355 List-Id: On Thu, 12 Sep 2024 16:54:45 +0200, DrPi wrote: > Le 12/09/2024 à 16:25, Marius Alves a écrit : > >> The host is already running an HTTP server program (probably Apache). >> Must it be turned off? How? >> > The usual way is to use Apache (or nginx or another one) as a front end. > Your application uses port 1080 (or something else) and the front end > relays this port to the external 80 port. Yup, I do things this way for my Python+ASGI code, too. This called a “reverse proxy”, though I don’t know why -- I think “server-side proxy” would be more accurate. Make sure your back-end server is listening only on a loopback address: 127.0.0.0/8 (IPv4) or ::1 (IPv6). That way the only access to it from outside the machine is through the public web-server front end. (Question to ponder: why does Ipv4 offer over 16 million different loopback addresses, while IPv6, which its much larger address space, has to make do with only one?) > This way, the security stuff is manage by the front end, not your > application. You can also run multiple applications, each being > redirected to its domain name/path. Yup.