Authentication and/or HTTPS with Plack/PSGI/Poet application

StackOverflow https://stackoverflow.com/questions/17530992

  •  02-06-2022
  •  | 
  •  

Question

I need to build a simple web-application. I decided to do it with Poet (Mason2), which uses Plack.

The application should be allowed to use only by authenticated users, so I need build some login/password functionality.

There already is a Plack module Plack::Middleware::Auth::Basic that allows using Basic user auth that makes it possible to setup to check .htpasswd or similar. But the basic authentication is not very secure; anybody can grab the login password with packet capturing or the like.

Here are 2 possible solutions:

  • running my app.psgi via HTTPS(443) - link level encryption
  • or is there some better auth method that allow secure auth without https?

The questions:

  • Regarding HTTPS - I have no idea how to run my app.psgi via HTTPS. Do I need to modify my application somewhat? Any link what shows me how to run plackup over the https?
  • or for the second: is there some method (middleware/or perl module) what allows me build secure authentication over the standard unencrypted port?(80)

So, what is an relative easy way to achieve secure authentication with a Plack application?

PS: I don't care about the rest of communication. I only need secure auth that doesn't allow to grab the passwords.

PPS: https is easy with apache (and self-signed) certificate. But I have no idea how to do it with plackup (and or any other Plack based server)

Was it helpful?

Solution

Another more simple option is to use what's built into plackup, Starman, and Thrall:

plackup --enable-ssl --ssl-key-file=... --ssl-cert-file=...

(or)

starman --enable-ssl --ssl-key=... --ssl-cert=...

(or)

thrall --enable-ssl --ssl-key-file=... --ssl-cert-file=...

OTHER TIPS

You could run your application behind some webserver like Apache that knows how to safely authenticate users.

To do this, you have two options:

  1. Use FastCGI
  2. Proxy requests to your app.

To go the FastCGI route, use plackup like this:

plackup -s FCGI  myapp.psgi

And in your Apache config, use something like this:

LoadModule fastcgi_module libexec/mod_fastcgi.so
<IfModule mod_fastcgi.c>
    FastCgiExternalServer /tmp/myapp.fcgi -host localhost:5000
    Alias /myapp/    /tmp/myapp.fcgi/
</IfModule>

Alternatively, you can make Apache proxy requests to your app:

ProxyPass /myapp    http://localhost:5000/

Since plackup is not recommended for production systems, you should look into Starman, which will limit your options to the proxy solution.

The Apache config looks like this, if you go with Plack+Apache/mod_perl

<Location /path/myapp>
  SetHandler perl-script
  PerlResponseHandler Plack::Handler::Apache2
  PerlSetVar psgi_app /path/to/my.psgi
</Location>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top