Sage Web Server questions

[srothwell]

Is there a way with this plugin that I can only make the sage interface use SSL and anything else not require it?

I've seen countless websites that you don't have to type in https, but it will re-direct you to the secure page.

I've gotten use to using the sage webserver as a webserver for samily members to get pictures and such. Of course, as soon as I installed SSL for Sage, now people have to type that much more "stuff" in the front of the address (i.e. used to be: www.website.com, now it's https://www.website.com).

Any way I can have my cake and eat it too?

Thanks,

Stacy

[nielm]

As is, the webserver will only listen on a single port, and only handle a single type of connection (http or https), so no.
But you could run another webserver outside of Sage to serve the other content...

[jeffw]

you could easily redirect users to the https:// address on another port when they hit your standard address...shouldn't be hard but may require some research to set up initially...

[srothwell]

Quote:

Originally Posted by jeffw

you could easily redirect users to the https:// address on another port when they hit your standard address...shouldn't be hard but may require some research to set up initially...

Jeff,

True, but I am kind of cheating by using the SageTV server as the main server. It works very well but the Tiny Java Web Server that nielm uses only works for one port.

Now, that being said, I could probably run another instance of TJWS, but I frankly don't understand how to install it and the instructions on the web page assume you know everything about java.

Stacy

[PGPfan]

Would this be possible with the webserver somehow?

Looking at the forums for XM radio there are some users that have a 'live feed' of whatever they are listening to via XM displayed in the signatures of their forum posts. I wonder if something like this could be created for use on this forum, and the personal websites, and blogs that I'm sure some of us have.

Kind of a live display showing "Sage TV is now recording: xxxxx xxxxx". It might be a waste, but I think it'd be a cool way to help promote Sage to the general public.


-PGPfan

[salsbst]

Quote:

I could probably run another instance of TJWS, but I frankly don't understand how to install it and the instructions on the web page assume you know everything about java.

Why not just use Internet Information Server (IIS, which is built into Windows) for a general purpose web server?

[DynamoBen]

I'm not a huge fan of IIS. The reason is how "hackable" it can be. Also the current java webserver is very light and is light on CPU usage. To be honest I love it as is.

I wonder if you could do a redirect with a little HTML and this:
http://www.analogx.com/contents/down...work/sswww.htm

[srothwell]

Quote:

Originally Posted by DynamoBen

I'm not a huge fan of IIS. The reason is how "hackable" it can be. Also the current java webserver is very light and is light on CPU usage. To be honest I love it as is.

I wonder if you could do a redirect with a little HTML and this:
http://www.analogx.com/contents/down...work/sswww.htm

I agree with the hackibility of IIS. The TJWB certainly might be hackable but since not too many use it, it's a little lower on the radar.

Maybe at some point I can get nielm to explain how to install it since he incorporated it into SageWeb

[salsbst]

I disagree about the hackability of IIS. Surely, almost any piece of software can be hacked, but I think "hackability" has been mistaken for "configurable so as to have security holes." Show me how you hack into an IIS server and I'll change my tune.

But to each, his own. Good luck with your project, Stacy.

[srothwell]

Quote:

Originally Posted by salsbst

I disagree about the hackability of IIS. Surely, almost any piece of software can be hacked, but I think "hackability" has been mistaken for "configurable so as to have security holes." Show me how you hack into an IIS server and I'll change my tune.

But to each, his own. Good luck with your project, Stacy.

salsbst..... Can you point me in the direction of setting up IIS?

All I want to do is use IIS (or some kind of web server) for the family's web page, then I can have it re-direct to the Sage server for anything that I want to use SSL.

Heck, I'll try IIS

Stacy

[salsbst]

Are you on XP? If so, I can offer very specific startup instructions when I get home tonight (no XP in my office). If you're on 2000, I can help you now. If Win98, then definitely avoid the built-in web server!

[salsbst]

This is a decent guide, and includes some tips for extra security: http://techrepublic.com.com/5100-6268-5285402-1.html

[srothwell]

Quote:

Originally Posted by salsbst

Are you on XP? If so, I can offer very specific startup instructions when I get home tonight (no XP in my office). If you're on 2000, I can help you now. If Win98, then definitely avoid the built-in web server!

I'm on XP.

I installed IIS and it's running as a service. I've changed the port on my router for port 80 to be the PC that IIS is running on.

However, it never reaches the web page. I'm sorting through the DOCs, but they're not very clear

If you wouldn't mind helping tonight, that would be great and very much appreciated.

Best regards,

Stacy

[shameiz]

Hey Stacy,

I'm assuming you have remapped the public port 80 to map to the appropriate port (probably 80) on the pc hosting the website. The only other reason I can think of is that many ISP Boradband providers block port 80. Try mapping the external port to something else 8080 maybe and forwarding that to port 80 on the pc hosting the site.

Shameiz

[srothwell]

Quote:

Originally Posted by shameiz

Hey Stacy,

I'm assuming you have remapped the public port 80 to map to the appropriate port (probably 80) on the pc hosting the website. The only other reason I can think of is that many ISP Boradband providers block port 80. Try mapping the external port to something else 8080 maybe and forwarding that to port 80 on the pc hosting the site.

Shameiz

No, I got it. I erroneously set the IP address to the IP address of the machine running IIS (you'd thinik you'd want to do that). As soon as I put it back to (ALL-Unassigned) it then worked.

So, here's my underlying question......

So, I'm guessing that IIS is like TJWS (with Sage Webserver), insofar as it will only work with one port at a time, right?

So, would it be reasonable to assume that I can have IIS and TJWS (Sage Webserver) running together? That way, if someone logs into the web site, they will simply see unsecured pictures of my kid, etc. But if they click on the link for Sage (or just type it in), then IIS is no longer hosting that, it will be Sage.

Does that make sense?

On Sage Webserver, you have to set the entire thing to SSL or not. Can IIS have it where certain web pages are SSL and certain ones are not?

Stacy

[salsbst]

If you are using NAT on your router, you probably cannot access your server through your public IP from inside your LAN. PM me the IP and I'll test it from outside, if you'd like.

[salsbst]

Disregard my previous, I didn't have a fresh view of the page.

Quote:

So, I'm guessing that IIS is like TJWS (with Sage Webserver), insofar as it will only work with one port at a time, right?

IIS can work with many ports, IPs and host names at a time, but it doesn't sound like you need that feature.

Quote:

So, would it be reasonable to assume that I can have IIS and TJWS (Sage Webserver) running together?

Yes, but they cannot both bind to the same port on the same IP address.

Quote:

That way, if someone logs into the web site, they will simply see unsecured pictures of my kid, etc. But if they click on the link for Sage (or just type it in), then IIS is no longer hosting that, it will be Sage.

Very doable.

Quote:

On Sage Webserver, you have to set the entire thing to SSL or not. Can IIS have it where certain web pages are SSL and certain ones are not?

Yes. You need to generate or buy an SSL certificate for IIS in order to make it do SSL, which is a bit tricky. I'll see if I can round up a tutorial on that.

[srothwell]

salsbast,

Cool. Thank you.

I realize this is small potatoes stuff, but what I want to do is have everything secure, except the very first top-level page. That way, my family members don't have to acutally TYPE https, they can just do the www.xxxx thing.

I assume that the default.htm page would immediately redirect to the https page, right? Then it's just a matter of linking, right?

So you say that individual pages can be made secure or not with IIS?

So if I interpret this correctly, then I could have both insecure and secure individual pages with IIS (which would be on port 80 for insecure and 443 for secure). Then I woudl simply need to change the port on Sage SSL to something other than 443. Then on the IIS page, I can simply have a link to the Sage SSL server.

When that link happens, the TJWS built inbto Sage Webserver will then administer its own pages.

Did I miss anything? I'll have to figure out how to set the individual pages in IIS for secure or not. I figured out how to make a certificate request, but it just made a text file but I have no idea how to get the certificate back for it.

Stacy

[salsbst]

Quote:

what I want to do is have everything secure, except the very first top-level page. That way, my family members don't have to acutally TYPE https, they can just do the www.xxxx thing.

There's a utility that can do this automatically called ISAPI Rewrite. However, you don't want to start using it unless you actually have SSL working, and as I said, getting SSL working on IIS is a little complicated. Once we get SSL working, we can tackle this issue.

Quote:

So you say that individual pages can be made secure or not with IIS?

Virtually anything is possible -- there is built in support to make SSL mandatory for the whole site, but if you want SSL to be mandatory on only certain files in your site, then it's a little more complicated. By default, SSL is optional -- you enable it, and then user can choose whether to use HTTP or HTTPS based on the URL.

Quote:

I could have both insecure and secure individual pages with IIS (which would be on port 80 for insecure and 443 for secure). Then I woudl simply need to change the port on Sage SSL to something other than 443. Then on the IIS page, I can simply have a link to the Sage SSL server.

Yes, that's doable. One thing to consider is that many corporate proxy servers prevent people at work from accessing web sites that are not on port 80 or 443.

Quote:

I figured out how to make a certificate request, but it just made a text file but I have no idea how to get the certificate back for it.

Yes, that's the hard part.

This looks like a decent guide: http://www.bultinck.be/archives/000015.html

[srothwell]

salsbst,

Well, I finally gave up last night.

I'm not sure what the heck was going on.

Yesterday while we were chatting, I had IIS installed and it was working on port 80. Never tried or even changed anything for port 443.

However, now, no matter what I do I cannot get nielm's sage webserver to work on SSL any more, not matter WHAT port I use. I could get it to work just fine before installing IIS, now it doesn't work.

So, naturally I uninstalled IIS.

SageWeb will still not work with SSL but does work fine on port 80.

The funny thing is that if I do a netstat -a command, I will see the https is listening. However, if I try to do a https://localhost/sage/home I get something very strange indeed.

I get another line in netstat that shows MEDIASERVER:https and then after it it lists my ISP. That only appears after I try to bring up the page. Is there some kind of, for lack of a better term, feedback going on here? Could IIS have done something?

The problem is now I can't have IIS installed and Sage, becuase I can't have two web servers both running on port 80 at the same time. Yes, I can change Sage, but you are correct that many places block anythign that's not on port 80 or 443.

Any ideas? I'm just plain stumped! Too bad you don't live in Richmond. I'd stuff you with Pizza and beer in exchange for help :-)