Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Lawrence D'Oliveiro <ldo@nz.invalid>
Newsgroups: comp.lang.ada
Subject: Re: Ada/GNAT/AWS-friendly web hosting
Date: Thu, 12 Sep 2024 22:40:35 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 28
Message-ID: <vbvql3$esm6$12@dont-email.me>
References: <vbutl5$8a99$5@dont-email.me> <vbuvbl$nsk$1@rasp.pasdenom.info>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 13 Sep 2024 00:40:36 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="fe8eaca0c36637cab02c0b5baab677cf";
	logging-data="488134"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18JcX2tYoG94IQfDgBrAhMi"
User-Agent: Pan/0.160 (Toresk; )
Cancel-Lock: sha1:ZIjDc3wAzrMwIyjsWm4EBIxT1xo=
Bytes: 2097

On Thu, 12 Sep 2024 16:54:45 +0200, DrPi wrote:

> Le 12/09/2024 à 16:25, Marius Alves a écrit :
>
>> The host is already running an HTTP server program (probably Apache).
>> Must it be turned off? How?
>>
> The usual way is to use Apache (or nginx or another one) as a front end.
> Your application uses port 1080 (or something else) and the front end
> relays this port to the external 80 port.

Yup, I do things this way for my Python+ASGI code, too. This called a 
“reverse proxy”, though I don’t know why -- I think “server-side proxy” 
would be more accurate.

Make sure your back-end server is listening only on a loopback address: 
127.0.0.0/8 (IPv4) or ::1 (IPv6). That way the only access to it from 
outside the machine is through the public web-server front end.

(Question to ponder: why does Ipv4 offer over 16 million different 
loopback addresses, while IPv6, which its much larger address space, has 
to make do with only one?)

> This way, the security stuff is manage by the front end, not your
> application. You can also run multiple applications, each being
> redirected to its domain name/path.

Yup.