Geek Answers Handbook

Authentication and / or HTTPS using the Plack / PSGI / Poet application

I need to create a simple web application. I decided to do this with a poet ( Mason2 ) who uses Plack.

The application should be allowed to be used only by authenticated users, so I need to create some login and password functions.

Already there is a module Plack Plack :: Middleware :: Auth :: Basic, which allows you to use basic user authentication, which allows you to configure .htpasswd or similar verification. But basic authentication is not very secure; anyone can get a password to log in using packet capture or the like.

Here are 2 possible solutions:

  • launching my app.psgi via HTTPS (443) - channel level encryption
  • or is there some better authentication method that allows secure authentication without https?

Questions:

  • As for HTTPS - I have no idea how to run my app.psgi through HTTPS. Do I need to change my application a bit? Any link that shows me how to run plackup via https?
  • or for the second: is there any method (middleware / or Perl module) that allows me to create secure authentication through a standard unencrypted port? (80)

So, what is a relatively easy way to provide secure authentication with the Plack app?

PS: I don't care about the rest of the conversation. I only need secure authentication, which does not allow to obtain passwords.

PPS: https is easy with an Apache (and self-signed) certificate. But I have no idea how to do this with plackup (and any other Plack-based server).

+9
perl plack psgi poet
source share
3 answers

Another simpler option is to use what is built into plackup, Starman and Thrall:

 plackup --enable-ssl --ssl-key-file=... --ssl-cert-file=...

(or)

 starman --enable-ssl --ssl-key=... --ssl-cert=...

(or)

 thrall --enable-ssl --ssl-key-file=... --ssl-cert-file=...
+11
source

You can run the application behind some web server, for example Apache, which knows how to authenticate users securely.

You have two options for this:

  • Use FastCGI
  • Proxy requests to your application.

To go the FastCGI route, use plackup as follows:

 plackup -s FCGI myapp.psgi

And in your Apache configuration, use something like this:

 LoadModule fastcgi_module libexec/mod_fastcgi.so <IfModule mod_fastcgi.c> FastCgiExternalServer /tmp/myapp.fcgi -host localhost:5000 Alias /myapp/ /tmp/myapp.fcgi/ </IfModule>

Alternatively, you can make Apache proxy requests in your application:

 ProxyPass /myapp http://localhost:5000/

Since plackup not recommended for production systems, you should study Starman , which will limit your options to a proxy solution.

+3
source

Apache configuration looks like this if you go with Plack + Apache / mod_perl

 <Location /path/myapp> SetHandler perl-script PerlResponseHandler Plack::Handler::Apache2 PerlSetVar psgi_app /path/to/my.psgi </Location>
+3
source

More articles:


All Articles