<div dir="ltr">On 16 December 2015 at 00:10, Hugo Mills <span dir="ltr"><<a href="mailto:hugo@carfax.org.uk" target="_blank">hugo@carfax.org.uk</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"> Hi, Chandru,<br>
<span class=""><br>
On Tue, Dec 15, 2015 at 11:57:56PM +0000, Chandru wrote:<br>
> Why does all this have to be done in Erlang?<br>
><br>
> It sounds like your best bet is to use something like nginx/varnish/haproxy<br>
> (or even Apache as you explained) to front your server farm. You can get<br>
> that component to then rewrite the URLs and route requests to wherever your<br>
> Erlang web services are located. I would do that rather than trying to do<br>
> everything in Erlang.<br>
<br>
</span> Thanks for the advice.<br>
<br>
I guess I'm unhappy (probably with no good reason) with the idea of<br>
running each service in a separate erlang VM, and each one running on<br>
a separate port, and having to ensure that those ports aren't visible<br>
outside the machine (because they'll be running HTTP, not the desired<br>
HTTPS).<br></blockquote><div><br></div><div>Sorry, I don't think I explained clearly. My point was that you can run multiple services in a single VM, on a single port. When your HTTPS request hits your front-end (nginx/varnish/apache/whatever), you get it to do two things.</div><div>- Handle all the TLS stuff</div><div>- Rewrite the URL in the request. (If the request from the client is <a href="http://server.me/service1">http://server.me/service1</a>, rewrite it to <a href="http://internal.server1.me/service1">http://internal.server1.me/service1</a>, <a href="http://server.me/service2">http://server.me/service2</a> becomes </div><div><a href="http://internal.server1.me/service2">http://internal.server1.me/service2</a>)</div><div>- You can have a global cowboy handler (one module which is used in all your backend erlang nodes) which provides internal routing for all your services. At its most basic form, routing in cowboy is redirecting requests based on URL to a module. So you just have to make sure this module is common across all your erlang nodes, regardless of how you distribute your services across nodes.</div><div><br></div><div>What am I missing here?</div><div><br></div><div>Chandru</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5"><br>><br>
> On 15 December 2015 at 23:41, Hugo Mills <<a href="mailto:hugo@carfax.org.uk">hugo@carfax.org.uk</a>> wrote:<br>
><br>
> > I've got a collection of small services, with minimal coupling<br>
> > between the back ends of those services (orchestration is done mostly<br>
> > client-side). I'd like to put an HTTPS interface in front of each one<br>
> > -- say, with cowboy.<br>
> ><br>
> > What I'd also like to be able to do, at least in principle, is<br>
> > deploy some arbitrary subset of those services on each machine in my<br>
> > (comedically-named) server farm. I'd like to be able to do this with<br>
> > one TLS configuration, and preferably under a single port.<br>
> ><br>
> > i.e., access my services through<br>
> ><br>
> > <a href="https://server.me/service1/." rel="noreferrer" target="_blank">https://server.me/service1/.</a>..<br>
> > <a href="https://server.me/service2/." rel="noreferrer" target="_blank">https://server.me/service2/.</a>..<br>
> > <a href="https://server.me/service3/." rel="noreferrer" target="_blank">https://server.me/service3/.</a>..<br>
> ><br>
> > Now, in python-land, which is largely where I come from, I'd set up<br>
> > Apache with mod-wsgi, and deploy each WSGI app to a specific URL<br>
> > within the same URL namespace. I'm not quite sure how to do that<br>
> > easily with erlang+cowboy, because there seems to be no easy way of<br>
> > treating a webapp as a unit within a larger server configuration. I<br>
> > keep coming to one of two approaches:<br>
> ><br>
> > 1) Write each service completely independently (as HTTP), run it on a<br>
> > distinct port, and splice together the URL namespaces through a<br>
> > reverse proxy on a "normal" web server like Apache.<br>
> ><br>
> > 2) Find some way to automatically write a top-level router for cowboy,<br>
> > for each set of services that I want to deploy to a machine.<br>
> ><br>
> > I don't much like option 1, but I like option 2 even less. I guess<br>
> > I could write some kind of "top-level" app that, given a bunch of<br>
> > webapp modules (via a configuration file of some kind), gets a router<br>
> > for each module and transforms those routers into a single router<br>
> > config. Does such a thing already exist?<br>
> ><br>
> > It all just feels a bit awkward, and I feel like I'm missing<br>
> > something. What do other people do to put together this kind of setup?<br>
> ><br>
> > Hugo.<br>
> ><br>
<br>
--<br>
</div></div><span class=""><font color="#888888">Hugo Mills | Anyone who claims their cryptographic protocol is<br>
hugo@... <a href="http://carfax.org.uk" rel="noreferrer" target="_blank">carfax.org.uk</a> | secure is either a genius or a fool. Given the<br>
<a href="http://carfax.org.uk/" rel="noreferrer" target="_blank">http://carfax.org.uk/</a> | genius/fool ratio for our species, the odds aren't<br>
PGP: E2AB1DE4 | good. Bruce Schneier<br>
</font></span></blockquote></div><br></div></div>