Authentication and/or HTTPS with Plack/PSGI/Poet application

2k views Asked by At

I need to build a simple web-application. I decided to do it with Poet (Mason2), which uses Plack.

The application should be allowed to use only by authenticated users, so I need build some login/password functionality.

There already is a Plack module Plack::Middleware::Auth::Basic that allows using Basic user auth that makes it possible to setup to check .htpasswd or similar. But the basic authentication is not very secure; anybody can grab the login password with packet capturing or the like.

Here are 2 possible solutions:

  • running my app.psgi via HTTPS(443) - link level encryption
  • or is there some better auth method that allow secure auth without https?

The questions:

  • Regarding HTTPS - I have no idea how to run my app.psgi via HTTPS. Do I need to modify my application somewhat? Any link what shows me how to run plackup over the https?
  • or for the second: is there some method (middleware/or perl module) what allows me build secure authentication over the standard unencrypted port?(80)

So, what is an relative easy way to achieve secure authentication with a Plack application?

PS: I don't care about the rest of communication. I only need secure auth that doesn't allow to grab the passwords.

PPS: https is easy with apache (and self-signed) certificate. But I have no idea how to do it with plackup (and or any other Plack based server)

3

There are 3 answers

0
Frew Schmidt On BEST ANSWER

Another more simple option is to use what's built into plackup, Starman, and Thrall:

plackup --enable-ssl --ssl-key-file=... --ssl-cert-file=...

(or)

starman --enable-ssl --ssl-key=... --ssl-cert=...

(or)

thrall --enable-ssl --ssl-key-file=... --ssl-cert-file=...
0
innaM On

You could run your application behind some webserver like Apache that knows how to safely authenticate users.

To do this, you have two options:

  1. Use FastCGI
  2. Proxy requests to your app.

To go the FastCGI route, use plackup like this:

plackup -s FCGI  myapp.psgi

And in your Apache config, use something like this:

LoadModule fastcgi_module libexec/mod_fastcgi.so
<IfModule mod_fastcgi.c>
    FastCgiExternalServer /tmp/myapp.fcgi -host localhost:5000
    Alias /myapp/    /tmp/myapp.fcgi/
</IfModule>

Alternatively, you can make Apache proxy requests to your app:

ProxyPass /myapp    http://localhost:5000/

Since plackup is not recommended for production systems, you should look into Starman, which will limit your options to the proxy solution.

0
ashley On

The Apache config looks like this, if you go with Plack+Apache/mod_perl

<Location /path/myapp>
  SetHandler perl-script
  PerlResponseHandler Plack::Handler::Apache2
  PerlSetVar psgi_app /path/to/my.psgi
</Location>