[SOLVED]FPHTTPServer with https

[m.abudrais]

I want make https server and i tried this code

Code: Pascal  [Select][+][-]

1. uses
2.   {$IFDEF UNIX}  cthreads,  {$ENDIF}  Classes,  SysUtils,  CustApp,  fphttpserver, opensslsockets;
3. procedure TMyApplication.OnRequest(Sender: TObject;
4.   var ARequest: TFPHTTPConnectionRequest; var AResponse: TFPHTTPConnectionResponse);
5.   begin
6.     AResponse.Content := 'hello';
7.   end;    
8.   procedure TMyApplication.DoRun;
9.   var
10.     ErrorMsg: string;
11.     HTTPServer: TFPHttpServer;
12.   begin  
13. HTTPServer := TFPHTTPServer.Create(nil);
14.     try
15.       // Configure SSL options
16.       HTTPServer.UseSSL := True;
17.       HTTPServer.CertificateData.PrivateKey.FileName := 'cert/privatekey.pem';
18.       HTTPServer.CertificateData.Certificate.FileName := 'cert/certificate.pem';
19.       // Optionally, configure allowed TLS versions, cipher suites, etc.
20.       // HTTPServer.SSLOptions.TLSVersions := [tls1_2, tls1_3];
21.  
22.       HTTPServer.Port := 10443; // Standard HTTPS port
23.       HTTPServer.OnRequest := @OnRequest;
24.       HTTPServer.Active := True;
25.       // ... your server logic
26.     finally
27.       HTTPServer.Free;
28.     end;
29. end;

the server run, but the browser(firefox) give this error:

Secure Connection Failed

An error occurred during a connection to 127.0.0.1:10443. PR_END_OF_FILE_ERROR

Error code: PR_END_OF_FILE_ERROR

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

when i remove ssl the server work correctly.
i am using Lazarus 4.2, FPC 3.2.2 on linux
OpenSSL 3.4.1 11 Feb 2025 (Library: OpenSSL 3.4.1 11 Feb 2025)

[paweld]

FPC 3.2.2 does not support OpenSSL version 3. To make it work, you need to use at least FPC 3.2-fixes.
The best solution is to install Lazarus stable with FPC 3.2-fixes using fpcupdeluxe: https://www.youtube.com/watch?v=Snf0xgdREOQ

[m.abudrais]

thanks

[Warfley]

The better approach is to put your own HTTP server behind a reverse proxy like nginx or apache. This has several advantages:
1. The reverse Proxy implements modern protocols and features like IPv6 support, OpenSSL 3, HTTP 2, etc.
2. A popular reverse proxy solution like nginx or apache is much better audited and supported and gets feature and security updates much faster than fpc
3. The reverse Proxy implements caching for static assets and load balancing with containerization services. So you can focus an writing a very simple HTTP handler and still get the performance benefits from a high performance and scalable system
4. the Reverse Proxy manages all your SSL certificates (like via lets encrypt) so you do not have to deal with SSL in your own server.

Infact, especially because of the security concerns and the slow update cycle, it would be quite irresponsible to not use a reverse proxy if you want to make your service accessible through the internet

[m.abudrais]

I like FPHTTPServer because  it is simple, and my service  will not service accessible through the internet, only in local network. I will try fpc trunk  and if did not work i may try nginx, thanks.

[m.abudrais]

I installed FPC trunk using  fpcupdeluxe and it work , thank.
but there is small problem with fpcupdeluxe: if you  choose to installed the stable version and tried to install the trunk, fpcupdeluxe will install the stable version again!. the solution is to delete all files in the install directory, I hop this will be fixed in the next version of fpcupdeluxe.

[DonAlfredo]

this will be fixed in the next version of fpcupdeluxe

No, this will not be changed. The developers of FPC and Lazarus are against upgrading by overwriting the old version.
Just install a new version in its own directory with an appropriate name that indicates a version.
E.g.
FPC322LAZ42
FPCTRUNKLAZTRUNK

[m.abudrais]

No, this will not be changed

at least it should give a warning, so new user can understand.