Difference between revisions of "TWSocketServer.IcsHosts"

From Overbyte
Jump to navigation Jump to search
(Created page with "When originally designed TWSocketServer only supported listening on a single IP address and port, subsequently MultiListenSockets were added to listen on multiple IP addresses...")
 
Line 20: Line 20:
 
Note IcsHosts is only available for TSslWSocketServer, not TWSocketServer, but
 
Note IcsHosts is only available for TSslWSocketServer, not TWSocketServer, but
 
you don't need to use SSL for any Hosts.
 
you don't need to use SSL for any Hosts.
 +
 +
{|
 +
| width="130" valign="top" |HostNames||||
 +
One or more domain Host Names to which the server will respond,
 +
comma separated list, no quotes.  Host Names are matched initially
 +
against SSL Server Name Indication (SNI), or against the HTTP
 +
Host: header if no SSL or SNI for web and proxy servers. Note
 +
INI file reads as Hosts.  Wild card host names are not allowed,
 +
but SNI may match a wild card certificate to an IcsHost.
 +
|-
 +
HostEnabled||||
 +
True or False if this IcsHost is enabled, NOTE INI file also
 +
reads Enabled if HostEnabled missing for backward compatibility.
 +
|-
 +
BindIpAddr||||
 +
Listening IP Address for this IcsHost, may be 0.0.0.0 for all IP
 +
Addresses, must exist.  Multiple IcsHosts can use the same IP
 +
Address which will then be chosen from HostNames using SNI or
 +
Host: header.
 +
|-
 +
BindIpAddr2||||
 +
Optional second IP Address for this IcsHost, perhaps an IPv6 address.
 +
|}

Revision as of 17:57, 14 November 2018

When originally designed TWSocketServer only supported listening on a single IP address and port, subsequently MultiListenSockets were added to listen on multiple IP addresses and ports, and TSslWSocketServer SSL support required a lot of extra code in the application to specify SSL certificates, protocols, ciphers and security using multiple SslContexts for multiple hosts.

The IcsHosts property is an alternate way for specifying multiple listeners for TSslWSocketServer that allows multiple hosts to be specified, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates and private key (perhaps combined in a bundle), SSL context and security level, and other web server host related properties (used by higher level components). Each IcsHost has one or more HostNames to which it will recognise, that can share IP addresses.

If IcsHosts is specified, TSslWSocketServer ignores existing bindings and SSL context, and creates new bindings and initializes an SSL context for each host checking and reporting all server certificate chains. To ease implementation, functions are provided to read IcsHosts and TWSocketServer from an INI file, or they may be specified through IDE form properties and saved by other means.

Note IcsHosts is only available for TSslWSocketServer, not TWSocketServer, but you don't need to use SSL for any Hosts.

HostEnabled|||| True or False if this IcsHost is enabled, NOTE INI file also reads Enabled if HostEnabled missing for backward compatibility. BindIpAddr|||| Listening IP Address for this IcsHost, may be 0.0.0.0 for all IP Addresses, must exist. Multiple IcsHosts can use the same IP Address which will then be chosen from HostNames using SNI or Host: header. BindIpAddr2|||| Optional second IP Address for this IcsHost, perhaps an IPv6 address.
HostNames

One or more domain Host Names to which the server will respond, comma separated list, no quotes. Host Names are matched initially against SSL Server Name Indication (SNI), or against the HTTP Host: header if no SSL or SNI for web and proxy servers. Note INI file reads as Hosts. Wild card host names are not allowed, but SNI may match a wild card certificate to an IcsHost.