One of MARS users (Kostas, thank you for the constant feedback on MARS) asked how to enable SSL through Indy built-in server (link). I personally tend to setup a reverse proxy (using Apache, nginx or Microsoft IIS) and let the webserver to take care of low level aspects such as SSL, compression, caching and load balancing.
However, it is not unusual nowadays to implement local solutions where keeping a low impact footprint on the target machine (not necessarily a server already running a webserver) is a plus.
MARS is a lightweight yet feature-rich REST library and relies on an http layer. One possibility (historically the first one introduced) is to use Indy as http server layer (support for a second http layer technology, Delphi Cross Socket, has been added recently to MARS). So you can deploy your MARS applications using Indy http server (standalone) as:
- standalone VCL application
- standalone FMX application
- Windows service application
- Windows|Linux console application
- Linux daemon application
Other options include Apache modules and ISAPI (through WebBroker) and of course many other options using DelphiCrossSocket.
You can check the Demos\MARSTemplate project group to explore them all (and look also to Demos\MARSTemplateDCS for DelphiCrossSocket support).
Back to the reason of this blog post: with commit #1000 (!) I’ve added some shortcut in MARS to enable Indy’s standalone SSL features.
Depending on the deployment option you are using, look for the following commented block:
// to enable Indy standalone SSL ———————————————–
// Set the following Engine parameters:
// ‘Indy.SSL.RootCertFile’, default: ‘localhost.pem’ (bin folder)
// ‘Indy.SSL.CertFile’, default: ‘localhost.crt’ (bin folder)
// ‘Indy.SSL.KeyFile’, default: ‘localhost.key’ (bin folder)
// change default port and setup a proper IOHandler, SSL enabled
// TServerEngine.Default.Port := 443; // default HTTPS port is 443
// if needed, setup additional event handlers or properties
// FServer.SSLIOHandler.OnGetPassword := YourGetPasswordHandler;
// FServer.SSLIOHandler.OnVerifyPeer := YourVerifyPeerHandler;
// FServer.SSLIOHandler.SSLOptions.VerifyDepth := 1;
In the simplest case, supposing you already have your certificates available following the proposed naming convention, all you need to do is to uncomment the lines in bold, here above. Obviously you’ll also need to provide certificate files and OpenSSL DLLs.
Hope this will be helpful, feel free to let me know what you think about this or about some other features you may like to see added to MARS project.