thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Hammond <br...@brianhammond.com>
Subject Re: Python server over HTTP, HTTPS -- How?
Date Fri, 03 Apr 2009 03:10:06 GMT
Hi Dave,

On Apr 2, 2009, at 10:55 PM, Dave Engberg wrote:

>
> Hey, Brian -
>
> I'm basically in charge of our API stuff (wrote the IDL, docs,  
> service implementation, etc.), and would be happy to chime in on any  
> questions you have.
>

Neat.  I figured you guys were on this list.

>
> Brian Hammond wrote:
>> I'm assuming EverNote is running the PHP generated "server" since  
>> their staging/testing web service box is running Apache.
> Our service implementation is Java on Tomcat, but some of our static  
> web pages run out of a PHP server for historic reasons.  All of the  
> Thrift goes through a single Java Servlet.  Originally, this servlet  
> was pretty small, and we could have given out the source, but now  
> it's all munged up with code for logging, throttling, etc.

Oh, Java. OK.

> The HTTP service basically needs to take the binary contents of the  
> HTTP POST and then hand them over to the server skeleton for  
> processing, and then marshal the results back into the binary  
> reply.  To correctly implement HTTP for portability, you need to  
> buffer the reply so you can give back a Content-Length header.
>
> The basic implementation is really simple if you're running on a  
> decent HTTP server, but you will need to add a decent amount of  
> exception handling to deal with all of the mess you get from  
> Internet connectivity if you're opening this up to the world.

OK.  I get it.  So I suppose if I were to open this up to the world  
I'd want to use nginx with mod_wsgi - it's very efficient.  Given  
that, I suppose I'd need to create the equivalent of TPhpStream,  
similar to what you did in your Java servlet.

I suppose I need to dig into the WSGI spec a bit deeper then but  
perhaps it's as simple as using the TBufferedTransport on the  
environ['wsgi.input'] ... Not sure yet if this is correct or not but  
this is encouraging: http://wsgi.org/wsgi/Specifications/handling_post_forms

> Currently environ['wsgi.input'] points to a stream that represents  
> the body of the HTTP request.

...

>> 1) use SSL to encrypt user credentials
> By using HTTP, we basically got HTTPS for free ... we offload it to  
> our Citrix load balancers, in fact, so our app servers just handle  
> HTTP.

Yeah, that's my thought exactly -- use HTTP and deploy to a solid  
httpd like nginx and you get all the heavy lifting for free, including  
epoll/poll/etc and HTTPS support.

OK, this is good.

Thanks!
Brian


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message