Proxy

Running a Kitto application through an HTTP proxy

Running through a proxy means that you don't expose the Kitto server application to the users (be they on the internet or inside an intranet) directly, but you put a web server acting as a proxy instead.

Why use a proxy

There are several reasons why you might want to use such configuration. Among them:

Security: using tried and tested (and up-to-date) web server software shields you from security leaks in your application; when a new thread is discovered, fixes are usually much quicker implemented in, say, Apache, than Indy or other Delphi server libraries.
Performance: using what we call mixed proxy mode you can offload the duty of serving all static content to the web server without the application being hit, which makes it more scalable.
Load Balancing/Fault Tolerance: Many web servers, such as Apache support load balancing through a proxy, meaning that you can deploy several instances of your application and have the load balancer handle them transparently.
Compartmentalization: You can install the web server and the Kitto application on two separate machines, which has advantages in terms of scalability, performance and security as it opens up a wider range of configuration options.

Note: Kitto session management is not quite ready for load balancing as it's not distributed yet (IOW, Kitto is stateful and stores its sessions in memory), but a distributed (or database-based) session manager might be developed at some point).

Using Apache as a proxy

In order to deploy a Kitto application through an Apache-based proxy, just follow these steps (the concepts are the same and the mechanics are similar if you use a different web server, such as Nginix).

Enable the proxy_http module in Apache's config file httpd.conf. This usually translates to uncommenting the line: LoadModule proxy_module modules/mod_proxy.so and the line: LoadModule proxy_http_module modules/mod_proxy_http.so towards the beginning of the file.
Add the ProxyPass and ReverseProxyPass definitions (and optionally the alias definition needed for the particular proxy variant you want to adopt.

Proxy variants

Kitto supports two proxy modes: full proxy mode and mixed mode. In full mode you route all requests through the proxy, and have the application serve both static (such as images) and dynamic (such as javascript code in response to method calls) content. In mixed mode you offload the chore of serving static content to the web server, and these requests never even reach the application. All images, all ExtJS files and most Kitto js and css files are static content.

Mixed mode is slightly faster and needs slightly more configuration in Apache's httpd.conf.

Full proxy mode

Just add a pair of ProxyPass/ReverseProxyPass inside an <IfModule proxy_http_module> section. For example:

<IfModule proxy_http_module>
  ProxyPass "/hellokitto" "http://localhost:2601/hellokitto"
  ProxyPassReverse "/hellokitto "http://localhost:2601/hellokitto"
</IfModule>

In the above example:

hellokitto is the application path. MUST be equal to the AppPath setting in Kitto's Config.yaml file, which defaults to the executable name converted to lower case.
localhost is the name or IP address of the machine where the Kitto application is running, as seen from the web server.
2601 is the TCP port the Kitto application listens on, as specified in the Server/Port Config.yaml setting.

Mixed proxy mode

In this mode you will need a different set of ProxyPass/ReverseProxyPass declarations in httpd.conf:

<IfModule proxy_http_module>
  ProxyPass "/hellokitto/app" "http://localhost:2601/hellokitto/app"
  ProxyPassReverse "/hellokitto/app" "http://localhost:2601/hellokitto/app"
</IfModule>

Note the first ProxyPass resolve the home address of the application URL: http://%host_apache_server%/hellokitto/home

The addition of the /app path segment in order to tunnel only application requests (which are requests for dynamic content) through the proxy.

Plus you will need to define an Apache alias to point the application's /res path segment to the correct directory:

<IfModule alias_module>
  Alias /hellokitto/res/ "C:/KittoApps/HelloKitto/Home/Resources/"
</IfModule>

Make sure you enable the alias module:

LoadModule alias_module modules/mod_alias.so

Obviously, the directory must be accessible by Apache:

<Directory "C:/KittoApps/">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

It is recommended that you also add Application/HandleResources: False in your application's Config.yaml to tell the application that it should not try to serve the resources, which will speed it up a bit:

Application:
  # When using partial proxy mode (serving /hellokitto/res/ from a separate web server)
  # you can set this to False to gain some speed. Default is True.
  HandleResources: False

Keep in mind that when using mixed mode you need to consolidate the Kitto\Home and YourApp\Home directories into one (which should be the latter), as the web server is not going to be able to look inside both directories as Kitto does normally. The easiest way to do that is creating a deployment script that copies the contents of these two folders in the same folder, one after the other, overwriting any existing files during the second pass. In this way you will have flattened the normally hierarchical home folder structure that Kitto uses during development.

Kitto at a glance
Getting started
Setup
Basic concepts
- Basic Materials
- Controllers
  - Panel-Based
  - List
  - Form
  - GridPanel
  - ChartPanel
  - TemplateDataPanel
  - Tool Controllers
  - Login
  - Logout
  - ChangePassword
- Features
Kitto Enterprise
- KIDE: the Kitto IDE
- Enterprise components
Examples
Developer's guide
Library reference
Frequently Asked Questions
Kitto tips & tricks and how-tos
Other information
- Licensing
- Coding standards

Provide feedback

Saved searches

Use saved searches to filter your results more quickly