https://kotlinlang.org logo
#ktor
Title
# ktor
n

nilTheDev

10/10/2021, 3:53 AM
I never deployed a REST Api on a real server. I am wondering how TLS get implemented. I read that a lot of crazy stuff go on in TLS handshake. It includes asymmetrical encryption (RSA), Diffie-Hellmen Key Exchange and many other things as well. I am wondering how hard it actually is to implement on the backend? Are all things done manually?
c

carrot

10/10/2021, 7:11 PM
Often you would let something else do TLS for you and the API service would just do plain HTTP - so something like a load balancer would strip off TLS
You certainly wouldn't implement TLS yourself - there's a guide in the Ktor docs for using the in-built TLS stuff but I doubt it's used much
c

CLOVIS

10/11/2021, 7:32 AM
If you want to go the ‘external route’, here's the Docker Compose config to use Caddy as a reverse proxy: https://gitlab.com/clovis-ai/formulaide/-/blob/main/docker/docker-compose.prod.yml#L20 The idea is that incoming HTTPS traffic is sent to Caddy, which decodes it and transmits it to Ktor as HTTP. I like this approach because it is much easier to setup and maintain (Caddy refreshes certificates automatically), however it means that internal traffic is unencrypted.
h

hfhbd

10/11/2021, 10:46 AM
Why do you want to implement it yourself, if the existing server engines support TLS (except CIO)? And yes, of course, at the end one person has to implement it :D
a

Aleksei Tirman [JB]

10/12/2021, 10:14 AM
You can find the related information in the documentation.