One HTTPS server in Modern Pascal to Rule Them All
ArnaudBouchez1
20 views
76 slides
Oct 29, 2025
Slide 1 of 76
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
About This Presentation
A brand new asynchronous and event-driven HTTP server was written for mORMot 2, and we added some general-purpose features to make it a potential alternative to apache, nginx, caddy or IIS. We will present this web server, and some of its features.
Hands-On
Use modern object pascal for HTTP se...
Slide Content
One HTTPS Server
in Modern Pascal
to Rule Them All
When embedded is better
in Modern Pascal
to Rule Them All
When embedded is better
Welcome
Arnaud Bouchez
•Open Source Founder
• mORMot 1, mORMot 2, SynPDF, dmustache
•Modern Object Pascal
Delphi and FPC -Embarcadero MVP
•Synopse Tranquil IT
https://synopse.info https://tranquil.it
Arnaud Bouchez
•Open Source Founder
• mORMot 1, mORMot 2, SynPDF, dmustache
•Modern Object Pascal
Delphi and FPC -Embarcadero MVP
•Synopse Tranquil IT
https://synopse.info https://tranquil.it
Welcome
Arnaud Bouchez
•Open Source Founder
• mORMot 1, mORMot 2, SynPDF, dmustache
•Modern Object Pascal
Delphi and FPC -Embarcadero MVP
•Synopse Tranquil IT
https://synopse.info https://tranquil.it
Arnaud Bouchez
•Open Source Founder
• mORMot 1, mORMot 2, SynPDF, dmustache
•Modern Object Pascal
Delphi and FPC -Embarcadero MVP
•Synopse Tranquil IT
https://synopse.info https://tranquil.it
One HTTPS Server
in Modern Pascal
to Rule Them All
in Modern Pascal
to Rule Them All
Hands On
•Serve HTTPS from modern Object Pascal
•Web server best practices
•Beyond Apache, Nginx, Caddy or IIS
•Integrate the mORMot 2 Web Server
•Optionally leverage its Toolbox
•Serve HTTPS from modern Object Pascal
•Web server best practices
•Beyond Apache, Nginx, Caddy or IIS
•Integrate the mORMot 2 Web Server
•Optionally leverage its Toolbox
Today’s Special
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
Today’s Special
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
HTTPS Web Servers
HTTPS Web Servers
Apache, Nginx, Caddy, IIS…
•Resolve Host names
•Serve static content
•Forward dynamic content
•Handle HTTPS security
Apache, Nginx, Caddy, IIS…
•Resolve Host names
•Serve static content
•Forward dynamic content
•Handle HTTPS security
HTTPS Web Servers
Apache, Nginx, Caddy, IIS…
Apache, Nginx, Caddy, IIS…
HTTPS Web Servers
•HTTPS via ACME services
•HTTPS is mandatory
•Enter the Trust Chain
•Paid or free certificate
•Periodic renewal
•HTTPS via ACME services
•HTTPS is mandatory
•Enter the Trust Chain
•Paid or free certificate
•Periodic renewal
HTTPS Web Servers
HTTPS via ACME services
HTTPS via ACME services
HTTPS Web Servers
IIS–Internet Information Services
•Windows Specific
•Based on http.sys system driver
•Use the system registry and netshtool
IIS–Internet Information Services
•Windows Specific
•Based on http.sys system driver
•Use the system registry and netshtool
HTTPS Web Servers
Apache, Nginx, Caddy
•Use configuration files
•Favor Linux/BSD
•Well known
Apache, Nginx, Caddy
•Use configuration files
•Favor Linux/BSD
•Well known
HTTPS Web Servers
Apache
•The venerable web server
•LAMP (Linux Apache MySQLPHP)
•WAMP for debugging/testing
•Somewhat old and not scaling
Apache
•The venerable web server
•LAMP (Linux Apache MySQLPHP)
•WAMP for debugging/testing
•Somewhat old and not scaling
HTTPS Web Servers
Nginx
•The most used in the Internet
•Very fast
•Unusable on Windows
Nginx
•The most used in the Internet
•Very fast
•Unusable on Windows
HTTPS Web Servers
Caddy
•Written in Go
•Built-in HTTPS / ACME
•Convenient, but not as fast
Caddy
•Written in Go
•Built-in HTTPS / ACME
•Convenient, but not as fast
HTTPS Web Servers
Apache, Nginx, Caddy, IIS…
•Another brick in the project
•Part of the Operating System
•System wide configuration
•HTTPS may be tricky to get working
•Can be tampered (for good or evil)
Apache, Nginx, Caddy, IIS…
•Another brick in the project
•Part of the Operating System
•System wide configuration
•HTTPS may be tricky to get working
•Can be tampered (for good or evil)
Today’s Special
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
mORMot 2 THttpAsyncServer
mORMot 2 THttpAsyncServer
•mormot.net.async.pas
•mormot.net.server.pas
•mormot.net.http.pas
•mormot.net.sock.pas
•mormot.net.async.pas
•mormot.net.server.pas
•mormot.net.http.pas
•mormot.net.sock.pas
mORMot 2 THttpAsyncServer
mormot.net.sock.pas
•Cross-platform and cross-compiler
•High-level Socket abstraction
•poll() or epoll() API on POSIX/Linux
•IOCP on Windows(via mormot.core.os)
•INetTlsabstraction for HTTPS
mormot.net.sock.pas
•Cross-platform and cross-compiler
•High-level Socket abstraction
•poll() or epoll() API on POSIX/Linux
•IOCP on Windows(via mormot.core.os)
•INetTlsabstraction for HTTPS
mORMot 2 THttpAsyncServer
INetTlsabstraction for HTTPS
•OpenSSLon POSIX and Windows
mormot.lib.openssl11.pas
•SSPI / SChannelAPI on Windows
mormot.net.sock.pas
INetTlsabstraction for HTTPS
•OpenSSLon POSIX and Windows
mormot.lib.openssl11.pas
•SSPI / SChannelAPI on Windows
mormot.net.sock.pas
mORMot 2 THttpAsyncServer
mormot.net.http.pas
•Fast client/server HTTP state machine
•THttpServerRequestAbstractclass
•Logging/Metrics/IPBanengines
mormot.net.http.pas
•Fast client/server HTTP state machine
•THttpServerRequestAbstractclass
•Logging/Metrics/IPBanengines
mORMot 2 THttpAsyncServer
mormot.net.server.pas
•Efficient URI routing
•THttpServerGenericclass
•THttpServerclass (not async)
•THttpApiServer(http.sys -Windows only)
•THttpPeerCache
mormot.net.server.pas
•Efficient URI routing
•THttpServerGenericclass
•THttpServerclass (not async)
•THttpApiServer(http.sys -Windows only)
•THttpPeerCache
mORMot 2 THttpAsyncServer
mormot.net.async.pas
•Non-blocking socket connections
•THttpAsyncServerEvent-Driven server
•THttpProxyServerwith cache
mormot.net.async.pas
•Non-blocking socket connections
•THttpAsyncServerEvent-Driven server
•THttpProxyServerwith cache
mORMot 2 THttpAsyncServer
mormot.net.async.pas
•Non-blocking socket connections
•THttpAsyncServerEvent-Driven server
•THttpProxyServerwith cache
mormot.net.async.pas
•Non-blocking socket connections
•THttpAsyncServerEvent-Driven server
•THttpProxyServerwith cache
mORMot 2 THttpAsyncServer
THttpAsyncServerEvent-Driven
•IOCP on Windows, epoll() on Linux
•Non-blocking socket+httpstate engine
•Internal thread pool
•Minimize memory allocations and locks
THttpAsyncServerEvent-Driven
•IOCP on Windows, epoll() on Linux
•Non-blocking socket+httpstate engine
•Internal thread pool
•Minimize memory allocations and locks
mORMot 2 THttpAsyncServer
THttpAsyncServerEvent-Driven
•Leverage simple/cheap hardware
•e.g. #1 in the TFB challenge
for serving cached ORM JSON
•Cross-platform and cross-compiler
THttpAsyncServerEvent-Driven
•Leverage simple/cheap hardware
•e.g. #1 in the TFB challenge
for serving cached ORM JSON
•Cross-platform and cross-compiler
mORMot 2 THttpAsyncServer
THttpServerGeneric.Router
•Register GET/POST/PUT… URIs
•Rewrite URIs in-place
•Redirect to Object Pascal callbacks
THttpServerGeneric.Router
•Register GET/POST/PUT… URIs
•Rewrite URIs in-place
•Redirect to Object Pascal callbacks
mORMot 2 THttpAsyncServer
THttpServerGeneric.Router
•Register GET/POST/PUT… URIs
•Rewrite URIs in-place
•Redirect to Object Pascal callbacks
… so you can do whatever you want …
… in pure code, with no configfiles …
THttpServerGeneric.Router
•Register GET/POST/PUT… URIs
•Rewrite URIs in-place
•Redirect to Object Pascal callbacks
… so you can do whatever you want …
… in pure code, with no configfiles …
mORMot 2 THttpAsyncServer
function TMyServer.Cached(ctxt: THttpServerRequest): cardinal;
vari: integer;
res: TOrmWorlds;
begin
SetLength(res, GetQueriesParamValue(ctxt, 'COUNT='));
for i:= 0 to length(res) -1 do
res[i] := fRawCache[Random32(WORLD_COUNT)];
result := ctxt.SetOutJson(@res, TypeInfo(TOrmWorlds));
end;
function TMyServer.Cached(ctxt: THttpServerRequest): cardinal;
vari: integer;
res: TOrmWorlds;
begin
SetLength(res, GetQueriesParamValue(ctxt, 'COUNT='));
for i:= 0 to length(res) -1 do
res[i] := fRawCache[Random32(WORLD_COUNT)];
result := ctxt.SetOutJson(@res, TypeInfo(TOrmWorlds));
end;
mORMot 2 THttpAsyncServer
https://www.techempower.com/benchmarks/#section=data -r23&test=cached-query
https://www.techempower.com/benchmarks/#section=data -r23&test=cached-query
mORMot 2 THttpAsyncServer
SHOW ME THE CODE !
SHOW ME THE CODE !
mORMot 2 THttpAsyncServer
THttpServer.Options
= set of THttpServerOption;
Let’s look at mormot.net.server.pas
THttpServer.Options
= set of THttpServerOption;
Let’s look at mormot.net.server.pas
mORMot 2 THttpAsyncServer
THttpServerOption
•IncludeDateHeader
•Ban40xIP
•EnableLogging
•TelemetryCsv/Json
•RejectBotUserAgent…
THttpServerOption
•IncludeDateHeader
•Ban40xIP
•EnableLogging
•TelemetryCsv/Json
•RejectBotUserAgent…
mORMot 2 THttpAsyncServer
THttpServerSocketGeneric.Banned
•Access a THttpAcceptBanIPv4 banning list
•Via hsoBan40xIP option
or manually from your code
THttpServerSocketGeneric.Banned
•Access a THttpAcceptBanIPv4 banning list
•Via hsoBan40xIP option
or manually from your code
mORMot 2 THttpAsyncServer
THttpServerSocketGeneric.BlackListUri
:= 'https://www.spamhaus.org/drop/drop.txt';
or any CIDR text list address
•Reject unsafe IP ASAP
•Automated daily update/refresh
THttpServerSocketGeneric.BlackListUri
:= 'https://www.spamhaus.org/drop/drop.txt';
or any CIDR text list address
•Reject unsafe IP ASAP
•Automated daily update/refresh
mORMot 2 THttpAsyncServer
THttpServerSocketGeneric.SetAuthorize*()
•Enable BASIC / DIGEST / NEGOTIATE
authorization schemes
•BASIC/DIGEST with efficient in-memory lookup
•NEGOTIATE on POSIX (GSSAPI)and Windows (SSPI)
THttpServerSocketGeneric.SetAuthorize*()
•Enable BASIC / DIGEST / NEGOTIATE
authorization schemes
•BASIC/DIGEST with efficient in-memory lookup
•NEGOTIATE on POSIX (GSSAPI)and Windows (SSPI)
mORMot 2 THttpAsyncServer
THttpServerSocketGeneric.KeyTab
•Allow server-side Kerberos authentication
•Using an external keytabfile on POSIX/GSSAPI
•Can serve content outside of a Domain
THttpServerSocketGeneric.KeyTab
•Allow server-side Kerberos authentication
•Using an external keytabfile on POSIX/GSSAPI
•Can serve content outside of a Domain
mORMot 2 THttpAsyncServer
TWebSocketAsyncServer
•In mormot.net.ws.async.pasunit
•Plain HTTP, but can upgrade to WebSockets
•Non-blocking WebSocketsserver via callbacks
TWebSocketAsyncServer
•In mormot.net.ws.async.pasunit
•Plain HTTP, but can upgrade to WebSockets
•Non-blocking WebSocketsserver via callbacks
mORMot 2 THttpAsyncServer
TWebSocketAsyncServer
TWebSocketAsyncServer
mORMot 2 THttpAsyncServer
As used by TRestHttpServer
•To publish a mORMot TRestServerlogic
•Over HTTP or WebSockets
•High-level SOA via methods or interfaces
•MVC Web with Mustache templates
… but not mandatory -and not this session topic ;)
As used by TRestHttpServer
•To publish a mORMot TRestServerlogic
•Over HTTP or WebSockets
•High-level SOA via methods or interfaces
•MVC Web with Mustache templates
… but not mandatory -and not this session topic ;)
Today’s Special
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
ACME, PeerCache, ProxyCache
Some “advanced” features
•Needed for my current work at TranquilIT
•Mimics existing features in pure pascal
(Let’s Encrypt certbot, MS BranchCache, Nginx/Squid)
Some “advanced” features
•Needed for my current work at TranquilIT
•Mimics existing features in pure pascal
(Let’s Encrypt certbot, MS BranchCache, Nginx/Squid)
ACME, PeerCache, ProxyCache
Some “advanced” features
•Needed for my current work at TranquilIT
•Mimics existing features in pure pascal
(Let’s Encrypt certbot, MS BranchCache, Nginx/Squid)
… but may be handy for your projects too!
Some “advanced” features
•Needed for my current work at TranquilIT
•Mimics existing features in pure pascal
(Let’s Encrypt certbot, MS BranchCache, Nginx/Squid)
… but may be handy for your projects too!
ACME client for HTTPS
ACME client for HTTPS
Let’s the mORMot keep your keys!
Let’s the mORMot keep your keys!
ACME client for HTTPS
TAcmeLetsEncryptServer
•From mormot.net.acme.pas
•Host a simple HTTP server on port 80
to fulfill Let’s Encrypt or ZeroSSLchallenges
•Renew the certificates when needed
•Interact e.g. with a regular THttpAsyncServer
TAcmeLetsEncryptServer
•From mormot.net.acme.pas
•Host a simple HTTP server on port 80
to fulfill Let’s Encrypt or ZeroSSLchallenges
•Renew the certificates when needed
•Interact e.g. with a regular THttpAsyncServer
ACME client for HTTPS
TAcmeLetsEncryptServer
•Use OpenSSLfor the TLS / HTTPS layer
•No other external script or library
•Sensitive self-configuration by default
TAcmeLetsEncryptServer
•Use OpenSSLfor the TLS / HTTPS layer
•No other external script or library
•Sensitive self-configuration by default
Custom/Mutual HTTPS
Specify your own certificates
•No need of ACME if you own the client
•Generate certificates mormot.crypt.secure.pas
•Server certificates -and your own CA
•Client certificates –for mutual authentication
Specify your own certificates
•No need of ACME if you own the client
•Generate certificates mormot.crypt.secure.pas
•Server certificates -and your own CA
•Client certificates –for mutual authentication
Peer Cache
Peer Cache
THttpPeerCache
•From mormot.net.server.pas
•Maintain a cache between network peers
of remote HTTP/HTTPS resources
•Secured with proper cryptography
THttpPeerCache
•From mormot.net.server.pas
•Maintain a cache between network peers
of remote HTTP/HTTPS resources
•Secured with proper cryptography
Peer Cache
THttpPeerCache= class(IWGetAlternate)
Used by our WGET -but with
1) UDP broadcast on the local network
2) Download a resource locally if available
or in the original URI for the first peer
3) Other peers would reuse this download
if they need the same resource
THttpPeerCache= class(IWGetAlternate)
Used by our WGET -but with
1) UDP broadcast on the local network
2) Download a resource locally if available
or in the original URI for the first peer
3) Other peers would reuse this download
if they need the same resource
Proxy Cache
Proxy Cache
THttpProxyServercaching proxy
•Encapsulate THttpAsyncServer
•Use in-memory or on-disk (JSON) settings
THttpProxyServercaching proxy
•Encapsulate THttpAsyncServer
•Use in-memory or on-disk (JSON) settings
Proxy Cache
THttpProxyServerpurpose
•Serve static content with in-memory cache
•Proxy remote content with disk cache
•Routing to Object Pascal callbacks
THttpProxyServerpurpose
•Serve static content with in-memory cache
•Proxy remote content with disk cache
•Routing to Object Pascal callbacks
Proxy Cache
THttpProxyServerpurpose
•Serve static content with in-memory cache
•Proxy remote content with disk cache
•Routing to Object Pascal callbacks
THttpProxyServerpurpose
•Serve static content with in-memory cache
•Proxy remote content with disk cache
•Routing to Object Pascal callbacks
Proxy Cache
Proxy remote content with disk cache
•e.g. to cache apt/rpm repositories
or any HTTP/HTTPS resources
•Optional PeerCachesupport (soon)
•A single executable on Windows or POSIX
Proxy remote content with disk cache
•e.g. to cache apt/rpm repositories
or any HTTP/HTTPS resources
•Optional PeerCachesupport (soon)
•A single executable on Windows or POSIX
Proxy Cache
SHOW ME THE CODE !
SHOW ME THE CODE !
Today’s Special
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
When to use the mORMot
When to use the mORMot
mORMot is not a framework
… but a Toolbox
•You can pickup what you need
•You can use its Web Server
without the REST, SOA, ORM, DB…
mORMot is not a framework
… but a Toolbox
•You can pickup what you need
•You can use its Web Server
without the REST, SOA, ORM, DB…
When to use the mORMot
If you need regular PHP hosting
If you need regular PHP hosting
When to use the mORMot
If you need regular PHP hosting
•Then Nginxmay be a better candidate
•With a reverse proxy
to a PHP engine or a mORMot server
for dynamic content
If you need regular PHP hosting
•Then Nginxmay be a better candidate
•With a reverse proxy
to a PHP engine or a mORMot server
for dynamic content
When to use the mORMot
If you need regular PHP hosting
•Then Nginxmay be a better candidate
•But stay tuned…
because we plan to host PHP
very soon
If you need regular PHP hosting
•Then Nginxmay be a better candidate
•But stay tuned…
because we plan to host PHP
very soon
When to use the mORMot
If you extend a project to the web
If you extend a project to the web
When to use the mORMot
If you extend a project to the web
•You have an existing Object Pascal code
•You need to publish it over REST
•With some static content
If you extend a project to the web
•You have an existing Object Pascal code
•You need to publish it over REST
•With some static content
When to use the mORMot
If you extend a project to the web
•You have an existing Object Pascal code
•You are using Windows and Delphi
•But plan to support Linux and FPC
If you extend a project to the web
•You have an existing Object Pascal code
•You are using Windows and Delphi
•But plan to support Linux and FPC
When to use the mORMot
If you extend a project to the web
•You know well Object Pascal
•You don’t know so well Nginx& co
•But need HTTPS support
If you extend a project to the web
•You know well Object Pascal
•You don’t know so well Nginx& co
•But need HTTPS support
When to use the mORMot
If you extend a project to web/REST
•And consider configfiles as unsafe
•Or favor single executable delivery
•Or want to automate your own CA
•Or need a turnkey solution (e.g. regulation)
If you extend a project to web/REST
•And consider configfiles as unsafe
•Or favor single executable delivery
•Or want to automate your own CA
•Or need a turnkey solution (e.g. regulation)
When to use the mORMot
If you extend a project to web/REST
•You have an existing Object Pascal code
•You plan to support Linux and FPC
•You prefer Object Pascal to configfiles
Then look at the mORMot Web Server!
If you extend a project to web/REST
•You have an existing Object Pascal code
•You plan to support Linux and FPC
•You prefer Object Pascal to configfiles
Then look at the mORMot Web Server!
When to use the mORMot
Don’t forget you can mix both
•You could e.g. use Nginx
as reverse proxy over a mORMot server
•And disable e.g. mORMot ACME or cache
at runtime in such cases
Don’t forget you can mix both
•You could e.g. use Nginx
as reverse proxy over a mORMot server
•And disable e.g. mORMot ACME or cache
at runtime in such cases
Today’s Special
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
•HTTPS Web Servers
•mORMot 2 THttpAsyncServer
•ACME, PeerCache, ProxyCache
•Usecasesfor your projects
To Visit the marmots
https://cauterets.site
https://cauterets.site
Questions?
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 20
- Slides 76
- Age 37 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
51 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
49 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
38 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
38 views
21
Know for Certain
DaveSinNM
24 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
27 views