بنقرة واحدة
horse-ssl-tls
Guide to enabling SSL/TLS, configuring HTTPS, handling certificates, and securing transport layers.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Guide to enabling SSL/TLS, configuring HTTPS, handling certificates, and securing transport layers.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Guidelines and workflows for developing and maintaining regular expressions and optional parameter routing features in the Horse framework.
Guidelines for registering, executing, and optimizing native high-precision telemetry hooks (AddOnTelemetry) in the Horse Web Framework.
Guidelines for instantiating and configuring independent Horse server instances (THorseInstance) running concurrently on different ports.
Guide for setting up thread-safe database connection pooling (FireDAC / UniDAC) in multithreaded Horse applications.
Guide for managing request-scoped contextual services and IoC (dependency injection) in Delphi and Lazarus.
Guide to using standard Horse middlewares (CORS, Jhonson, compression, basic-auth, logger) and pipeline registration order.
| name | horse-ssl-tls |
| description | Guide to enabling SSL/TLS, configuring HTTPS, handling certificates, and securing transport layers. |
In production environments, always encrypt data in transit using SSL/TLS. Depending on the transport provider you select, the configuration for HTTPS differs.
When using the native Horse.Provider.HTTPsys provider on Windows, the SSL handshake is handled entirely by the operating system kernel.
You do not configure certificates inside your Delphi code. Instead, bind your SSL certificate (using its thumbprint) to the target port using the Windows command line tool netsh (requires Administrator privileges):
netsh http add sslcert ipport=0.0.0.0:443 certhash=YOUR_CERT_THUMBPRINT appid={YOUR-APP-GUID}
Just start the Horse server normally. HTTP.sys will route HTTPS traffic on the bound port to your application automatically:
program SecureAPI;
{$APPTYPE CONSOLE}
uses
Horse,
Horse.Provider.HTTPsys;
begin
THorse.Get('/ping',
procedure(Req: THorseRequest; Res: THorseResponse; Next: TProc)
begin
Res.Send('pong');
end);
// Starts the server. HTTP.sys routes both HTTP/HTTPS automatically depending on OS bindings.
THorse.Listen(443);
end.
The horse-provider-ics provider handles OpenSSL 1.1.1 / 3.x / 4.x directly within the application process.
Load your certificate .pem or .crt files and private key files during initialization:
uses
Horse,
Horse.Provider.ICS;
begin
// Set up SSL certificate paths and properties fluently
THorse.Provider.ICS.SSLSecured := True;
THorse.Provider.ICS.SSLCertFile := 'C:\certs\server.crt';
THorse.Provider.ICS.SSLPrivateKeyFile := 'C:\certs\server.key';
THorse.Provider.ICS.SSLPassword := 'my_private_key_password';
// Optionally enable Server-side Mutual TLS (mTLS)
THorse.Provider.ICS.SSLVerifyPeer := True;
THorse.Provider.ICS.SSLCACertFile := 'C:\certs\ca.crt'; // CA certificate to verify clients
THorse.Get('/ping',
procedure(Req: THorseRequest; Res: THorseResponse; Next: TProc)
begin
Res.Send('pong');
end);
THorse.Listen(8443);
end.
For the async CrossSocket provider, configure the TLS context in your server instance:
uses
Horse,
Horse.Provider.CrossSocket;
begin
// Enable SSL/TLS and load certificates (requires OpenSSL library binaries on PATH)
THorse.Provider.CrossSocket.SSLSecured := True;
THorse.Provider.CrossSocket.SSLCertFile := 'C:\certs\server.crt';
THorse.Provider.CrossSocket.SSLPrivateKeyFile := 'C:\certs\server.key';
THorse.Listen(8443);
end.
Strict-Transport-Security header to response headers to force browsers to connect only via HTTPS.443.