The above expects Prolog to be accessible directly from the internet.
This is becoming more popular now that services are often deployed using virtualization.
If the Prolog services are placed behind a reverse proxy, HTTPS
implementation is the task of the proxy server (e.g., Apache or Nginx).
The communication from the proxy server to the Prolog server can use
either plain HTTP or HTTPS. As plain HTTP is easier to setup and faster,
this is typically preferred if the network between the proxy server and
Prolog server can be trusted.
Note that the proxy server must decrypt the HTTPS traffic
because it must decide on the destination based on the encrypted HTTP
header.
Port forwarding provides another option to make a server
running on a machine that is not directly connected to the internet
visible. It is not needed to decrypt the traffic using port forwarding,
but it is also not possible to realise virtual hosts or
path-based proxy rules.
Virtual hosts for HTTPS are available via Server Name Indication (SNI).
This is a TLS extension that allows servers to host different domains
from the same IP address. See the sni_hook/1
option of ssl_context/3
for more information.
