Hello!

I want to develop a server for my game, the game-client communicates then to it.

I need following functionality:

- HTTPS-support (TLS)

- Uploading/downloading levels

- Requesting ratings of levels and other meta-data

- Sending ratings

- Request overview of rated levels, own levels, popular levels, ...

- Neat way to use MySQL for mentioned points

And my questions are:

What technology would be the best fit? What programming language/framework? What exactly do I need to provide named functionality?

I value ease, safety, development-speed over performance, as I won't have millions of users.

Thanks for your time.

Pretty much any web framework or REST API framework will be able to do that for you. Pick one based on what language you know, or what your hosting provider or development environment has good support for.

PHP + laravel? Node.js + express? Golang + gorilla? Haskell + warp? C# + MVC.net? Java + play? C++ + CppCMS? Erlang + webmachine? Python + django? Ruby + rails? Perl + fastCGI?

These can all serve web pages, connect to MySQL, and implement REST services.

What language do you like best? PHP is always available for those who can't make up their mind, and > 50% of the web runs on PHP because that's what runs Wordpress, the world's absolutely most popular website/blog/CMS platform.

On 4/19/2018 at 6:08 AM, hplus0603 said:

PHP + laravel? Node.js + express? Golang + gorilla? Haskell + warp? C# + MVC.net? Java + play? C++ + CppCMS? Erlang + webmachine? Python + django? Ruby + rails? Perl + fastCGI?

I recommend Kryonet if the language is Java.

Kryonet doesn't have a HTTPS interface, does it? So you can't write web services in it directly.

And if you want a general RPC library that allows definitions of messages, there are many other options, some with much wider support than Kryonet. For example: gRPC, using protocol buffers, or Thrift, from Facebook. (Kryonet can do UDP, though, which gRPC doesn't.)

What I definitely need is a good upload/download support, since uploading and downloading levels is easy to implement.

I considered Go, because it seems to often used and statically typed, not sure if the standard library is sufficient or if I need Gorilla, yet.

HTTPS would be very important, due to required authentication, as every level-rating sent is also related to a user.

I read about RPC, REST, and CRUD.

CRUD seems to be direct and sole operations while REST hides a multitude of operations behind a single request that strictly use HTTP commands (POST, GET, ...). RPC is a more customised approach as it seems, but in the end it seems to come down to "belief" or are there any ways to find out what I should use?

But I'm not sure whether sending files via HTTPS is that great? E.g. a compressed folder containing images and scripts?

HTTPs is hard and limiting with regards to what frameworks support it well. 

To simplify your choices, and make it easier for you I can only suggest developing a separate http server, and then adding an https gateway on top of it.

Heck, if you are going host on the cloud, most cloud providers will provide this right along with https certificate that you buy from them.

If not, then just use NGINX/APACHE as proxies in front of your server to enocode it in HTTPS, that way you can choose any technology that you like without caring whether or not it supports HTTPS. Then you are free to use any kind of exotic rest framework that your heart desires.

4 hours ago, SillyCow said:

To simplify your choices, and make it easier for you I can only suggest developing a separate http server, and then adding an https gateway on top of it.

Heck, if you are going host on the cloud, most cloud providers will provide this right along with https certificate that you buy from them.

Is there anything in particular I have to look for? E.g. when I see a hosting offer, what terms will tell me that this service offers me HTTPS gateways?

Most of the big hosters have this feature.

It's usually called ssl or tls "termination".

Sometimes it's just mentioned as https.

Also, usually any cloud hoster that supports load balancing will have this option in the load balancer offering.

And even if they don't, you can go the NginX route. You can install nginx on the same node you install your server, you don't need an additional host. But the real "headache" is getting a certificate for your domain, so if you can avoid this by buying one from your hoster, you can really save yourself some time.

HTTPS is easy these days. Set up with automatic certificate renewal from letsencrypt.org, and it'll be free.

I know that DreamHost actually can integrate this for free for you, if you use their hosting. Their plans start at less than $5/month, and lets you use a SQL database and PHP scripts. It's "shared hosting," though, which doesn't scale to very many users.

HTTPS in Go isn't much harder, once you have the certificate files. (Or in Node.js, or any other modern framework/platform.) Btw, the default system library in Go or Node is OK for a simple web server, you don't need Gorilla or Express until you get into fancier systems.

HTTPS would be very important, due to required authentication, as every level-rating sent is also related to a user

I don't understand why level-ratings need to be HTTPS encrypted specifically? I hope you're not sending level ratings from the client to the server, and have the server trust the client?

11 hours ago, hplus0603 said:

HTTPS in Go isn't much harder, once you have the certificate files. (Or in Node.js, or any other modern framework/platform.) Btw, the default system library in Go or Node is OK for a simple web server, you don't need Gorilla or Express until you get into fancier systems.

I thought about using PHP too!

11 hours ago, hplus0603 said:

I don't understand why level-ratings need to be HTTPS encrypted specifically? I hope you're not sending level ratings from the client to the server, and have the server trust the client?

Not specially, I just think data transfer should be kept encrypted as it is of not of interest for other people in the same network.

To be precise, user data needs to be transfered, so why not send everything via HTTPS in the first place? What do you mean about trust? If someone manipulates my provided client, then the server will reject bad requests. If someone wants to rate 10000 instead of the maximum of 100, I reject it or if they provide other invalid data.