OFBiz OFBiz - User

[OFBiz] Users - Users - Re: Tomcat and mod proxy headache

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Andrew Sykes
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Users - Users - Re: Tomcat and mod proxy headache

Andrew Sykes
Daniel,

It sounds very much to me like you aren't using mod_proxy.

mod_rewrite is required to rewrite the request url i.e. change from 443
8443 etc

However you also need to then proxy that request to the app server
otherwise you're effectively just redirecting the request.

As you want to use apache to handle all traffic in both directions (like
mod_jk would) you need it to act like a proxy.

This might mean re-installing apache, with mod-rewrite. Remember to
backup your httpd.conf file before you try this though!

You'd need to execute the apache configure script as follows...
./configure --enable-rewrite --enable-proxy

Let me know how you get on...
--
Andrew Sykes <[hidden email]>
Sykes Development Ltd

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
drosowsk
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Users - Re: Tomcat and mod proxy headache

drosowsk
Hi,

@Andrew:
I beg to differ.
I'm using the ProxyPass command from mod_proxy in my virtual host settings
and apache doesn't complain (neither in the console output or the log
files).
I tried to switch off ssl for the start page (/control/start) yesterday with
the result that it worked. My browser loaded the site as if there's no
apache in front of it.
So my guess still is that apache can't forward the ssl request properly.

@David:
I have set the url.properties for the http and https port to 80 and 443. It
should work this way, shouldn't it?

I hope this whole discussion is still in the scope of the ofbiz users
mailing list.

Here is the snippet from my config:
/////////////////////////
<VirtualHost *:443>
        ServerName ourdomain.com
        RewriteEngine On
        SSLProxyEngine On
        SSLProxyCACertificatePath
"/opt/ofbiz3_sei/ofbiz/base/config/zertifikat"
        ProxyRequests Off


        RewriteRule   ^/ecommerce(.*)$  https://localhost:8443/$1  [P,L]
        RewriteRule   ^/images(.*)$  https://localhost:8443/images/$1  [P,L]
        RewriteRule   ^/(.*)$  https://localhost:8443/$1  [P,L]
        ProxyPass / https://localhost:8443/
        ProxyPassReverse / https://localhost:8443/
/////////////////////////

Thanks in advance,
Daniel


> Daniel,
>
> It sounds very much to me like you aren't using mod_proxy.
>
> mod_rewrite is required to rewrite the request url i.e. change from 443
> 8443 etc
>
> However you also need to then proxy that request to the app server
> otherwise you're effectively just redirecting the request.
>
> As you want to use apache to handle all traffic in both directions (like
> mod_jk would) you need it to act like a proxy.
>
> This might mean re-installing apache, with mod-rewrite. Remember to
> backup your httpd.conf file before you try this though!
>
> You'd need to execute the apache configure script as follows...
> ./configure --enable-rewrite --enable-proxy
>
> Let me know how you get on...
> --
> Andrew Sykes <[hidden email]>
> Sykes Development Ltd
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

--
5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
+++ GMX - die erste Adresse für Mail, Message, More +++
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Andrew Sykes
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Users - Re: Tomcat and mod proxy headache

Andrew Sykes
Daniel,

For the ssl to work, I imagine you would need to install the certificate
with Apache rather than the App server. Then set the app server to run
plain HTTP to Apache.

Obviously if Apache could proxy an SSL session, that would be a bit of a
security hole - i.e. anyone could form a man-in-the-middle attack using
an apache proxy.

I must confess we don't use SSL with our proxy install, so it's not
something I've dealt with, but I'd imagine this is the reason.

--
Andrew Sykes <[hidden email]>
Sykes Development Ltd

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
drosowsk
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Users - Re: Tomcat and mod proxy headache

drosowsk
Hi Andrew,

thank you very much, that was it.
Although getting the private key out of the keystore in order to get ssl
working with apache was a pain in the (you know where). I wonder why there's
no wiki entry about that issue. Maybe I should write one...

Cheers,
Daniel

> Daniel,
>
> For the ssl to work, I imagine you would need to install the certificate
> with Apache rather than the App server. Then set the app server to run
> plain HTTP to Apache.
>
> Obviously if Apache could proxy an SSL session, that would be a bit of a
> security hole - i.e. anyone could form a man-in-the-middle attack using
> an apache proxy.
>
> I must confess we don't use SSL with our proxy install, so it's not
> something I've dealt with, but I'd imagine this is the reason.
>
> --
> Andrew Sykes <[hidden email]>
> Sykes Development Ltd
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

--
Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Andrew Sykes
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Users - Re: Tomcat and mod proxy headache

Andrew Sykes
Daniel,

Glad I could be of assistance.

Just to satisfy my own curiosity, we implemented this solution (Apache2
mod_proxy/mod_rewrite) in the days before virtual hosting.

With OfBiz in a more advanced state, I'd be really interested to hear
from you why you've chosen this solution.

Also it would be interesting to hear peoples general opinions about
simply running Tomcat as the http server - I wonder if there are people
like us out there making life considerably more difficult than we need
to.
--
Andrew Sykes <[hidden email]>
Sykes Development Ltd

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
drosowsk
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Users - Re: Tomcat and mod proxy headache

drosowsk
Hi Andrew,

ok, my answer is not going to satisfy you.
A colleague of mine already had config files for apache that were based on
mod_proxy. Plus, mod_proxy seemed a little bit easier to configure.
Also, most people I work with already have experience with apache (and the
benefits it brings).

Daniel

> Daniel,
>
> Glad I could be of assistance.
>
> Just to satisfy my own curiosity, we implemented this solution (Apache2
> mod_proxy/mod_rewrite) in the days before virtual hosting.
>
> With OfBiz in a more advanced state, I'd be really interested to hear
> >from you why you've chosen this solution.
>
> Also it would be interesting to hear peoples general opinions about
> simply running Tomcat as the http server - I wonder if there are people
> like us out there making life considerably more difficult than we need
> to.
> --
> Andrew Sykes <[hidden email]>
> Sykes Development Ltd
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

--
GMX DSL = Maximale Leistung zum minimalen Preis!
2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Free forum by Nabble Edit this page