OFBiz configuration on production site

> Hi,
>
> I'm new to OFBiz, Please check the steps I have taken and pointed out what
> I
> miss because it's not working on production site
>
>
>
> 1. I was able to make it work on localhost. I'm also able to access data
> that came with the project (ex:
> <https://localhost:8443/webtools/control/entitymaint>
> https://localhost:8443/webtools/control/entitymaint)
>
>
> This is the easy part. Kudos

>
> 2. I installed SSL Certificate in Microsoft IIS for the project on
> production site my Windows Server 2012 (I was able to access
> <https://www.mywebsitedomain.com/> https://www.mywebsitedomain.com now)
>
>
>
> a.  I use virtual private server from IONOS and it provides me a free SSL.
> I
> imported .PFX file provided from IONOS, then the domain can be accessed as
> https
>
>
>
> b. As you suggested, I looked into  <https://letsencrypt.org/>
> https://letsencrypt.org/, but I didn't see any .PFX file neither other
> certificate files that IONOS provided me (on the OFBiz Product Setup page,
> it shows .cer files (which I also got from IONOS) is used to enter
> Keystore.
> Maybe I missed something. For now, I use SSL from IONOS, but if you think I
> should use Let's encrypt, then please let me know if have to have the .PFX
> and cer files
>
>
> Using ssl certificates from Letsencrypt for the web server is, when using

>
>
> 4. I have edited "keystoreFile" and "KeyPass" in ofbiz-component  at
> apache-ofbiz-17.12.03\framework\catalina
>
> <property name="keystoreFile" value="C:\Program Files\Apache Software
> Foundation\Tomcat 9.0\webapps\apache-ofbiz-17.12.03\keystore.jks"/>
>
>             <property name="keystoreType" value="JKS"/>
>
>             <property name="keyAlias" value="ofbiz"/>
>
>             <property name="keyPass" value="Mypassword"/>
>
>
>
> 5.  I then tried to follow  <https://s.apache.org/vmemj>
> https://s.apache.org/vmemj and edit httpd.conf file and httpd-ssl.conf,
> but
> when trying to Start Apache 24, it gives me some error messages (I got no
> error before editing the two files).
>
> a.  I have edited ofbiz-containers.xml and url.properties file (change 8080
> to 80 and 8443 to 443)
>
> b. For httpd.conf: not recognizing some words like "RewriteEngine On"
> "Order"....
>
> c. For httpd-ssl.conf, for example, I get error "AH00526: Syntax error on
> line 177 of c:/Apache24/conf/extra/httpd-ssl.conf: SSLCertificate KeyFile:
> file 'c:/Apache24/conf/server.key' does not exit or is empty"  - It's true,
> I don't have such file, but I'm not sure where I can get it.
>
>
>
> Thank you very much  in advance
>
> Katie
>
>
>
>

> HI Katie,
> My apologies for you having to restate your issues several times.
>
> That you have the basics in play (Your OFBiz implementation set up, running
> and accessible via 8443) is a good thing, and now you're nearly there.
>
> Please see inline for further comments.
> I trust the information below helps.
>
> However, should you still experience issues, please feel free to reach out.
>
>
> Met vriendelijke groet,
>
> Pierre Smits
> *Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/> since
> 2008 (without privileges)
>
> *Apache Trafodion <https://trafodion.apache.org>, Vice President*
> *Apache Directory <https://directory.apache.org>, PMC Member*
> Apache Incubator <https://incubator.apache.org>, committer
> Apache Steve <https://steve.apache.org>, committer
>
>
> On Fri, Jun 26, 2020 at 9:30 AM Katie Qiu <[hidden email]>
> wrote:
>
>> Hi,
>>
>> I'm new to OFBiz, Please check the steps I have taken and pointed out what
>> I
>> miss because it's not working on production site
>>
>>
>>
>> 1. I was able to make it work on localhost. I'm also able to access data
>> that came with the project (ex:
>> <https://localhost:8443/webtools/control/entitymaint>
>> https://localhost:8443/webtools/control/entitymaint)
>>
>>
>> This is the easy part. Kudos
>
>> 2. I installed SSL Certificate in Microsoft IIS for the project on
>> production site my Windows Server 2012 (I was able to access
>> <https://www.mywebsitedomain.com/> https://www.mywebsitedomain.com now)
>>
>>
>>
>> a.  I use virtual private server from IONOS and it provides me a free SSL.
>> I
>> imported .PFX file provided from IONOS, then the domain can be accessed as
>> https
>>
>>
>>
>> b. As you suggested, I looked into  <https://letsencrypt.org/>
>> https://letsencrypt.org/, but I didn't see any .PFX file neither other
>> certificate files that IONOS provided me (on the OFBiz Product Setup page,
>> it shows .cer files (which I also got from IONOS) is used to enter
>> Keystore.
>> Maybe I missed something. For now, I use SSL from IONOS, but if you think I
>> should use Let's encrypt, then please let me know if have to have the .PFX
>> and cer files
>>
>>
>> Using ssl certificates from Letsencrypt for the web server is, when using
> web servers like Apache HTTPD and NGINX straight forward. However, I don't
> know how that works for IIIS. Maybe their documentation will tell.
>
>
>
>> 3. I installed Apache 24 on Windows server as well. I was able to access
>> localhost and see the index page showing "it works"
>>
>> Great, the second step of the combination Apache HTTPD - Apache OFBiz is
> now concluded.
>
> As said earlier, setting up Letsencrypt for Apache HTTPD is straight
> forward. Please look at the documentation there. If set up properly, you
> will get:
>
>     - the Apache HTTPD starter page accessible via: https://<yourIpAddress>/
>     or e.g. https://localhost/
>
> If done correctly you'll see in (one of) your HTTPD config files (some of)
> following lines appear:
>
>      SSLEngine on
>
>      Include /etc/letsencrypt/options-ssl-apache.conf
>
>      SSLCertificateFile /etc/letsencrypt/live/TheFQDOfYourDomain>/cert.pem
>
>      SSLCertificateKeyFile /etc/letsencrypt/live/TheFQDOfYourDomain>
> /privkey.pem
>
>      SSLCertificateChainFile /etc/letsencrypt/live/TheFQDOfYourDomain>
> /chain.pem
>
>
> The only thing now to do is to tie your Apache HTTPD implementation to your
> Apache OFBiz implementation.
>
> Please have a look at following setup in my Apache HTTP configuration for
> the oem.ofbizci.net site:
>
> <VirtualHost *:80>
>
>          ServerName oem.ofbizci.net
>
>          DocumentRoot /var/www/html
>
>          Redirect permanent / https://www.ofbizci.net/
>
>
>          ErrorLog /proglog/ofbizci/error.log
>
>          CustomLog /proglog/ofbizci/access.log combined
>
> </VirtualHost>
>
>
> <VirtualHost *:443>
>
>      ServerName oem.ofbizci.net
>
>
>      SSLEngine on
>
>          Include /etc/letsencrypt/options-ssl-apache.conf
>
>          SSLCertificateFile /etc/letsencrypt/live/ofbizci.net/cert.pem
>
>          SSLCertificateKeyFile /etc/letsencrypt/live/ofbizci.net/privkey.pem
>
>          SSLCertificateChainFile /etc/letsencrypt/live/ofbizci.net/chain.pem
>
>      ProxyRequests Off
>
>      ProxyPreserveHost On
>
>
>      proxyPass / ajp://10.0.0.22:8009/
>
>      ProxyPassReverse / ajp://10.0.0.22:8009/
>
>
>      ErrorLog /proglog/ofbizci/oem-ofbizci-net-ssl-error.log
>
>      CustomLog /proglog/ofbizci/oem-ofbizci-net-ssl-access.log combined
>
> </VirtualHost>
>
>
> In the configuration abovy, you'll see that the following:
>
>      proxyPass / ajp://10.0.0.22:8009/
>
>      ProxyPassReverse / ajp://10.0.0.22:8009/
>
> The internal IpAddress 10.0.0.22 is where the OFBiz implementation
> resides/runs. (my HTTPD web server and and my OFBiz application serverfor
> oem.ofbizci.net run on different virtual machines). In your case, e.g. when
> having both on 1 (virtual) machine this could b:
>
>      proxyPass / ajp://localhost:8009/
>
>      ProxyPassReverse / ajp://localhost:8009/
>
> >From the lines you also get that I am using the ajp protocol. This is an
> extension (mod) available with the Apache HTTPD product, but may require
> some additional installation on your HTTPD implementation. See
> documentation provided by the Apache HTTPD project.
>
> When using that protocol (and the associated HTTPD extension/mod) you
> bypass the need to set up ssl certificates - or change ports - on the OFBiz
> implementation.
>
>
>>
>> 4. I have edited "keystoreFile" and "KeyPass" in ofbiz-component  at
>> apache-ofbiz-17.12.03\framework\catalina
>>
>> <property name="keystoreFile" value="C:\Program Files\Apache Software
>> Foundation\Tomcat 9.0\webapps\apache-ofbiz-17.12.03\keystore.jks"/>
>>
>>              <property name="keystoreType" value="JKS"/>
>>
>>              <property name="keyAlias" value="ofbiz"/>
>>
>>              <property name="keyPass" value="Mypassword"/>
>>
>>
>>
>> 5.  I then tried to follow  <https://s.apache.org/vmemj>
>> https://s.apache.org/vmemj and edit httpd.conf file and httpd-ssl.conf,
>> but
>> when trying to Start Apache 24, it gives me some error messages (I got no
>> error before editing the two files).
>>
>> a.  I have edited ofbiz-containers.xml and url.properties file (change 8080
>> to 80 and 8443 to 443)
>>
>> b. For httpd.conf: not recognizing some words like "RewriteEngine On"
>> "Order"....
>>
>> c. For httpd-ssl.conf, for example, I get error "AH00526: Syntax error on
>> line 177 of c:/Apache24/conf/extra/httpd-ssl.conf: SSLCertificate KeyFile:
>> file 'c:/Apache24/conf/server.key' does not exit or is empty"  - It's true,
>> I don't have such file, but I'm not sure where I can get it.
>>
>>
>>
>> Thank you very much  in advance
>>
>> Katie
>>
>>
>>
>>

> Thanks Pierre for the help!
>
> Jacques
>
> Le 27/06/2020 à 09:32, Pierre Smits a écrit :
> > HI Katie,
> > My apologies for you having to restate your issues several times.
> >
> > That you have the basics in play (Your OFBiz implementation set up,
> running
> > and accessible via 8443) is a good thing, and now you're nearly there.
> >
> > Please see inline for further comments.
> > I trust the information below helps.
> >
> > However, should you still experience issues, please feel free to reach
> out.
> >
> >
> > Met vriendelijke groet,
> >
> > Pierre Smits
> > *Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/>
> since
> > 2008 (without privileges)
> >
> > *Apache Trafodion <https://trafodion.apache.org>, Vice President*
> > *Apache Directory <https://directory.apache.org>, PMC Member*
> > Apache Incubator <https://incubator.apache.org>, committer
> > Apache Steve <https://steve.apache.org>, committer
> >
> >
> > On Fri, Jun 26, 2020 at 9:30 AM Katie Qiu <[hidden email]>
> > wrote:
> >
> >> Hi,
> >>
> >> I'm new to OFBiz, Please check the steps I have taken and pointed out
> what
> >> I
> >> miss because it's not working on production site
> >>
> >>
> >>
> >> 1. I was able to make it work on localhost. I'm also able to access data
> >> that came with the project (ex:
> >> <https://localhost:8443/webtools/control/entitymaint>
> >> https://localhost:8443/webtools/control/entitymaint)
> >>
> >>
> >> This is the easy part. Kudos
> >
> >> 2. I installed SSL Certificate in Microsoft IIS for the project on
> >> production site my Windows Server 2012 (I was able to access
> >> <https://www.mywebsitedomain.com/> https://www.mywebsitedomain.com now)
> >>
> >>
> >>
> >> a.  I use virtual private server from IONOS and it provides me a free
> SSL.
> >> I
> >> imported .PFX file provided from IONOS, then the domain can be accessed
> as
> >> https
> >>
> >>
> >>
> >> b. As you suggested, I looked into  <https://letsencrypt.org/>
> >> https://letsencrypt.org/, but I didn't see any .PFX file neither other
> >> certificate files that IONOS provided me (on the OFBiz Product Setup
> page,
> >> it shows .cer files (which I also got from IONOS) is used to enter
> >> Keystore.
> >> Maybe I missed something. For now, I use SSL from IONOS, but if you
> think I
> >> should use Let's encrypt, then please let me know if have to have the
> .PFX
> >> and cer files
> >>
> >>
> >> Using ssl certificates from Letsencrypt for the web server is, when
> using
> > web servers like Apache HTTPD and NGINX straight forward. However, I
> don't
> > know how that works for IIIS. Maybe their documentation will tell.
> >
> >
> >
> >> 3. I installed Apache 24 on Windows server as well. I was able to access
> >> localhost and see the index page showing "it works"
> >>
> >> Great, the second step of the combination Apache HTTPD - Apache OFBiz is
> > now concluded.
> >
> > As said earlier, setting up Letsencrypt for Apache HTTPD is straight
> > forward. Please look at the documentation there. If set up properly, you
> > will get:
> >
> >     - the Apache HTTPD starter page accessible via: https://
> <yourIpAddress>/
> >     or e.g. https://localhost/
> >
> > If done correctly you'll see in (one of) your HTTPD config files (some
> of)
> > following lines appear:
> >
> >      SSLEngine on
> >
> >      Include /etc/letsencrypt/options-ssl-apache.conf
> >
> >      SSLCertificateFile
> /etc/letsencrypt/live/TheFQDOfYourDomain>/cert.pem
> >
> >      SSLCertificateKeyFile /etc/letsencrypt/live/TheFQDOfYourDomain>
> > /privkey.pem
> >
> >      SSLCertificateChainFile /etc/letsencrypt/live/TheFQDOfYourDomain>
> > /chain.pem
> >
> >
> > The only thing now to do is to tie your Apache HTTPD implementation to
> your
> > Apache OFBiz implementation.
> >
> > Please have a look at following setup in my Apache HTTP configuration for
> > the oem.ofbizci.net site:
> >
> > <VirtualHost *:80>
> >
> >          ServerName oem.ofbizci.net
> >
> >          DocumentRoot /var/www/html
> >
> >          Redirect permanent / https://www.ofbizci.net/
> >
> >
> >          ErrorLog /proglog/ofbizci/error.log
> >
> >          CustomLog /proglog/ofbizci/access.log combined
> >
> > </VirtualHost>
> >
> >
> > <VirtualHost *:443>
> >
> >      ServerName oem.ofbizci.net
> >
> >
> >      SSLEngine on
> >
> >          Include /etc/letsencrypt/options-ssl-apache.conf
> >
> >          SSLCertificateFile /etc/letsencrypt/live/ofbizci.net/cert.pem
> >
> >          SSLCertificateKeyFile /etc/letsencrypt/live/
> ofbizci.net/privkey.pem
> >
> >          SSLCertificateChainFile /etc/letsencrypt/live/
> ofbizci.net/chain.pem
> >
> >      ProxyRequests Off
> >
> >      ProxyPreserveHost On
> >
> >
> >      proxyPass / ajp://10.0.0.22:8009/
> >
> >      ProxyPassReverse / ajp://10.0.0.22:8009/
> >
> >
> >      ErrorLog /proglog/ofbizci/oem-ofbizci-net-ssl-error.log
> >
> >      CustomLog /proglog/ofbizci/oem-ofbizci-net-ssl-access.log combined
> >
> > </VirtualHost>
> >
> >
> > In the configuration abovy, you'll see that the following:
> >
> >      proxyPass / ajp://10.0.0.22:8009/
> >
> >      ProxyPassReverse / ajp://10.0.0.22:8009/
> >
> > The internal IpAddress 10.0.0.22 is where the OFBiz implementation
> > resides/runs. (my HTTPD web server and and my OFBiz application serverfor
> > oem.ofbizci.net run on different virtual machines). In your case, e.g.
> when
> > having both on 1 (virtual) machine this could b:
> >
> >      proxyPass / ajp://localhost:8009/
> >
> >      ProxyPassReverse / ajp://localhost:8009/
> >
> > >From the lines you also get that I am using the ajp protocol. This is an
> > extension (mod) available with the Apache HTTPD product, but may require
> > some additional installation on your HTTPD implementation. See
> > documentation provided by the Apache HTTPD project.
> >
> > When using that protocol (and the associated HTTPD extension/mod) you
> > bypass the need to set up ssl certificates - or change ports - on the
> OFBiz
> > implementation.
> >
> >
> >>
> >> 4. I have edited "keystoreFile" and "KeyPass" in ofbiz-component  at
> >> apache-ofbiz-17.12.03\framework\catalina
> >>
> >> <property name="keystoreFile" value="C:\Program Files\Apache Software
> >> Foundation\Tomcat 9.0\webapps\apache-ofbiz-17.12.03\keystore.jks"/>
> >>
> >>              <property name="keystoreType" value="JKS"/>
> >>
> >>              <property name="keyAlias" value="ofbiz"/>
> >>
> >>              <property name="keyPass" value="Mypassword"/>
> >>
> >>
> >>
> >> 5.  I then tried to follow  <https://s.apache.org/vmemj>
> >> https://s.apache.org/vmemj and edit httpd.conf file and httpd-ssl.conf,
> >> but
> >> when trying to Start Apache 24, it gives me some error messages (I got
> no
> >> error before editing the two files).
> >>
> >> a.  I have edited ofbiz-containers.xml and url.properties file (change
> 8080
> >> to 80 and 8443 to 443)
> >>
> >> b. For httpd.conf: not recognizing some words like "RewriteEngine On"
> >> "Order"....
> >>
> >> c. For httpd-ssl.conf, for example, I get error "AH00526: Syntax error
> on
> >> line 177 of c:/Apache24/conf/extra/httpd-ssl.conf: SSLCertificate
> KeyFile:
> >> file 'c:/Apache24/conf/server.key' does not exit or is empty"  - It's
> true,
> >> I don't have such file, but I'm not sure where I can get it.
> >>
> >>
> >>
> >> Thank you very much  in advance
> >>
> >> Katie
> >>
> >>
> >>
> >>
>

> Hi Pierre, Jacques and Michael,
>
> I want to thank you all again. I am finally able to make OFBiz on Windows Server work with SSL  Let's encrypt and Apache. I couldn't have done it without your support :-)
>
> Now I am facing a new problem on production: Please check my website: https://www.polluniverse.com/
>
> You will see the page shows as below:
> Index of /
> apache-ofbiz-17.12.03/
> webapp/
>
> When visiting  https://www.polluniverse.com/webapp/ecommerce/ I expect I should see the index.jsp page in the folder, but I see the source code of the index.jsp page
> I have done the following
> 1. Put the following in HTTPD
> <IfModule dir_module>
>      DirectoryIndex index.jsp
> </IfModule>
>
> 2. apache-ofbiz-17.12.03 and webapp are two folders. These two folders are located
> at SITEROOT "C:/apache24/htdocs/www/polluniverse.com"
>
> A. apache-ofbiz-17.12.03 is the project folder (what I downloaded from Ofbiz website).
>
> B. webapp is from folder at C:\Apache24\htdocs\www\polluniverse.com\apache-ofbiz-17.12.03\plugins\ecommerce\webapp and I copy it to SITEROOT C:/apache24/htdocs/www/polluniverse.com"
>
> C. In ofbiz-component.xml, I change the "mount-point" attribute on that tag to ""
>
>
> I'm not sure if I have moved the ecommerce webapp folder correctly or not. The reason I did it is because I read about Mounting a Root WebApp from the OFBiz Production Setup page.
>