Hi,
I am developing an ecommerce store using ofbiz, can be found here http://www.simbacart.com The production system is a Unix box, running apache server and then Ofbiz as a service. My question to you is, how to map the 80 port of prod server with the ofbiz's 8080 port, also about the mapping of 8443 port. I was able to map the 80 port by making an entry into the IP table of the Unix system thereby forwarding requests from 80 port to 8080. http://www.simbacart.com Above mentioned is the store in conversation. Now, here's the problem, till 80 port it is fine, but when it comes to 8443 this is the kind of URL I get. https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 Notice the 8443 in the url. This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>. Can you please help me out in setting up this, I'd really appreciate it. -- Mandeep Singh Sidhu |
Just change the HTTP & HTTPS ports in following files and restart the server.
1. ${ofbiz install dir}/framework/base/config/ofbiz-containers.xml 2. ${ofbiz install dir}/framework/webapp/config/url.properties And make sure you remove the port forwarding you've setup ..
Rgds
Sanjeev Gupta www.digitalwebadvisors.com |
In reply to this post by Mandeep Sidhu
Hello Mandeep,
If want to run OFBiz behind Apache HTTPd reverse proxy, Apache HTTPd mod_ajp_proxy module alone with mod_proxy. Refer [1] [2] and [2] below for more details. [1] https://cwiki.apache.org/OFBIZ/faq-tips-tricks-cookbook-howto.html#FAQ-Tips-Tricks-Cookbook-HowTo-HTTPD [2] http://markmail.org/message/ut62lf6k6oeiki46 [3] http://mail-archives.apache.org/mod_mbox/ofbiz-user/200909.mbox/%3C24987858.231721253034318555.JavaMail.root@...%3E Thanks, Raj On Wednesday 30 May 2012 06:59 AM, Mandeep Sidhu wrote: > Hi, > > I am developing an ecommerce store using ofbiz, can be found here > > http://www.simbacart.com > > > The production system is a Unix box, running apache server and then Ofbiz > as a service. > > My question to you is, how to map the 80 port of prod server with the > ofbiz's 8080 port, also about the mapping of 8443 port. > > I was able to map the 80 port by making an entry into the IP table of the > Unix system thereby forwarding requests from 80 port to 8080. > > http://www.simbacart.com > > Above mentioned is the store in conversation. > > Now, here's the problem, till 80 port it is fine, but when it comes to 8443 > this is the kind of URL I get. > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > Notice the 8443 in the url. > This url came when I used the tag<@ofbizUrl>/newcustomer</@ofbizUrl>. > > Can you please help me out in setting up this, I'd really appreciate it. > |
In reply to this post by Mandeep Sidhu
Mandeep. Nice looking site.
Regarding your issue, you REALLY want to use apache using mod_jk in front of ofbiz. Here is why: 1) You can offload the processing of images to apache (less load on ofbiz) 2) You can easily set cache timeouts for images, css, and other static content. 3) You can easily add a normal HTML static pages (/static/*.html) w/o using ofbiz 4) It is easier to offload SSL certificate management to apache 5) You can setup gzip compression (DEFLATE) 6) You can load balance to multiple instances of ofbiz via apache mod-jk. 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same. 8) Most Important: You can add security to your site by locking out admin links. Regarding #8. If you are running an ecommerce site, you DON'T want people from the internet to even attempt to gain access (i.e. login as 'admin' to 'catalog'). Do you think amazon.com allows 'admin' login to the backend from their main site? Absurd to even ask. This is basic internet security. Instead, have front-end machines that serve ecommerce, and have back-end machines that allows access to /catalog, etc. via a VPN, or a local subnet. I have found that this setup runs faster, and you have more flexibility. Here is a sample apache (port 80) configuration file: -------------------------------------------------------------------------- Alias /images/ /opt/ofbiz/framework/images/webapp/images/ DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ExpiresActive On #ExpiresByType text/html "access plus 1 day" ExpiresByType text/css "access plus 1 day" ExpiresByType text/javascript "access plus 1 day" ExpiresByType image/gif "access plus 1 week" ExpiresByType image/jpeg "access plus 1 week" ExpiresByType image/png "access plus 1 week" ExpiresByType image/bmp "access plus 1 week" ExpiresByType application/x-javascript "access plus 1 day" ExpiresByType application/x-shockwave-flash "access plus 1 day" ProxyRequests Off <Proxy *> AddDefaultCharset off Order deny,allow Allow from all </Proxy> ProxyVia On NameVirtualHost *:80 <VirtualHost *:80> # General setup for the virtual host. ServerName example.com ServerAdmin [hidden email] AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript text/javascript text/x-js application/json application/xml application/javascript BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html ProxyRequests Off ProxyPreserveHost On ProxyPassMatch ^(/images/.*)$ ! proxyPass /content ajp://127.0.0.1:8009/content proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles #proxyPass / ajp://127.0.0.1:8009/ RewriteEngine On ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 RewriteRule ^/.*\.svn /some-non-existant-404-causing-page </VirtualHost> -------------------------------------------------------------------------- Here the matching SSL (port 443) apache config: ---------------------------------------------------------------------- <IfModule mod_ssl.c> <VirtualHost *:443> ServerName example.com ServerAdmin [hidden email] ProxyRequests Off ProxyPreserveHost On ProxyPassMatch ^(/images/.*)$ ! proxyPass /content ajp://127.0.0.1:8009/content proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles #proxyPass / ajp://127.0.0.1:8009/ RewriteEngine On ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 RewriteRule ^/.*\.svn /some-non-existant-404-causing-page # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCertificateFile /etc/ssl/certs/example.com.crt SSLCertificateKeyFile /etc/ssl/private/example.com.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule> ---------------------------------------------------------------------- If you decide that you don't care about locking out /catalog and other admin stuff, just use the: proxyPass / ajp://127.0.0.1:8009/ And comment out the other proxy statements. On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <[hidden email]>wrote: > Hi, > > I am developing an ecommerce store using ofbiz, can be found here > > http://www.simbacart.com > > > The production system is a Unix box, running apache server and then Ofbiz > as a service. > > My question to you is, how to map the 80 port of prod server with the > ofbiz's 8080 port, also about the mapping of 8443 port. > > I was able to map the 80 port by making an entry into the IP table of the > Unix system thereby forwarding requests from 80 port to 8080. > > http://www.simbacart.com > > Above mentioned is the store in conversation. > > Now, here's the problem, till 80 port it is fine, but when it comes to 8443 > this is the kind of URL I get. > > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > Notice the 8443 in the url. > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>. > > Can you please help me out in setting up this, I'd really appreciate it. > > -- > Mandeep Singh Sidhu > |
Excellent, Thanks Mike for such a detailed explanation, definitely I am
going for mod_jk now, will keep you posted. Thanks a ton everybody :) Cheers, Mandeep On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote: > Mandeep. Nice looking site. > > Regarding your issue, you REALLY want to use apache using mod_jk in front > of ofbiz. Here is why: > > 1) You can offload the processing of images to apache (less load on ofbiz) > 2) You can easily set cache timeouts for images, css, and other static > content. > 3) You can easily add a normal HTML static pages (/static/*.html) w/o using > ofbiz > 4) It is easier to offload SSL certificate management to apache > 5) You can setup gzip compression (DEFLATE) > 6) You can load balance to multiple instances of ofbiz via apache mod-jk. > 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same. > 8) Most Important: You can add security to your site by locking out admin > links. > > Regarding #8. If you are running an ecommerce site, you DON'T want people > from the internet to even attempt to gain access (i.e. login as 'admin' to > 'catalog'). Do you think amazon.com allows 'admin' login to the backend > from their main site? Absurd to even ask. This is basic internet > security. > > Instead, have front-end machines that serve ecommerce, and have back-end > machines that allows access to /catalog, etc. via a VPN, or a local subnet. > > I have found that this setup runs faster, and you have more flexibility. > > Here is a sample apache (port 80) configuration file: > -------------------------------------------------------------------------- > Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > DocumentRoot /var/www/ > <Directory /> > Options FollowSymLinks > AllowOverride None > </Directory> > <Directory /var/www/> > Options FollowSymLinks MultiViews > AllowOverride None > Order allow,deny > allow from all > </Directory> > > ExpiresActive On > #ExpiresByType text/html "access plus 1 day" > ExpiresByType text/css "access plus 1 day" > ExpiresByType text/javascript "access plus 1 day" > ExpiresByType image/gif "access plus 1 week" > ExpiresByType image/jpeg "access plus 1 week" > ExpiresByType image/png "access plus 1 week" > ExpiresByType image/bmp "access plus 1 week" > ExpiresByType application/x-javascript "access plus 1 day" > ExpiresByType application/x-shockwave-flash "access plus 1 day" > > ProxyRequests Off > <Proxy *> > AddDefaultCharset off > Order deny,allow > Allow from all > </Proxy> > > ProxyVia On > > NameVirtualHost *:80 > > <VirtualHost *:80> > # General setup for the virtual host. > ServerName example.com > ServerAdmin [hidden email] > AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css > application/x-javascript text/javascript text/x-js application/json > application/xml application/javascript > BrowserMatch ^Mozilla/4 gzip-only-text/html > BrowserMatch ^Mozilla/4\.0[678] no-gzip > BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > > ProxyRequests Off > ProxyPreserveHost On > > ProxyPassMatch ^(/images/.*)$ ! > proxyPass /content ajp://127.0.0.1:8009/content > proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > #proxyPass / ajp://127.0.0.1:8009/ > > RewriteEngine On > ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > </VirtualHost> > -------------------------------------------------------------------------- > > Here the matching SSL (port 443) apache config: > ---------------------------------------------------------------------- > <IfModule mod_ssl.c> > <VirtualHost *:443> > ServerName example.com > ServerAdmin [hidden email] > > ProxyRequests Off > ProxyPreserveHost On > ProxyPassMatch ^(/images/.*)$ ! > proxyPass /content ajp://127.0.0.1:8009/content > proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > #proxyPass / ajp://127.0.0.1:8009/ > > RewriteEngine On > ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > # SSL Engine Switch: > # Enable/Disable SSL for this virtual host. > SSLEngine on > SSLCertificateFile /etc/ssl/certs/example.com.crt > SSLCertificateKeyFile /etc/ssl/private/example.com.key > > <FilesMatch "\.(cgi|shtml|phtml|php)$"> > SSLOptions +StdEnvVars > </FilesMatch> > <Directory /usr/lib/cgi-bin> > SSLOptions +StdEnvVars > </Directory> > > BrowserMatch "MSIE [2-6]" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > # MSIE 7 and newer should be able to use keepalive > BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > </VirtualHost> > </IfModule> > ---------------------------------------------------------------------- > > If you decide that you don't care about locking out /catalog and other > admin stuff, just use the: > > proxyPass / ajp://127.0.0.1:8009/ > > And comment out the other proxy statements. > > On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <[hidden email] > >wrote: > > > Hi, > > > > I am developing an ecommerce store using ofbiz, can be found here > > > > http://www.simbacart.com > > > > > > The production system is a Unix box, running apache server and then Ofbiz > > as a service. > > > > My question to you is, how to map the 80 port of prod server with the > > ofbiz's 8080 port, also about the mapping of 8443 port. > > > > I was able to map the 80 port by making an entry into the IP table of the > > Unix system thereby forwarding requests from 80 port to 8080. > > > > http://www.simbacart.com > > > > Above mentioned is the store in conversation. > > > > Now, here's the problem, till 80 port it is fine, but when it comes to > 8443 > > this is the kind of URL I get. > > > > > > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > > > Notice the 8443 in the url. > > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>. > > > > Can you please help me out in setting up this, I'd really appreciate it. > > > > -- > > Mandeep Singh Sidhu > > > -- Mandeep Singh Sidhu |
One quick q here Mike, the configuration you shared with me worked fine.
However I still see the port 8443 and 8080 on my website, this happens when the user clicks on any link which is generated using <@ofbizurl>. Any idea, as to how do I get rid of these port numbers appended to the url. I tried removing entry 8443 from ofbiz-containers.xml and url.properties file, but after doing that, the webtools link on https stopped working. Any help is much appreciated. Thanks and regards, Mandeep Sidhu On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <[hidden email]>wrote: > Excellent, Thanks Mike for such a detailed explanation, definitely I am > going for mod_jk now, will keep you posted. > > Thanks a ton everybody :) > > Cheers, > Mandeep > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote: > >> Mandeep. Nice looking site. >> >> Regarding your issue, you REALLY want to use apache using mod_jk in front >> of ofbiz. Here is why: >> >> 1) You can offload the processing of images to apache (less load on ofbiz) >> 2) You can easily set cache timeouts for images, css, and other static >> content. >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o >> using >> ofbiz >> 4) It is easier to offload SSL certificate management to apache >> 5) You can setup gzip compression (DEFLATE) >> 6) You can load balance to multiple instances of ofbiz via apache mod-jk. >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same. >> 8) Most Important: You can add security to your site by locking out admin >> links. >> >> Regarding #8. If you are running an ecommerce site, you DON'T want people >> from the internet to even attempt to gain access (i.e. login as 'admin' to >> 'catalog'). Do you think amazon.com allows 'admin' login to the backend >> from their main site? Absurd to even ask. This is basic internet >> security. >> >> Instead, have front-end machines that serve ecommerce, and have back-end >> machines that allows access to /catalog, etc. via a VPN, or a local >> subnet. >> >> I have found that this setup runs faster, and you have more flexibility. >> >> Here is a sample apache (port 80) configuration file: >> -------------------------------------------------------------------------- >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ >> DocumentRoot /var/www/ >> <Directory /> >> Options FollowSymLinks >> AllowOverride None >> </Directory> >> <Directory /var/www/> >> Options FollowSymLinks MultiViews >> AllowOverride None >> Order allow,deny >> allow from all >> </Directory> >> >> ExpiresActive On >> #ExpiresByType text/html "access plus 1 day" >> ExpiresByType text/css "access plus 1 day" >> ExpiresByType text/javascript "access plus 1 day" >> ExpiresByType image/gif "access plus 1 week" >> ExpiresByType image/jpeg "access plus 1 week" >> ExpiresByType image/png "access plus 1 week" >> ExpiresByType image/bmp "access plus 1 week" >> ExpiresByType application/x-javascript "access plus 1 day" >> ExpiresByType application/x-shockwave-flash "access plus 1 day" >> >> ProxyRequests Off >> <Proxy *> >> AddDefaultCharset off >> Order deny,allow >> Allow from all >> </Proxy> >> >> ProxyVia On >> >> NameVirtualHost *:80 >> >> <VirtualHost *:80> >> # General setup for the virtual host. >> ServerName example.com >> ServerAdmin [hidden email] >> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css >> application/x-javascript text/javascript text/x-js application/json >> application/xml application/javascript >> BrowserMatch ^Mozilla/4 gzip-only-text/html >> BrowserMatch ^Mozilla/4\.0[678] no-gzip >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html >> >> ProxyRequests Off >> ProxyPreserveHost On >> >> ProxyPassMatch ^(/images/.*)$ ! >> proxyPass /content ajp://127.0.0.1:8009/content >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles >> #proxyPass / ajp://127.0.0.1:8009/ >> >> RewriteEngine On >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page >> </VirtualHost> >> -------------------------------------------------------------------------- >> >> Here the matching SSL (port 443) apache config: >> ---------------------------------------------------------------------- >> <IfModule mod_ssl.c> >> <VirtualHost *:443> >> ServerName example.com >> ServerAdmin [hidden email] >> >> ProxyRequests Off >> ProxyPreserveHost On >> ProxyPassMatch ^(/images/.*)$ ! >> proxyPass /content ajp://127.0.0.1:8009/content >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles >> #proxyPass / ajp://127.0.0.1:8009/ >> >> RewriteEngine On >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page >> >> # SSL Engine Switch: >> # Enable/Disable SSL for this virtual host. >> SSLEngine on >> SSLCertificateFile /etc/ssl/certs/example.com.crt >> SSLCertificateKeyFile /etc/ssl/private/example.com.key >> >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> >> SSLOptions +StdEnvVars >> </FilesMatch> >> <Directory /usr/lib/cgi-bin> >> SSLOptions +StdEnvVars >> </Directory> >> >> BrowserMatch "MSIE [2-6]" \ >> nokeepalive ssl-unclean-shutdown \ >> downgrade-1.0 force-response-1.0 >> # MSIE 7 and newer should be able to use keepalive >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown >> </VirtualHost> >> </IfModule> >> ---------------------------------------------------------------------- >> >> If you decide that you don't care about locking out /catalog and other >> admin stuff, just use the: >> >> proxyPass / ajp://127.0.0.1:8009/ >> >> And comment out the other proxy statements. >> >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <[hidden email] >> >wrote: >> >> > Hi, >> > >> > I am developing an ecommerce store using ofbiz, can be found here >> > >> > http://www.simbacart.com >> > >> > >> > The production system is a Unix box, running apache server and then >> Ofbiz >> > as a service. >> > >> > My question to you is, how to map the 80 port of prod server with the >> > ofbiz's 8080 port, also about the mapping of 8443 port. >> > >> > I was able to map the 80 port by making an entry into the IP table of >> the >> > Unix system thereby forwarding requests from 80 port to 8080. >> > >> > http://www.simbacart.com >> > >> > Above mentioned is the store in conversation. >> > >> > Now, here's the problem, till 80 port it is fine, but when it comes to >> 8443 >> > this is the kind of URL I get. >> > >> > >> > >> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 >> > >> > Notice the 8443 in the url. >> > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>. >> > >> > Can you please help me out in setting up this, I'd really appreciate it. >> > >> > -- >> > Mandeep Singh Sidhu >> > >> > > > > -- > Mandeep Singh Sidhu > -- Mandeep Singh Sidhu |
Go to Content->website , choose ur website. there you will find it.
On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu <[hidden email]>wrote: > One quick q here Mike, the configuration you shared with me worked fine. > > However I still see the port 8443 and 8080 on my website, this happens when > the user clicks on any link which is generated using <@ofbizurl>. > > Any idea, as to how do I get rid of these port numbers appended to the url. > > I tried removing entry 8443 from ofbiz-containers.xml and url.properties > file, but after doing that, the webtools link on https stopped working. > > Any help is much appreciated. > > Thanks and regards, > Mandeep Sidhu > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <[hidden email] > >wrote: > > > Excellent, Thanks Mike for such a detailed explanation, definitely I am > > going for mod_jk now, will keep you posted. > > > > Thanks a ton everybody :) > > > > Cheers, > > Mandeep > > > > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote: > > > >> Mandeep. Nice looking site. > >> > >> Regarding your issue, you REALLY want to use apache using mod_jk in > front > >> of ofbiz. Here is why: > >> > >> 1) You can offload the processing of images to apache (less load on > ofbiz) > >> 2) You can easily set cache timeouts for images, css, and other static > >> content. > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o > >> using > >> ofbiz > >> 4) It is easier to offload SSL certificate management to apache > >> 5) You can setup gzip compression (DEFLATE) > >> 6) You can load balance to multiple instances of ofbiz via apache > mod-jk. > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same. > >> 8) Most Important: You can add security to your site by locking out > admin > >> links. > >> > >> Regarding #8. If you are running an ecommerce site, you DON'T want > people > >> from the internet to even attempt to gain access (i.e. login as 'admin' > to > >> 'catalog'). Do you think amazon.com allows 'admin' login to the > backend > >> from their main site? Absurd to even ask. This is basic internet > >> security. > >> > >> Instead, have front-end machines that serve ecommerce, and have back-end > >> machines that allows access to /catalog, etc. via a VPN, or a local > >> subnet. > >> > >> I have found that this setup runs faster, and you have more flexibility. > >> > >> Here is a sample apache (port 80) configuration file: > >> > -------------------------------------------------------------------------- > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > >> DocumentRoot /var/www/ > >> <Directory /> > >> Options FollowSymLinks > >> AllowOverride None > >> </Directory> > >> <Directory /var/www/> > >> Options FollowSymLinks MultiViews > >> AllowOverride None > >> Order allow,deny > >> allow from all > >> </Directory> > >> > >> ExpiresActive On > >> #ExpiresByType text/html "access plus 1 day" > >> ExpiresByType text/css "access plus 1 day" > >> ExpiresByType text/javascript "access plus 1 day" > >> ExpiresByType image/gif "access plus 1 week" > >> ExpiresByType image/jpeg "access plus 1 week" > >> ExpiresByType image/png "access plus 1 week" > >> ExpiresByType image/bmp "access plus 1 week" > >> ExpiresByType application/x-javascript "access plus 1 day" > >> ExpiresByType application/x-shockwave-flash "access plus 1 day" > >> > >> ProxyRequests Off > >> <Proxy *> > >> AddDefaultCharset off > >> Order deny,allow > >> Allow from all > >> </Proxy> > >> > >> ProxyVia On > >> > >> NameVirtualHost *:80 > >> > >> <VirtualHost *:80> > >> # General setup for the virtual host. > >> ServerName example.com > >> ServerAdmin [hidden email] > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css > >> application/x-javascript text/javascript text/x-js application/json > >> application/xml application/javascript > >> BrowserMatch ^Mozilla/4 gzip-only-text/html > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > >> > >> ProxyRequests Off > >> ProxyPreserveHost On > >> > >> ProxyPassMatch ^(/images/.*)$ ! > >> proxyPass /content ajp://127.0.0.1:8009/content > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > >> #proxyPass / ajp://127.0.0.1:8009/ > >> > >> RewriteEngine On > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > >> </VirtualHost> > >> > -------------------------------------------------------------------------- > >> > >> Here the matching SSL (port 443) apache config: > >> ---------------------------------------------------------------------- > >> <IfModule mod_ssl.c> > >> <VirtualHost *:443> > >> ServerName example.com > >> ServerAdmin [hidden email] > >> > >> ProxyRequests Off > >> ProxyPreserveHost On > >> ProxyPassMatch ^(/images/.*)$ ! > >> proxyPass /content ajp://127.0.0.1:8009/content > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > >> #proxyPass / ajp://127.0.0.1:8009/ > >> > >> RewriteEngine On > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > >> > >> # SSL Engine Switch: > >> # Enable/Disable SSL for this virtual host. > >> SSLEngine on > >> SSLCertificateFile /etc/ssl/certs/example.com.crt > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key > >> > >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> > >> SSLOptions +StdEnvVars > >> </FilesMatch> > >> <Directory /usr/lib/cgi-bin> > >> SSLOptions +StdEnvVars > >> </Directory> > >> > >> BrowserMatch "MSIE [2-6]" \ > >> nokeepalive ssl-unclean-shutdown \ > >> downgrade-1.0 force-response-1.0 > >> # MSIE 7 and newer should be able to use keepalive > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > >> </VirtualHost> > >> </IfModule> > >> ---------------------------------------------------------------------- > >> > >> If you decide that you don't care about locking out /catalog and other > >> admin stuff, just use the: > >> > >> proxyPass / ajp://127.0.0.1:8009/ > >> > >> And comment out the other proxy statements. > >> > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu < > [hidden email] > >> >wrote: > >> > >> > Hi, > >> > > >> > I am developing an ecommerce store using ofbiz, can be found here > >> > > >> > http://www.simbacart.com > >> > > >> > > >> > The production system is a Unix box, running apache server and then > >> Ofbiz > >> > as a service. > >> > > >> > My question to you is, how to map the 80 port of prod server with the > >> > ofbiz's 8080 port, also about the mapping of 8443 port. > >> > > >> > I was able to map the 80 port by making an entry into the IP table of > >> the > >> > Unix system thereby forwarding requests from 80 port to 8080. > >> > > >> > http://www.simbacart.com > >> > > >> > Above mentioned is the store in conversation. > >> > > >> > Now, here's the problem, till 80 port it is fine, but when it comes to > >> 8443 > >> > this is the kind of URL I get. > >> > > >> > > >> > > >> > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > >> > > >> > Notice the 8443 in the url. > >> > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>. > >> > > >> > Can you please help me out in setting up this, I'd really appreciate > it. > >> > > >> > -- > >> > Mandeep Singh Sidhu > >> > > >> > > > > > > > > -- > > Mandeep Singh Sidhu > > > > > > -- > Mandeep Singh Sidhu > > -- > Thanks, > Deepak Agarwal, > > Paxcel Technologies Pvt Ltd. > Hartron Complex, Sector 18, Gurgaon, India. > E-Mail: [hidden email] > Mobile: +91 9910322604 > > |
so what configuration should I give here for production usage?
On Sun, Jun 3, 2012 at 11:44 PM, Deepak Agarwal <[hidden email]>wrote: > Go to Content->website , choose ur website. there you will find it. > > On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu <[hidden email] > >wrote: > > > One quick q here Mike, the configuration you shared with me worked fine. > > > > However I still see the port 8443 and 8080 on my website, this happens > when > > the user clicks on any link which is generated using <@ofbizurl>. > > > > Any idea, as to how do I get rid of these port numbers appended to the > url. > > > > I tried removing entry 8443 from ofbiz-containers.xml and url.properties > > file, but after doing that, the webtools link on https stopped working. > > > > Any help is much appreciated. > > > > Thanks and regards, > > Mandeep Sidhu > > > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu < > [hidden email] > > >wrote: > > > > > Excellent, Thanks Mike for such a detailed explanation, definitely I am > > > going for mod_jk now, will keep you posted. > > > > > > Thanks a ton everybody :) > > > > > > Cheers, > > > Mandeep > > > > > > > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote: > > > > > >> Mandeep. Nice looking site. > > >> > > >> Regarding your issue, you REALLY want to use apache using mod_jk in > > front > > >> of ofbiz. Here is why: > > >> > > >> 1) You can offload the processing of images to apache (less load on > > ofbiz) > > >> 2) You can easily set cache timeouts for images, css, and other static > > >> content. > > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o > > >> using > > >> ofbiz > > >> 4) It is easier to offload SSL certificate management to apache > > >> 5) You can setup gzip compression (DEFLATE) > > >> 6) You can load balance to multiple instances of ofbiz via apache > > mod-jk. > > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the > same. > > >> 8) Most Important: You can add security to your site by locking out > > admin > > >> links. > > >> > > >> Regarding #8. If you are running an ecommerce site, you DON'T want > > people > > >> from the internet to even attempt to gain access (i.e. login as > 'admin' > > to > > >> 'catalog'). Do you think amazon.com allows 'admin' login to the > > backend > > >> from their main site? Absurd to even ask. This is basic internet > > >> security. > > >> > > >> Instead, have front-end machines that serve ecommerce, and have > back-end > > >> machines that allows access to /catalog, etc. via a VPN, or a local > > >> subnet. > > >> > > >> I have found that this setup runs faster, and you have more > flexibility. > > >> > > >> Here is a sample apache (port 80) configuration file: > > >> > > > -------------------------------------------------------------------------- > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > > >> DocumentRoot /var/www/ > > >> <Directory /> > > >> Options FollowSymLinks > > >> AllowOverride None > > >> </Directory> > > >> <Directory /var/www/> > > >> Options FollowSymLinks MultiViews > > >> AllowOverride None > > >> Order allow,deny > > >> allow from all > > >> </Directory> > > >> > > >> ExpiresActive On > > >> #ExpiresByType text/html "access plus 1 day" > > >> ExpiresByType text/css "access plus 1 day" > > >> ExpiresByType text/javascript "access plus 1 day" > > >> ExpiresByType image/gif "access plus 1 week" > > >> ExpiresByType image/jpeg "access plus 1 week" > > >> ExpiresByType image/png "access plus 1 week" > > >> ExpiresByType image/bmp "access plus 1 week" > > >> ExpiresByType application/x-javascript "access plus 1 day" > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day" > > >> > > >> ProxyRequests Off > > >> <Proxy *> > > >> AddDefaultCharset off > > >> Order deny,allow > > >> Allow from all > > >> </Proxy> > > >> > > >> ProxyVia On > > >> > > >> NameVirtualHost *:80 > > >> > > >> <VirtualHost *:80> > > >> # General setup for the virtual host. > > >> ServerName example.com > > >> ServerAdmin [hidden email] > > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml > text/css > > >> application/x-javascript text/javascript text/x-js application/json > > >> application/xml application/javascript > > >> BrowserMatch ^Mozilla/4 gzip-only-text/html > > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip > > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > > >> > > >> ProxyRequests Off > > >> ProxyPreserveHost On > > >> > > >> ProxyPassMatch ^(/images/.*)$ ! > > >> proxyPass /content ajp://127.0.0.1:8009/content > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > >> #proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> RewriteEngine On > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > >> </VirtualHost> > > >> > > > -------------------------------------------------------------------------- > > >> > > >> Here the matching SSL (port 443) apache config: > > >> ---------------------------------------------------------------------- > > >> <IfModule mod_ssl.c> > > >> <VirtualHost *:443> > > >> ServerName example.com > > >> ServerAdmin [hidden email] > > >> > > >> ProxyRequests Off > > >> ProxyPreserveHost On > > >> ProxyPassMatch ^(/images/.*)$ ! > > >> proxyPass /content ajp://127.0.0.1:8009/content > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > >> #proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> RewriteEngine On > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > >> > > >> # SSL Engine Switch: > > >> # Enable/Disable SSL for this virtual host. > > >> SSLEngine on > > >> SSLCertificateFile /etc/ssl/certs/example.com.crt > > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key > > >> > > >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> > > >> SSLOptions +StdEnvVars > > >> </FilesMatch> > > >> <Directory /usr/lib/cgi-bin> > > >> SSLOptions +StdEnvVars > > >> </Directory> > > >> > > >> BrowserMatch "MSIE [2-6]" \ > > >> nokeepalive ssl-unclean-shutdown \ > > >> downgrade-1.0 force-response-1.0 > > >> # MSIE 7 and newer should be able to use keepalive > > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > > >> </VirtualHost> > > >> </IfModule> > > >> ---------------------------------------------------------------------- > > >> > > >> If you decide that you don't care about locking out /catalog and other > > >> admin stuff, just use the: > > >> > > >> proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> And comment out the other proxy statements. > > >> > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu < > > [hidden email] > > >> >wrote: > > >> > > >> > Hi, > > >> > > > >> > I am developing an ecommerce store using ofbiz, can be found here > > >> > > > >> > http://www.simbacart.com > > >> > > > >> > > > >> > The production system is a Unix box, running apache server and then > > >> Ofbiz > > >> > as a service. > > >> > > > >> > My question to you is, how to map the 80 port of prod server with > the > > >> > ofbiz's 8080 port, also about the mapping of 8443 port. > > >> > > > >> > I was able to map the 80 port by making an entry into the IP table > of > > >> the > > >> > Unix system thereby forwarding requests from 80 port to 8080. > > >> > > > >> > http://www.simbacart.com > > >> > > > >> > Above mentioned is the store in conversation. > > >> > > > >> > Now, here's the problem, till 80 port it is fine, but when it comes > to > > >> 8443 > > >> > this is the kind of URL I get. > > >> > > > >> > > > >> > > > >> > > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > >> > > > >> > Notice the 8443 in the url. > > >> > This url came when I used the tag > <@ofbizUrl>/newcustomer</@ofbizUrl>. > > >> > > > >> > Can you please help me out in setting up this, I'd really appreciate > > it. > > >> > > > >> > -- > > >> > Mandeep Singh Sidhu > > >> > > > >> > > > > > > > > > > > > -- > > > Mandeep Singh Sidhu > > > > > > > > > > > -- > > Mandeep Singh Sidhu > > > > -- > > Thanks, > > Deepak Agarwal, > > > > Paxcel Technologies Pvt Ltd. > > Hartron Complex, Sector 18, Gurgaon, India. > > E-Mail: [hidden email] > > Mobile: +91 9910322604 > > > > > -- Mandeep Singh Sidhu |
I remember going through this. I believe (it's been a while) that the key
is in framework/webapp/config/url.properties: This is what mine looks like: ---------------------------------------------------------------------------------------------------------- # HTTPS Port (Secure port) port.https.enabled=Y #port.https=8443 #force.https.host=example.com # HTTP Port (Not Secure port) #port.http=8080 #force.http.host=example.com # Static Content URLs to make it easy to move the serving load for static content to other machines # -- thse are for general content such as images, js & css files, or non-dynamic HTML files content.url.prefix.secure= content.url.prefix.standard= # Here you can set the domain string to use for new cookies #cookie.domain=example.com <snip> ---------------------------------------------------------------------------------------------------------- So, it appears that there is no 8080 --or-- 8443 configured. See if that works. On Sun, Jun 3, 2012 at 11:33 AM, Mandeep Sidhu <[hidden email]>wrote: > so what configuration should I give here for production usage? > > On Sun, Jun 3, 2012 at 11:44 PM, Deepak Agarwal <[hidden email] > >wrote: > > > Go to Content->website , choose ur website. there you will find it. > > > > On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu < > [hidden email] > > >wrote: > > > > > One quick q here Mike, the configuration you shared with me worked > fine. > > > > > > However I still see the port 8443 and 8080 on my website, this happens > > when > > > the user clicks on any link which is generated using <@ofbizurl>. > > > > > > Any idea, as to how do I get rid of these port numbers appended to the > > url. > > > > > > I tried removing entry 8443 from ofbiz-containers.xml and > url.properties > > > file, but after doing that, the webtools link on https stopped working. > > > > > > Any help is much appreciated. > > > > > > Thanks and regards, > > > Mandeep Sidhu > > > > > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu < > > [hidden email] > > > >wrote: > > > > > > > Excellent, Thanks Mike for such a detailed explanation, definitely I > am > > > > going for mod_jk now, will keep you posted. > > > > > > > > Thanks a ton everybody :) > > > > > > > > Cheers, > > > > Mandeep > > > > > > > > > > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote: > > > > > > > >> Mandeep. Nice looking site. > > > >> > > > >> Regarding your issue, you REALLY want to use apache using mod_jk in > > > front > > > >> of ofbiz. Here is why: > > > >> > > > >> 1) You can offload the processing of images to apache (less load on > > > ofbiz) > > > >> 2) You can easily set cache timeouts for images, css, and other > static > > > >> content. > > > >> 3) You can easily add a normal HTML static pages (/static/*.html) > w/o > > > >> using > > > >> ofbiz > > > >> 4) It is easier to offload SSL certificate management to apache > > > >> 5) You can setup gzip compression (DEFLATE) > > > >> 6) You can load balance to multiple instances of ofbiz via apache > > > mod-jk. > > > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the > > same. > > > >> 8) Most Important: You can add security to your site by locking out > > > admin > > > >> links. > > > >> > > > >> Regarding #8. If you are running an ecommerce site, you DON'T want > > > people > > > >> from the internet to even attempt to gain access (i.e. login as > > 'admin' > > > to > > > >> 'catalog'). Do you think amazon.com allows 'admin' login to the > > > backend > > > >> from their main site? Absurd to even ask. This is basic internet > > > >> security. > > > >> > > > >> Instead, have front-end machines that serve ecommerce, and have > > back-end > > > >> machines that allows access to /catalog, etc. via a VPN, or a local > > > >> subnet. > > > >> > > > >> I have found that this setup runs faster, and you have more > > flexibility. > > > >> > > > >> Here is a sample apache (port 80) configuration file: > > > >> > > > > > > -------------------------------------------------------------------------- > > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > > > >> DocumentRoot /var/www/ > > > >> <Directory /> > > > >> Options FollowSymLinks > > > >> AllowOverride None > > > >> </Directory> > > > >> <Directory /var/www/> > > > >> Options FollowSymLinks MultiViews > > > >> AllowOverride None > > > >> Order allow,deny > > > >> allow from all > > > >> </Directory> > > > >> > > > >> ExpiresActive On > > > >> #ExpiresByType text/html "access plus 1 day" > > > >> ExpiresByType text/css "access plus 1 day" > > > >> ExpiresByType text/javascript "access plus 1 day" > > > >> ExpiresByType image/gif "access plus 1 week" > > > >> ExpiresByType image/jpeg "access plus 1 week" > > > >> ExpiresByType image/png "access plus 1 week" > > > >> ExpiresByType image/bmp "access plus 1 week" > > > >> ExpiresByType application/x-javascript "access plus 1 day" > > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day" > > > >> > > > >> ProxyRequests Off > > > >> <Proxy *> > > > >> AddDefaultCharset off > > > >> Order deny,allow > > > >> Allow from all > > > >> </Proxy> > > > >> > > > >> ProxyVia On > > > >> > > > >> NameVirtualHost *:80 > > > >> > > > >> <VirtualHost *:80> > > > >> # General setup for the virtual host. > > > >> ServerName example.com > > > >> ServerAdmin [hidden email] > > > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml > > text/css > > > >> application/x-javascript text/javascript text/x-js application/json > > > >> application/xml application/javascript > > > >> BrowserMatch ^Mozilla/4 gzip-only-text/html > > > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip > > > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > > > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > > > >> > > > >> ProxyRequests Off > > > >> ProxyPreserveHost On > > > >> > > > >> ProxyPassMatch ^(/images/.*)$ ! > > > >> proxyPass /content ajp://127.0.0.1:8009/content > > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > > >> #proxyPass / ajp://127.0.0.1:8009/ > > > >> > > > >> RewriteEngine On > > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > > >> </VirtualHost> > > > >> > > > > > > -------------------------------------------------------------------------- > > > >> > > > >> Here the matching SSL (port 443) apache config: > > > >> > ---------------------------------------------------------------------- > > > >> <IfModule mod_ssl.c> > > > >> <VirtualHost *:443> > > > >> ServerName example.com > > > >> ServerAdmin [hidden email] > > > >> > > > >> ProxyRequests Off > > > >> ProxyPreserveHost On > > > >> ProxyPassMatch ^(/images/.*)$ ! > > > >> proxyPass /content ajp://127.0.0.1:8009/content > > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > > >> #proxyPass / ajp://127.0.0.1:8009/ > > > >> > > > >> RewriteEngine On > > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > > >> > > > >> # SSL Engine Switch: > > > >> # Enable/Disable SSL for this virtual host. > > > >> SSLEngine on > > > >> SSLCertificateFile /etc/ssl/certs/example.com.crt > > > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key > > > >> > > > >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> > > > >> SSLOptions +StdEnvVars > > > >> </FilesMatch> > > > >> <Directory /usr/lib/cgi-bin> > > > >> SSLOptions +StdEnvVars > > > >> </Directory> > > > >> > > > >> BrowserMatch "MSIE [2-6]" \ > > > >> nokeepalive ssl-unclean-shutdown \ > > > >> downgrade-1.0 force-response-1.0 > > > >> # MSIE 7 and newer should be able to use keepalive > > > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > > > >> </VirtualHost> > > > >> </IfModule> > > > >> > ---------------------------------------------------------------------- > > > >> > > > >> If you decide that you don't care about locking out /catalog and > other > > > >> admin stuff, just use the: > > > >> > > > >> proxyPass / ajp://127.0.0.1:8009/ > > > >> > > > >> And comment out the other proxy statements. > > > >> > > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu < > > > [hidden email] > > > >> >wrote: > > > >> > > > >> > Hi, > > > >> > > > > >> > I am developing an ecommerce store using ofbiz, can be found here > > > >> > > > > >> > http://www.simbacart.com > > > >> > > > > >> > > > > >> > The production system is a Unix box, running apache server and > then > > > >> Ofbiz > > > >> > as a service. > > > >> > > > > >> > My question to you is, how to map the 80 port of prod server with > > the > > > >> > ofbiz's 8080 port, also about the mapping of 8443 port. > > > >> > > > > >> > I was able to map the 80 port by making an entry into the IP table > > of > > > >> the > > > >> > Unix system thereby forwarding requests from 80 port to 8080. > > > >> > > > > >> > http://www.simbacart.com > > > >> > > > > >> > Above mentioned is the store in conversation. > > > >> > > > > >> > Now, here's the problem, till 80 port it is fine, but when it > comes > > to > > > >> 8443 > > > >> > this is the kind of URL I get. > > > >> > > > > >> > > > > >> > > > > >> > > > > > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > > >> > > > > >> > Notice the 8443 in the url. > > > >> > This url came when I used the tag > > <@ofbizUrl>/newcustomer</@ofbizUrl>. > > > >> > > > > >> > Can you please help me out in setting up this, I'd really > appreciate > > > it. > > > >> > > > > >> > -- > > > >> > Mandeep Singh Sidhu > > > >> > > > > >> > > > > > > > > > > > > > > > > -- > > > > Mandeep Singh Sidhu > > > > > > > > > > > > > > > > -- > > > Mandeep Singh Sidhu > > > > > > -- > > > Thanks, > > > Deepak Agarwal, > > > > > > Paxcel Technologies Pvt Ltd. > > > Hartron Complex, Sector 18, Gurgaon, India. > > > E-Mail: [hidden email] > > > Mobile: +91 9910322604 > > > > > > > > > > > > -- > Mandeep Singh Sidhu > |
In reply to this post by Mandeep Sidhu
I just checked mine: It looks like I'm still listening in on 8080 and 8443:
root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN java 18326 ofbiz 6u IPv4 508592 0t0 TCP localhost:10523 (LISTEN) java 18326 ofbiz 114u IPv4 508688 0t0 TCP *:1099 (LISTEN) java 18326 ofbiz 297u IPv4 509471 0t0 TCP *:8080 (LISTEN) java 18326 ofbiz 300u IPv4 509483 0t0 TCP *:8443 (LISTEN) java 18326 ofbiz 302u IPv4 508690 0t0 TCP *:52139 (LISTEN) java 18326 ofbiz 361u IPv4 509537 0t0 TCP *:8009 (LISTEN) So, I don't think you need to mess with ofbiz-containers. Regarding the other ports, I'm behind a firewall, and I'm fronted by apache via AJP (8009). On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <[hidden email]>wrote: > One quick q here Mike, the configuration you shared with me worked fine. > > However I still see the port 8443 and 8080 on my website, this happens when > the user clicks on any link which is generated using <@ofbizurl>. > > Any idea, as to how do I get rid of these port numbers appended to the url. > > I tried removing entry 8443 from ofbiz-containers.xml and url.properties > file, but after doing that, the webtools link on https stopped working. > > Any help is much appreciated. > > Thanks and regards, > Mandeep Sidhu > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <[hidden email] > >wrote: > > > Excellent, Thanks Mike for such a detailed explanation, definitely I am > > going for mod_jk now, will keep you posted. > > > > Thanks a ton everybody :) > > > > Cheers, > > Mandeep > > > > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote: > > > >> Mandeep. Nice looking site. > >> > >> Regarding your issue, you REALLY want to use apache using mod_jk in > front > >> of ofbiz. Here is why: > >> > >> 1) You can offload the processing of images to apache (less load on > ofbiz) > >> 2) You can easily set cache timeouts for images, css, and other static > >> content. > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o > >> using > >> ofbiz > >> 4) It is easier to offload SSL certificate management to apache > >> 5) You can setup gzip compression (DEFLATE) > >> 6) You can load balance to multiple instances of ofbiz via apache > mod-jk. > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same. > >> 8) Most Important: You can add security to your site by locking out > admin > >> links. > >> > >> Regarding #8. If you are running an ecommerce site, you DON'T want > people > >> from the internet to even attempt to gain access (i.e. login as 'admin' > to > >> 'catalog'). Do you think amazon.com allows 'admin' login to the > backend > >> from their main site? Absurd to even ask. This is basic internet > >> security. > >> > >> Instead, have front-end machines that serve ecommerce, and have back-end > >> machines that allows access to /catalog, etc. via a VPN, or a local > >> subnet. > >> > >> I have found that this setup runs faster, and you have more flexibility. > >> > >> Here is a sample apache (port 80) configuration file: > >> > -------------------------------------------------------------------------- > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > >> DocumentRoot /var/www/ > >> <Directory /> > >> Options FollowSymLinks > >> AllowOverride None > >> </Directory> > >> <Directory /var/www/> > >> Options FollowSymLinks MultiViews > >> AllowOverride None > >> Order allow,deny > >> allow from all > >> </Directory> > >> > >> ExpiresActive On > >> #ExpiresByType text/html "access plus 1 day" > >> ExpiresByType text/css "access plus 1 day" > >> ExpiresByType text/javascript "access plus 1 day" > >> ExpiresByType image/gif "access plus 1 week" > >> ExpiresByType image/jpeg "access plus 1 week" > >> ExpiresByType image/png "access plus 1 week" > >> ExpiresByType image/bmp "access plus 1 week" > >> ExpiresByType application/x-javascript "access plus 1 day" > >> ExpiresByType application/x-shockwave-flash "access plus 1 day" > >> > >> ProxyRequests Off > >> <Proxy *> > >> AddDefaultCharset off > >> Order deny,allow > >> Allow from all > >> </Proxy> > >> > >> ProxyVia On > >> > >> NameVirtualHost *:80 > >> > >> <VirtualHost *:80> > >> # General setup for the virtual host. > >> ServerName example.com > >> ServerAdmin [hidden email] > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css > >> application/x-javascript text/javascript text/x-js application/json > >> application/xml application/javascript > >> BrowserMatch ^Mozilla/4 gzip-only-text/html > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > >> > >> ProxyRequests Off > >> ProxyPreserveHost On > >> > >> ProxyPassMatch ^(/images/.*)$ ! > >> proxyPass /content ajp://127.0.0.1:8009/content > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > >> #proxyPass / ajp://127.0.0.1:8009/ > >> > >> RewriteEngine On > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > >> </VirtualHost> > >> > -------------------------------------------------------------------------- > >> > >> Here the matching SSL (port 443) apache config: > >> ---------------------------------------------------------------------- > >> <IfModule mod_ssl.c> > >> <VirtualHost *:443> > >> ServerName example.com > >> ServerAdmin [hidden email] > >> > >> ProxyRequests Off > >> ProxyPreserveHost On > >> ProxyPassMatch ^(/images/.*)$ ! > >> proxyPass /content ajp://127.0.0.1:8009/content > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > >> #proxyPass / ajp://127.0.0.1:8009/ > >> > >> RewriteEngine On > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > >> > >> # SSL Engine Switch: > >> # Enable/Disable SSL for this virtual host. > >> SSLEngine on > >> SSLCertificateFile /etc/ssl/certs/example.com.crt > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key > >> > >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> > >> SSLOptions +StdEnvVars > >> </FilesMatch> > >> <Directory /usr/lib/cgi-bin> > >> SSLOptions +StdEnvVars > >> </Directory> > >> > >> BrowserMatch "MSIE [2-6]" \ > >> nokeepalive ssl-unclean-shutdown \ > >> downgrade-1.0 force-response-1.0 > >> # MSIE 7 and newer should be able to use keepalive > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > >> </VirtualHost> > >> </IfModule> > >> ---------------------------------------------------------------------- > >> > >> If you decide that you don't care about locking out /catalog and other > >> admin stuff, just use the: > >> > >> proxyPass / ajp://127.0.0.1:8009/ > >> > >> And comment out the other proxy statements. > >> > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu < > [hidden email] > >> >wrote: > >> > >> > Hi, > >> > > >> > I am developing an ecommerce store using ofbiz, can be found here > >> > > >> > http://www.simbacart.com > >> > > >> > > >> > The production system is a Unix box, running apache server and then > >> Ofbiz > >> > as a service. > >> > > >> > My question to you is, how to map the 80 port of prod server with the > >> > ofbiz's 8080 port, also about the mapping of 8443 port. > >> > > >> > I was able to map the 80 port by making an entry into the IP table of > >> the > >> > Unix system thereby forwarding requests from 80 port to 8080. > >> > > >> > http://www.simbacart.com > >> > > >> > Above mentioned is the store in conversation. > >> > > >> > Now, here's the problem, till 80 port it is fine, but when it comes to > >> 8443 > >> > this is the kind of URL I get. > >> > > >> > > >> > > >> > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > >> > > >> > Notice the 8443 in the url. > >> > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>. > >> > > >> > Can you please help me out in setting up this, I'd really appreciate > it. > >> > > >> > -- > >> > Mandeep Singh Sidhu > >> > > >> > > > > > > > > -- > > Mandeep Singh Sidhu > > > > > > -- > Mandeep Singh Sidhu > |
So what exact change will remove the 8080 and 8443 from the url that's
generated when I user <@ofbizurl> tag to render a url?? I mean, instead of https://www.example.com:8443/control/newcustomer I'd require something like https://www.example.com/control/newcustomer how can I achieve that in production. On Mon, Jun 4, 2012 at 3:55 AM, Mike <[hidden email]> wrote: > I just checked mine: It looks like I'm still listening in on 8080 and > 8443: > > root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN > java 18326 ofbiz 6u IPv4 508592 0t0 TCP localhost:10523 > (LISTEN) > java 18326 ofbiz 114u IPv4 508688 0t0 TCP *:1099 (LISTEN) > java 18326 ofbiz 297u IPv4 509471 0t0 TCP *:8080 (LISTEN) > java 18326 ofbiz 300u IPv4 509483 0t0 TCP *:8443 (LISTEN) > java 18326 ofbiz 302u IPv4 508690 0t0 TCP *:52139 > (LISTEN) > java 18326 ofbiz 361u IPv4 509537 0t0 TCP *:8009 (LISTEN) > > So, I don't think you need to mess with ofbiz-containers. Regarding the > other ports, I'm behind a firewall, and I'm fronted by apache via AJP > (8009). > > On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <[hidden email] > >wrote: > > > One quick q here Mike, the configuration you shared with me worked fine. > > > > However I still see the port 8443 and 8080 on my website, this happens > when > > the user clicks on any link which is generated using <@ofbizurl>. > > > > Any idea, as to how do I get rid of these port numbers appended to the > url. > > > > I tried removing entry 8443 from ofbiz-containers.xml and url.properties > > file, but after doing that, the webtools link on https stopped working. > > > > Any help is much appreciated. > > > > Thanks and regards, > > Mandeep Sidhu > > > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu < > [hidden email] > > >wrote: > > > > > Excellent, Thanks Mike for such a detailed explanation, definitely I am > > > going for mod_jk now, will keep you posted. > > > > > > Thanks a ton everybody :) > > > > > > Cheers, > > > Mandeep > > > > > > > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote: > > > > > >> Mandeep. Nice looking site. > > >> > > >> Regarding your issue, you REALLY want to use apache using mod_jk in > > front > > >> of ofbiz. Here is why: > > >> > > >> 1) You can offload the processing of images to apache (less load on > > ofbiz) > > >> 2) You can easily set cache timeouts for images, css, and other static > > >> content. > > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o > > >> using > > >> ofbiz > > >> 4) It is easier to offload SSL certificate management to apache > > >> 5) You can setup gzip compression (DEFLATE) > > >> 6) You can load balance to multiple instances of ofbiz via apache > > mod-jk. > > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the > same. > > >> 8) Most Important: You can add security to your site by locking out > > admin > > >> links. > > >> > > >> Regarding #8. If you are running an ecommerce site, you DON'T want > > people > > >> from the internet to even attempt to gain access (i.e. login as > 'admin' > > to > > >> 'catalog'). Do you think amazon.com allows 'admin' login to the > > backend > > >> from their main site? Absurd to even ask. This is basic internet > > >> security. > > >> > > >> Instead, have front-end machines that serve ecommerce, and have > back-end > > >> machines that allows access to /catalog, etc. via a VPN, or a local > > >> subnet. > > >> > > >> I have found that this setup runs faster, and you have more > flexibility. > > >> > > >> Here is a sample apache (port 80) configuration file: > > >> > > > -------------------------------------------------------------------------- > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > > >> DocumentRoot /var/www/ > > >> <Directory /> > > >> Options FollowSymLinks > > >> AllowOverride None > > >> </Directory> > > >> <Directory /var/www/> > > >> Options FollowSymLinks MultiViews > > >> AllowOverride None > > >> Order allow,deny > > >> allow from all > > >> </Directory> > > >> > > >> ExpiresActive On > > >> #ExpiresByType text/html "access plus 1 day" > > >> ExpiresByType text/css "access plus 1 day" > > >> ExpiresByType text/javascript "access plus 1 day" > > >> ExpiresByType image/gif "access plus 1 week" > > >> ExpiresByType image/jpeg "access plus 1 week" > > >> ExpiresByType image/png "access plus 1 week" > > >> ExpiresByType image/bmp "access plus 1 week" > > >> ExpiresByType application/x-javascript "access plus 1 day" > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day" > > >> > > >> ProxyRequests Off > > >> <Proxy *> > > >> AddDefaultCharset off > > >> Order deny,allow > > >> Allow from all > > >> </Proxy> > > >> > > >> ProxyVia On > > >> > > >> NameVirtualHost *:80 > > >> > > >> <VirtualHost *:80> > > >> # General setup for the virtual host. > > >> ServerName example.com > > >> ServerAdmin [hidden email] > > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml > text/css > > >> application/x-javascript text/javascript text/x-js application/json > > >> application/xml application/javascript > > >> BrowserMatch ^Mozilla/4 gzip-only-text/html > > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip > > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > > >> > > >> ProxyRequests Off > > >> ProxyPreserveHost On > > >> > > >> ProxyPassMatch ^(/images/.*)$ ! > > >> proxyPass /content ajp://127.0.0.1:8009/content > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > >> #proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> RewriteEngine On > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > >> </VirtualHost> > > >> > > > -------------------------------------------------------------------------- > > >> > > >> Here the matching SSL (port 443) apache config: > > >> ---------------------------------------------------------------------- > > >> <IfModule mod_ssl.c> > > >> <VirtualHost *:443> > > >> ServerName example.com > > >> ServerAdmin [hidden email] > > >> > > >> ProxyRequests Off > > >> ProxyPreserveHost On > > >> ProxyPassMatch ^(/images/.*)$ ! > > >> proxyPass /content ajp://127.0.0.1:8009/content > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > >> #proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> RewriteEngine On > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > >> > > >> # SSL Engine Switch: > > >> # Enable/Disable SSL for this virtual host. > > >> SSLEngine on > > >> SSLCertificateFile /etc/ssl/certs/example.com.crt > > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key > > >> > > >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> > > >> SSLOptions +StdEnvVars > > >> </FilesMatch> > > >> <Directory /usr/lib/cgi-bin> > > >> SSLOptions +StdEnvVars > > >> </Directory> > > >> > > >> BrowserMatch "MSIE [2-6]" \ > > >> nokeepalive ssl-unclean-shutdown \ > > >> downgrade-1.0 force-response-1.0 > > >> # MSIE 7 and newer should be able to use keepalive > > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > > >> </VirtualHost> > > >> </IfModule> > > >> ---------------------------------------------------------------------- > > >> > > >> If you decide that you don't care about locking out /catalog and other > > >> admin stuff, just use the: > > >> > > >> proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> And comment out the other proxy statements. > > >> > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu < > > [hidden email] > > >> >wrote: > > >> > > >> > Hi, > > >> > > > >> > I am developing an ecommerce store using ofbiz, can be found here > > >> > > > >> > http://www.simbacart.com > > >> > > > >> > > > >> > The production system is a Unix box, running apache server and then > > >> Ofbiz > > >> > as a service. > > >> > > > >> > My question to you is, how to map the 80 port of prod server with > the > > >> > ofbiz's 8080 port, also about the mapping of 8443 port. > > >> > > > >> > I was able to map the 80 port by making an entry into the IP table > of > > >> the > > >> > Unix system thereby forwarding requests from 80 port to 8080. > > >> > > > >> > http://www.simbacart.com > > >> > > > >> > Above mentioned is the store in conversation. > > >> > > > >> > Now, here's the problem, till 80 port it is fine, but when it comes > to > > >> 8443 > > >> > this is the kind of URL I get. > > >> > > > >> > > > >> > > > >> > > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > >> > > > >> > Notice the 8443 in the url. > > >> > This url came when I used the tag > <@ofbizUrl>/newcustomer</@ofbizUrl>. > > >> > > > >> > Can you please help me out in setting up this, I'd really appreciate > > it. > > >> > > > >> > -- > > >> > Mandeep Singh Sidhu > > >> > > > >> > > > > > > > > > > > > -- > > > Mandeep Singh Sidhu > > > > > > > > > > > -- > > Mandeep Singh Sidhu > > > -- Mandeep Singh Sidhu |
Just comment out the 8080 and 8443 lines out of url.properties, and restart. You still need the https line (see my example).
Sent via BlackBerry by AT&T -----Original Message----- From: Mandeep Sidhu <[hidden email]> Date: Mon, 4 Jun 2012 07:43:01 To: <[hidden email]> Reply-To: [hidden email] Subject: Re: Removing port number from the url in production setup So what exact change will remove the 8080 and 8443 from the url that's generated when I user <@ofbizurl> tag to render a url?? I mean, instead of https://www.example.com:8443/control/newcustomer I'd require something like https://www.example.com/control/newcustomer how can I achieve that in production. On Mon, Jun 4, 2012 at 3:55 AM, Mike <[hidden email]> wrote: > I just checked mine: It looks like I'm still listening in on 8080 and > 8443: > > root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN > java 18326 ofbiz 6u IPv4 508592 0t0 TCP localhost:10523 > (LISTEN) > java 18326 ofbiz 114u IPv4 508688 0t0 TCP *:1099 (LISTEN) > java 18326 ofbiz 297u IPv4 509471 0t0 TCP *:8080 (LISTEN) > java 18326 ofbiz 300u IPv4 509483 0t0 TCP *:8443 (LISTEN) > java 18326 ofbiz 302u IPv4 508690 0t0 TCP *:52139 > (LISTEN) > java 18326 ofbiz 361u IPv4 509537 0t0 TCP *:8009 (LISTEN) > > So, I don't think you need to mess with ofbiz-containers. Regarding the > other ports, I'm behind a firewall, and I'm fronted by apache via AJP > (8009). > > On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <[hidden email] > >wrote: > > > One quick q here Mike, the configuration you shared with me worked fine. > > > > However I still see the port 8443 and 8080 on my website, this happens > when > > the user clicks on any link which is generated using <@ofbizurl>. > > > > Any idea, as to how do I get rid of these port numbers appended to the > url. > > > > I tried removing entry 8443 from ofbiz-containers.xml and url.properties > > file, but after doing that, the webtools link on https stopped working. > > > > Any help is much appreciated. > > > > Thanks and regards, > > Mandeep Sidhu > > > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu < > [hidden email] > > >wrote: > > > > > Excellent, Thanks Mike for such a detailed explanation, definitely I am > > > going for mod_jk now, will keep you posted. > > > > > > Thanks a ton everybody :) > > > > > > Cheers, > > > Mandeep > > > > > > > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote: > > > > > >> Mandeep. Nice looking site. > > >> > > >> Regarding your issue, you REALLY want to use apache using mod_jk in > > front > > >> of ofbiz. Here is why: > > >> > > >> 1) You can offload the processing of images to apache (less load on > > ofbiz) > > >> 2) You can easily set cache timeouts for images, css, and other static > > >> content. > > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o > > >> using > > >> ofbiz > > >> 4) It is easier to offload SSL certificate management to apache > > >> 5) You can setup gzip compression (DEFLATE) > > >> 6) You can load balance to multiple instances of ofbiz via apache > > mod-jk. > > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the > same. > > >> 8) Most Important: You can add security to your site by locking out > > admin > > >> links. > > >> > > >> Regarding #8. If you are running an ecommerce site, you DON'T want > > people > > >> from the internet to even attempt to gain access (i.e. login as > 'admin' > > to > > >> 'catalog'). Do you think amazon.com allows 'admin' login to the > > backend > > >> from their main site? Absurd to even ask. This is basic internet > > >> security. > > >> > > >> Instead, have front-end machines that serve ecommerce, and have > back-end > > >> machines that allows access to /catalog, etc. via a VPN, or a local > > >> subnet. > > >> > > >> I have found that this setup runs faster, and you have more > flexibility. > > >> > > >> Here is a sample apache (port 80) configuration file: > > >> > > > -------------------------------------------------------------------------- > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > > >> DocumentRoot /var/www/ > > >> <Directory /> > > >> Options FollowSymLinks > > >> AllowOverride None > > >> </Directory> > > >> <Directory /var/www/> > > >> Options FollowSymLinks MultiViews > > >> AllowOverride None > > >> Order allow,deny > > >> allow from all > > >> </Directory> > > >> > > >> ExpiresActive On > > >> #ExpiresByType text/html "access plus 1 day" > > >> ExpiresByType text/css "access plus 1 day" > > >> ExpiresByType text/javascript "access plus 1 day" > > >> ExpiresByType image/gif "access plus 1 week" > > >> ExpiresByType image/jpeg "access plus 1 week" > > >> ExpiresByType image/png "access plus 1 week" > > >> ExpiresByType image/bmp "access plus 1 week" > > >> ExpiresByType application/x-javascript "access plus 1 day" > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day" > > >> > > >> ProxyRequests Off > > >> <Proxy *> > > >> AddDefaultCharset off > > >> Order deny,allow > > >> Allow from all > > >> </Proxy> > > >> > > >> ProxyVia On > > >> > > >> NameVirtualHost *:80 > > >> > > >> <VirtualHost *:80> > > >> # General setup for the virtual host. > > >> ServerName example.com > > >> ServerAdmin [hidden email] > > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml > text/css > > >> application/x-javascript text/javascript text/x-js application/json > > >> application/xml application/javascript > > >> BrowserMatch ^Mozilla/4 gzip-only-text/html > > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip > > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > > >> > > >> ProxyRequests Off > > >> ProxyPreserveHost On > > >> > > >> ProxyPassMatch ^(/images/.*)$ ! > > >> proxyPass /content ajp://127.0.0.1:8009/content > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > >> #proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> RewriteEngine On > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > >> </VirtualHost> > > >> > > > -------------------------------------------------------------------------- > > >> > > >> Here the matching SSL (port 443) apache config: > > >> ---------------------------------------------------------------------- > > >> <IfModule mod_ssl.c> > > >> <VirtualHost *:443> > > >> ServerName example.com > > >> ServerAdmin [hidden email] > > >> > > >> ProxyRequests Off > > >> ProxyPreserveHost On > > >> ProxyPassMatch ^(/images/.*)$ ! > > >> proxyPass /content ajp://127.0.0.1:8009/content > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > >> #proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> RewriteEngine On > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > >> > > >> # SSL Engine Switch: > > >> # Enable/Disable SSL for this virtual host. > > >> SSLEngine on > > >> SSLCertificateFile /etc/ssl/certs/example.com.crt > > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key > > >> > > >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> > > >> SSLOptions +StdEnvVars > > >> </FilesMatch> > > >> <Directory /usr/lib/cgi-bin> > > >> SSLOptions +StdEnvVars > > >> </Directory> > > >> > > >> BrowserMatch "MSIE [2-6]" \ > > >> nokeepalive ssl-unclean-shutdown \ > > >> downgrade-1.0 force-response-1.0 > > >> # MSIE 7 and newer should be able to use keepalive > > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > > >> </VirtualHost> > > >> </IfModule> > > >> ---------------------------------------------------------------------- > > >> > > >> If you decide that you don't care about locking out /catalog and other > > >> admin stuff, just use the: > > >> > > >> proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> And comment out the other proxy statements. > > >> > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu < > > [hidden email] > > >> >wrote: > > >> > > >> > Hi, > > >> > > > >> > I am developing an ecommerce store using ofbiz, can be found here > > >> > > > >> > http://www.simbacart.com > > >> > > > >> > > > >> > The production system is a Unix box, running apache server and then > > >> Ofbiz > > >> > as a service. > > >> > > > >> > My question to you is, how to map the 80 port of prod server with > the > > >> > ofbiz's 8080 port, also about the mapping of 8443 port. > > >> > > > >> > I was able to map the 80 port by making an entry into the IP table > of > > >> the > > >> > Unix system thereby forwarding requests from 80 port to 8080. > > >> > > > >> > http://www.simbacart.com > > >> > > > >> > Above mentioned is the store in conversation. > > >> > > > >> > Now, here's the problem, till 80 port it is fine, but when it comes > to > > >> 8443 > > >> > this is the kind of URL I get. > > >> > > > >> > > > >> > > > >> > > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > >> > > > >> > Notice the 8443 in the url. > > >> > This url came when I used the tag > <@ofbizUrl>/newcustomer</@ofbizUrl>. > > >> > > > >> > Can you please help me out in setting up this, I'd really appreciate > > it. > > >> > > > >> > -- > > >> > Mandeep Singh Sidhu > > >> > > > >> > > > > > > > > > > > > -- > > > Mandeep Singh Sidhu > > > > > > > > > > > -- > > Mandeep Singh Sidhu > > > -- Mandeep Singh Sidhu |
Perfect, that worked for me, thanks a ton Mike :)
On Mon, Jun 4, 2012 at 7:55 AM, <[hidden email]> wrote: > Just comment out the 8080 and 8443 lines out of url.properties, and > restart. You still need the https line (see my example). > > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Mandeep Sidhu <[hidden email]> > Date: Mon, 4 Jun 2012 07:43:01 > To: <[hidden email]> > Reply-To: [hidden email] > Subject: Re: Removing port number from the url in production setup > > So what exact change will remove the 8080 and 8443 from the url that's > generated when I user <@ofbizurl> tag to render a url?? > I mean, instead of > https://www.example.com:8443/control/newcustomer > > I'd require something like > https://www.example.com/control/newcustomer > > how can I achieve that in production. > > On Mon, Jun 4, 2012 at 3:55 AM, Mike <[hidden email]> wrote: > > > I just checked mine: It looks like I'm still listening in on 8080 and > > 8443: > > > > root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN > > java 18326 ofbiz 6u IPv4 508592 0t0 TCP > localhost:10523 > > (LISTEN) > > java 18326 ofbiz 114u IPv4 508688 0t0 TCP *:1099 > (LISTEN) > > java 18326 ofbiz 297u IPv4 509471 0t0 TCP *:8080 > (LISTEN) > > java 18326 ofbiz 300u IPv4 509483 0t0 TCP *:8443 > (LISTEN) > > java 18326 ofbiz 302u IPv4 508690 0t0 TCP *:52139 > > (LISTEN) > > java 18326 ofbiz 361u IPv4 509537 0t0 TCP *:8009 > (LISTEN) > > > > So, I don't think you need to mess with ofbiz-containers. Regarding the > > other ports, I'm behind a firewall, and I'm fronted by apache via AJP > > (8009). > > > > On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu < > [hidden email] > > >wrote: > > > > > One quick q here Mike, the configuration you shared with me worked > fine. > > > > > > However I still see the port 8443 and 8080 on my website, this happens > > when > > > the user clicks on any link which is generated using <@ofbizurl>. > > > > > > Any idea, as to how do I get rid of these port numbers appended to the > > url. > > > > > > I tried removing entry 8443 from ofbiz-containers.xml and > url.properties > > > file, but after doing that, the webtools link on https stopped working. > > > > > > Any help is much appreciated. > > > > > > Thanks and regards, > > > Mandeep Sidhu > > > > > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu < > > [hidden email] > > > >wrote: > > > > > > > Excellent, Thanks Mike for such a detailed explanation, definitely I > am > > > > going for mod_jk now, will keep you posted. > > > > > > > > Thanks a ton everybody :) > > > > > > > > Cheers, > > > > Mandeep > > > > > > > > > > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote: > > > > > > > >> Mandeep. Nice looking site. > > > >> > > > >> Regarding your issue, you REALLY want to use apache using mod_jk in > > > front > > > >> of ofbiz. Here is why: > > > >> > > > >> 1) You can offload the processing of images to apache (less load on > > > ofbiz) > > > >> 2) You can easily set cache timeouts for images, css, and other > static > > > >> content. > > > >> 3) You can easily add a normal HTML static pages (/static/*.html) > w/o > > > >> using > > > >> ofbiz > > > >> 4) It is easier to offload SSL certificate management to apache > > > >> 5) You can setup gzip compression (DEFLATE) > > > >> 6) You can load balance to multiple instances of ofbiz via apache > > > mod-jk. > > > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the > > same. > > > >> 8) Most Important: You can add security to your site by locking out > > > admin > > > >> links. > > > >> > > > >> Regarding #8. If you are running an ecommerce site, you DON'T want > > > people > > > >> from the internet to even attempt to gain access (i.e. login as > > 'admin' > > > to > > > >> 'catalog'). Do you think amazon.com allows 'admin' login to the > > > backend > > > >> from their main site? Absurd to even ask. This is basic internet > > > >> security. > > > >> > > > >> Instead, have front-end machines that serve ecommerce, and have > > back-end > > > >> machines that allows access to /catalog, etc. via a VPN, or a local > > > >> subnet. > > > >> > > > >> I have found that this setup runs faster, and you have more > > flexibility. > > > >> > > > >> Here is a sample apache (port 80) configuration file: > > > >> > > > > > > -------------------------------------------------------------------------- > > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > > > >> DocumentRoot /var/www/ > > > >> <Directory /> > > > >> Options FollowSymLinks > > > >> AllowOverride None > > > >> </Directory> > > > >> <Directory /var/www/> > > > >> Options FollowSymLinks MultiViews > > > >> AllowOverride None > > > >> Order allow,deny > > > >> allow from all > > > >> </Directory> > > > >> > > > >> ExpiresActive On > > > >> #ExpiresByType text/html "access plus 1 day" > > > >> ExpiresByType text/css "access plus 1 day" > > > >> ExpiresByType text/javascript "access plus 1 day" > > > >> ExpiresByType image/gif "access plus 1 week" > > > >> ExpiresByType image/jpeg "access plus 1 week" > > > >> ExpiresByType image/png "access plus 1 week" > > > >> ExpiresByType image/bmp "access plus 1 week" > > > >> ExpiresByType application/x-javascript "access plus 1 day" > > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day" > > > >> > > > >> ProxyRequests Off > > > >> <Proxy *> > > > >> AddDefaultCharset off > > > >> Order deny,allow > > > >> Allow from all > > > >> </Proxy> > > > >> > > > >> ProxyVia On > > > >> > > > >> NameVirtualHost *:80 > > > >> > > > >> <VirtualHost *:80> > > > >> # General setup for the virtual host. > > > >> ServerName example.com > > > >> ServerAdmin [hidden email] > > > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml > > text/css > > > >> application/x-javascript text/javascript text/x-js application/json > > > >> application/xml application/javascript > > > >> BrowserMatch ^Mozilla/4 gzip-only-text/html > > > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip > > > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > > > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > > > >> > > > >> ProxyRequests Off > > > >> ProxyPreserveHost On > > > >> > > > >> ProxyPassMatch ^(/images/.*)$ ! > > > >> proxyPass /content ajp://127.0.0.1:8009/content > > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > > >> #proxyPass / ajp://127.0.0.1:8009/ > > > >> > > > >> RewriteEngine On > > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > > >> </VirtualHost> > > > >> > > > > > > -------------------------------------------------------------------------- > > > >> > > > >> Here the matching SSL (port 443) apache config: > > > >> > ---------------------------------------------------------------------- > > > >> <IfModule mod_ssl.c> > > > >> <VirtualHost *:443> > > > >> ServerName example.com > > > >> ServerAdmin [hidden email] > > > >> > > > >> ProxyRequests Off > > > >> ProxyPreserveHost On > > > >> ProxyPassMatch ^(/images/.*)$ ! > > > >> proxyPass /content ajp://127.0.0.1:8009/content > > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > > >> #proxyPass / ajp://127.0.0.1:8009/ > > > >> > > > >> RewriteEngine On > > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > > >> > > > >> # SSL Engine Switch: > > > >> # Enable/Disable SSL for this virtual host. > > > >> SSLEngine on > > > >> SSLCertificateFile /etc/ssl/certs/example.com.crt > > > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key > > > >> > > > >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> > > > >> SSLOptions +StdEnvVars > > > >> </FilesMatch> > > > >> <Directory /usr/lib/cgi-bin> > > > >> SSLOptions +StdEnvVars > > > >> </Directory> > > > >> > > > >> BrowserMatch "MSIE [2-6]" \ > > > >> nokeepalive ssl-unclean-shutdown \ > > > >> downgrade-1.0 force-response-1.0 > > > >> # MSIE 7 and newer should be able to use keepalive > > > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > > > >> </VirtualHost> > > > >> </IfModule> > > > >> > ---------------------------------------------------------------------- > > > >> > > > >> If you decide that you don't care about locking out /catalog and > other > > > >> admin stuff, just use the: > > > >> > > > >> proxyPass / ajp://127.0.0.1:8009/ > > > >> > > > >> And comment out the other proxy statements. > > > >> > > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu < > > > [hidden email] > > > >> >wrote: > > > >> > > > >> > Hi, > > > >> > > > > >> > I am developing an ecommerce store using ofbiz, can be found here > > > >> > > > > >> > http://www.simbacart.com > > > >> > > > > >> > > > > >> > The production system is a Unix box, running apache server and > then > > > >> Ofbiz > > > >> > as a service. > > > >> > > > > >> > My question to you is, how to map the 80 port of prod server with > > the > > > >> > ofbiz's 8080 port, also about the mapping of 8443 port. > > > >> > > > > >> > I was able to map the 80 port by making an entry into the IP table > > of > > > >> the > > > >> > Unix system thereby forwarding requests from 80 port to 8080. > > > >> > > > > >> > http://www.simbacart.com > > > >> > > > > >> > Above mentioned is the store in conversation. > > > >> > > > > >> > Now, here's the problem, till 80 port it is fine, but when it > comes > > to > > > >> 8443 > > > >> > this is the kind of URL I get. > > > >> > > > > >> > > > > >> > > > > >> > > > > > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > > >> > > > > >> > Notice the 8443 in the url. > > > >> > This url came when I used the tag > > <@ofbizUrl>/newcustomer</@ofbizUrl>. > > > >> > > > > >> > Can you please help me out in setting up this, I'd really > appreciate > > > it. > > > >> > > > > >> > -- > > > >> > Mandeep Singh Sidhu > > > >> > > > > >> > > > > > > > > > > > > > > > > -- > > > > Mandeep Singh Sidhu > > > > > > > > > > > > > > > > -- > > > Mandeep Singh Sidhu > > > > > > > > > -- > Mandeep Singh Sidhu > > -- Mandeep Singh Sidhu |
In reply to this post by Mike Z
Hi Mike Z,
Nube question.. I have this same situation but am Using windows7 not Linux as my server, where would I set up the "apache (port 80) configuration file", in windows? Is it even possible? Thanks MrFitz
|
Administrator
|
I don't want to RTFM, but really
from https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Documentation+Index Configuration Documents https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Documentation+Index#OFBizDocumentationIndex-ConfigurationDocuments Apache OFBiz Technical Production Setup Guide https://cwiki.apache.org/confluence/display/OFBTECH/Apache+OFBiz+Technical+Production+Setup+Guide URL and Port Settings https://cwiki.apache.org/confluence/display/OFBTECH/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-URLandPortSettings Apache OFBiz Business Setup Guide (for users) https://cwiki.apache.org/confluence/display/OFBENDUSER/Apache+OFBiz+Business+Setup+Guide WebSite Setup (ok this one is not obvious) https://cwiki.apache.org/confluence/display/OFBENDUSER/Apache+OFBiz+Business+Setup+Guide#ApacheOFBizBusinessSetupGuide-WebSiteSetup Is that so hard? You can change in the Website associated with the ProductStore (80 and 443 are default HHTP/S port and will not show in URLs) for instance https://demo-trunk.ofbiz.apache.org/content/control/EditWebSite?webSiteId=WebStore You can also change in url.properties (all websites, the previous setting surcharges url.properties, or url.properties is a fallback if you prefer) This is a solution limited to 1 OFBiz instance If you need more, and in most cases anyway, it's better to use a FrontEnd like Apache HTTPD https://cwiki.apache.org/confluence/display/OFBIZ/FAQ+-+Tips+-+Tricks+-+Cookbook+-+HowTo#FAQ-Tips-Tricks-Cookbook-HowTo-ApacheHTTPD(ApacheWebserver) HTTPD works also on Windows BTW what is your situation now regarding http://markmail.org/message/c4neg7g2yu5wkxhi ? Note: prefer Postgres under Mysql Jacques From: "mrfitz" <[hidden email]> > Hi Mike Z, > > Nube question.. > > I have this same situation but am Using windows7 not Linux as my server, > where would I set up the "apache (port 80) configuration file", in windows? > > Is it even possible? > > Thanks > MrFitz > > > > Mike Z wrote >> >> Mandeep. Nice looking site. >> >> Regarding your issue, you REALLY want to use apache using mod_jk in front >> of ofbiz. Here is why: >> >> 1) You can offload the processing of images to apache (less load on ofbiz) >> 2) You can easily set cache timeouts for images, css, and other static >> content. >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o >> using >> ofbiz >> 4) It is easier to offload SSL certificate management to apache >> 5) You can setup gzip compression (DEFLATE) >> 6) You can load balance to multiple instances of ofbiz via apache mod-jk. >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same. >> 8) Most Important: You can add security to your site by locking out admin >> links. >> >> Regarding #8. If you are running an ecommerce site, you DON'T want people >> from the internet to even attempt to gain access (i.e. login as 'admin' to >> 'catalog'). Do you think amazon.com allows 'admin' login to the backend >> from their main site? Absurd to even ask. This is basic internet >> security. >> >> Instead, have front-end machines that serve ecommerce, and have back-end >> machines that allows access to /catalog, etc. via a VPN, or a local >> subnet. >> >> I have found that this setup runs faster, and you have more flexibility. >> >> Here is a sample apache (port 80) configuration file:.... >> > > > -- > View this message in context: > http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634522.html > Sent from the OFBiz - User mailing list archive at Nabble.com. |
Hi Jacques,
I am a nube. And I am sorry, but I have just about memorized every one of the documents you referenced. I made the changes, but my url's still contain the port ie.. https://posintl.sytes.net:8443/catalog/control/EditProductStore So, I'm a dummy, and can't quite get it figured out... as far as.. I haven't got it figured out yet. I have reread all the applicable docs and posts, and it MIGHT be getting a little clearer. I am able to connect to MySql. But I need to get the other stuff figured out. You mentioned "This is a solution limited to 1 OFBiz instance " so that's probably not going to work for me in my long term plans. I have been reading many posts that discuss using a single code base with multi tenants to provide a type of SAS config. That's really what I want. Thanks for being patient with the nube. If you can point me to more info, I would appreciate it. Once I get up to speed, I will be able to contribute training aids. MrFitz |
Administrator
|
From: "mrfitz" <[hidden email]>
> Hi Jacques, > > I am a nube. And I am sorry, but I have just about memorized every one of > the documents you referenced. I made the changes, but my url's still > contain the port ie.. > https://posintl.sytes.net:8443/catalog/control/EditProductStore > > So, I'm a dummy, and can't quite get it figured out... Ho I don't blame you, I got the same when I began. It was more a rant addressed to the whole audience... This is not really an OFBiz issue. You should really try to use HTTPD as front end http://httpd.apache.org/. It's a bit more involved at start, but not that much. And you will get great benefits on the long run For your particular problem see http://pwu-developer.blogspot.fr/2011/04/securing-tomcat-with-apache-web-server.html Also refer to the OFBiz FAQ link I sent you before, there are good tips there BTW better keep the thread copied, text format is not abusing Internet mails Sorry at the moment Confluence is done... You may use rewrite rules to then change url you want when you want. For rewrite rules, an internal alternative is to use Tuckey http://tuckey.org/urlrewrite/ HTH Jacques > > > as far as.. > > > Jacques Le Roux wrote >> >> BTW what is your situation now regarding >> http://markmail.org/message/c4neg7g2yu5wkxhi ? >> Note: prefer Postgres under Mysql >> >> Jacques >> > > I haven't got it figured out yet. I have reread all the applicable docs and > posts, and it MIGHT be getting a little clearer. I am able to connect to > MySql. But I need to get the other stuff figured out. > > You mentioned "This is a solution limited to 1 OFBiz instance " so that's > probably not going to work for me in my long term plans. I have been > reading many posts that discuss using a single code base with multi tenants > to provide a type of SAS config. That's really what I want. > > Thanks for being patient with the nube. If you can point me to more info, I > would appreciate it. Once I get up to speed, I will be able to contribute > training aids. > > MrFitz > > > -- > View this message in context: > http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634528.html > Sent from the OFBiz - User mailing list archive at Nabble.com. |
Administrator
|
From: "Jacques Le Roux" <[hidden email]>
> From: "mrfitz" <[hidden email]> >> Hi Jacques, >> >> I am a nube. And I am sorry, but I have just about memorized every one of >> the documents you referenced. I made the changes, but my url's still >> contain the port ie.. >> https://posintl.sytes.net:8443/catalog/control/EditProductStore >> >> So, I'm a dummy, and can't quite get it figured out... > > Ho I don't blame you, I got the same when I began. It was more a rant addressed to the whole audience... > > This is not really an OFBiz issue. You should really try to use HTTPD as front end http://httpd.apache.org/. It's a bit more > involved at start, but not that much. And you will get great benefits on the long run > For your particular problem see http://pwu-developer.blogspot.fr/2011/04/securing-tomcat-with-apache-web-server.html > > Also refer to the OFBiz FAQ link I sent you before, there are good tips there > BTW better keep the thread copied, text format is not abusing Internet mails > Sorry at the moment Confluence is done... was "is gone", it's back since Jacques > You may use rewrite rules to then change url you want when you want. > For rewrite rules, an internal alternative is to use Tuckey http://tuckey.org/urlrewrite/ > > HTH > > Jacques > >> >> >> as far as.. >> >> >> Jacques Le Roux wrote >>> >>> BTW what is your situation now regarding >>> http://markmail.org/message/c4neg7g2yu5wkxhi ? >>> Note: prefer Postgres under Mysql >>> >>> Jacques >>> >> >> I haven't got it figured out yet. I have reread all the applicable docs and >> posts, and it MIGHT be getting a little clearer. I am able to connect to >> MySql. But I need to get the other stuff figured out. >> >> You mentioned "This is a solution limited to 1 OFBiz instance " so that's >> probably not going to work for me in my long term plans. I have been >> reading many posts that discuss using a single code base with multi tenants >> to provide a type of SAS config. That's really what I want. >> >> Thanks for being patient with the nube. If you can point me to more info, I >> would appreciate it. Once I get up to speed, I will be able to contribute >> training aids. >> >> MrFitz >> >> >> -- >> View this message in context: >> http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634528.html >> Sent from the OFBiz - User mailing list archive at Nabble.com. |
Free forum by Nabble | Edit this page |