Removing port number from the url in production setup

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

Removing port number from the url in production setup

Mandeep Sidhu
Hi,

I am developing an ecommerce store using ofbiz, can be found here

http://www.simbacart.com


The production system is a Unix box, running apache server and then Ofbiz
as a service.

My question to you is, how to map the 80 port of prod server with the
ofbiz's 8080 port, also about the mapping of 8443 port.

I was able to map the 80 port by making an entry into the IP table of the
Unix system thereby forwarding requests from 80 port to 8080.

http://www.simbacart.com

Above mentioned is the store in conversation.

Now, here's the problem, till 80 port it is fine, but when it comes to 8443
this is the kind of URL I get.

https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1

Notice the 8443 in the url.
This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>.

Can you please help me out in setting up this, I'd really appreciate it.

--
Mandeep Singh Sidhu
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Sanjeev Gupta
Just change the HTTP & HTTPS ports in following files and restart the server.
        1. ${ofbiz install dir}/framework/base/config/ofbiz-containers.xml
        2. ${ofbiz install dir}/framework/webapp/config/url.properties

And make sure you remove the port forwarding you've setup ..
Rgds
Sanjeev Gupta
www.digitalwebadvisors.com
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Rajbir Saini
In reply to this post by Mandeep Sidhu
Hello Mandeep,

If want to run OFBiz behind Apache HTTPd reverse proxy, Apache HTTPd
mod_ajp_proxy module alone with mod_proxy. Refer [1] [2] and [2] below
for more details.

[1]
https://cwiki.apache.org/OFBIZ/faq-tips-tricks-cookbook-howto.html#FAQ-Tips-Tricks-Cookbook-HowTo-HTTPD
[2] http://markmail.org/message/ut62lf6k6oeiki46
[3]
http://mail-archives.apache.org/mod_mbox/ofbiz-user/200909.mbox/%3C24987858.231721253034318555.JavaMail.root@...%3E

Thanks,

Raj

On Wednesday 30 May 2012 06:59 AM, Mandeep Sidhu wrote:

> Hi,
>
> I am developing an ecommerce store using ofbiz, can be found here
>
> http://www.simbacart.com
>
>
> The production system is a Unix box, running apache server and then Ofbiz
> as a service.
>
> My question to you is, how to map the 80 port of prod server with the
> ofbiz's 8080 port, also about the mapping of 8443 port.
>
> I was able to map the 80 port by making an entry into the IP table of the
> Unix system thereby forwarding requests from 80 port to 8080.
>
> http://www.simbacart.com
>
> Above mentioned is the store in conversation.
>
> Now, here's the problem, till 80 port it is fine, but when it comes to 8443
> this is the kind of URL I get.
>
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
>
> Notice the 8443 in the url.
> This url came when I used the tag<@ofbizUrl>/newcustomer</@ofbizUrl>.
>
> Can you please help me out in setting up this, I'd really appreciate it.
>

Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Mike Z
In reply to this post by Mandeep Sidhu
Mandeep.  Nice looking site.

Regarding your issue, you REALLY want to use apache using mod_jk in front
of ofbiz.  Here is why:

1) You can offload the processing of images to apache (less load on ofbiz)
2) You can easily set cache timeouts for images, css, and other static
content.
3) You can easily add a normal HTML static pages (/static/*.html) w/o using
ofbiz
4) It is easier to offload SSL certificate management to apache
5) You can setup gzip compression (DEFLATE)
6) You can load balance to multiple instances of ofbiz via apache mod-jk.
7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the same.
8) Most Important:  You can add security to your site by locking out admin
links.

Regarding #8.  If you are running an ecommerce site, you DON'T want people
from the internet to even attempt to gain access (i.e. login as 'admin' to
'catalog').  Do you think amazon.com allows 'admin' login to the backend
from their main site?  Absurd to even ask.  This is basic internet security.

Instead, have front-end machines that serve ecommerce, and have back-end
machines that allows access to /catalog, etc. via a VPN, or a local subnet.

I have found that this setup runs faster, and you have more flexibility.

Here is a sample apache (port 80) configuration file:
--------------------------------------------------------------------------
Alias /images/ /opt/ofbiz/framework/images/webapp/images/
DocumentRoot /var/www/
<Directory />
   Options FollowSymLinks
   AllowOverride None
</Directory>
<Directory /var/www/>
   Options FollowSymLinks MultiViews
   AllowOverride None
   Order allow,deny
   allow from all
</Directory>

ExpiresActive On
#ExpiresByType text/html "access plus 1 day"
ExpiresByType text/css "access plus 1 day"
ExpiresByType text/javascript "access plus 1 day"
ExpiresByType image/gif "access plus 1 week"
ExpiresByType image/jpeg "access plus 1 week"
ExpiresByType image/png "access plus 1 week"
ExpiresByType image/bmp "access plus 1 week"
ExpiresByType application/x-javascript "access plus 1 day"
ExpiresByType application/x-shockwave-flash "access plus 1 day"

ProxyRequests Off
<Proxy *>
        AddDefaultCharset off
        Order deny,allow
        Allow from all
</Proxy>

ProxyVia On

NameVirtualHost *:80

<VirtualHost *:80>
    #   General setup for the virtual host.
    ServerName example.com
    ServerAdmin [hidden email]
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
application/x-javascript text/javascript text/x-js application/json
application/xml application/javascript
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPassMatch ^(/images/.*)$ !
    proxyPass /content   ajp://127.0.0.1:8009/content
    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
    #proxyPass /        ajp://127.0.0.1:8009/

    RewriteEngine On
    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
</VirtualHost>
--------------------------------------------------------------------------

Here the matching SSL (port 443) apache config:
----------------------------------------------------------------------
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName example.com
        ServerAdmin [hidden email]

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPassMatch ^(/images/.*)$ !
        proxyPass /content   ajp://127.0.0.1:8009/content
        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
        #proxyPass /        ajp://127.0.0.1:8009/

        RewriteEngine On
        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/example.com.crt
        SSLCertificateKeyFile /etc/ssl/private/example.com.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
----------------------------------------------------------------------

If you decide that you don't care about locking out /catalog and other
admin stuff, just use the:

proxyPass /        ajp://127.0.0.1:8009/

And comment out the other proxy statements.

On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <[hidden email]>wrote:

> Hi,
>
> I am developing an ecommerce store using ofbiz, can be found here
>
> http://www.simbacart.com
>
>
> The production system is a Unix box, running apache server and then Ofbiz
> as a service.
>
> My question to you is, how to map the 80 port of prod server with the
> ofbiz's 8080 port, also about the mapping of 8443 port.
>
> I was able to map the 80 port by making an entry into the IP table of the
> Unix system thereby forwarding requests from 80 port to 8080.
>
> http://www.simbacart.com
>
> Above mentioned is the store in conversation.
>
> Now, here's the problem, till 80 port it is fine, but when it comes to 8443
> this is the kind of URL I get.
>
>
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
>
> Notice the 8443 in the url.
> This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>.
>
> Can you please help me out in setting up this, I'd really appreciate it.
>
> --
> Mandeep Singh Sidhu
>
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Mandeep Sidhu
Excellent, Thanks Mike for such a detailed explanation, definitely I am
going for mod_jk now, will keep you posted.

Thanks a ton everybody :)

Cheers,
Mandeep

On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote:

> Mandeep.  Nice looking site.
>
> Regarding your issue, you REALLY want to use apache using mod_jk in front
> of ofbiz.  Here is why:
>
> 1) You can offload the processing of images to apache (less load on ofbiz)
> 2) You can easily set cache timeouts for images, css, and other static
> content.
> 3) You can easily add a normal HTML static pages (/static/*.html) w/o using
> ofbiz
> 4) It is easier to offload SSL certificate management to apache
> 5) You can setup gzip compression (DEFLATE)
> 6) You can load balance to multiple instances of ofbiz via apache mod-jk.
> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the same.
> 8) Most Important:  You can add security to your site by locking out admin
> links.
>
> Regarding #8.  If you are running an ecommerce site, you DON'T want people
> from the internet to even attempt to gain access (i.e. login as 'admin' to
> 'catalog').  Do you think amazon.com allows 'admin' login to the backend
> from their main site?  Absurd to even ask.  This is basic internet
> security.
>
> Instead, have front-end machines that serve ecommerce, and have back-end
> machines that allows access to /catalog, etc. via a VPN, or a local subnet.
>
> I have found that this setup runs faster, and you have more flexibility.
>
> Here is a sample apache (port 80) configuration file:
> --------------------------------------------------------------------------
> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> DocumentRoot /var/www/
> <Directory />
>   Options FollowSymLinks
>   AllowOverride None
> </Directory>
> <Directory /var/www/>
>   Options FollowSymLinks MultiViews
>   AllowOverride None
>   Order allow,deny
>   allow from all
> </Directory>
>
> ExpiresActive On
> #ExpiresByType text/html "access plus 1 day"
> ExpiresByType text/css "access plus 1 day"
> ExpiresByType text/javascript "access plus 1 day"
> ExpiresByType image/gif "access plus 1 week"
> ExpiresByType image/jpeg "access plus 1 week"
> ExpiresByType image/png "access plus 1 week"
> ExpiresByType image/bmp "access plus 1 week"
> ExpiresByType application/x-javascript "access plus 1 day"
> ExpiresByType application/x-shockwave-flash "access plus 1 day"
>
> ProxyRequests Off
> <Proxy *>
>        AddDefaultCharset off
>        Order deny,allow
>        Allow from all
> </Proxy>
>
> ProxyVia On
>
> NameVirtualHost *:80
>
> <VirtualHost *:80>
>    #   General setup for the virtual host.
>    ServerName example.com
>    ServerAdmin [hidden email]
>    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
> application/x-javascript text/javascript text/x-js application/json
> application/xml application/javascript
>    BrowserMatch ^Mozilla/4 gzip-only-text/html
>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
>
>    ProxyRequests Off
>    ProxyPreserveHost On
>
>    ProxyPassMatch ^(/images/.*)$ !
>    proxyPass /content   ajp://127.0.0.1:8009/content
>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
>    #proxyPass /        ajp://127.0.0.1:8009/
>
>    RewriteEngine On
>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> </VirtualHost>
> --------------------------------------------------------------------------
>
> Here the matching SSL (port 443) apache config:
> ----------------------------------------------------------------------
> <IfModule mod_ssl.c>
> <VirtualHost *:443>
>        ServerName example.com
>        ServerAdmin [hidden email]
>
>        ProxyRequests Off
>        ProxyPreserveHost On
>        ProxyPassMatch ^(/images/.*)$ !
>        proxyPass /content   ajp://127.0.0.1:8009/content
>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
>        #proxyPass /        ajp://127.0.0.1:8009/
>
>        RewriteEngine On
>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
>
>        #   SSL Engine Switch:
>        #   Enable/Disable SSL for this virtual host.
>        SSLEngine on
>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
>
>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
>                SSLOptions +StdEnvVars
>        </FilesMatch>
>        <Directory /usr/lib/cgi-bin>
>                SSLOptions +StdEnvVars
>        </Directory>
>
>        BrowserMatch "MSIE [2-6]" \
>                nokeepalive ssl-unclean-shutdown \
>                downgrade-1.0 force-response-1.0
>        # MSIE 7 and newer should be able to use keepalive
>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> </VirtualHost>
> </IfModule>
> ----------------------------------------------------------------------
>
> If you decide that you don't care about locking out /catalog and other
> admin stuff, just use the:
>
> proxyPass /        ajp://127.0.0.1:8009/
>
> And comment out the other proxy statements.
>
> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <[hidden email]
> >wrote:
>
> > Hi,
> >
> > I am developing an ecommerce store using ofbiz, can be found here
> >
> > http://www.simbacart.com
> >
> >
> > The production system is a Unix box, running apache server and then Ofbiz
> > as a service.
> >
> > My question to you is, how to map the 80 port of prod server with the
> > ofbiz's 8080 port, also about the mapping of 8443 port.
> >
> > I was able to map the 80 port by making an entry into the IP table of the
> > Unix system thereby forwarding requests from 80 port to 8080.
> >
> > http://www.simbacart.com
> >
> > Above mentioned is the store in conversation.
> >
> > Now, here's the problem, till 80 port it is fine, but when it comes to
> 8443
> > this is the kind of URL I get.
> >
> >
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> >
> > Notice the 8443 in the url.
> > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>.
> >
> > Can you please help me out in setting up this, I'd really appreciate it.
> >
> > --
> > Mandeep Singh Sidhu
> >
>



--
Mandeep Singh Sidhu
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Mandeep Sidhu
One quick q here Mike, the configuration you shared with me worked fine.

However I still see the port 8443 and 8080 on my website, this happens when
the user clicks on any link which is generated using <@ofbizurl>.

Any idea, as to how do I get rid of these port numbers appended to the url.

I tried removing entry 8443 from ofbiz-containers.xml and url.properties
file, but after doing that, the webtools link on https stopped working.

Any help is much appreciated.

Thanks and regards,
Mandeep Sidhu

On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <[hidden email]>wrote:

> Excellent, Thanks Mike for such a detailed explanation, definitely I am
> going for mod_jk now, will keep you posted.
>
> Thanks a ton everybody :)
>
> Cheers,
> Mandeep
>
>
> On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote:
>
>> Mandeep.  Nice looking site.
>>
>> Regarding your issue, you REALLY want to use apache using mod_jk in front
>> of ofbiz.  Here is why:
>>
>> 1) You can offload the processing of images to apache (less load on ofbiz)
>> 2) You can easily set cache timeouts for images, css, and other static
>> content.
>> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
>> using
>> ofbiz
>> 4) It is easier to offload SSL certificate management to apache
>> 5) You can setup gzip compression (DEFLATE)
>> 6) You can load balance to multiple instances of ofbiz via apache mod-jk.
>> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the same.
>> 8) Most Important:  You can add security to your site by locking out admin
>> links.
>>
>> Regarding #8.  If you are running an ecommerce site, you DON'T want people
>> from the internet to even attempt to gain access (i.e. login as 'admin' to
>> 'catalog').  Do you think amazon.com allows 'admin' login to the backend
>> from their main site?  Absurd to even ask.  This is basic internet
>> security.
>>
>> Instead, have front-end machines that serve ecommerce, and have back-end
>> machines that allows access to /catalog, etc. via a VPN, or a local
>> subnet.
>>
>> I have found that this setup runs faster, and you have more flexibility.
>>
>> Here is a sample apache (port 80) configuration file:
>> --------------------------------------------------------------------------
>> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
>> DocumentRoot /var/www/
>> <Directory />
>>   Options FollowSymLinks
>>   AllowOverride None
>> </Directory>
>> <Directory /var/www/>
>>   Options FollowSymLinks MultiViews
>>   AllowOverride None
>>   Order allow,deny
>>   allow from all
>> </Directory>
>>
>> ExpiresActive On
>> #ExpiresByType text/html "access plus 1 day"
>> ExpiresByType text/css "access plus 1 day"
>> ExpiresByType text/javascript "access plus 1 day"
>> ExpiresByType image/gif "access plus 1 week"
>> ExpiresByType image/jpeg "access plus 1 week"
>> ExpiresByType image/png "access plus 1 week"
>> ExpiresByType image/bmp "access plus 1 week"
>> ExpiresByType application/x-javascript "access plus 1 day"
>> ExpiresByType application/x-shockwave-flash "access plus 1 day"
>>
>> ProxyRequests Off
>> <Proxy *>
>>        AddDefaultCharset off
>>        Order deny,allow
>>        Allow from all
>> </Proxy>
>>
>> ProxyVia On
>>
>> NameVirtualHost *:80
>>
>> <VirtualHost *:80>
>>    #   General setup for the virtual host.
>>    ServerName example.com
>>    ServerAdmin [hidden email]
>>    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
>> application/x-javascript text/javascript text/x-js application/json
>> application/xml application/javascript
>>    BrowserMatch ^Mozilla/4 gzip-only-text/html
>>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
>>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
>>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
>>
>>    ProxyRequests Off
>>    ProxyPreserveHost On
>>
>>    ProxyPassMatch ^(/images/.*)$ !
>>    proxyPass /content   ajp://127.0.0.1:8009/content
>>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
>>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
>>    #proxyPass /        ajp://127.0.0.1:8009/
>>
>>    RewriteEngine On
>>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
>>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
>>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
>> </VirtualHost>
>> --------------------------------------------------------------------------
>>
>> Here the matching SSL (port 443) apache config:
>> ----------------------------------------------------------------------
>> <IfModule mod_ssl.c>
>> <VirtualHost *:443>
>>        ServerName example.com
>>        ServerAdmin [hidden email]
>>
>>        ProxyRequests Off
>>        ProxyPreserveHost On
>>        ProxyPassMatch ^(/images/.*)$ !
>>        proxyPass /content   ajp://127.0.0.1:8009/content
>>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
>>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
>>        #proxyPass /        ajp://127.0.0.1:8009/
>>
>>        RewriteEngine On
>>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
>>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
>>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
>>
>>        #   SSL Engine Switch:
>>        #   Enable/Disable SSL for this virtual host.
>>        SSLEngine on
>>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
>>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
>>
>>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
>>                SSLOptions +StdEnvVars
>>        </FilesMatch>
>>        <Directory /usr/lib/cgi-bin>
>>                SSLOptions +StdEnvVars
>>        </Directory>
>>
>>        BrowserMatch "MSIE [2-6]" \
>>                nokeepalive ssl-unclean-shutdown \
>>                downgrade-1.0 force-response-1.0
>>        # MSIE 7 and newer should be able to use keepalive
>>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
>> </VirtualHost>
>> </IfModule>
>> ----------------------------------------------------------------------
>>
>> If you decide that you don't care about locking out /catalog and other
>> admin stuff, just use the:
>>
>> proxyPass /        ajp://127.0.0.1:8009/
>>
>> And comment out the other proxy statements.
>>
>> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <[hidden email]
>> >wrote:
>>
>> > Hi,
>> >
>> > I am developing an ecommerce store using ofbiz, can be found here
>> >
>> > http://www.simbacart.com
>> >
>> >
>> > The production system is a Unix box, running apache server and then
>> Ofbiz
>> > as a service.
>> >
>> > My question to you is, how to map the 80 port of prod server with the
>> > ofbiz's 8080 port, also about the mapping of 8443 port.
>> >
>> > I was able to map the 80 port by making an entry into the IP table of
>> the
>> > Unix system thereby forwarding requests from 80 port to 8080.
>> >
>> > http://www.simbacart.com
>> >
>> > Above mentioned is the store in conversation.
>> >
>> > Now, here's the problem, till 80 port it is fine, but when it comes to
>> 8443
>> > this is the kind of URL I get.
>> >
>> >
>> >
>> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
>> >
>> > Notice the 8443 in the url.
>> > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>.
>> >
>> > Can you please help me out in setting up this, I'd really appreciate it.
>> >
>> > --
>> > Mandeep Singh Sidhu
>> >
>>
>
>
>
> --
> Mandeep Singh Sidhu
>



--
Mandeep Singh Sidhu
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Deepak Agarwal-2
Go to Content->website , choose ur website. there you will find it.

On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu <[hidden email]>wrote:

> One quick q here Mike, the configuration you shared with me worked fine.
>
> However I still see the port 8443 and 8080 on my website, this happens when
> the user clicks on any link which is generated using <@ofbizurl>.
>
> Any idea, as to how do I get rid of these port numbers appended to the url.
>
> I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> file, but after doing that, the webtools link on https stopped working.
>
> Any help is much appreciated.
>
> Thanks and regards,
> Mandeep Sidhu
>
> On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <[hidden email]
> >wrote:
>
> > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > going for mod_jk now, will keep you posted.
> >
> > Thanks a ton everybody :)
> >
> > Cheers,
> > Mandeep
> >
> >
> > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote:
> >
> >> Mandeep.  Nice looking site.
> >>
> >> Regarding your issue, you REALLY want to use apache using mod_jk in
> front
> >> of ofbiz.  Here is why:
> >>
> >> 1) You can offload the processing of images to apache (less load on
> ofbiz)
> >> 2) You can easily set cache timeouts for images, css, and other static
> >> content.
> >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> >> using
> >> ofbiz
> >> 4) It is easier to offload SSL certificate management to apache
> >> 5) You can setup gzip compression (DEFLATE)
> >> 6) You can load balance to multiple instances of ofbiz via apache
> mod-jk.
> >> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the same.
> >> 8) Most Important:  You can add security to your site by locking out
> admin
> >> links.
> >>
> >> Regarding #8.  If you are running an ecommerce site, you DON'T want
> people
> >> from the internet to even attempt to gain access (i.e. login as 'admin'
> to
> >> 'catalog').  Do you think amazon.com allows 'admin' login to the
> backend
> >> from their main site?  Absurd to even ask.  This is basic internet
> >> security.
> >>
> >> Instead, have front-end machines that serve ecommerce, and have back-end
> >> machines that allows access to /catalog, etc. via a VPN, or a local
> >> subnet.
> >>
> >> I have found that this setup runs faster, and you have more flexibility.
> >>
> >> Here is a sample apache (port 80) configuration file:
> >>
> --------------------------------------------------------------------------
> >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> >> DocumentRoot /var/www/
> >> <Directory />
> >>   Options FollowSymLinks
> >>   AllowOverride None
> >> </Directory>
> >> <Directory /var/www/>
> >>   Options FollowSymLinks MultiViews
> >>   AllowOverride None
> >>   Order allow,deny
> >>   allow from all
> >> </Directory>
> >>
> >> ExpiresActive On
> >> #ExpiresByType text/html "access plus 1 day"
> >> ExpiresByType text/css "access plus 1 day"
> >> ExpiresByType text/javascript "access plus 1 day"
> >> ExpiresByType image/gif "access plus 1 week"
> >> ExpiresByType image/jpeg "access plus 1 week"
> >> ExpiresByType image/png "access plus 1 week"
> >> ExpiresByType image/bmp "access plus 1 week"
> >> ExpiresByType application/x-javascript "access plus 1 day"
> >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> >>
> >> ProxyRequests Off
> >> <Proxy *>
> >>        AddDefaultCharset off
> >>        Order deny,allow
> >>        Allow from all
> >> </Proxy>
> >>
> >> ProxyVia On
> >>
> >> NameVirtualHost *:80
> >>
> >> <VirtualHost *:80>
> >>    #   General setup for the virtual host.
> >>    ServerName example.com
> >>    ServerAdmin [hidden email]
> >>    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
> >> application/x-javascript text/javascript text/x-js application/json
> >> application/xml application/javascript
> >>    BrowserMatch ^Mozilla/4 gzip-only-text/html
> >>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
> >>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> >>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> >>
> >>    ProxyRequests Off
> >>    ProxyPreserveHost On
> >>
> >>    ProxyPassMatch ^(/images/.*)$ !
> >>    proxyPass /content   ajp://127.0.0.1:8009/content
> >>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> >>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> >>    #proxyPass /        ajp://127.0.0.1:8009/
> >>
> >>    RewriteEngine On
> >>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> >>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> >>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> >> </VirtualHost>
> >>
> --------------------------------------------------------------------------
> >>
> >> Here the matching SSL (port 443) apache config:
> >> ----------------------------------------------------------------------
> >> <IfModule mod_ssl.c>
> >> <VirtualHost *:443>
> >>        ServerName example.com
> >>        ServerAdmin [hidden email]
> >>
> >>        ProxyRequests Off
> >>        ProxyPreserveHost On
> >>        ProxyPassMatch ^(/images/.*)$ !
> >>        proxyPass /content   ajp://127.0.0.1:8009/content
> >>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> >>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> >>        #proxyPass /        ajp://127.0.0.1:8009/
> >>
> >>        RewriteEngine On
> >>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> >>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> >>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> >>
> >>        #   SSL Engine Switch:
> >>        #   Enable/Disable SSL for this virtual host.
> >>        SSLEngine on
> >>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
> >>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
> >>
> >>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
> >>                SSLOptions +StdEnvVars
> >>        </FilesMatch>
> >>        <Directory /usr/lib/cgi-bin>
> >>                SSLOptions +StdEnvVars
> >>        </Directory>
> >>
> >>        BrowserMatch "MSIE [2-6]" \
> >>                nokeepalive ssl-unclean-shutdown \
> >>                downgrade-1.0 force-response-1.0
> >>        # MSIE 7 and newer should be able to use keepalive
> >>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> >> </VirtualHost>
> >> </IfModule>
> >> ----------------------------------------------------------------------
> >>
> >> If you decide that you don't care about locking out /catalog and other
> >> admin stuff, just use the:
> >>
> >> proxyPass /        ajp://127.0.0.1:8009/
> >>
> >> And comment out the other proxy statements.
> >>
> >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> [hidden email]
> >> >wrote:
> >>
> >> > Hi,
> >> >
> >> > I am developing an ecommerce store using ofbiz, can be found here
> >> >
> >> > http://www.simbacart.com
> >> >
> >> >
> >> > The production system is a Unix box, running apache server and then
> >> Ofbiz
> >> > as a service.
> >> >
> >> > My question to you is, how to map the 80 port of prod server with the
> >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> >> >
> >> > I was able to map the 80 port by making an entry into the IP table of
> >> the
> >> > Unix system thereby forwarding requests from 80 port to 8080.
> >> >
> >> > http://www.simbacart.com
> >> >
> >> > Above mentioned is the store in conversation.
> >> >
> >> > Now, here's the problem, till 80 port it is fine, but when it comes to
> >> 8443
> >> > this is the kind of URL I get.
> >> >
> >> >
> >> >
> >>
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> >> >
> >> > Notice the 8443 in the url.
> >> > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>.
> >> >
> >> > Can you please help me out in setting up this, I'd really appreciate
> it.
> >> >
> >> > --
> >> > Mandeep Singh Sidhu
> >> >
> >>
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
>
>
>
> --
> Mandeep Singh Sidhu
>
> --
> Thanks,
> Deepak Agarwal,
>
> Paxcel Technologies Pvt Ltd.
> Hartron Complex, Sector 18, Gurgaon, India.
> E-Mail: [hidden email]
> Mobile: +91 9910322604
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Mandeep Sidhu
so what configuration should I give here for production usage?

On Sun, Jun 3, 2012 at 11:44 PM, Deepak Agarwal <[hidden email]>wrote:

> Go to Content->website , choose ur website. there you will find it.
>
> On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu <[hidden email]
> >wrote:
>
> > One quick q here Mike, the configuration you shared with me worked fine.
> >
> > However I still see the port 8443 and 8080 on my website, this happens
> when
> > the user clicks on any link which is generated using <@ofbizurl>.
> >
> > Any idea, as to how do I get rid of these port numbers appended to the
> url.
> >
> > I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> > file, but after doing that, the webtools link on https stopped working.
> >
> > Any help is much appreciated.
> >
> > Thanks and regards,
> > Mandeep Sidhu
> >
> > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> [hidden email]
> > >wrote:
> >
> > > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > > going for mod_jk now, will keep you posted.
> > >
> > > Thanks a ton everybody :)
> > >
> > > Cheers,
> > > Mandeep
> > >
> > >
> > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote:
> > >
> > >> Mandeep.  Nice looking site.
> > >>
> > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > front
> > >> of ofbiz.  Here is why:
> > >>
> > >> 1) You can offload the processing of images to apache (less load on
> > ofbiz)
> > >> 2) You can easily set cache timeouts for images, css, and other static
> > >> content.
> > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> > >> using
> > >> ofbiz
> > >> 4) It is easier to offload SSL certificate management to apache
> > >> 5) You can setup gzip compression (DEFLATE)
> > >> 6) You can load balance to multiple instances of ofbiz via apache
> > mod-jk.
> > >> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the
> same.
> > >> 8) Most Important:  You can add security to your site by locking out
> > admin
> > >> links.
> > >>
> > >> Regarding #8.  If you are running an ecommerce site, you DON'T want
> > people
> > >> from the internet to even attempt to gain access (i.e. login as
> 'admin'
> > to
> > >> 'catalog').  Do you think amazon.com allows 'admin' login to the
> > backend
> > >> from their main site?  Absurd to even ask.  This is basic internet
> > >> security.
> > >>
> > >> Instead, have front-end machines that serve ecommerce, and have
> back-end
> > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > >> subnet.
> > >>
> > >> I have found that this setup runs faster, and you have more
> flexibility.
> > >>
> > >> Here is a sample apache (port 80) configuration file:
> > >>
> >
> --------------------------------------------------------------------------
> > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > >> DocumentRoot /var/www/
> > >> <Directory />
> > >>   Options FollowSymLinks
> > >>   AllowOverride None
> > >> </Directory>
> > >> <Directory /var/www/>
> > >>   Options FollowSymLinks MultiViews
> > >>   AllowOverride None
> > >>   Order allow,deny
> > >>   allow from all
> > >> </Directory>
> > >>
> > >> ExpiresActive On
> > >> #ExpiresByType text/html "access plus 1 day"
> > >> ExpiresByType text/css "access plus 1 day"
> > >> ExpiresByType text/javascript "access plus 1 day"
> > >> ExpiresByType image/gif "access plus 1 week"
> > >> ExpiresByType image/jpeg "access plus 1 week"
> > >> ExpiresByType image/png "access plus 1 week"
> > >> ExpiresByType image/bmp "access plus 1 week"
> > >> ExpiresByType application/x-javascript "access plus 1 day"
> > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > >>
> > >> ProxyRequests Off
> > >> <Proxy *>
> > >>        AddDefaultCharset off
> > >>        Order deny,allow
> > >>        Allow from all
> > >> </Proxy>
> > >>
> > >> ProxyVia On
> > >>
> > >> NameVirtualHost *:80
> > >>
> > >> <VirtualHost *:80>
> > >>    #   General setup for the virtual host.
> > >>    ServerName example.com
> > >>    ServerAdmin [hidden email]
> > >>    AddOutputFilterByType DEFLATE text/html text/plain text/xml
> text/css
> > >> application/x-javascript text/javascript text/x-js application/json
> > >> application/xml application/javascript
> > >>    BrowserMatch ^Mozilla/4 gzip-only-text/html
> > >>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > >>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > >>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > >>
> > >>    ProxyRequests Off
> > >>    ProxyPreserveHost On
> > >>
> > >>    ProxyPassMatch ^(/images/.*)$ !
> > >>    proxyPass /content   ajp://127.0.0.1:8009/content
> > >>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >>    #proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >>    RewriteEngine On
> > >>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >> </VirtualHost>
> > >>
> >
> --------------------------------------------------------------------------
> > >>
> > >> Here the matching SSL (port 443) apache config:
> > >> ----------------------------------------------------------------------
> > >> <IfModule mod_ssl.c>
> > >> <VirtualHost *:443>
> > >>        ServerName example.com
> > >>        ServerAdmin [hidden email]
> > >>
> > >>        ProxyRequests Off
> > >>        ProxyPreserveHost On
> > >>        ProxyPassMatch ^(/images/.*)$ !
> > >>        proxyPass /content   ajp://127.0.0.1:8009/content
> > >>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >>        #proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >>        RewriteEngine On
> > >>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >>
> > >>        #   SSL Engine Switch:
> > >>        #   Enable/Disable SSL for this virtual host.
> > >>        SSLEngine on
> > >>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
> > >>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > >>
> > >>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > >>                SSLOptions +StdEnvVars
> > >>        </FilesMatch>
> > >>        <Directory /usr/lib/cgi-bin>
> > >>                SSLOptions +StdEnvVars
> > >>        </Directory>
> > >>
> > >>        BrowserMatch "MSIE [2-6]" \
> > >>                nokeepalive ssl-unclean-shutdown \
> > >>                downgrade-1.0 force-response-1.0
> > >>        # MSIE 7 and newer should be able to use keepalive
> > >>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > >> </VirtualHost>
> > >> </IfModule>
> > >> ----------------------------------------------------------------------
> > >>
> > >> If you decide that you don't care about locking out /catalog and other
> > >> admin stuff, just use the:
> > >>
> > >> proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >> And comment out the other proxy statements.
> > >>
> > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > [hidden email]
> > >> >wrote:
> > >>
> > >> > Hi,
> > >> >
> > >> > I am developing an ecommerce store using ofbiz, can be found here
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> >
> > >> > The production system is a Unix box, running apache server and then
> > >> Ofbiz
> > >> > as a service.
> > >> >
> > >> > My question to you is, how to map the 80 port of prod server with
> the
> > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > >> >
> > >> > I was able to map the 80 port by making an entry into the IP table
> of
> > >> the
> > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> > Above mentioned is the store in conversation.
> > >> >
> > >> > Now, here's the problem, till 80 port it is fine, but when it comes
> to
> > >> 8443
> > >> > this is the kind of URL I get.
> > >> >
> > >> >
> > >> >
> > >>
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > >> >
> > >> > Notice the 8443 in the url.
> > >> > This url came when I used the tag
> <@ofbizUrl>/newcustomer</@ofbizUrl>.
> > >> >
> > >> > Can you please help me out in setting up this, I'd really appreciate
> > it.
> > >> >
> > >> > --
> > >> > Mandeep Singh Sidhu
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
> > --
> > Thanks,
> > Deepak Agarwal,
> >
> > Paxcel Technologies Pvt Ltd.
> > Hartron Complex, Sector 18, Gurgaon, India.
> > E-Mail: [hidden email]
> > Mobile: +91 9910322604
> >
> >
>



--
Mandeep Singh Sidhu
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Mike Z
I remember going through this.  I believe (it's been a while) that the key
is in framework/webapp/config/url.properties:

This is what mine looks like:
----------------------------------------------------------------------------------------------------------
# HTTPS Port (Secure port)
port.https.enabled=Y
#port.https=8443
#force.https.host=example.com

# HTTP Port (Not Secure port)
#port.http=8080
#force.http.host=example.com

# Static Content URLs to make it easy to move the serving load for static
content to other machines
# -- thse are for general content such as images, js & css files, or
non-dynamic HTML files
content.url.prefix.secure=
content.url.prefix.standard=

# Here you can set the domain string to use for new cookies
#cookie.domain=example.com
<snip>
----------------------------------------------------------------------------------------------------------

So, it appears that there is no 8080 --or-- 8443 configured.  See if that
works.

On Sun, Jun 3, 2012 at 11:33 AM, Mandeep Sidhu <[hidden email]>wrote:

> so what configuration should I give here for production usage?
>
> On Sun, Jun 3, 2012 at 11:44 PM, Deepak Agarwal <[hidden email]
> >wrote:
>
> > Go to Content->website , choose ur website. there you will find it.
> >
> > On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu <
> [hidden email]
> > >wrote:
> >
> > > One quick q here Mike, the configuration you shared with me worked
> fine.
> > >
> > > However I still see the port 8443 and 8080 on my website, this happens
> > when
> > > the user clicks on any link which is generated using <@ofbizurl>.
> > >
> > > Any idea, as to how do I get rid of these port numbers appended to the
> > url.
> > >
> > > I tried removing entry 8443 from ofbiz-containers.xml and
> url.properties
> > > file, but after doing that, the webtools link on https stopped working.
> > >
> > > Any help is much appreciated.
> > >
> > > Thanks and regards,
> > > Mandeep Sidhu
> > >
> > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> > [hidden email]
> > > >wrote:
> > >
> > > > Excellent, Thanks Mike for such a detailed explanation, definitely I
> am
> > > > going for mod_jk now, will keep you posted.
> > > >
> > > > Thanks a ton everybody :)
> > > >
> > > > Cheers,
> > > > Mandeep
> > > >
> > > >
> > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote:
> > > >
> > > >> Mandeep.  Nice looking site.
> > > >>
> > > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > > front
> > > >> of ofbiz.  Here is why:
> > > >>
> > > >> 1) You can offload the processing of images to apache (less load on
> > > ofbiz)
> > > >> 2) You can easily set cache timeouts for images, css, and other
> static
> > > >> content.
> > > >> 3) You can easily add a normal HTML static pages (/static/*.html)
> w/o
> > > >> using
> > > >> ofbiz
> > > >> 4) It is easier to offload SSL certificate management to apache
> > > >> 5) You can setup gzip compression (DEFLATE)
> > > >> 6) You can load balance to multiple instances of ofbiz via apache
> > > mod-jk.
> > > >> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the
> > same.
> > > >> 8) Most Important:  You can add security to your site by locking out
> > > admin
> > > >> links.
> > > >>
> > > >> Regarding #8.  If you are running an ecommerce site, you DON'T want
> > > people
> > > >> from the internet to even attempt to gain access (i.e. login as
> > 'admin'
> > > to
> > > >> 'catalog').  Do you think amazon.com allows 'admin' login to the
> > > backend
> > > >> from their main site?  Absurd to even ask.  This is basic internet
> > > >> security.
> > > >>
> > > >> Instead, have front-end machines that serve ecommerce, and have
> > back-end
> > > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > > >> subnet.
> > > >>
> > > >> I have found that this setup runs faster, and you have more
> > flexibility.
> > > >>
> > > >> Here is a sample apache (port 80) configuration file:
> > > >>
> > >
> >
> --------------------------------------------------------------------------
> > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > > >> DocumentRoot /var/www/
> > > >> <Directory />
> > > >>   Options FollowSymLinks
> > > >>   AllowOverride None
> > > >> </Directory>
> > > >> <Directory /var/www/>
> > > >>   Options FollowSymLinks MultiViews
> > > >>   AllowOverride None
> > > >>   Order allow,deny
> > > >>   allow from all
> > > >> </Directory>
> > > >>
> > > >> ExpiresActive On
> > > >> #ExpiresByType text/html "access plus 1 day"
> > > >> ExpiresByType text/css "access plus 1 day"
> > > >> ExpiresByType text/javascript "access plus 1 day"
> > > >> ExpiresByType image/gif "access plus 1 week"
> > > >> ExpiresByType image/jpeg "access plus 1 week"
> > > >> ExpiresByType image/png "access plus 1 week"
> > > >> ExpiresByType image/bmp "access plus 1 week"
> > > >> ExpiresByType application/x-javascript "access plus 1 day"
> > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > > >>
> > > >> ProxyRequests Off
> > > >> <Proxy *>
> > > >>        AddDefaultCharset off
> > > >>        Order deny,allow
> > > >>        Allow from all
> > > >> </Proxy>
> > > >>
> > > >> ProxyVia On
> > > >>
> > > >> NameVirtualHost *:80
> > > >>
> > > >> <VirtualHost *:80>
> > > >>    #   General setup for the virtual host.
> > > >>    ServerName example.com
> > > >>    ServerAdmin [hidden email]
> > > >>    AddOutputFilterByType DEFLATE text/html text/plain text/xml
> > text/css
> > > >> application/x-javascript text/javascript text/x-js application/json
> > > >> application/xml application/javascript
> > > >>    BrowserMatch ^Mozilla/4 gzip-only-text/html
> > > >>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > > >>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > > >>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > > >>
> > > >>    ProxyRequests Off
> > > >>    ProxyPreserveHost On
> > > >>
> > > >>    ProxyPassMatch ^(/images/.*)$ !
> > > >>    proxyPass /content   ajp://127.0.0.1:8009/content
> > > >>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > > >>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > > >>    #proxyPass /        ajp://127.0.0.1:8009/
> > > >>
> > > >>    RewriteEngine On
> > > >>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > > >>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > > >>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > > >> </VirtualHost>
> > > >>
> > >
> >
> --------------------------------------------------------------------------
> > > >>
> > > >> Here the matching SSL (port 443) apache config:
> > > >>
> ----------------------------------------------------------------------
> > > >> <IfModule mod_ssl.c>
> > > >> <VirtualHost *:443>
> > > >>        ServerName example.com
> > > >>        ServerAdmin [hidden email]
> > > >>
> > > >>        ProxyRequests Off
> > > >>        ProxyPreserveHost On
> > > >>        ProxyPassMatch ^(/images/.*)$ !
> > > >>        proxyPass /content   ajp://127.0.0.1:8009/content
> > > >>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > > >>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > > >>        #proxyPass /        ajp://127.0.0.1:8009/
> > > >>
> > > >>        RewriteEngine On
> > > >>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > > >>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > > >>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > > >>
> > > >>        #   SSL Engine Switch:
> > > >>        #   Enable/Disable SSL for this virtual host.
> > > >>        SSLEngine on
> > > >>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
> > > >>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > > >>
> > > >>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > > >>                SSLOptions +StdEnvVars
> > > >>        </FilesMatch>
> > > >>        <Directory /usr/lib/cgi-bin>
> > > >>                SSLOptions +StdEnvVars
> > > >>        </Directory>
> > > >>
> > > >>        BrowserMatch "MSIE [2-6]" \
> > > >>                nokeepalive ssl-unclean-shutdown \
> > > >>                downgrade-1.0 force-response-1.0
> > > >>        # MSIE 7 and newer should be able to use keepalive
> > > >>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > > >> </VirtualHost>
> > > >> </IfModule>
> > > >>
> ----------------------------------------------------------------------
> > > >>
> > > >> If you decide that you don't care about locking out /catalog and
> other
> > > >> admin stuff, just use the:
> > > >>
> > > >> proxyPass /        ajp://127.0.0.1:8009/
> > > >>
> > > >> And comment out the other proxy statements.
> > > >>
> > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > > [hidden email]
> > > >> >wrote:
> > > >>
> > > >> > Hi,
> > > >> >
> > > >> > I am developing an ecommerce store using ofbiz, can be found here
> > > >> >
> > > >> > http://www.simbacart.com
> > > >> >
> > > >> >
> > > >> > The production system is a Unix box, running apache server and
> then
> > > >> Ofbiz
> > > >> > as a service.
> > > >> >
> > > >> > My question to you is, how to map the 80 port of prod server with
> > the
> > > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > > >> >
> > > >> > I was able to map the 80 port by making an entry into the IP table
> > of
> > > >> the
> > > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > > >> >
> > > >> > http://www.simbacart.com
> > > >> >
> > > >> > Above mentioned is the store in conversation.
> > > >> >
> > > >> > Now, here's the problem, till 80 port it is fine, but when it
> comes
> > to
> > > >> 8443
> > > >> > this is the kind of URL I get.
> > > >> >
> > > >> >
> > > >> >
> > > >>
> > >
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > > >> >
> > > >> > Notice the 8443 in the url.
> > > >> > This url came when I used the tag
> > <@ofbizUrl>/newcustomer</@ofbizUrl>.
> > > >> >
> > > >> > Can you please help me out in setting up this, I'd really
> appreciate
> > > it.
> > > >> >
> > > >> > --
> > > >> > Mandeep Singh Sidhu
> > > >> >
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > Mandeep Singh Sidhu
> > > >
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> > > --
> > > Thanks,
> > > Deepak Agarwal,
> > >
> > > Paxcel Technologies Pvt Ltd.
> > > Hartron Complex, Sector 18, Gurgaon, India.
> > > E-Mail: [hidden email]
> > > Mobile: +91 9910322604
> > >
> > >
> >
>
>
>
> --
> Mandeep Singh Sidhu
>
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Mike Z
In reply to this post by Mandeep Sidhu
I just checked mine:  It looks like I'm still listening in on 8080 and 8443:

root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN
java    18326 ofbiz    6u  IPv4     508592      0t0     TCP localhost:10523
(LISTEN)
java    18326 ofbiz  114u  IPv4     508688      0t0     TCP *:1099 (LISTEN)
java    18326 ofbiz  297u  IPv4     509471      0t0     TCP *:8080 (LISTEN)
java    18326 ofbiz  300u  IPv4     509483      0t0     TCP *:8443 (LISTEN)
java    18326 ofbiz  302u  IPv4     508690      0t0     TCP *:52139 (LISTEN)
java    18326 ofbiz  361u  IPv4     509537      0t0     TCP *:8009 (LISTEN)

So, I don't think you need to mess with ofbiz-containers.  Regarding the
other ports, I'm behind a firewall, and I'm fronted by apache via AJP
(8009).

On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <[hidden email]>wrote:

> One quick q here Mike, the configuration you shared with me worked fine.
>
> However I still see the port 8443 and 8080 on my website, this happens when
> the user clicks on any link which is generated using <@ofbizurl>.
>
> Any idea, as to how do I get rid of these port numbers appended to the url.
>
> I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> file, but after doing that, the webtools link on https stopped working.
>
> Any help is much appreciated.
>
> Thanks and regards,
> Mandeep Sidhu
>
> On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <[hidden email]
> >wrote:
>
> > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > going for mod_jk now, will keep you posted.
> >
> > Thanks a ton everybody :)
> >
> > Cheers,
> > Mandeep
> >
> >
> > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote:
> >
> >> Mandeep.  Nice looking site.
> >>
> >> Regarding your issue, you REALLY want to use apache using mod_jk in
> front
> >> of ofbiz.  Here is why:
> >>
> >> 1) You can offload the processing of images to apache (less load on
> ofbiz)
> >> 2) You can easily set cache timeouts for images, css, and other static
> >> content.
> >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> >> using
> >> ofbiz
> >> 4) It is easier to offload SSL certificate management to apache
> >> 5) You can setup gzip compression (DEFLATE)
> >> 6) You can load balance to multiple instances of ofbiz via apache
> mod-jk.
> >> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the same.
> >> 8) Most Important:  You can add security to your site by locking out
> admin
> >> links.
> >>
> >> Regarding #8.  If you are running an ecommerce site, you DON'T want
> people
> >> from the internet to even attempt to gain access (i.e. login as 'admin'
> to
> >> 'catalog').  Do you think amazon.com allows 'admin' login to the
> backend
> >> from their main site?  Absurd to even ask.  This is basic internet
> >> security.
> >>
> >> Instead, have front-end machines that serve ecommerce, and have back-end
> >> machines that allows access to /catalog, etc. via a VPN, or a local
> >> subnet.
> >>
> >> I have found that this setup runs faster, and you have more flexibility.
> >>
> >> Here is a sample apache (port 80) configuration file:
> >>
> --------------------------------------------------------------------------
> >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> >> DocumentRoot /var/www/
> >> <Directory />
> >>   Options FollowSymLinks
> >>   AllowOverride None
> >> </Directory>
> >> <Directory /var/www/>
> >>   Options FollowSymLinks MultiViews
> >>   AllowOverride None
> >>   Order allow,deny
> >>   allow from all
> >> </Directory>
> >>
> >> ExpiresActive On
> >> #ExpiresByType text/html "access plus 1 day"
> >> ExpiresByType text/css "access plus 1 day"
> >> ExpiresByType text/javascript "access plus 1 day"
> >> ExpiresByType image/gif "access plus 1 week"
> >> ExpiresByType image/jpeg "access plus 1 week"
> >> ExpiresByType image/png "access plus 1 week"
> >> ExpiresByType image/bmp "access plus 1 week"
> >> ExpiresByType application/x-javascript "access plus 1 day"
> >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> >>
> >> ProxyRequests Off
> >> <Proxy *>
> >>        AddDefaultCharset off
> >>        Order deny,allow
> >>        Allow from all
> >> </Proxy>
> >>
> >> ProxyVia On
> >>
> >> NameVirtualHost *:80
> >>
> >> <VirtualHost *:80>
> >>    #   General setup for the virtual host.
> >>    ServerName example.com
> >>    ServerAdmin [hidden email]
> >>    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
> >> application/x-javascript text/javascript text/x-js application/json
> >> application/xml application/javascript
> >>    BrowserMatch ^Mozilla/4 gzip-only-text/html
> >>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
> >>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> >>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> >>
> >>    ProxyRequests Off
> >>    ProxyPreserveHost On
> >>
> >>    ProxyPassMatch ^(/images/.*)$ !
> >>    proxyPass /content   ajp://127.0.0.1:8009/content
> >>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> >>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> >>    #proxyPass /        ajp://127.0.0.1:8009/
> >>
> >>    RewriteEngine On
> >>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> >>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> >>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> >> </VirtualHost>
> >>
> --------------------------------------------------------------------------
> >>
> >> Here the matching SSL (port 443) apache config:
> >> ----------------------------------------------------------------------
> >> <IfModule mod_ssl.c>
> >> <VirtualHost *:443>
> >>        ServerName example.com
> >>        ServerAdmin [hidden email]
> >>
> >>        ProxyRequests Off
> >>        ProxyPreserveHost On
> >>        ProxyPassMatch ^(/images/.*)$ !
> >>        proxyPass /content   ajp://127.0.0.1:8009/content
> >>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> >>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> >>        #proxyPass /        ajp://127.0.0.1:8009/
> >>
> >>        RewriteEngine On
> >>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> >>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> >>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> >>
> >>        #   SSL Engine Switch:
> >>        #   Enable/Disable SSL for this virtual host.
> >>        SSLEngine on
> >>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
> >>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
> >>
> >>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
> >>                SSLOptions +StdEnvVars
> >>        </FilesMatch>
> >>        <Directory /usr/lib/cgi-bin>
> >>                SSLOptions +StdEnvVars
> >>        </Directory>
> >>
> >>        BrowserMatch "MSIE [2-6]" \
> >>                nokeepalive ssl-unclean-shutdown \
> >>                downgrade-1.0 force-response-1.0
> >>        # MSIE 7 and newer should be able to use keepalive
> >>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> >> </VirtualHost>
> >> </IfModule>
> >> ----------------------------------------------------------------------
> >>
> >> If you decide that you don't care about locking out /catalog and other
> >> admin stuff, just use the:
> >>
> >> proxyPass /        ajp://127.0.0.1:8009/
> >>
> >> And comment out the other proxy statements.
> >>
> >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> [hidden email]
> >> >wrote:
> >>
> >> > Hi,
> >> >
> >> > I am developing an ecommerce store using ofbiz, can be found here
> >> >
> >> > http://www.simbacart.com
> >> >
> >> >
> >> > The production system is a Unix box, running apache server and then
> >> Ofbiz
> >> > as a service.
> >> >
> >> > My question to you is, how to map the 80 port of prod server with the
> >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> >> >
> >> > I was able to map the 80 port by making an entry into the IP table of
> >> the
> >> > Unix system thereby forwarding requests from 80 port to 8080.
> >> >
> >> > http://www.simbacart.com
> >> >
> >> > Above mentioned is the store in conversation.
> >> >
> >> > Now, here's the problem, till 80 port it is fine, but when it comes to
> >> 8443
> >> > this is the kind of URL I get.
> >> >
> >> >
> >> >
> >>
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> >> >
> >> > Notice the 8443 in the url.
> >> > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>.
> >> >
> >> > Can you please help me out in setting up this, I'd really appreciate
> it.
> >> >
> >> > --
> >> > Mandeep Singh Sidhu
> >> >
> >>
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
>
>
>
> --
> Mandeep Singh Sidhu
>
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Mandeep Sidhu
So what exact change will remove the 8080 and 8443 from the url that's
generated when I user <@ofbizurl> tag to render a url??
I mean, instead of
https://www.example.com:8443/control/newcustomer

I'd require something like
https://www.example.com/control/newcustomer

how can I achieve that in production.

On Mon, Jun 4, 2012 at 3:55 AM, Mike <[hidden email]> wrote:

> I just checked mine:  It looks like I'm still listening in on 8080 and
> 8443:
>
> root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN
> java    18326 ofbiz    6u  IPv4     508592      0t0     TCP localhost:10523
> (LISTEN)
> java    18326 ofbiz  114u  IPv4     508688      0t0     TCP *:1099 (LISTEN)
> java    18326 ofbiz  297u  IPv4     509471      0t0     TCP *:8080 (LISTEN)
> java    18326 ofbiz  300u  IPv4     509483      0t0     TCP *:8443 (LISTEN)
> java    18326 ofbiz  302u  IPv4     508690      0t0     TCP *:52139
> (LISTEN)
> java    18326 ofbiz  361u  IPv4     509537      0t0     TCP *:8009 (LISTEN)
>
> So, I don't think you need to mess with ofbiz-containers.  Regarding the
> other ports, I'm behind a firewall, and I'm fronted by apache via AJP
> (8009).
>
> On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <[hidden email]
> >wrote:
>
> > One quick q here Mike, the configuration you shared with me worked fine.
> >
> > However I still see the port 8443 and 8080 on my website, this happens
> when
> > the user clicks on any link which is generated using <@ofbizurl>.
> >
> > Any idea, as to how do I get rid of these port numbers appended to the
> url.
> >
> > I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> > file, but after doing that, the webtools link on https stopped working.
> >
> > Any help is much appreciated.
> >
> > Thanks and regards,
> > Mandeep Sidhu
> >
> > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> [hidden email]
> > >wrote:
> >
> > > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > > going for mod_jk now, will keep you posted.
> > >
> > > Thanks a ton everybody :)
> > >
> > > Cheers,
> > > Mandeep
> > >
> > >
> > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote:
> > >
> > >> Mandeep.  Nice looking site.
> > >>
> > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > front
> > >> of ofbiz.  Here is why:
> > >>
> > >> 1) You can offload the processing of images to apache (less load on
> > ofbiz)
> > >> 2) You can easily set cache timeouts for images, css, and other static
> > >> content.
> > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> > >> using
> > >> ofbiz
> > >> 4) It is easier to offload SSL certificate management to apache
> > >> 5) You can setup gzip compression (DEFLATE)
> > >> 6) You can load balance to multiple instances of ofbiz via apache
> > mod-jk.
> > >> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the
> same.
> > >> 8) Most Important:  You can add security to your site by locking out
> > admin
> > >> links.
> > >>
> > >> Regarding #8.  If you are running an ecommerce site, you DON'T want
> > people
> > >> from the internet to even attempt to gain access (i.e. login as
> 'admin'
> > to
> > >> 'catalog').  Do you think amazon.com allows 'admin' login to the
> > backend
> > >> from their main site?  Absurd to even ask.  This is basic internet
> > >> security.
> > >>
> > >> Instead, have front-end machines that serve ecommerce, and have
> back-end
> > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > >> subnet.
> > >>
> > >> I have found that this setup runs faster, and you have more
> flexibility.
> > >>
> > >> Here is a sample apache (port 80) configuration file:
> > >>
> >
> --------------------------------------------------------------------------
> > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > >> DocumentRoot /var/www/
> > >> <Directory />
> > >>   Options FollowSymLinks
> > >>   AllowOverride None
> > >> </Directory>
> > >> <Directory /var/www/>
> > >>   Options FollowSymLinks MultiViews
> > >>   AllowOverride None
> > >>   Order allow,deny
> > >>   allow from all
> > >> </Directory>
> > >>
> > >> ExpiresActive On
> > >> #ExpiresByType text/html "access plus 1 day"
> > >> ExpiresByType text/css "access plus 1 day"
> > >> ExpiresByType text/javascript "access plus 1 day"
> > >> ExpiresByType image/gif "access plus 1 week"
> > >> ExpiresByType image/jpeg "access plus 1 week"
> > >> ExpiresByType image/png "access plus 1 week"
> > >> ExpiresByType image/bmp "access plus 1 week"
> > >> ExpiresByType application/x-javascript "access plus 1 day"
> > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > >>
> > >> ProxyRequests Off
> > >> <Proxy *>
> > >>        AddDefaultCharset off
> > >>        Order deny,allow
> > >>        Allow from all
> > >> </Proxy>
> > >>
> > >> ProxyVia On
> > >>
> > >> NameVirtualHost *:80
> > >>
> > >> <VirtualHost *:80>
> > >>    #   General setup for the virtual host.
> > >>    ServerName example.com
> > >>    ServerAdmin [hidden email]
> > >>    AddOutputFilterByType DEFLATE text/html text/plain text/xml
> text/css
> > >> application/x-javascript text/javascript text/x-js application/json
> > >> application/xml application/javascript
> > >>    BrowserMatch ^Mozilla/4 gzip-only-text/html
> > >>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > >>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > >>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > >>
> > >>    ProxyRequests Off
> > >>    ProxyPreserveHost On
> > >>
> > >>    ProxyPassMatch ^(/images/.*)$ !
> > >>    proxyPass /content   ajp://127.0.0.1:8009/content
> > >>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >>    #proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >>    RewriteEngine On
> > >>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >> </VirtualHost>
> > >>
> >
> --------------------------------------------------------------------------
> > >>
> > >> Here the matching SSL (port 443) apache config:
> > >> ----------------------------------------------------------------------
> > >> <IfModule mod_ssl.c>
> > >> <VirtualHost *:443>
> > >>        ServerName example.com
> > >>        ServerAdmin [hidden email]
> > >>
> > >>        ProxyRequests Off
> > >>        ProxyPreserveHost On
> > >>        ProxyPassMatch ^(/images/.*)$ !
> > >>        proxyPass /content   ajp://127.0.0.1:8009/content
> > >>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >>        #proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >>        RewriteEngine On
> > >>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >>
> > >>        #   SSL Engine Switch:
> > >>        #   Enable/Disable SSL for this virtual host.
> > >>        SSLEngine on
> > >>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
> > >>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > >>
> > >>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > >>                SSLOptions +StdEnvVars
> > >>        </FilesMatch>
> > >>        <Directory /usr/lib/cgi-bin>
> > >>                SSLOptions +StdEnvVars
> > >>        </Directory>
> > >>
> > >>        BrowserMatch "MSIE [2-6]" \
> > >>                nokeepalive ssl-unclean-shutdown \
> > >>                downgrade-1.0 force-response-1.0
> > >>        # MSIE 7 and newer should be able to use keepalive
> > >>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > >> </VirtualHost>
> > >> </IfModule>
> > >> ----------------------------------------------------------------------
> > >>
> > >> If you decide that you don't care about locking out /catalog and other
> > >> admin stuff, just use the:
> > >>
> > >> proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >> And comment out the other proxy statements.
> > >>
> > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > [hidden email]
> > >> >wrote:
> > >>
> > >> > Hi,
> > >> >
> > >> > I am developing an ecommerce store using ofbiz, can be found here
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> >
> > >> > The production system is a Unix box, running apache server and then
> > >> Ofbiz
> > >> > as a service.
> > >> >
> > >> > My question to you is, how to map the 80 port of prod server with
> the
> > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > >> >
> > >> > I was able to map the 80 port by making an entry into the IP table
> of
> > >> the
> > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> > Above mentioned is the store in conversation.
> > >> >
> > >> > Now, here's the problem, till 80 port it is fine, but when it comes
> to
> > >> 8443
> > >> > this is the kind of URL I get.
> > >> >
> > >> >
> > >> >
> > >>
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > >> >
> > >> > Notice the 8443 in the url.
> > >> > This url came when I used the tag
> <@ofbizUrl>/newcustomer</@ofbizUrl>.
> > >> >
> > >> > Can you please help me out in setting up this, I'd really appreciate
> > it.
> > >> >
> > >> > --
> > >> > Mandeep Singh Sidhu
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
>



--
Mandeep Singh Sidhu
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Mike Z
Just comment out the 8080 and 8443 lines out of url.properties, and restart. You still need the https line (see my example).  

Sent via BlackBerry by AT&T

-----Original Message-----
From: Mandeep Sidhu <[hidden email]>
Date: Mon, 4 Jun 2012 07:43:01
To: <[hidden email]>
Reply-To: [hidden email]
Subject: Re: Removing port number from the url in production setup

So what exact change will remove the 8080 and 8443 from the url that's
generated when I user <@ofbizurl> tag to render a url??
I mean, instead of
https://www.example.com:8443/control/newcustomer

I'd require something like
https://www.example.com/control/newcustomer

how can I achieve that in production.

On Mon, Jun 4, 2012 at 3:55 AM, Mike <[hidden email]> wrote:

> I just checked mine:  It looks like I'm still listening in on 8080 and
> 8443:
>
> root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN
> java    18326 ofbiz    6u  IPv4     508592      0t0     TCP localhost:10523
> (LISTEN)
> java    18326 ofbiz  114u  IPv4     508688      0t0     TCP *:1099 (LISTEN)
> java    18326 ofbiz  297u  IPv4     509471      0t0     TCP *:8080 (LISTEN)
> java    18326 ofbiz  300u  IPv4     509483      0t0     TCP *:8443 (LISTEN)
> java    18326 ofbiz  302u  IPv4     508690      0t0     TCP *:52139
> (LISTEN)
> java    18326 ofbiz  361u  IPv4     509537      0t0     TCP *:8009 (LISTEN)
>
> So, I don't think you need to mess with ofbiz-containers.  Regarding the
> other ports, I'm behind a firewall, and I'm fronted by apache via AJP
> (8009).
>
> On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <[hidden email]
> >wrote:
>
> > One quick q here Mike, the configuration you shared with me worked fine.
> >
> > However I still see the port 8443 and 8080 on my website, this happens
> when
> > the user clicks on any link which is generated using <@ofbizurl>.
> >
> > Any idea, as to how do I get rid of these port numbers appended to the
> url.
> >
> > I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> > file, but after doing that, the webtools link on https stopped working.
> >
> > Any help is much appreciated.
> >
> > Thanks and regards,
> > Mandeep Sidhu
> >
> > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> [hidden email]
> > >wrote:
> >
> > > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > > going for mod_jk now, will keep you posted.
> > >
> > > Thanks a ton everybody :)
> > >
> > > Cheers,
> > > Mandeep
> > >
> > >
> > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote:
> > >
> > >> Mandeep.  Nice looking site.
> > >>
> > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > front
> > >> of ofbiz.  Here is why:
> > >>
> > >> 1) You can offload the processing of images to apache (less load on
> > ofbiz)
> > >> 2) You can easily set cache timeouts for images, css, and other static
> > >> content.
> > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> > >> using
> > >> ofbiz
> > >> 4) It is easier to offload SSL certificate management to apache
> > >> 5) You can setup gzip compression (DEFLATE)
> > >> 6) You can load balance to multiple instances of ofbiz via apache
> > mod-jk.
> > >> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the
> same.
> > >> 8) Most Important:  You can add security to your site by locking out
> > admin
> > >> links.
> > >>
> > >> Regarding #8.  If you are running an ecommerce site, you DON'T want
> > people
> > >> from the internet to even attempt to gain access (i.e. login as
> 'admin'
> > to
> > >> 'catalog').  Do you think amazon.com allows 'admin' login to the
> > backend
> > >> from their main site?  Absurd to even ask.  This is basic internet
> > >> security.
> > >>
> > >> Instead, have front-end machines that serve ecommerce, and have
> back-end
> > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > >> subnet.
> > >>
> > >> I have found that this setup runs faster, and you have more
> flexibility.
> > >>
> > >> Here is a sample apache (port 80) configuration file:
> > >>
> >
> --------------------------------------------------------------------------
> > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > >> DocumentRoot /var/www/
> > >> <Directory />
> > >>   Options FollowSymLinks
> > >>   AllowOverride None
> > >> </Directory>
> > >> <Directory /var/www/>
> > >>   Options FollowSymLinks MultiViews
> > >>   AllowOverride None
> > >>   Order allow,deny
> > >>   allow from all
> > >> </Directory>
> > >>
> > >> ExpiresActive On
> > >> #ExpiresByType text/html "access plus 1 day"
> > >> ExpiresByType text/css "access plus 1 day"
> > >> ExpiresByType text/javascript "access plus 1 day"
> > >> ExpiresByType image/gif "access plus 1 week"
> > >> ExpiresByType image/jpeg "access plus 1 week"
> > >> ExpiresByType image/png "access plus 1 week"
> > >> ExpiresByType image/bmp "access plus 1 week"
> > >> ExpiresByType application/x-javascript "access plus 1 day"
> > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > >>
> > >> ProxyRequests Off
> > >> <Proxy *>
> > >>        AddDefaultCharset off
> > >>        Order deny,allow
> > >>        Allow from all
> > >> </Proxy>
> > >>
> > >> ProxyVia On
> > >>
> > >> NameVirtualHost *:80
> > >>
> > >> <VirtualHost *:80>
> > >>    #   General setup for the virtual host.
> > >>    ServerName example.com
> > >>    ServerAdmin [hidden email]
> > >>    AddOutputFilterByType DEFLATE text/html text/plain text/xml
> text/css
> > >> application/x-javascript text/javascript text/x-js application/json
> > >> application/xml application/javascript
> > >>    BrowserMatch ^Mozilla/4 gzip-only-text/html
> > >>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > >>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > >>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > >>
> > >>    ProxyRequests Off
> > >>    ProxyPreserveHost On
> > >>
> > >>    ProxyPassMatch ^(/images/.*)$ !
> > >>    proxyPass /content   ajp://127.0.0.1:8009/content
> > >>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >>    #proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >>    RewriteEngine On
> > >>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >> </VirtualHost>
> > >>
> >
> --------------------------------------------------------------------------
> > >>
> > >> Here the matching SSL (port 443) apache config:
> > >> ----------------------------------------------------------------------
> > >> <IfModule mod_ssl.c>
> > >> <VirtualHost *:443>
> > >>        ServerName example.com
> > >>        ServerAdmin [hidden email]
> > >>
> > >>        ProxyRequests Off
> > >>        ProxyPreserveHost On
> > >>        ProxyPassMatch ^(/images/.*)$ !
> > >>        proxyPass /content   ajp://127.0.0.1:8009/content
> > >>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >>        #proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >>        RewriteEngine On
> > >>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >>
> > >>        #   SSL Engine Switch:
> > >>        #   Enable/Disable SSL for this virtual host.
> > >>        SSLEngine on
> > >>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
> > >>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > >>
> > >>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > >>                SSLOptions +StdEnvVars
> > >>        </FilesMatch>
> > >>        <Directory /usr/lib/cgi-bin>
> > >>                SSLOptions +StdEnvVars
> > >>        </Directory>
> > >>
> > >>        BrowserMatch "MSIE [2-6]" \
> > >>                nokeepalive ssl-unclean-shutdown \
> > >>                downgrade-1.0 force-response-1.0
> > >>        # MSIE 7 and newer should be able to use keepalive
> > >>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > >> </VirtualHost>
> > >> </IfModule>
> > >> ----------------------------------------------------------------------
> > >>
> > >> If you decide that you don't care about locking out /catalog and other
> > >> admin stuff, just use the:
> > >>
> > >> proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >> And comment out the other proxy statements.
> > >>
> > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > [hidden email]
> > >> >wrote:
> > >>
> > >> > Hi,
> > >> >
> > >> > I am developing an ecommerce store using ofbiz, can be found here
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> >
> > >> > The production system is a Unix box, running apache server and then
> > >> Ofbiz
> > >> > as a service.
> > >> >
> > >> > My question to you is, how to map the 80 port of prod server with
> the
> > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > >> >
> > >> > I was able to map the 80 port by making an entry into the IP table
> of
> > >> the
> > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> > Above mentioned is the store in conversation.
> > >> >
> > >> > Now, here's the problem, till 80 port it is fine, but when it comes
> to
> > >> 8443
> > >> > this is the kind of URL I get.
> > >> >
> > >> >
> > >> >
> > >>
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > >> >
> > >> > Notice the 8443 in the url.
> > >> > This url came when I used the tag
> <@ofbizUrl>/newcustomer</@ofbizUrl>.
> > >> >
> > >> > Can you please help me out in setting up this, I'd really appreciate
> > it.
> > >> >
> > >> > --
> > >> > Mandeep Singh Sidhu
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
>



--
Mandeep Singh Sidhu

Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Mandeep Sidhu
Perfect, that worked for me, thanks a ton Mike :)

On Mon, Jun 4, 2012 at 7:55 AM, <[hidden email]> wrote:

> Just comment out the 8080 and 8443 lines out of url.properties, and
> restart. You still need the https line (see my example).
>
> Sent via BlackBerry by AT&T
>
> -----Original Message-----
> From: Mandeep Sidhu <[hidden email]>
> Date: Mon, 4 Jun 2012 07:43:01
> To: <[hidden email]>
> Reply-To: [hidden email]
> Subject: Re: Removing port number from the url in production setup
>
> So what exact change will remove the 8080 and 8443 from the url that's
> generated when I user <@ofbizurl> tag to render a url??
> I mean, instead of
> https://www.example.com:8443/control/newcustomer
>
> I'd require something like
> https://www.example.com/control/newcustomer
>
> how can I achieve that in production.
>
> On Mon, Jun 4, 2012 at 3:55 AM, Mike <[hidden email]> wrote:
>
> > I just checked mine:  It looks like I'm still listening in on 8080 and
> > 8443:
> >
> > root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN
> > java    18326 ofbiz    6u  IPv4     508592      0t0     TCP
> localhost:10523
> > (LISTEN)
> > java    18326 ofbiz  114u  IPv4     508688      0t0     TCP *:1099
> (LISTEN)
> > java    18326 ofbiz  297u  IPv4     509471      0t0     TCP *:8080
> (LISTEN)
> > java    18326 ofbiz  300u  IPv4     509483      0t0     TCP *:8443
> (LISTEN)
> > java    18326 ofbiz  302u  IPv4     508690      0t0     TCP *:52139
> > (LISTEN)
> > java    18326 ofbiz  361u  IPv4     509537      0t0     TCP *:8009
> (LISTEN)
> >
> > So, I don't think you need to mess with ofbiz-containers.  Regarding the
> > other ports, I'm behind a firewall, and I'm fronted by apache via AJP
> > (8009).
> >
> > On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <
> [hidden email]
> > >wrote:
> >
> > > One quick q here Mike, the configuration you shared with me worked
> fine.
> > >
> > > However I still see the port 8443 and 8080 on my website, this happens
> > when
> > > the user clicks on any link which is generated using <@ofbizurl>.
> > >
> > > Any idea, as to how do I get rid of these port numbers appended to the
> > url.
> > >
> > > I tried removing entry 8443 from ofbiz-containers.xml and
> url.properties
> > > file, but after doing that, the webtools link on https stopped working.
> > >
> > > Any help is much appreciated.
> > >
> > > Thanks and regards,
> > > Mandeep Sidhu
> > >
> > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> > [hidden email]
> > > >wrote:
> > >
> > > > Excellent, Thanks Mike for such a detailed explanation, definitely I
> am
> > > > going for mod_jk now, will keep you posted.
> > > >
> > > > Thanks a ton everybody :)
> > > >
> > > > Cheers,
> > > > Mandeep
> > > >
> > > >
> > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[hidden email]> wrote:
> > > >
> > > >> Mandeep.  Nice looking site.
> > > >>
> > > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > > front
> > > >> of ofbiz.  Here is why:
> > > >>
> > > >> 1) You can offload the processing of images to apache (less load on
> > > ofbiz)
> > > >> 2) You can easily set cache timeouts for images, css, and other
> static
> > > >> content.
> > > >> 3) You can easily add a normal HTML static pages (/static/*.html)
> w/o
> > > >> using
> > > >> ofbiz
> > > >> 4) It is easier to offload SSL certificate management to apache
> > > >> 5) You can setup gzip compression (DEFLATE)
> > > >> 6) You can load balance to multiple instances of ofbiz via apache
> > > mod-jk.
> > > >> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the
> > same.
> > > >> 8) Most Important:  You can add security to your site by locking out
> > > admin
> > > >> links.
> > > >>
> > > >> Regarding #8.  If you are running an ecommerce site, you DON'T want
> > > people
> > > >> from the internet to even attempt to gain access (i.e. login as
> > 'admin'
> > > to
> > > >> 'catalog').  Do you think amazon.com allows 'admin' login to the
> > > backend
> > > >> from their main site?  Absurd to even ask.  This is basic internet
> > > >> security.
> > > >>
> > > >> Instead, have front-end machines that serve ecommerce, and have
> > back-end
> > > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > > >> subnet.
> > > >>
> > > >> I have found that this setup runs faster, and you have more
> > flexibility.
> > > >>
> > > >> Here is a sample apache (port 80) configuration file:
> > > >>
> > >
> >
> --------------------------------------------------------------------------
> > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > > >> DocumentRoot /var/www/
> > > >> <Directory />
> > > >>   Options FollowSymLinks
> > > >>   AllowOverride None
> > > >> </Directory>
> > > >> <Directory /var/www/>
> > > >>   Options FollowSymLinks MultiViews
> > > >>   AllowOverride None
> > > >>   Order allow,deny
> > > >>   allow from all
> > > >> </Directory>
> > > >>
> > > >> ExpiresActive On
> > > >> #ExpiresByType text/html "access plus 1 day"
> > > >> ExpiresByType text/css "access plus 1 day"
> > > >> ExpiresByType text/javascript "access plus 1 day"
> > > >> ExpiresByType image/gif "access plus 1 week"
> > > >> ExpiresByType image/jpeg "access plus 1 week"
> > > >> ExpiresByType image/png "access plus 1 week"
> > > >> ExpiresByType image/bmp "access plus 1 week"
> > > >> ExpiresByType application/x-javascript "access plus 1 day"
> > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > > >>
> > > >> ProxyRequests Off
> > > >> <Proxy *>
> > > >>        AddDefaultCharset off
> > > >>        Order deny,allow
> > > >>        Allow from all
> > > >> </Proxy>
> > > >>
> > > >> ProxyVia On
> > > >>
> > > >> NameVirtualHost *:80
> > > >>
> > > >> <VirtualHost *:80>
> > > >>    #   General setup for the virtual host.
> > > >>    ServerName example.com
> > > >>    ServerAdmin [hidden email]
> > > >>    AddOutputFilterByType DEFLATE text/html text/plain text/xml
> > text/css
> > > >> application/x-javascript text/javascript text/x-js application/json
> > > >> application/xml application/javascript
> > > >>    BrowserMatch ^Mozilla/4 gzip-only-text/html
> > > >>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > > >>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > > >>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > > >>
> > > >>    ProxyRequests Off
> > > >>    ProxyPreserveHost On
> > > >>
> > > >>    ProxyPassMatch ^(/images/.*)$ !
> > > >>    proxyPass /content   ajp://127.0.0.1:8009/content
> > > >>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > > >>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > > >>    #proxyPass /        ajp://127.0.0.1:8009/
> > > >>
> > > >>    RewriteEngine On
> > > >>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > > >>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > > >>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > > >> </VirtualHost>
> > > >>
> > >
> >
> --------------------------------------------------------------------------
> > > >>
> > > >> Here the matching SSL (port 443) apache config:
> > > >>
> ----------------------------------------------------------------------
> > > >> <IfModule mod_ssl.c>
> > > >> <VirtualHost *:443>
> > > >>        ServerName example.com
> > > >>        ServerAdmin [hidden email]
> > > >>
> > > >>        ProxyRequests Off
> > > >>        ProxyPreserveHost On
> > > >>        ProxyPassMatch ^(/images/.*)$ !
> > > >>        proxyPass /content   ajp://127.0.0.1:8009/content
> > > >>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > > >>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > > >>        #proxyPass /        ajp://127.0.0.1:8009/
> > > >>
> > > >>        RewriteEngine On
> > > >>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > > >>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > > >>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > > >>
> > > >>        #   SSL Engine Switch:
> > > >>        #   Enable/Disable SSL for this virtual host.
> > > >>        SSLEngine on
> > > >>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
> > > >>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > > >>
> > > >>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > > >>                SSLOptions +StdEnvVars
> > > >>        </FilesMatch>
> > > >>        <Directory /usr/lib/cgi-bin>
> > > >>                SSLOptions +StdEnvVars
> > > >>        </Directory>
> > > >>
> > > >>        BrowserMatch "MSIE [2-6]" \
> > > >>                nokeepalive ssl-unclean-shutdown \
> > > >>                downgrade-1.0 force-response-1.0
> > > >>        # MSIE 7 and newer should be able to use keepalive
> > > >>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > > >> </VirtualHost>
> > > >> </IfModule>
> > > >>
> ----------------------------------------------------------------------
> > > >>
> > > >> If you decide that you don't care about locking out /catalog and
> other
> > > >> admin stuff, just use the:
> > > >>
> > > >> proxyPass /        ajp://127.0.0.1:8009/
> > > >>
> > > >> And comment out the other proxy statements.
> > > >>
> > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > > [hidden email]
> > > >> >wrote:
> > > >>
> > > >> > Hi,
> > > >> >
> > > >> > I am developing an ecommerce store using ofbiz, can be found here
> > > >> >
> > > >> > http://www.simbacart.com
> > > >> >
> > > >> >
> > > >> > The production system is a Unix box, running apache server and
> then
> > > >> Ofbiz
> > > >> > as a service.
> > > >> >
> > > >> > My question to you is, how to map the 80 port of prod server with
> > the
> > > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > > >> >
> > > >> > I was able to map the 80 port by making an entry into the IP table
> > of
> > > >> the
> > > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > > >> >
> > > >> > http://www.simbacart.com
> > > >> >
> > > >> > Above mentioned is the store in conversation.
> > > >> >
> > > >> > Now, here's the problem, till 80 port it is fine, but when it
> comes
> > to
> > > >> 8443
> > > >> > this is the kind of URL I get.
> > > >> >
> > > >> >
> > > >> >
> > > >>
> > >
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > > >> >
> > > >> > Notice the 8443 in the url.
> > > >> > This url came when I used the tag
> > <@ofbizUrl>/newcustomer</@ofbizUrl>.
> > > >> >
> > > >> > Can you please help me out in setting up this, I'd really
> appreciate
> > > it.
> > > >> >
> > > >> > --
> > > >> > Mandeep Singh Sidhu
> > > >> >
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > Mandeep Singh Sidhu
> > > >
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> >
>
>
>
> --
> Mandeep Singh Sidhu
>
>


--
Mandeep Singh Sidhu
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

mrfitz
In reply to this post by Mike Z
Hi Mike Z,

Nube question..

I have this same situation but am Using windows7 not Linux as my server, where would I set up the "apache (port 80) configuration file", in windows?

Is it even possible?

Thanks
MrFitz


Mike Z wrote
Mandeep.  Nice looking site.

Regarding your issue, you REALLY want to use apache using mod_jk in front
of ofbiz.  Here is why:

1) You can offload the processing of images to apache (less load on ofbiz)
2) You can easily set cache timeouts for images, css, and other static
content.
3) You can easily add a normal HTML static pages (/static/*.html) w/o using
ofbiz
4) It is easier to offload SSL certificate management to apache
5) You can setup gzip compression (DEFLATE)
6) You can load balance to multiple instances of ofbiz via apache mod-jk.
7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the same.
8) Most Important:  You can add security to your site by locking out admin
links.

Regarding #8.  If you are running an ecommerce site, you DON'T want people
from the internet to even attempt to gain access (i.e. login as 'admin' to
'catalog').  Do you think amazon.com allows 'admin' login to the backend
from their main site?  Absurd to even ask.  This is basic internet security.

Instead, have front-end machines that serve ecommerce, and have back-end
machines that allows access to /catalog, etc. via a VPN, or a local subnet.

I have found that this setup runs faster, and you have more flexibility.

Here is a sample apache (port 80) configuration file:....
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Jacques Le Roux
Administrator
I don't want to RTFM, but really
from
https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Documentation+Index
Configuration Documents
https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Documentation+Index#OFBizDocumentationIndex-ConfigurationDocuments
Apache OFBiz Technical Production Setup Guide
https://cwiki.apache.org/confluence/display/OFBTECH/Apache+OFBiz+Technical+Production+Setup+Guide
URL and Port Settings
https://cwiki.apache.org/confluence/display/OFBTECH/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-URLandPortSettings
Apache OFBiz Business Setup Guide (for users)
https://cwiki.apache.org/confluence/display/OFBENDUSER/Apache+OFBiz+Business+Setup+Guide
WebSite Setup (ok this one is not obvious)
https://cwiki.apache.org/confluence/display/OFBENDUSER/Apache+OFBiz+Business+Setup+Guide#ApacheOFBizBusinessSetupGuide-WebSiteSetup

Is that so hard?

You can change in the Website associated with the ProductStore (80 and 443 are default HHTP/S port and will not show in URLs)
for instance https://demo-trunk.ofbiz.apache.org/content/control/EditWebSite?webSiteId=WebStore
You can also change in url.properties (all websites, the previous setting surcharges url.properties, or url.properties is a fallback
if you prefer)
This is a solution limited to 1 OFBiz instance

If you need more, and in most cases anyway, it's better to use a FrontEnd like Apache HTTPD
https://cwiki.apache.org/confluence/display/OFBIZ/FAQ+-+Tips+-+Tricks+-+Cookbook+-+HowTo#FAQ-Tips-Tricks-Cookbook-HowTo-ApacheHTTPD(ApacheWebserver)
HTTPD works also on Windows

BTW what is your situation now regarding http://markmail.org/message/c4neg7g2yu5wkxhi ?
Note: prefer Postgres under Mysql

Jacques

From: "mrfitz" <[hidden email]>

> Hi Mike Z,
>
> Nube question..
>
> I have this same situation but am Using windows7 not Linux as my server,
> where would I set up the "apache (port 80) configuration file", in windows?
>
> Is it even possible?
>
> Thanks
> MrFitz
>
>
>
> Mike Z wrote
>>
>> Mandeep.  Nice looking site.
>>
>> Regarding your issue, you REALLY want to use apache using mod_jk in front
>> of ofbiz.  Here is why:
>>
>> 1) You can offload the processing of images to apache (less load on ofbiz)
>> 2) You can easily set cache timeouts for images, css, and other static
>> content.
>> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
>> using
>> ofbiz
>> 4) It is easier to offload SSL certificate management to apache
>> 5) You can setup gzip compression (DEFLATE)
>> 6) You can load balance to multiple instances of ofbiz via apache mod-jk.
>> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the same.
>> 8) Most Important:  You can add security to your site by locking out admin
>> links.
>>
>> Regarding #8.  If you are running an ecommerce site, you DON'T want people
>> from the internet to even attempt to gain access (i.e. login as 'admin' to
>> 'catalog').  Do you think amazon.com allows 'admin' login to the backend
>> from their main site?  Absurd to even ask.  This is basic internet
>> security.
>>
>> Instead, have front-end machines that serve ecommerce, and have back-end
>> machines that allows access to /catalog, etc. via a VPN, or a local
>> subnet.
>>
>> I have found that this setup runs faster, and you have more flexibility.
>>
>> Here is a sample apache (port 80) configuration file:....
>>
>
>
> --
> View this message in context:
> http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634522.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

mrfitz
Hi Jacques,

I am a nube.  And I am sorry, but I have just about memorized every one of the documents you referenced.  I made the changes, but my url's still contain the port ie.. https://posintl.sytes.net:8443/catalog/control/EditProductStore

So, I'm a dummy, and can't quite get it figured out...



as far as..  

Jacques Le Roux wrote
BTW what is your situation now regarding http://markmail.org/message/c4neg7g2yu5wkxhi ?
Note: prefer Postgres under Mysql

Jacques
I haven't got it figured out yet.  I have reread all the applicable docs and posts, and it MIGHT be getting a little clearer.  I am able to connect to MySql.  But I need to get the other stuff figured out.

You mentioned "This is a solution limited to 1 OFBiz instance "  so that's probably not going to work for me in my long term plans.  I have been reading many posts that discuss using a single code base with multi tenants to provide a type of SAS config.  That's really what I want.

Thanks for being patient with the nube.  If you can point me to more info, I would appreciate it.  Once I get up to speed, I will be able to contribute training aids.

MrFitz
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Jacques Le Roux
Administrator
From: "mrfitz" <[hidden email]>
> Hi Jacques,
>
> I am a nube.  And I am sorry, but I have just about memorized every one of
> the documents you referenced.  I made the changes, but my url's still
> contain the port ie..
> https://posintl.sytes.net:8443/catalog/control/EditProductStore
>
> So, I'm a dummy, and can't quite get it figured out...

Ho I don't blame you, I got the same when I began. It was more a rant addressed to the whole audience...

This is not really an OFBiz issue. You should really try to use HTTPD as front end http://httpd.apache.org/. It's a bit more
involved at start, but not that much. And you will get great benefits on the long run
For your particular problem see http://pwu-developer.blogspot.fr/2011/04/securing-tomcat-with-apache-web-server.html

Also refer to the OFBiz FAQ link I sent you before, there are good tips there
BTW better keep the thread copied, text format is not abusing Internet mails
Sorry at the moment Confluence is done...

You may use rewrite rules to then change url you want when you want.
For rewrite rules, an internal alternative is to use Tuckey http://tuckey.org/urlrewrite/

HTH

Jacques

>
>
> as far as..
>
>
> Jacques Le Roux wrote
>>
>> BTW what is your situation now regarding
>> http://markmail.org/message/c4neg7g2yu5wkxhi ?
>> Note: prefer Postgres under Mysql
>>
>> Jacques
>>
>
> I haven't got it figured out yet.  I have reread all the applicable docs and
> posts, and it MIGHT be getting a little clearer.  I am able to connect to
> MySql.  But I need to get the other stuff figured out.
>
> You mentioned "This is a solution limited to 1 OFBiz instance "  so that's
> probably not going to work for me in my long term plans.  I have been
> reading many posts that discuss using a single code base with multi tenants
> to provide a type of SAS config.  That's really what I want.
>
> Thanks for being patient with the nube.  If you can point me to more info, I
> would appreciate it.  Once I get up to speed, I will be able to contribute
> training aids.
>
> MrFitz
>
>
> --
> View this message in context:
> http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634528.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|

Re: Removing port number from the url in production setup

Jacques Le Roux
Administrator
From: "Jacques Le Roux" <[hidden email]>

> From: "mrfitz" <[hidden email]>
>> Hi Jacques,
>>
>> I am a nube.  And I am sorry, but I have just about memorized every one of
>> the documents you referenced.  I made the changes, but my url's still
>> contain the port ie..
>> https://posintl.sytes.net:8443/catalog/control/EditProductStore
>>
>> So, I'm a dummy, and can't quite get it figured out...
>
> Ho I don't blame you, I got the same when I began. It was more a rant addressed to the whole audience...
>
> This is not really an OFBiz issue. You should really try to use HTTPD as front end http://httpd.apache.org/. It's a bit more
> involved at start, but not that much. And you will get great benefits on the long run
> For your particular problem see http://pwu-developer.blogspot.fr/2011/04/securing-tomcat-with-apache-web-server.html
>
> Also refer to the OFBiz FAQ link I sent you before, there are good tips there
> BTW better keep the thread copied, text format is not abusing Internet mails
> Sorry at the moment Confluence is done...

was "is gone", it's back since

Jacques
 

> You may use rewrite rules to then change url you want when you want.
> For rewrite rules, an internal alternative is to use Tuckey http://tuckey.org/urlrewrite/
>
> HTH
>
> Jacques
>
>>
>>
>> as far as..
>>
>>
>> Jacques Le Roux wrote
>>>
>>> BTW what is your situation now regarding
>>> http://markmail.org/message/c4neg7g2yu5wkxhi ?
>>> Note: prefer Postgres under Mysql
>>>
>>> Jacques
>>>
>>
>> I haven't got it figured out yet.  I have reread all the applicable docs and
>> posts, and it MIGHT be getting a little clearer.  I am able to connect to
>> MySql.  But I need to get the other stuff figured out.
>>
>> You mentioned "This is a solution limited to 1 OFBiz instance "  so that's
>> probably not going to work for me in my long term plans.  I have been
>> reading many posts that discuss using a single code base with multi tenants
>> to provide a type of SAS config.  That's really what I want.
>>
>> Thanks for being patient with the nube.  If you can point me to more info, I
>> would appreciate it.  Once I get up to speed, I will be able to contribute
>> training aids.
>>
>> MrFitz
>>
>>
>> --
>> View this message in context:
>> http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634528.html
>> Sent from the OFBiz - User mailing list archive at Nabble.com.