Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
Locked
Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
 
|
Hello, I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self
signed ssl cert which works correctly when not going through OFBiz. When I
click Login on OFBiz, I am presented with the OFBiz Test cert. 1. What did I miss in configuration that it is not getting
the ssl cert from Apache? 2. Should the OFBiz Test cert be somehow disabled for this? Thanks in advance, Vinay Agarwal _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
in the production setup manual it specifies where the cert is and the
configuration parms. remember ofbiz and the webserver it used are self contained. they do not access anything outside the ofbiz_home directory. Vinay Agarwal sent the following on 5/28/2006 6:17 PM: > Hello, > > > > I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self signed ssl > cert which works correctly when not going through OFBiz. When I click Login > on OFBiz, I am presented with the OFBiz Test cert. > > 1. What did I miss in configuration that it is not getting the ssl cert from > Apache? > > 2. Should the OFBiz Test cert be somehow disabled for this? > > > > Thanks in advance, > > Vinay Agarwal > > > > > > > ------------------------------------------------------------------------ > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
I want Apache httpd to handle SSL not Tomcat. The production setup guide SSL
is applicable for Tomcat based SSL. -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of BJ Freeman Sent: Sunday, May 28, 2006 7:48 PM To: OFBiz Users / Usage Discussion Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert? in the production setup manual it specifies where the cert is and the configuration parms. remember ofbiz and the webserver it used are self contained. they do not access anything outside the ofbiz_home directory. Vinay Agarwal sent the following on 5/28/2006 6:17 PM: > Hello, > > > > I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self > signed ssl cert which works correctly when not going through OFBiz. > When I click Login on OFBiz, I am presented with the OFBiz Test cert. > > 1. What did I miss in configuration that it is not getting the ssl > cert from Apache? > > 2. Should the OFBiz Test cert be somehow disabled for this? > > > > Thanks in advance, > > Vinay Agarwal > > > > > > > ---------------------------------------------------------------------- > -- > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
In reply to this post by BJ Freeman
I am guessing this is what is happening.
you Apache is handling the SSL then sends a request to ofbiz. ofbiz then re-authenticates using its own SLL cert. might check out http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html Vinay Agarwal sent the following on 5/29/2006 12:46 PM: > I want Apache httpd to handle SSL not Tomcat. The production setup guide SSL > is applicable for Tomcat based SSL. > > -----Original Message----- > From: [hidden email] [mailto:[hidden email]] > On Behalf Of BJ Freeman > Sent: Sunday, May 28, 2006 7:48 PM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz > Test Cert? > > in the production setup manual it specifies where the cert is and the > configuration parms. > remember ofbiz and the webserver it used are self contained. they do not > access anything outside the ofbiz_home directory. > > > Vinay Agarwal sent the following on 5/28/2006 6:17 PM: >> Hello, >> >> >> >> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self >> signed ssl cert which works correctly when not going through OFBiz. >> When I click Login on OFBiz, I am presented with the OFBiz Test cert. >> >> 1. What did I miss in configuration that it is not getting the ssl >> cert from Apache? >> >> 2. Should the OFBiz Test cert be somehow disabled for this? >> >> >> >> Thanks in advance, >> >> Vinay Agarwal >> >> >> >> >> >> >> ---------------------------------------------------------------------- >> -- >> >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
In reply to this post by BJ Freeman
look at
<property name="tomcatAuthentication" value="true"/> Vinay Agarwal sent the following on 5/29/2006 12:46 PM: > I want Apache httpd to handle SSL not Tomcat. The production setup guide SSL > is applicable for Tomcat based SSL. > > -----Original Message----- > From: [hidden email] [mailto:[hidden email]] > On Behalf Of BJ Freeman > Sent: Sunday, May 28, 2006 7:48 PM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz > Test Cert? > > in the production setup manual it specifies where the cert is and the > configuration parms. > remember ofbiz and the webserver it used are self contained. they do not > access anything outside the ofbiz_home directory. > > > Vinay Agarwal sent the following on 5/28/2006 6:17 PM: >> Hello, >> >> >> >> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self >> signed ssl cert which works correctly when not going through OFBiz. >> When I click Login on OFBiz, I am presented with the OFBiz Test cert. >> >> 1. What did I miss in configuration that it is not getting the ssl >> cert from Apache? >> >> 2. Should the OFBiz Test cert be somehow disabled for this? >> >> >> >> Thanks in advance, >> >> Vinay Agarwal >> >> >> >> >> >> >> ---------------------------------------------------------------------- >> -- >> >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
BJ,
I changed to <property name="tomcatAuthentication" value="false"/> but still am presented with OFBiz Test cert. I am out of ideas completely. Vinay -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of BJ Freeman Sent: Monday, May 29, 2006 1:00 PM To: OFBiz Users / Usage Discussion Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert? look at <property name="tomcatAuthentication" value="true"/> Vinay Agarwal sent the following on 5/29/2006 12:46 PM: > I want Apache httpd to handle SSL not Tomcat. The production setup > guide SSL is applicable for Tomcat based SSL. > > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] > On Behalf Of BJ Freeman > Sent: Sunday, May 28, 2006 7:48 PM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see > OFBiz Test Cert? > > in the production setup manual it specifies where the cert is and the > configuration parms. > remember ofbiz and the webserver it used are self contained. they do > not access anything outside the ofbiz_home directory. > > > Vinay Agarwal sent the following on 5/28/2006 6:17 PM: >> Hello, >> >> >> >> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self >> signed ssl cert which works correctly when not going through OFBiz. >> When I click Login on OFBiz, I am presented with the OFBiz Test cert. >> >> 1. What did I miss in configuration that it is not getting the ssl >> cert from Apache? >> >> 2. Should the OFBiz Test cert be somehow disabled for this? >> >> >> >> Thanks in advance, >> >> Vinay Agarwal >> >> >> >> >> >> >> --------------------------------------------------------------------- >> - >> -- >> >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
In reply to this post by BJ Freeman
may be later this week, I will dig into my setup and see what I did.
Kinda busy to take a chunk of time out right now. Vinay Agarwal sent the following on 5/29/2006 1:11 PM: > BJ, > I changed to <property name="tomcatAuthentication" value="false"/> but still > am presented with OFBiz Test cert. I am out of ideas completely. > Vinay > > -----Original Message----- > From: [hidden email] [mailto:[hidden email]] > On Behalf Of BJ Freeman > Sent: Monday, May 29, 2006 1:00 PM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz > Test Cert? > > look at > <property name="tomcatAuthentication" value="true"/> > > Vinay Agarwal sent the following on 5/29/2006 12:46 PM: >> I want Apache httpd to handle SSL not Tomcat. The production setup >> guide SSL is applicable for Tomcat based SSL. >> >> -----Original Message----- >> From: [hidden email] >> [mailto:[hidden email]] >> On Behalf Of BJ Freeman >> Sent: Sunday, May 28, 2006 7:48 PM >> To: OFBiz Users / Usage Discussion >> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see >> OFBiz Test Cert? >> >> in the production setup manual it specifies where the cert is and the >> configuration parms. >> remember ofbiz and the webserver it used are self contained. they do >> not access anything outside the ofbiz_home directory. >> >> >> Vinay Agarwal sent the following on 5/28/2006 6:17 PM: >>> Hello, >>> >>> >>> >>> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self >>> signed ssl cert which works correctly when not going through OFBiz. >>> When I click Login on OFBiz, I am presented with the OFBiz Test cert. >>> >>> 1. What did I miss in configuration that it is not getting the ssl >>> cert from Apache? >>> >>> 2. Should the OFBiz Test cert be somehow disabled for this? >>> >>> >>> >>> Thanks in advance, >>> >>> Vinay Agarwal >>> >>> >>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> - >>> -- >>> >>> >>> _______________________________________________ >>> Users mailing list >>> [hidden email] >>> http://lists.ofbiz.org/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users >> > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
BJ,
Thanks for taking time. I will play with it a bit more in the mean time. Vinay -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of BJ Freeman Sent: Monday, May 29, 2006 1:40 PM To: OFBiz Users / Usage Discussion Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert? may be later this week, I will dig into my setup and see what I did. Kinda busy to take a chunk of time out right now. Vinay Agarwal sent the following on 5/29/2006 1:11 PM: > BJ, > I changed to <property name="tomcatAuthentication" value="false"/> but > still am presented with OFBiz Test cert. I am out of ideas completely. > Vinay > > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] > On Behalf Of BJ Freeman > Sent: Monday, May 29, 2006 1:00 PM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see > OFBiz Test Cert? > > look at > <property name="tomcatAuthentication" value="true"/> > > Vinay Agarwal sent the following on 5/29/2006 12:46 PM: >> I want Apache httpd to handle SSL not Tomcat. The production setup >> guide SSL is applicable for Tomcat based SSL. >> >> -----Original Message----- >> From: [hidden email] >> [mailto:[hidden email]] >> On Behalf Of BJ Freeman >> Sent: Sunday, May 28, 2006 7:48 PM >> To: OFBiz Users / Usage Discussion >> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see >> OFBiz Test Cert? >> >> in the production setup manual it specifies where the cert is and the >> configuration parms. >> remember ofbiz and the webserver it used are self contained. they do >> not access anything outside the ofbiz_home directory. >> >> >> Vinay Agarwal sent the following on 5/28/2006 6:17 PM: >>> Hello, >>> >>> >>> >>> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self >>> signed ssl cert which works correctly when not going through OFBiz. >>> When I click Login on OFBiz, I am presented with the OFBiz Test cert. >>> >>> 1. What did I miss in configuration that it is not getting the ssl >>> cert from Apache? >>> >>> 2. Should the OFBiz Test cert be somehow disabled for this? >>> >>> >>> >>> Thanks in advance, >>> >>> Vinay Agarwal >>> >>> >>> >>> >>> >>> >>> -------------------------------------------------------------------- >>> - >>> - >>> -- >>> >>> >>> _______________________________________________ >>> Users mailing list >>> [hidden email] >>> http://lists.ofbiz.org/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users >> > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
In reply to this post by BJ Freeman
That is correct. For information on this the best resource right now is probably the wiki. -David Vinay Agarwal wrote: > I want Apache httpd to handle SSL not Tomcat. The production setup guide SSL > is applicable for Tomcat based SSL. > > -----Original Message----- > From: [hidden email] [mailto:[hidden email]] > On Behalf Of BJ Freeman > Sent: Sunday, May 28, 2006 7:48 PM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz > Test Cert? > > in the production setup manual it specifies where the cert is and the > configuration parms. > remember ofbiz and the webserver it used are self contained. they do not > access anything outside the ofbiz_home directory. > > > Vinay Agarwal sent the following on 5/28/2006 6:17 PM: >> Hello, >> >> >> >> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self >> signed ssl cert which works correctly when not going through OFBiz. >> When I click Login on OFBiz, I am presented with the OFBiz Test cert. >> >> 1. What did I miss in configuration that it is not getting the ssl >> cert from Apache? >> >> 2. Should the OFBiz Test cert be somehow disabled for this? >> >> >> >> Thanks in advance, >> >> Vinay Agarwal >> >> >> >> >> >> >> ---------------------------------------------------------------------- >> -- >> >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
In reply to this post by BJ Freeman
If Tomcat is serving up the ofbiz cert then there is a configuration
issue with your Apache conf file and mod_jk. Maybe you could post the two sections from Apache related to port 80 and port 443 for the domain, as well as the worker properties file and the tomcat server conf file. If you want to change IP address etc to protect any sensitive information then please make it clear and consistent as IP addresses tend to be crucial factors in getting mod_jk to work so it's easy to disguise the problem when trying to hide your information. I seem to remember someone talking about mod_jk the other week and they said something about changing to port 8080 and 8443 and it all worked!? Seemed a little odd to me and if that was yourself then I would suggest you've not correctly configured mod_jk but have somehow just routed the whole request over to Tomcat to handle. I use Apache, mod_jk and Tomcat and have never even looked at, disabled or deleted the ofbiz cert. Ray Vinay Agarwal wrote: >BJ, >Thanks for taking time. I will play with it a bit more in the mean time. >Vinay > >-----Original Message----- >From: [hidden email] [mailto:[hidden email]] >On Behalf Of BJ Freeman >Sent: Monday, May 29, 2006 1:40 PM >To: OFBiz Users / Usage Discussion >Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz >Test Cert? > >may be later this week, I will dig into my setup and see what I did. >Kinda busy to take a chunk of time out right now. > > >Vinay Agarwal sent the following on 5/29/2006 1:11 PM: > > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
After doing further research, I found that http traffic is mapped to the
default port but the https traffic is still on port 8443. Do I need two ajp13 workers one for http traffic and one for https traffic? The relevant config files are below. Thanks a lot. Vinay Agarwal Workers.properties ---------------- # Setting Java Home workers.java_home=/usr/local/java/java ps=/ worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 mod_jk.conf ----------- JkWorkersFile "/etc/httpd/conf/workers.properties" JkLogFile "/var/log/httpd/mod_jk.log" JkMount /images/* ajp13 JkMount /static/* ajp13 JkMount /webtools/* ajp13 JkMount /partymgr/* ajp13 JkMount /content/* ajp13 JkMount /catalog/* ajp13 JkMount /accounting/* ajp13 JkMount /ordermgr/* ajp13 JkMount /marketing/* ajp13 JkMount /financials/* ajp13 JkMount /control/* ajp13 JkLogLevel emerg #JkLogLevel info #JkLogLevel debug # Should mod_jk send SSL information to Tomcat (default is On) JkExtractSSL On # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator HTTPS # What is the indicator for SSL session (default is SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) JkCIPHERIndicator SSL_CIPHER # What is the indicator for the client SSL certificated (default is SSL_CLIENT_CERT) JkCERTSIndicator SSL_CLIENT_CERT Httpd.conf ---------- <VirtualHost 72.29.99.94:80> ServerName www.grayzilla.com ServerAlias www.grayzilla.com grayzilla.com ServerAdmin [hidden email] DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html ScriptAlias /cgi-bin/ /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ UseCanonicalName OFF SuexecUserGroup grayzilla grayzilla CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes CustomLog /var/log/httpd/domains/grayzilla.com.log combined ErrorLog /var/log/httpd/domains/grayzilla.com.error.log <Directory /home/grayzilla/domains/grayzilla.com/public_html> Options -Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost 72.29.99.94:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert SSLCertificateKeyFile /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key SSLOptions +StdEnvVars +ExportCertData ServerName www.grayzilla.com ServerAlias www.grayzilla.com grayzilla.com ServerAdmin [hidden email] DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html ScriptAlias /cgi-bin/ /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ UseCanonicalName OFF SuexecUserGroup grayzilla grayzilla CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes CustomLog /var/log/httpd/domains/grayzilla.com.log combined ErrorLog /var/log/httpd/domains/grayzilla.com.error.log <Directory /home/grayzilla/domains/grayzilla.com/public_html> Options -Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost> -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Ray Barlow Sent: Tuesday, May 30, 2006 12:58 AM To: OFBiz Users / Usage Discussion Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert? If Tomcat is serving up the ofbiz cert then there is a configuration issue with your Apache conf file and mod_jk. Maybe you could post the two sections from Apache related to port 80 and port 443 for the domain, as well as the worker properties file and the tomcat server conf file. If you want to change IP address etc to protect any sensitive information then please make it clear and consistent as IP addresses tend to be crucial factors in getting mod_jk to work so it's easy to disguise the problem when trying to hide your information. I seem to remember someone talking about mod_jk the other week and they said something about changing to port 8080 and 8443 and it all worked!? Seemed a little odd to me and if that was yourself then I would suggest you've not correctly configured mod_jk but have somehow just routed the whole request over to Tomcat to handle. I use Apache, mod_jk and Tomcat and have never even looked at, disabled or deleted the ofbiz cert. Ray Vinay Agarwal wrote: >BJ, >Thanks for taking time. I will play with it a bit more in the mean time. >Vinay > >-----Original Message----- >From: [hidden email] [mailto:[hidden email]] >On Behalf Of BJ Freeman >Sent: Monday, May 29, 2006 1:40 PM >To: OFBiz Users / Usage Discussion >Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz >Test Cert? > >may be later this week, I will dig into my setup and see what I did. >Kinda busy to take a chunk of time out right now. > > >Vinay Agarwal sent the following on 5/29/2006 1:11 PM: > > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
In reply to this post by Ray Barlow
You don't need two ajp13 workers for http and https one is fine. If you
want to deploy more than one instance then you need to create another ajp13 worker with it's own name and port not equal to 8009. I would suggest that you move the "JkMount /static/* ajp13" values from mod_jk.conf in to each VirtualHost section of your httpd.conf, say after the script alias. I'm guessing at the moment Apache has only applied those mappings to port 80 communications. I have almost duplicate entries in each VirtualHost for the http and https to do the mapping so it is very clear to Apache what domains, ports and mount points are being routed through ajp13 and which worker again for when you deploy more than one instance. Also for the http I don't even map the backend applications as I have no desire for anybody using http to talk to the catalog application. I choose not to route the /images mount through ajp13 to Tomcat as Apache is well seasoned at serving static content. Maybe this will change if and when image content becomes more dynamic and you want to control access to certain resources, otherwise just set up an alias directive into the relevant ofbiz images folder. If your https ecommerce url's keep showing port 8443 then you also need to change your webstore data as the default demo data sets it as 8443, so it will constantly be trying to divert the next https request to 8443. For a true test you should also be able to turn of the Tomcat hosting of 8080 and 8443 in the ofbiz xml config file, so it is only available through ajp13. Ray Vinay Agarwal wrote: >After doing further research, I found that http traffic is mapped to the >default port but the https traffic is still on port 8443. Do I need two >ajp13 workers one for http traffic and one for https traffic? > >The relevant config files are below. >Thanks a lot. >Vinay Agarwal > >Workers.properties >---------------- ># Setting Java Home >workers.java_home=/usr/local/java/java >ps=/ >worker.list=ajp13 >worker.ajp13.port=8009 >worker.ajp13.host=localhost >worker.ajp13.type=ajp13 > >mod_jk.conf >----------- >JkWorkersFile "/etc/httpd/conf/workers.properties" >JkLogFile "/var/log/httpd/mod_jk.log" > > JkMount /images/* ajp13 > JkMount /static/* ajp13 > JkMount /webtools/* ajp13 > JkMount /partymgr/* ajp13 > JkMount /content/* ajp13 > JkMount /catalog/* ajp13 > JkMount /accounting/* ajp13 > JkMount /ordermgr/* ajp13 > JkMount /marketing/* ajp13 > JkMount /financials/* ajp13 > JkMount /control/* ajp13 > >JkLogLevel emerg >#JkLogLevel info >#JkLogLevel debug > ># Should mod_jk send SSL information to Tomcat (default is On) >JkExtractSSL On ># What is the indicator for SSL (default is HTTPS) >JkHTTPSIndicator HTTPS ># What is the indicator for SSL session (default is SSL_SESSION_ID) >JkSESSIONIndicator SSL_SESSION_ID ># What is the indicator for client SSL cipher suit (default is SSL_CIPHER) >JkCIPHERIndicator SSL_CIPHER ># What is the indicator for the client SSL certificated (default is >SSL_CLIENT_CERT) >JkCERTSIndicator SSL_CLIENT_CERT > >Httpd.conf >---------- ><VirtualHost 72.29.99.94:80> > ServerName www.grayzilla.com > ServerAlias www.grayzilla.com grayzilla.com > ServerAdmin [hidden email] > DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html > ScriptAlias /cgi-bin/ >/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ > > UseCanonicalName OFF > > SuexecUserGroup grayzilla grayzilla > CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes > CustomLog /var/log/httpd/domains/grayzilla.com.log combined > ErrorLog /var/log/httpd/domains/grayzilla.com.error.log > > <Directory /home/grayzilla/domains/grayzilla.com/public_html> > Options -Indexes FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > </Directory> ></VirtualHost> ><VirtualHost 72.29.99.94:443> > SSLEngine on > SSLCipherSuite >ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile >/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert > SSLCertificateKeyFile >/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key > SSLOptions +StdEnvVars +ExportCertData > > ServerName www.grayzilla.com > ServerAlias www.grayzilla.com grayzilla.com > ServerAdmin [hidden email] > DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html > ScriptAlias /cgi-bin/ >/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ > > UseCanonicalName OFF > > SuexecUserGroup grayzilla grayzilla > CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes > CustomLog /var/log/httpd/domains/grayzilla.com.log combined > ErrorLog /var/log/httpd/domains/grayzilla.com.error.log > > <Directory /home/grayzilla/domains/grayzilla.com/public_html> > Options -Indexes FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > </Directory> ></VirtualHost> > > > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
I updated my httpd.conf and mod_jk.conf per Ray's suggestions (below). https
traffic is still going through 8443 and uses OFBiz Test cert. :( Regards, Vinay <VirtualHost 72.29.99.94:80> ServerName www.grayzilla.com ServerAlias www.grayzilla.com grayzilla.com ServerAdmin [hidden email] DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html ScriptAlias /cgi-bin/ /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ Alias /images/ "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/ " <Location /images/WEB-INF/ > AllowOverride None deny from all </Location> Alias /static/ "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta tic/" <Location /static/WEB-INF/ > AllowOverride None deny from all </Location> JkMount /control/* ajp13 UseCanonicalName OFF SuexecUserGroup grayzilla grayzilla CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes CustomLog /var/log/httpd/domains/grayzilla.com.log combined ErrorLog /var/log/httpd/domains/grayzilla.com.error.log <Directory /home/grayzilla/domains/grayzilla.com/public_html> Options -Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost 72.29.99.94:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert SSLCertificateKeyFile /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key SSLOptions +StdEnvVars +ExportCertData ServerName www.grayzilla.com ServerAlias www.grayzilla.com grayzilla.com ServerAdmin [hidden email] DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html ScriptAlias /cgi-bin/ /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ Alias /images/ "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/ " <Location /images/WEB-INF/ > AllowOverride None deny from all </Location> Alias /static/ "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta tic/" <Location /static/WEB-INF/ > AllowOverride None deny from all </Location> JkMount /webtools/* ajp13 JkMount /partymgr/* ajp13 JkMount /content/* ajp13 JkMount /catalog/* ajp13 JkMount /accounting/* ajp13 JkMount /ordermgr/* ajp13 JkMount /marketing/* ajp13 JkMount /financials/* ajp13 JkMount /control/* ajp13 UseCanonicalName OFF SuexecUserGroup grayzilla grayzilla CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes CustomLog /var/log/httpd/domains/grayzilla.com.log combined ErrorLog /var/log/httpd/domains/grayzilla.com.error.log <Directory /home/grayzilla/domains/grayzilla.com/public_html> Options -Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost> -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Ray Barlow Sent: Tuesday, May 30, 2006 9:06 AM To: OFBiz Users / Usage Discussion Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert? You don't need two ajp13 workers for http and https one is fine. If you want to deploy more than one instance then you need to create another ajp13 worker with it's own name and port not equal to 8009. I would suggest that you move the "JkMount /static/* ajp13" values from mod_jk.conf in to each VirtualHost section of your httpd.conf, say after the script alias. I'm guessing at the moment Apache has only applied those mappings to port 80 communications. I have almost duplicate entries in each VirtualHost for the http and https to do the mapping so it is very clear to Apache what domains, ports and mount points are being routed through ajp13 and which worker again for when you deploy more than one instance. Also for the http I don't even map the backend applications as I have no desire for anybody using http to talk to the catalog application. I choose not to route the /images mount through ajp13 to Tomcat as Apache is well seasoned at serving static content. Maybe this will change if and when image content becomes more dynamic and you want to control access to certain resources, otherwise just set up an alias directive into the relevant ofbiz images folder. If your https ecommerce url's keep showing port 8443 then you also need to change your webstore data as the default demo data sets it as 8443, so it will constantly be trying to divert the next https request to 8443. For a true test you should also be able to turn of the Tomcat hosting of 8080 and 8443 in the ofbiz xml config file, so it is only available through ajp13. Ray _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
|
|
In reply to this post by Ray Barlow
This might be because your framework/webapp/config/url.properties is
still configured to 8443, so <@ofbizUrl> is setting them to 8443? Maybe change those ports to 80 and 443. Si Vinay Agarwal wrote: > I updated my httpd.conf and mod_jk.conf per Ray's suggestions (below). https > traffic is still going through 8443 and uses OFBiz Test cert. :( > Regards, > Vinay > > <VirtualHost 72.29.99.94:80> > ServerName www.grayzilla.com > ServerAlias www.grayzilla.com grayzilla.com > ServerAdmin [hidden email] > DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html > ScriptAlias /cgi-bin/ > /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ > > Alias /images/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/ > " > <Location /images/WEB-INF/ > > AllowOverride None > deny from all > </Location> > Alias /static/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta > tic/" > <Location /static/WEB-INF/ > > AllowOverride None > deny from all > </Location> > JkMount /control/* ajp13 > > UseCanonicalName OFF > > SuexecUserGroup grayzilla grayzilla > CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes > CustomLog /var/log/httpd/domains/grayzilla.com.log combined > ErrorLog /var/log/httpd/domains/grayzilla.com.error.log > > <Directory /home/grayzilla/domains/grayzilla.com/public_html> > Options -Indexes FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > </Directory> > </VirtualHost> > > > <VirtualHost 72.29.99.94:443> > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile > /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert > SSLCertificateKeyFile > /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key > SSLOptions +StdEnvVars +ExportCertData > > ServerName www.grayzilla.com > ServerAlias www.grayzilla.com grayzilla.com > ServerAdmin [hidden email] > DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html > ScriptAlias /cgi-bin/ > /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ > > Alias /images/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/ > " > <Location /images/WEB-INF/ > > AllowOverride None > deny from all > </Location> > Alias /static/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta > tic/" > <Location /static/WEB-INF/ > > AllowOverride None > deny from all > </Location> > JkMount /webtools/* ajp13 > JkMount /partymgr/* ajp13 > JkMount /content/* ajp13 > JkMount /catalog/* ajp13 > JkMount /accounting/* ajp13 > JkMount /ordermgr/* ajp13 > JkMount /marketing/* ajp13 > JkMount /financials/* ajp13 > JkMount /control/* ajp13 > > UseCanonicalName OFF > > SuexecUserGroup grayzilla grayzilla > CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes > CustomLog /var/log/httpd/domains/grayzilla.com.log combined > ErrorLog /var/log/httpd/domains/grayzilla.com.error.log > > <Directory /home/grayzilla/domains/grayzilla.com/public_html> > Options -Indexes FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > </Directory> > </VirtualHost> > > -----Original Message----- > From: [hidden email] [mailto:[hidden email]] > On Behalf Of Ray Barlow > Sent: Tuesday, May 30, 2006 9:06 AM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz > Test Cert? > > You don't need two ajp13 workers for http and https one is fine. If you want > to deploy more than one instance then you need to create another > ajp13 worker with it's own name and port not equal to 8009. > > I would suggest that you move the "JkMount /static/* ajp13" values from > mod_jk.conf in to each VirtualHost section of your httpd.conf, say after the > script alias. I'm guessing at the moment Apache has only applied those > mappings to port 80 communications. I have almost duplicate entries in each > VirtualHost for the http and https to do the mapping so it is very clear to > Apache what domains, ports and mount points are being routed through ajp13 > and which worker again for when you deploy more than one instance. Also for > the http I don't even map the backend applications as I have no desire for > anybody using http to talk to the catalog application. > > I choose not to route the /images mount through ajp13 to Tomcat as Apache is > well seasoned at serving static content. Maybe this will change if and when > image content becomes more dynamic and you want to control access to certain > resources, otherwise just set up an alias directive into the relevant ofbiz > images folder. > > If your https ecommerce url's keep showing port 8443 then you also need to > change your webstore data as the default demo data sets it as 8443, so it > will constantly be trying to divert the next https request to 8443. For a > true test you should also be able to turn of the Tomcat hosting of 8080 and > 8443 in the ofbiz xml config file, so it is only available through ajp13. > > Ray > > > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
Si,
That's it. I will modify wiki so that others don't spend so much time on this poplular configuration. Thanks. Regards, Vinay -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Si Chen Sent: Tuesday, May 30, 2006 10:39 AM To: OFBiz Users / Usage Discussion Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert? This might be because your framework/webapp/config/url.properties is still configured to 8443, so <@ofbizUrl> is setting them to 8443? Maybe change those ports to 80 and 443. Si Vinay Agarwal wrote: > I updated my httpd.conf and mod_jk.conf per Ray's suggestions (below). > https traffic is still going through 8443 and uses OFBiz Test cert. :( > Regards, Vinay > > <VirtualHost 72.29.99.94:80> > ServerName www.grayzilla.com > ServerAlias www.grayzilla.com grayzilla.com > ServerAdmin [hidden email] > DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html > ScriptAlias /cgi-bin/ > /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ > > Alias /images/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/i > mages/ > " > <Location /images/WEB-INF/ > > AllowOverride None > deny from all > </Location> > Alias /static/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/weba > pp/sta > tic/" > <Location /static/WEB-INF/ > > AllowOverride None > deny from all > </Location> > JkMount /control/* ajp13 > > UseCanonicalName OFF > > SuexecUserGroup grayzilla grayzilla > CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes > CustomLog /var/log/httpd/domains/grayzilla.com.log combined > ErrorLog /var/log/httpd/domains/grayzilla.com.error.log > > <Directory /home/grayzilla/domains/grayzilla.com/public_html> > Options -Indexes FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > </Directory> > </VirtualHost> > > > <VirtualHost 72.29.99.94:443> > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile > /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert > SSLCertificateKeyFile > /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key > SSLOptions +StdEnvVars +ExportCertData > > ServerName www.grayzilla.com > ServerAlias www.grayzilla.com grayzilla.com > ServerAdmin [hidden email] > DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html > ScriptAlias /cgi-bin/ > /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ > > Alias /images/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/i > mages/ > " > <Location /images/WEB-INF/ > > AllowOverride None > deny from all > </Location> > Alias /static/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/weba > pp/sta > tic/" > <Location /static/WEB-INF/ > > AllowOverride None > deny from all > </Location> > JkMount /webtools/* ajp13 > JkMount /partymgr/* ajp13 > JkMount /content/* ajp13 > JkMount /catalog/* ajp13 > JkMount /accounting/* ajp13 > JkMount /ordermgr/* ajp13 > JkMount /marketing/* ajp13 > JkMount /financials/* ajp13 > JkMount /control/* ajp13 > > UseCanonicalName OFF > > SuexecUserGroup grayzilla grayzilla > CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes > CustomLog /var/log/httpd/domains/grayzilla.com.log combined > ErrorLog /var/log/httpd/domains/grayzilla.com.error.log > > <Directory /home/grayzilla/domains/grayzilla.com/public_html> > Options -Indexes FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > </Directory> > </VirtualHost> > > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] > On Behalf Of Ray Barlow > Sent: Tuesday, May 30, 2006 9:06 AM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see > OFBiz Test Cert? > > You don't need two ajp13 workers for http and https one is fine. If > you want to deploy more than one instance then you need to create > another > ajp13 worker with it's own name and port not equal to 8009. > > I would suggest that you move the "JkMount /static/* ajp13" values > from mod_jk.conf in to each VirtualHost section of your httpd.conf, > say after the script alias. I'm guessing at the moment Apache has only > applied those mappings to port 80 communications. I have almost > duplicate entries in each VirtualHost for the http and https to do the > mapping so it is very clear to Apache what domains, ports and mount > points are being routed through ajp13 and which worker again for when > you deploy more than one instance. Also for the http I don't even map > the backend applications as I have no desire for anybody using http to > > I choose not to route the /images mount through ajp13 to Tomcat as > Apache is well seasoned at serving static content. Maybe this will > change if and when image content becomes more dynamic and you want to > control access to certain resources, otherwise just set up an alias > directive into the relevant ofbiz images folder. > > If your https ecommerce url's keep showing port 8443 then you also > need to change your webstore data as the default demo data sets it as > 8443, so it will constantly be trying to divert the next https request > to 8443. For a true test you should also be able to turn of the Tomcat > hosting of 8080 and > 8443 in the ofbiz xml config file, so it is only available through ajp13. > > Ray > > > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?
|
|
In reply to this post by Si Chen-2
I updated Wiki. Please check if it is accurate.
http://ofbizwiki.go-integral.com/Wiki.jsp?page=Mod_jk_config -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Vinay Agarwal Sent: Tuesday, May 30, 2006 11:14 AM To: 'OFBiz Users / Usage Discussion' Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert? Si, That's it. I will modify wiki so that others don't spend so much time on this poplular configuration. Thanks. Regards, Vinay -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Si Chen Sent: Tuesday, May 30, 2006 10:39 AM To: OFBiz Users / Usage Discussion Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert? This might be because your framework/webapp/config/url.properties is still configured to 8443, so <@ofbizUrl> is setting them to 8443? Maybe change those ports to 80 and 443. Si Vinay Agarwal wrote: > I updated my httpd.conf and mod_jk.conf per Ray's suggestions (below). > https traffic is still going through 8443 and uses OFBiz Test cert. :( > Regards, Vinay > > <VirtualHost 72.29.99.94:80> > ServerName www.grayzilla.com > ServerAlias www.grayzilla.com grayzilla.com > ServerAdmin [hidden email] > DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html > ScriptAlias /cgi-bin/ > /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ > > Alias /images/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/i > mages/ > " > <Location /images/WEB-INF/ > > AllowOverride None > deny from all > </Location> > Alias /static/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/weba > pp/sta > tic/" > <Location /static/WEB-INF/ > > AllowOverride None > deny from all > </Location> > JkMount /control/* ajp13 > > UseCanonicalName OFF > > SuexecUserGroup grayzilla grayzilla > CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes > CustomLog /var/log/httpd/domains/grayzilla.com.log combined > ErrorLog /var/log/httpd/domains/grayzilla.com.error.log > > <Directory /home/grayzilla/domains/grayzilla.com/public_html> > Options -Indexes FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > </Directory> > </VirtualHost> > > > <VirtualHost 72.29.99.94:443> > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile > /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert > SSLCertificateKeyFile > /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key > SSLOptions +StdEnvVars +ExportCertData > > ServerName www.grayzilla.com > ServerAlias www.grayzilla.com grayzilla.com > ServerAdmin [hidden email] > DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html > ScriptAlias /cgi-bin/ > /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/ > > Alias /images/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/i > mages/ > " > <Location /images/WEB-INF/ > > AllowOverride None > deny from all > </Location> > Alias /static/ > "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/weba > pp/sta > tic/" > <Location /static/WEB-INF/ > > AllowOverride None > deny from all > </Location> > JkMount /webtools/* ajp13 > JkMount /partymgr/* ajp13 > JkMount /content/* ajp13 > JkMount /catalog/* ajp13 > JkMount /accounting/* ajp13 > JkMount /ordermgr/* ajp13 > JkMount /marketing/* ajp13 > JkMount /financials/* ajp13 > JkMount /control/* ajp13 > > UseCanonicalName OFF > > SuexecUserGroup grayzilla grayzilla > CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes > CustomLog /var/log/httpd/domains/grayzilla.com.log combined > ErrorLog /var/log/httpd/domains/grayzilla.com.error.log > > <Directory /home/grayzilla/domains/grayzilla.com/public_html> > Options -Indexes FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > </Directory> > </VirtualHost> > > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] > On Behalf Of Ray Barlow > Sent: Tuesday, May 30, 2006 9:06 AM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see > OFBiz Test Cert? > > You don't need two ajp13 workers for http and https one is fine. If > you want to deploy more than one instance then you need to create > another > ajp13 worker with it's own name and port not equal to 8009. > > I would suggest that you move the "JkMount /static/* ajp13" values > from mod_jk.conf in to each VirtualHost section of your httpd.conf, > say after the script alias. I'm guessing at the moment Apache has only > applied those mappings to port 80 communications. I have almost > duplicate entries in each VirtualHost for the http and https to do the > mapping so it is very clear to Apache what domains, ports and mount > points are being routed through ajp13 and which worker again for when > you deploy more than one instance. Also for the http I don't even map > the backend applications as I have no desire for anybody using http to > > I choose not to route the /images mount through ajp13 to Tomcat as > Apache is well seasoned at serving static content. Maybe this will > change if and when image content becomes more dynamic and you want to > control access to certain resources, otherwise just set up an alias > directive into the relevant ofbiz images folder. > > If your https ecommerce url's keep showing port 8443 then you also > need to change your webstore data as the default demo data sets it as > 8443, so it will constantly be trying to divert the next https request > to 8443. For a true test you should also be able to turn of the Tomcat > hosting of 8080 and > 8443 in the ofbiz xml config file, so it is only available through ajp13. > > Ray > > > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
«
Return to OFBiz - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |