Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Vinay Agarwal

Hello,

 

I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self signed ssl cert which works correctly when not going through OFBiz. When I click Login on OFBiz, I am presented with the OFBiz Test cert. 

1. What did I miss in configuration that it is not getting the ssl cert from Apache?

2. Should the OFBiz Test cert be somehow disabled for this?

 

Thanks in advance,

Vinay Agarwal

 


 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

BJ Freeman
in the production setup manual it specifies where the cert is and the
configuration parms.
remember ofbiz and the webserver it used are self contained. they do not
access anything outside the ofbiz_home directory.


Vinay Agarwal sent the following on 5/28/2006 6:17 PM:

> Hello,
>
>  
>
> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self signed ssl
> cert which works correctly when not going through OFBiz. When I click Login
> on OFBiz, I am presented with the OFBiz Test cert.  
>
> 1. What did I miss in configuration that it is not getting the ssl cert from
> Apache?
>
> 2. Should the OFBiz Test cert be somehow disabled for this?
>
>  
>
> Thanks in advance,
>
> Vinay Agarwal
>
>  
>
>
>
>
> ------------------------------------------------------------------------
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Vinay Agarwal
I want Apache httpd to handle SSL not Tomcat. The production setup guide SSL
is applicable for Tomcat based SSL.

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of BJ Freeman
Sent: Sunday, May 28, 2006 7:48 PM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

in the production setup manual it specifies where the cert is and the
configuration parms.
remember ofbiz and the webserver it used are self contained. they do not
access anything outside the ofbiz_home directory.


Vinay Agarwal sent the following on 5/28/2006 6:17 PM:

> Hello,
>
>  
>
> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self
> signed ssl cert which works correctly when not going through OFBiz.
> When I click Login on OFBiz, I am presented with the OFBiz Test cert.
>
> 1. What did I miss in configuration that it is not getting the ssl
> cert from Apache?
>
> 2. Should the OFBiz Test cert be somehow disabled for this?
>
>  
>
> Thanks in advance,
>
> Vinay Agarwal
>
>  
>
>
>
>
> ----------------------------------------------------------------------
> --
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

BJ Freeman
In reply to this post by BJ Freeman
I am guessing this is what is happening.
you Apache is handling the SSL then sends a request to ofbiz.
ofbiz then re-authenticates using its own SLL cert.
might check out
http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html


Vinay Agarwal sent the following on 5/29/2006 12:46 PM:

> I want Apache httpd to handle SSL not Tomcat. The production setup guide SSL
> is applicable for Tomcat based SSL.
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]
> On Behalf Of BJ Freeman
> Sent: Sunday, May 28, 2006 7:48 PM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
> Test Cert?
>
> in the production setup manual it specifies where the cert is and the
> configuration parms.
> remember ofbiz and the webserver it used are self contained. they do not
> access anything outside the ofbiz_home directory.
>
>
> Vinay Agarwal sent the following on 5/28/2006 6:17 PM:
>> Hello,
>>
>>  
>>
>> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self
>> signed ssl cert which works correctly when not going through OFBiz.
>> When I click Login on OFBiz, I am presented with the OFBiz Test cert.
>>
>> 1. What did I miss in configuration that it is not getting the ssl
>> cert from Apache?
>>
>> 2. Should the OFBiz Test cert be somehow disabled for this?
>>
>>  
>>
>> Thanks in advance,
>>
>> Vinay Agarwal
>>
>>  
>>
>>
>>
>>
>> ----------------------------------------------------------------------
>> --
>>
>>  
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

BJ Freeman
In reply to this post by BJ Freeman
look at
<property name="tomcatAuthentication" value="true"/>

Vinay Agarwal sent the following on 5/29/2006 12:46 PM:

> I want Apache httpd to handle SSL not Tomcat. The production setup guide SSL
> is applicable for Tomcat based SSL.
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]
> On Behalf Of BJ Freeman
> Sent: Sunday, May 28, 2006 7:48 PM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
> Test Cert?
>
> in the production setup manual it specifies where the cert is and the
> configuration parms.
> remember ofbiz and the webserver it used are self contained. they do not
> access anything outside the ofbiz_home directory.
>
>
> Vinay Agarwal sent the following on 5/28/2006 6:17 PM:
>> Hello,
>>
>>  
>>
>> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self
>> signed ssl cert which works correctly when not going through OFBiz.
>> When I click Login on OFBiz, I am presented with the OFBiz Test cert.
>>
>> 1. What did I miss in configuration that it is not getting the ssl
>> cert from Apache?
>>
>> 2. Should the OFBiz Test cert be somehow disabled for this?
>>
>>  
>>
>> Thanks in advance,
>>
>> Vinay Agarwal
>>
>>  
>>
>>
>>
>>
>> ----------------------------------------------------------------------
>> --
>>
>>  
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Vinay Agarwal
BJ,
I changed to <property name="tomcatAuthentication" value="false"/> but still
am presented with OFBiz Test cert. I am out of ideas completely.
Vinay

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of BJ Freeman
Sent: Monday, May 29, 2006 1:00 PM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

look at
<property name="tomcatAuthentication" value="true"/>

Vinay Agarwal sent the following on 5/29/2006 12:46 PM:

> I want Apache httpd to handle SSL not Tomcat. The production setup
> guide SSL is applicable for Tomcat based SSL.
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]
> On Behalf Of BJ Freeman
> Sent: Sunday, May 28, 2006 7:48 PM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see
> OFBiz Test Cert?
>
> in the production setup manual it specifies where the cert is and the
> configuration parms.
> remember ofbiz and the webserver it used are self contained. they do
> not access anything outside the ofbiz_home directory.
>
>
> Vinay Agarwal sent the following on 5/28/2006 6:17 PM:
>> Hello,
>>
>>  
>>
>> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self
>> signed ssl cert which works correctly when not going through OFBiz.
>> When I click Login on OFBiz, I am presented with the OFBiz Test cert.
>>
>> 1. What did I miss in configuration that it is not getting the ssl
>> cert from Apache?
>>
>> 2. Should the OFBiz Test cert be somehow disabled for this?
>>
>>  
>>
>> Thanks in advance,
>>
>> Vinay Agarwal
>>
>>  
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> -
>> --
>>
>>  
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

BJ Freeman
In reply to this post by BJ Freeman
may be later this week, I will dig into my setup and see what I did.
Kinda busy to take a chunk of time out right now.


Vinay Agarwal sent the following on 5/29/2006 1:11 PM:

> BJ,
> I changed to <property name="tomcatAuthentication" value="false"/> but still
> am presented with OFBiz Test cert. I am out of ideas completely.
> Vinay
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]
> On Behalf Of BJ Freeman
> Sent: Monday, May 29, 2006 1:00 PM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
> Test Cert?
>
> look at
> <property name="tomcatAuthentication" value="true"/>
>
> Vinay Agarwal sent the following on 5/29/2006 12:46 PM:
>> I want Apache httpd to handle SSL not Tomcat. The production setup
>> guide SSL is applicable for Tomcat based SSL.
>>
>> -----Original Message-----
>> From: [hidden email]
>> [mailto:[hidden email]]
>> On Behalf Of BJ Freeman
>> Sent: Sunday, May 28, 2006 7:48 PM
>> To: OFBiz Users / Usage Discussion
>> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see
>> OFBiz Test Cert?
>>
>> in the production setup manual it specifies where the cert is and the
>> configuration parms.
>> remember ofbiz and the webserver it used are self contained. they do
>> not access anything outside the ofbiz_home directory.
>>
>>
>> Vinay Agarwal sent the following on 5/28/2006 6:17 PM:
>>> Hello,
>>>
>>>  
>>>
>>> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self
>>> signed ssl cert which works correctly when not going through OFBiz.
>>> When I click Login on OFBiz, I am presented with the OFBiz Test cert.
>>>
>>> 1. What did I miss in configuration that it is not getting the ssl
>>> cert from Apache?
>>>
>>> 2. Should the OFBiz Test cert be somehow disabled for this?
>>>
>>>  
>>>
>>> Thanks in advance,
>>>
>>> Vinay Agarwal
>>>
>>>  
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> -
>>> --
>>>
>>>  
>>> _______________________________________________
>>> Users mailing list
>>> [hidden email]
>>> http://lists.ofbiz.org/mailman/listinfo/users
>>  
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>>  
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>>
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Vinay Agarwal
BJ,
Thanks for taking time. I will play with it a bit more in the mean time.
Vinay

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of BJ Freeman
Sent: Monday, May 29, 2006 1:40 PM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

may be later this week, I will dig into my setup and see what I did.
Kinda busy to take a chunk of time out right now.


Vinay Agarwal sent the following on 5/29/2006 1:11 PM:

> BJ,
> I changed to <property name="tomcatAuthentication" value="false"/> but
> still am presented with OFBiz Test cert. I am out of ideas completely.
> Vinay
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]
> On Behalf Of BJ Freeman
> Sent: Monday, May 29, 2006 1:00 PM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see
> OFBiz Test Cert?
>
> look at
> <property name="tomcatAuthentication" value="true"/>
>
> Vinay Agarwal sent the following on 5/29/2006 12:46 PM:
>> I want Apache httpd to handle SSL not Tomcat. The production setup
>> guide SSL is applicable for Tomcat based SSL.
>>
>> -----Original Message-----
>> From: [hidden email]
>> [mailto:[hidden email]]
>> On Behalf Of BJ Freeman
>> Sent: Sunday, May 28, 2006 7:48 PM
>> To: OFBiz Users / Usage Discussion
>> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see
>> OFBiz Test Cert?
>>
>> in the production setup manual it specifies where the cert is and the
>> configuration parms.
>> remember ofbiz and the webserver it used are self contained. they do
>> not access anything outside the ofbiz_home directory.
>>
>>
>> Vinay Agarwal sent the following on 5/28/2006 6:17 PM:
>>> Hello,
>>>
>>>  
>>>
>>> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self
>>> signed ssl cert which works correctly when not going through OFBiz.
>>> When I click Login on OFBiz, I am presented with the OFBiz Test cert.
>>>
>>> 1. What did I miss in configuration that it is not getting the ssl
>>> cert from Apache?
>>>
>>> 2. Should the OFBiz Test cert be somehow disabled for this?
>>>
>>>  
>>>
>>> Thanks in advance,
>>>
>>> Vinay Agarwal
>>>
>>>  
>>>
>>>
>>>
>>>
>>> --------------------------------------------------------------------
>>> -
>>> -
>>> --
>>>
>>>  
>>> _______________________________________________
>>> Users mailing list
>>> [hidden email]
>>> http://lists.ofbiz.org/mailman/listinfo/users
>>  
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>>  
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>>
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

David E. Jones
In reply to this post by BJ Freeman

That is correct. For information on this the best resource right now is probably the wiki.

-David


Vinay Agarwal wrote:

> I want Apache httpd to handle SSL not Tomcat. The production setup guide SSL
> is applicable for Tomcat based SSL.
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]
> On Behalf Of BJ Freeman
> Sent: Sunday, May 28, 2006 7:48 PM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
> Test Cert?
>
> in the production setup manual it specifies where the cert is and the
> configuration parms.
> remember ofbiz and the webserver it used are self contained. they do not
> access anything outside the ofbiz_home directory.
>
>
> Vinay Agarwal sent the following on 5/28/2006 6:17 PM:
>> Hello,
>>
>>  
>>
>> I am running OFBiz on CentOS 4.3/Apache 2/mod_jk and I have self
>> signed ssl cert which works correctly when not going through OFBiz.
>> When I click Login on OFBiz, I am presented with the OFBiz Test cert.
>>
>> 1. What did I miss in configuration that it is not getting the ssl
>> cert from Apache?
>>
>> 2. Should the OFBiz Test cert be somehow disabled for this?
>>
>>  
>>
>> Thanks in advance,
>>
>> Vinay Agarwal
>>
>>  
>>
>>
>>
>>
>> ----------------------------------------------------------------------
>> --
>>
>>  
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Ray Barlow
In reply to this post by BJ Freeman
If Tomcat is serving up the ofbiz cert then there is a configuration
issue with your Apache conf file and mod_jk. Maybe you could post the
two sections from Apache related to port 80 and port 443 for the domain,
as well as the worker properties file and the tomcat server conf file.
If you want to change IP address etc to protect any sensitive
information then please make it clear and consistent as IP addresses
tend to be crucial factors in getting mod_jk to work so it's easy to
disguise the problem when trying to hide your information.

I seem to remember someone talking about mod_jk the other week and they
said something about changing to port 8080 and 8443 and it all worked!?
Seemed a little odd to me and if that was yourself then I would suggest
you've not correctly configured mod_jk but have somehow just routed the
whole request over to Tomcat to handle. I use Apache, mod_jk and Tomcat
and have never even looked at, disabled or deleted the ofbiz cert.

Ray


Vinay Agarwal wrote:

>BJ,
>Thanks for taking time. I will play with it a bit more in the mean time.
>Vinay
>
>-----Original Message-----
>From: [hidden email] [mailto:[hidden email]]
>On Behalf Of BJ Freeman
>Sent: Monday, May 29, 2006 1:40 PM
>To: OFBiz Users / Usage Discussion
>Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
>Test Cert?
>
>may be later this week, I will dig into my setup and see what I did.
>Kinda busy to take a chunk of time out right now.
>
>
>Vinay Agarwal sent the following on 5/29/2006 1:11 PM:
>  
>
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Vinay Agarwal
After doing further research, I found that http traffic is mapped to the
default port but the https traffic is still on port 8443. Do I need two
ajp13 workers one for http traffic and one for https traffic?

The relevant config files are below.
Thanks a lot.
Vinay Agarwal

Workers.properties
----------------
# Setting Java Home
workers.java_home=/usr/local/java/java
ps=/
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13

mod_jk.conf
-----------
JkWorkersFile "/etc/httpd/conf/workers.properties"
JkLogFile "/var/log/httpd/mod_jk.log"

        JkMount /images/* ajp13
        JkMount /static/* ajp13
        JkMount /webtools/* ajp13
        JkMount /partymgr/* ajp13
        JkMount /content/* ajp13
        JkMount /catalog/* ajp13
        JkMount /accounting/* ajp13
        JkMount /ordermgr/* ajp13
        JkMount /marketing/* ajp13
        JkMount /financials/* ajp13
        JkMount /control/* ajp13

JkLogLevel emerg
#JkLogLevel info
#JkLogLevel debug

# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

Httpd.conf
----------
<VirtualHost 72.29.99.94:80>
        ServerName www.grayzilla.com
        ServerAlias www.grayzilla.com grayzilla.com
        ServerAdmin [hidden email]
        DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
        ScriptAlias /cgi-bin/
/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/

        UseCanonicalName OFF

        SuexecUserGroup grayzilla grayzilla
        CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
        CustomLog /var/log/httpd/domains/grayzilla.com.log combined
        ErrorLog /var/log/httpd/domains/grayzilla.com.error.log

        <Directory /home/grayzilla/domains/grayzilla.com/public_html>
                Options -Indexes FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
<VirtualHost 72.29.99.94:443>
        SSLEngine on
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile
/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert
        SSLCertificateKeyFile
/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key
        SSLOptions +StdEnvVars +ExportCertData

        ServerName www.grayzilla.com
        ServerAlias www.grayzilla.com grayzilla.com
        ServerAdmin [hidden email]
        DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
        ScriptAlias /cgi-bin/
/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/

        UseCanonicalName OFF

        SuexecUserGroup grayzilla grayzilla
        CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
        CustomLog /var/log/httpd/domains/grayzilla.com.log combined
        ErrorLog /var/log/httpd/domains/grayzilla.com.error.log

        <Directory /home/grayzilla/domains/grayzilla.com/public_html>
                Options -Indexes FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Ray Barlow
Sent: Tuesday, May 30, 2006 12:58 AM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

If Tomcat is serving up the ofbiz cert then there is a configuration issue
with your Apache conf file and mod_jk. Maybe you could post the two sections
from Apache related to port 80 and port 443 for the domain, as well as the
worker properties file and the tomcat server conf file.
If you want to change IP address etc to protect any sensitive information
then please make it clear and consistent as IP addresses tend to be crucial
factors in getting mod_jk to work so it's easy to disguise the problem when
trying to hide your information.

I seem to remember someone talking about mod_jk the other week and they said
something about changing to port 8080 and 8443 and it all worked!?
Seemed a little odd to me and if that was yourself then I would suggest
you've not correctly configured mod_jk but have somehow just routed the
whole request over to Tomcat to handle. I use Apache, mod_jk and Tomcat and
have never even looked at, disabled or deleted the ofbiz cert.

Ray


Vinay Agarwal wrote:

>BJ,
>Thanks for taking time. I will play with it a bit more in the mean time.
>Vinay
>
>-----Original Message-----
>From: [hidden email] [mailto:[hidden email]]
>On Behalf Of BJ Freeman
>Sent: Monday, May 29, 2006 1:40 PM
>To: OFBiz Users / Usage Discussion
>Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
>Test Cert?
>
>may be later this week, I will dig into my setup and see what I did.
>Kinda busy to take a chunk of time out right now.
>
>
>Vinay Agarwal sent the following on 5/29/2006 1:11 PM:
>  
>
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Ray Barlow
In reply to this post by Ray Barlow
You don't need two ajp13 workers for http and https one is fine. If you
want to deploy more than one instance then you need to create another
ajp13 worker with it's own name and port not equal to 8009.

I would suggest that you move the "JkMount /static/* ajp13" values from
mod_jk.conf in to each VirtualHost section of your httpd.conf, say after
the script alias. I'm guessing at the moment Apache has only applied
those mappings to port 80 communications. I have almost duplicate
entries in each VirtualHost for the http and https to do the mapping so
it is very clear to Apache what domains, ports and mount points are
being routed through ajp13 and which worker again for when you deploy
more than one instance. Also for the http I don't even map the backend
applications as I have no desire for anybody using http to talk to the
catalog application.

I choose not to route the /images mount through ajp13 to Tomcat as
Apache is well seasoned at serving static content. Maybe this will
change if and when image content becomes more dynamic and you want to
control access to certain resources, otherwise just set up an alias
directive into the relevant ofbiz images folder.

If your https ecommerce url's keep showing port 8443 then you also need
to change your webstore data as the default demo data sets it as 8443,
so it will constantly be trying to divert the next https request to
8443. For a true test you should also be able to turn of the Tomcat
hosting of 8080 and 8443 in the ofbiz xml config file, so it is only
available through ajp13.

Ray




Vinay Agarwal wrote:

>After doing further research, I found that http traffic is mapped to the
>default port but the https traffic is still on port 8443. Do I need two
>ajp13 workers one for http traffic and one for https traffic?
>
>The relevant config files are below.
>Thanks a lot.
>Vinay Agarwal
>
>Workers.properties
>----------------
># Setting Java Home
>workers.java_home=/usr/local/java/java
>ps=/
>worker.list=ajp13
>worker.ajp13.port=8009
>worker.ajp13.host=localhost
>worker.ajp13.type=ajp13
>
>mod_jk.conf
>-----------
>JkWorkersFile "/etc/httpd/conf/workers.properties"
>JkLogFile "/var/log/httpd/mod_jk.log"
>
>        JkMount /images/* ajp13
>        JkMount /static/* ajp13
>        JkMount /webtools/* ajp13
>        JkMount /partymgr/* ajp13
>        JkMount /content/* ajp13
>        JkMount /catalog/* ajp13
>        JkMount /accounting/* ajp13
>        JkMount /ordermgr/* ajp13
>        JkMount /marketing/* ajp13
>        JkMount /financials/* ajp13
>        JkMount /control/* ajp13
>
>JkLogLevel emerg
>#JkLogLevel info
>#JkLogLevel debug
>
># Should mod_jk send SSL information to Tomcat (default is On)
>JkExtractSSL On
># What is the indicator for SSL (default is HTTPS)
>JkHTTPSIndicator HTTPS
># What is the indicator for SSL session (default is SSL_SESSION_ID)
>JkSESSIONIndicator SSL_SESSION_ID
># What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
>JkCIPHERIndicator SSL_CIPHER
># What is the indicator for the client SSL certificated (default is
>SSL_CLIENT_CERT)
>JkCERTSIndicator SSL_CLIENT_CERT
>
>Httpd.conf
>----------
><VirtualHost 72.29.99.94:80>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin [hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
>/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
>                Options -Indexes FollowSymLinks
>                AllowOverride None
>                Order allow,deny
>                Allow from all
> </Directory>
></VirtualHost>
><VirtualHost 72.29.99.94:443>
> SSLEngine on
>        SSLCipherSuite
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile
>/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert
> SSLCertificateKeyFile
>/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key
>        SSLOptions +StdEnvVars +ExportCertData
>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin [hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
>/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
>                Options -Indexes FollowSymLinks
>                AllowOverride None
>                Order allow,deny
>                Allow from all
> </Directory>
></VirtualHost>
>
>  
>
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Vinay Agarwal
I updated my httpd.conf and mod_jk.conf per Ray's suggestions (below). https
traffic is still going through 8443 and uses OFBiz Test cert. :(
Regards,
Vinay

<VirtualHost 72.29.99.94:80>
        ServerName www.grayzilla.com
        ServerAlias www.grayzilla.com grayzilla.com
        ServerAdmin [hidden email]
        DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
        ScriptAlias /cgi-bin/
/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/

        Alias /images/
"/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/
"
        <Location /images/WEB-INF/ >
                AllowOverride None
                deny from all
        </Location>
        Alias /static/
"/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta
tic/"
        <Location /static/WEB-INF/ >
                AllowOverride None
                deny from all
        </Location>
        JkMount /control/* ajp13

        UseCanonicalName OFF

        SuexecUserGroup grayzilla grayzilla
        CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
        CustomLog /var/log/httpd/domains/grayzilla.com.log combined
        ErrorLog /var/log/httpd/domains/grayzilla.com.error.log

        <Directory /home/grayzilla/domains/grayzilla.com/public_html>
                Options -Indexes FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>


<VirtualHost 72.29.99.94:443>
        SSLEngine on
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile
/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert
        SSLCertificateKeyFile
/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key
        SSLOptions +StdEnvVars +ExportCertData

        ServerName www.grayzilla.com
        ServerAlias www.grayzilla.com grayzilla.com
        ServerAdmin [hidden email]
        DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
        ScriptAlias /cgi-bin/
/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/

        Alias /images/
"/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/
"
        <Location /images/WEB-INF/ >
                AllowOverride None
                deny from all
        </Location>
        Alias /static/
"/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta
tic/"
        <Location /static/WEB-INF/ >
                AllowOverride None
                deny from all
        </Location>
        JkMount /webtools/* ajp13
        JkMount /partymgr/* ajp13
        JkMount /content/* ajp13
        JkMount /catalog/* ajp13
        JkMount /accounting/* ajp13
        JkMount /ordermgr/* ajp13
        JkMount /marketing/* ajp13
        JkMount /financials/* ajp13
        JkMount /control/* ajp13

        UseCanonicalName OFF

        SuexecUserGroup grayzilla grayzilla
        CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
        CustomLog /var/log/httpd/domains/grayzilla.com.log combined
        ErrorLog /var/log/httpd/domains/grayzilla.com.error.log

        <Directory /home/grayzilla/domains/grayzilla.com/public_html>
                Options -Indexes FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Ray Barlow
Sent: Tuesday, May 30, 2006 9:06 AM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

You don't need two ajp13 workers for http and https one is fine. If you want
to deploy more than one instance then you need to create another
ajp13 worker with it's own name and port not equal to 8009.

I would suggest that you move the "JkMount /static/* ajp13" values from
mod_jk.conf in to each VirtualHost section of your httpd.conf, say after the
script alias. I'm guessing at the moment Apache has only applied those
mappings to port 80 communications. I have almost duplicate entries in each
VirtualHost for the http and https to do the mapping so it is very clear to
Apache what domains, ports and mount points are being routed through ajp13
and which worker again for when you deploy more than one instance. Also for
the http I don't even map the backend applications as I have no desire for
anybody using http to talk to the catalog application.

I choose not to route the /images mount through ajp13 to Tomcat as Apache is
well seasoned at serving static content. Maybe this will change if and when
image content becomes more dynamic and you want to control access to certain
resources, otherwise just set up an alias directive into the relevant ofbiz
images folder.

If your https ecommerce url's keep showing port 8443 then you also need to
change your webstore data as the default demo data sets it as 8443, so it
will constantly be trying to divert the next https request to 8443. For a
true test you should also be able to turn of the Tomcat hosting of 8080 and
8443 in the ofbiz xml config file, so it is only available through ajp13.

Ray



 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Si Chen-2
In reply to this post by Ray Barlow
This might be because your framework/webapp/config/url.properties is
still configured to 8443, so <@ofbizUrl> is setting them to 8443?  Maybe
change those ports to 80 and 443.

Si

Vinay Agarwal wrote:

> I updated my httpd.conf and mod_jk.conf per Ray's suggestions (below). https
> traffic is still going through 8443 and uses OFBiz Test cert. :(
> Regards,
> Vinay
>
> <VirtualHost 72.29.99.94:80>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin [hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
> /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
>         Alias /images/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/
> "
>         <Location /images/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         Alias /static/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta
> tic/"
>         <Location /static/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         JkMount /control/* ajp13
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
>                 Options -Indexes FollowSymLinks
>                 AllowOverride None
>                 Order allow,deny
>                 Allow from all
> </Directory>
> </VirtualHost>
>
>
> <VirtualHost 72.29.99.94:443>
> SSLEngine on
>         SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile
> /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert
> SSLCertificateKeyFile
> /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key
>         SSLOptions +StdEnvVars +ExportCertData
>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin [hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
> /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
>         Alias /images/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/
> "
>         <Location /images/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         Alias /static/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta
> tic/"
>         <Location /static/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         JkMount /webtools/* ajp13
>         JkMount /partymgr/* ajp13
>         JkMount /content/* ajp13
>         JkMount /catalog/* ajp13
>         JkMount /accounting/* ajp13
>         JkMount /ordermgr/* ajp13
>         JkMount /marketing/* ajp13
>         JkMount /financials/* ajp13
>         JkMount /control/* ajp13
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
>                 Options -Indexes FollowSymLinks
>                 AllowOverride None
>                 Order allow,deny
>                 Allow from all
> </Directory>
> </VirtualHost>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]
> On Behalf Of Ray Barlow
> Sent: Tuesday, May 30, 2006 9:06 AM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
> Test Cert?
>
> You don't need two ajp13 workers for http and https one is fine. If you want
> to deploy more than one instance then you need to create another
> ajp13 worker with it's own name and port not equal to 8009.
>
> I would suggest that you move the "JkMount /static/* ajp13" values from
> mod_jk.conf in to each VirtualHost section of your httpd.conf, say after the
> script alias. I'm guessing at the moment Apache has only applied those
> mappings to port 80 communications. I have almost duplicate entries in each
> VirtualHost for the http and https to do the mapping so it is very clear to
> Apache what domains, ports and mount points are being routed through ajp13
> and which worker again for when you deploy more than one instance. Also for
> the http I don't even map the backend applications as I have no desire for
> anybody using http to talk to the catalog application.
>
> I choose not to route the /images mount through ajp13 to Tomcat as Apache is
> well seasoned at serving static content. Maybe this will change if and when
> image content becomes more dynamic and you want to control access to certain
> resources, otherwise just set up an alias directive into the relevant ofbiz
> images folder.
>
> If your https ecommerce url's keep showing port 8443 then you also need to
> change your webstore data as the default demo data sets it as 8443, so it
> will constantly be trying to divert the next https request to 8443. For a
> true test you should also be able to turn of the Tomcat hosting of 8080 and
> 8443 in the ofbiz xml config file, so it is only available through ajp13.
>
> Ray
>
>
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
>
>  

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Vinay Agarwal
Si,
That's it. I will modify wiki so that others don't spend so much time on
this poplular configuration. Thanks.
Regards,
Vinay

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Si Chen
Sent: Tuesday, May 30, 2006 10:39 AM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

This might be because your framework/webapp/config/url.properties is still
configured to 8443, so <@ofbizUrl> is setting them to 8443?  Maybe change
those ports to 80 and 443.

Si

Vinay Agarwal wrote:

> I updated my httpd.conf and mod_jk.conf per Ray's suggestions (below).
> https traffic is still going through 8443 and uses OFBiz Test cert. :(
> Regards, Vinay
>
> <VirtualHost 72.29.99.94:80>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin [hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
> /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
>         Alias /images/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/i
> mages/
> "
>         <Location /images/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         Alias /static/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/weba
> pp/sta
> tic/"
>         <Location /static/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         JkMount /control/* ajp13
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
>                 Options -Indexes FollowSymLinks
>                 AllowOverride None
>                 Order allow,deny
>                 Allow from all
> </Directory>
> </VirtualHost>
>
>
> <VirtualHost 72.29.99.94:443>
> SSLEngine on
>         SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile
> /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert
> SSLCertificateKeyFile
> /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key
>         SSLOptions +StdEnvVars +ExportCertData
>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin [hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
> /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
>         Alias /images/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/i
> mages/
> "
>         <Location /images/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         Alias /static/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/weba
> pp/sta
> tic/"
>         <Location /static/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         JkMount /webtools/* ajp13
>         JkMount /partymgr/* ajp13
>         JkMount /content/* ajp13
>         JkMount /catalog/* ajp13
>         JkMount /accounting/* ajp13
>         JkMount /ordermgr/* ajp13
>         JkMount /marketing/* ajp13
>         JkMount /financials/* ajp13
>         JkMount /control/* ajp13
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
>                 Options -Indexes FollowSymLinks
>                 AllowOverride None
>                 Order allow,deny
>                 Allow from all
> </Directory>
> </VirtualHost>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]
> On Behalf Of Ray Barlow
> Sent: Tuesday, May 30, 2006 9:06 AM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see
> OFBiz Test Cert?
>
> You don't need two ajp13 workers for http and https one is fine. If
> you want to deploy more than one instance then you need to create
> another
> ajp13 worker with it's own name and port not equal to 8009.
>
> I would suggest that you move the "JkMount /static/* ajp13" values
> from mod_jk.conf in to each VirtualHost section of your httpd.conf,
> say after the script alias. I'm guessing at the moment Apache has only
> applied those mappings to port 80 communications. I have almost
> duplicate entries in each VirtualHost for the http and https to do the
> mapping so it is very clear to Apache what domains, ports and mount
> points are being routed through ajp13 and which worker again for when
> you deploy more than one instance. Also for the http I don't even map
> the backend applications as I have no desire for anybody using http to
talk to the catalog application.

>
> I choose not to route the /images mount through ajp13 to Tomcat as
> Apache is well seasoned at serving static content. Maybe this will
> change if and when image content becomes more dynamic and you want to
> control access to certain resources, otherwise just set up an alias
> directive into the relevant ofbiz images folder.
>
> If your https ecommerce url's keep showing port 8443 then you also
> need to change your webstore data as the default demo data sets it as
> 8443, so it will constantly be trying to divert the next https request
> to 8443. For a true test you should also be able to turn of the Tomcat
> hosting of 8080 and
> 8443 in the ofbiz xml config file, so it is only available through ajp13.
>
> Ray
>
>
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
>
>  

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Vinay Agarwal
In reply to this post by Si Chen-2
I updated Wiki. Please check if it is accurate.
http://ofbizwiki.go-integral.com/Wiki.jsp?page=Mod_jk_config


-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Vinay Agarwal
Sent: Tuesday, May 30, 2006 11:14 AM
To: 'OFBiz Users / Usage Discussion'
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

Si,
That's it. I will modify wiki so that others don't spend so much time on
this poplular configuration. Thanks.
Regards,
Vinay

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Si Chen
Sent: Tuesday, May 30, 2006 10:39 AM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

This might be because your framework/webapp/config/url.properties is still
configured to 8443, so <@ofbizUrl> is setting them to 8443?  Maybe change
those ports to 80 and 443.

Si

Vinay Agarwal wrote:

> I updated my httpd.conf and mod_jk.conf per Ray's suggestions (below).
> https traffic is still going through 8443 and uses OFBiz Test cert. :(
> Regards, Vinay
>
> <VirtualHost 72.29.99.94:80>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin [hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
> /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
>         Alias /images/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/i
> mages/
> "
>         <Location /images/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         Alias /static/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/weba
> pp/sta
> tic/"
>         <Location /static/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         JkMount /control/* ajp13
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
>                 Options -Indexes FollowSymLinks
>                 AllowOverride None
>                 Order allow,deny
>                 Allow from all
> </Directory>
> </VirtualHost>
>
>
> <VirtualHost 72.29.99.94:443>
> SSLEngine on
>         SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile
> /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert
> SSLCertificateKeyFile
> /usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key
>         SSLOptions +StdEnvVars +ExportCertData
>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin [hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
> /home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
>         Alias /images/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/i
> mages/
> "
>         <Location /images/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         Alias /static/
> "/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/weba
> pp/sta
> tic/"
>         <Location /static/WEB-INF/ >
>                 AllowOverride None
>                 deny from all
>         </Location>
>         JkMount /webtools/* ajp13
>         JkMount /partymgr/* ajp13
>         JkMount /content/* ajp13
>         JkMount /catalog/* ajp13
>         JkMount /accounting/* ajp13
>         JkMount /ordermgr/* ajp13
>         JkMount /marketing/* ajp13
>         JkMount /financials/* ajp13
>         JkMount /control/* ajp13
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
>                 Options -Indexes FollowSymLinks
>                 AllowOverride None
>                 Order allow,deny
>                 Allow from all
> </Directory>
> </VirtualHost>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]
> On Behalf Of Ray Barlow
> Sent: Tuesday, May 30, 2006 9:06 AM
> To: OFBiz Users / Usage Discussion
> Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see
> OFBiz Test Cert?
>
> You don't need two ajp13 workers for http and https one is fine. If
> you want to deploy more than one instance then you need to create
> another
> ajp13 worker with it's own name and port not equal to 8009.
>
> I would suggest that you move the "JkMount /static/* ajp13" values
> from mod_jk.conf in to each VirtualHost section of your httpd.conf,
> say after the script alias. I'm guessing at the moment Apache has only
> applied those mappings to port 80 communications. I have almost
> duplicate entries in each VirtualHost for the http and https to do the
> mapping so it is very clear to Apache what domains, ports and mount
> points are being routed through ajp13 and which worker again for when
> you deploy more than one instance. Also for the http I don't even map
> the backend applications as I have no desire for anybody using http to
talk to the catalog application.

>
> I choose not to route the /images mount through ajp13 to Tomcat as
> Apache is well seasoned at serving static content. Maybe this will
> change if and when image content becomes more dynamic and you want to
> control access to certain resources, otherwise just set up an alias
> directive into the relevant ofbiz images folder.
>
> If your https ecommerce url's keep showing port 8443 then you also
> need to change your webstore data as the default demo data sets it as
> 8443, so it will constantly be trying to divert the next https request
> to 8443. For a true test you should also be able to turn of the Tomcat
> hosting of 8080 and
> 8443 in the ofbiz xml config file, so it is only available through ajp13.
>
> Ray
>
>
>
>  
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
>
>  

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users