I am studying how to install OFBiz and a multi-domain WordPress site
on the same server, and I want a) all access to all content in either to be over a secure connection (but I have yet to succees to figure out how to get mod_rewrite to redirect all requests coming in on port 80 using http to be remade using https over port 443 - I always get an error that the redirection was done in a way that will never complete), and b) to ensure that whatever I do getting ofbiz to work with apache's httpd server will not break what I have to do to get a working multi-site WordPress install (which I will begin with by experimenting with simulating multiple virtual hosts served by httpd based on a small number of entries to the hosts file on both the server and a couple client virtual machines). I know I found a web page in the past that talked about configuring Apache's httpd server receive requests for OFBiz and pass them on to OFBiz, but for the life of me, and despite many Google searchs, I have not found it again. Does anyone know what the URL for that page is? Thanks Ted |
https://cwiki.apache.org/OFBIZ/faq-tips-tricks-cookbook-howto.html#FAQ-Tips-Tricks-Cookbook-HowTo-HTTPD
But you would do something like this: <Location /ecommerce/> proxyPass ajp://127.0.0.1:8009/ecommerce/ </Location> <Location /images/> proxyPass ajp://127.0.0.1:8009/images/ </Location> <Location /content/> proxyPass ajp://127.0.0.1:8009/content/ </Location> You just have to make sure anything ofbiz-specific is short-circuited to ajp:// This also pretty much disables accessing the backend (/webtools/, etc.) as well. On Fri, Mar 8, 2013 at 5:31 PM, Ted Byers <[hidden email]> wrote: > I am studying how to install OFBiz and a multi-domain WordPress site > on the same server, and I want a) all access to all content in either > to be over a secure connection (but I have yet to succees to figure > out how to get mod_rewrite to redirect all requests coming in on port > 80 using http to be remade using https over port 443 - I always get an > error that the redirection was done in a way that will never > complete), and b) to ensure that whatever I do getting ofbiz to work > with apache's httpd server will not break what I have to do to get a > working multi-site WordPress install (which I will begin with by > experimenting with simulating multiple virtual hosts served by httpd > based on a small number of entries to the hosts file on both the > server and a couple client virtual machines). > > I know I found a web page in the past that talked about configuring > Apache's httpd server receive requests for OFBiz and pass them on to > OFBiz, but for the life of me, and despite many Google searchs, I have > not found it again. Does anyone know what the URL for that page is? > > Thanks > > Ted > |
Thanks,
But .... On Fri, Mar 8, 2013 at 10:38 PM, Mike <[hidden email]> wrote: > https://cwiki.apache.org/OFBIZ/faq-tips-tricks-cookbook-howto.html#FAQ-Tips-Tricks-Cookbook-HowTo-HTTPD > > But you would do something like this: > > <Location /ecommerce/> > proxyPass ajp://127.0.0.1:8009/ecommerce/ > </Location> > <Location /images/> > proxyPass ajp://127.0.0.1:8009/images/ > </Location> > <Location /content/> > proxyPass ajp://127.0.0.1:8009/content/ > </Location> > > You just have to make sure anything ofbiz-specific is short-circuited to > ajp:// > > This also pretty much disables accessing the backend (/webtools/, etc.) as > well. > What would I need to do to ensure that the backend remains usable? For my situation, I need both the ecommerce support and the webtools. Thanks Ted |
There are a couple of ways to do it, each of which requires you to really
know apache the AJP module: On a running ofbiz system, there is this "runtime" directory: ls /opt/ofbiz.1104/runtime/catalina/work/default-server/0.0.0.0# accounting bizznesstime droppingcrumbs example googlecheckout multiflex ordermgr tempfiles workeffort ap bluelight ebay exampleext hhfacility myportal osafe_theme tomahawk ar catalog ebaystore facility humanres oagis partymgr assetmaint cmssite ecommerce flatgrey iCalendar manufacturing ofbiz projectmgr webpos content images marketing ofbizsetup webslinge birt googlebase ismgr minimal sfa webtools These are all reserved paths that ofbiz creates when started, so you can create a bunch of <Location>...</Location> tags for each of the above --or-- you can also just use: (with out /Location tags). proxyPass /catalog ajp://127.0.0.1:8009/catalog proxyPass /cmssite ajp://127.0.0.1:8009/cmssite proxyPass /content ajp://127.0.0.1:8009/content However, just looking at the shear amount of mount points that ofbiz exposes by default it is crazy to expose all of them on the internet. You can probably lock down the external facing mounts that you really need (like /ecommerce) and just access the backend via a direct connection to port 8080/8443, only from your LAN. On Sat, Mar 9, 2013 at 4:10 AM, Ted Byers <[hidden email]> wrote: > Thanks, > > But .... > > On Fri, Mar 8, 2013 at 10:38 PM, Mike <[hidden email]> wrote: > > > https://cwiki.apache.org/OFBIZ/faq-tips-tricks-cookbook-howto.html#FAQ-Tips-Tricks-Cookbook-HowTo-HTTPD > > > > But you would do something like this: > > > > <Location /ecommerce/> > > proxyPass ajp://127.0.0.1:8009/ecommerce/ > > </Location> > > <Location /images/> > > proxyPass ajp://127.0.0.1:8009/images/ > > </Location> > > <Location /content/> > > proxyPass ajp://127.0.0.1:8009/content/ > > </Location> > > > > You just have to make sure anything ofbiz-specific is short-circuited to > > ajp:// > > > > This also pretty much disables accessing the backend (/webtools/, etc.) > as > > well. > > > > What would I need to do to ensure that the backend remains usable? > For my situation, I need both the ecommerce support and the webtools. > > Thanks > > Ted > |
Thanks Mike,
On Sat, Mar 9, 2013 at 12:38 PM, Mike <[hidden email]> wrote: > There are a couple of ways to do it, each of which requires you to really > know apache the AJP module: > > On a running ofbiz system, there is this "runtime" directory: > > ls /opt/ofbiz.1104/runtime/catalina/work/default-server/0.0.0.0# > > accounting bizznesstime droppingcrumbs example googlecheckout multiflex > ordermgr tempfiles workeffort ap bluelight ebay exampleext hhfacility > myportal osafe_theme tomahawk ar catalog ebaystore facility humanres > oagis partymgr assetmaint cmssite ecommerce flatgrey iCalendar > manufacturing ofbiz projectmgr webpos content images marketing > ofbizsetup webslinge birt googlebase ismgr minimal sfa webtools > > These are all reserved paths that ofbiz creates when started, so you can > create a bunch of <Location>...</Location> tags for each of the above > --or-- you can also just use: (with out /Location tags). > > proxyPass /catalog ajp://127.0.0.1:8009/catalog > proxyPass /cmssite ajp://127.0.0.1:8009/cmssite > proxyPass /content ajp://127.0.0.1:8009/content > > However, just looking at the shear amount of mount points that ofbiz > exposes by default it is crazy to expose all of them on the internet. You > can probably lock down the external facing mounts that you really need > (like /ecommerce) and just access the backend via a direct connection to > port 8080/8443, only from your LAN. > Would I not be able to handle the security implications of exposing some selection of mounts for the back end by requiring client side certificates for them. If so, I know how to add support or a requirement, for client side certificates in Apache's httpd server, but what about the application server OFBiz lives in? Thanks, Ted |
This seems to be a good guide: http://www.garex.net/apache/
On Sat, Mar 9, 2013 at 9:49 AM, Ted Byers <[hidden email]> wrote: > Thanks Mike, > > On Sat, Mar 9, 2013 at 12:38 PM, Mike <[hidden email]> wrote: > > There are a couple of ways to do it, each of which requires you to really > > know apache the AJP module: > > > > On a running ofbiz system, there is this "runtime" directory: > > > > ls /opt/ofbiz.1104/runtime/catalina/work/default-server/0.0.0.0# > > > > accounting bizznesstime droppingcrumbs example googlecheckout > multiflex > > ordermgr tempfiles workeffort ap bluelight ebay exampleext > hhfacility > > myportal osafe_theme tomahawk ar catalog ebaystore facility humanres > > oagis partymgr assetmaint cmssite ecommerce flatgrey iCalendar > > manufacturing ofbiz projectmgr webpos content images marketing > > ofbizsetup webslinge birt googlebase ismgr minimal sfa webtools > > > > These are all reserved paths that ofbiz creates when started, so you can > > create a bunch of <Location>...</Location> tags for each of the above > > --or-- you can also just use: (with out /Location tags). > > > > proxyPass /catalog ajp://127.0.0.1:8009/catalog > > proxyPass /cmssite ajp://127.0.0.1:8009/cmssite > > proxyPass /content ajp://127.0.0.1:8009/content > > > > However, just looking at the shear amount of mount points that ofbiz > > exposes by default it is crazy to expose all of them on the internet. > You > > can probably lock down the external facing mounts that you really need > > (like /ecommerce) and just access the backend via a direct connection to > > port 8080/8443, only from your LAN. > > > > Would I not be able to handle the security implications of exposing > some selection of mounts for the back end by requiring client side > certificates for them. If so, I know how to add support or a > requirement, for client side certificates in Apache's httpd server, > but what about the application server OFBiz lives in? > > Thanks, > > Ted > |
Free forum by Nabble | Edit this page |