Posted by
Ray Barlow on
May 30, 2006; 5:06pm
URL: http://ofbiz.116.s1.nabble.com/Users-Apache-mod-jk-SSL-Cert-Why-do-I-see-OFBiz-Test-Cert-tp139503p139508.html
You don't need two ajp13 workers for http and https one is fine. If you
want to deploy more than one instance then you need to create another
ajp13 worker with it's own name and port not equal to 8009.
I would suggest that you move the "JkMount /static/* ajp13" values from
mod_jk.conf in to each VirtualHost section of your httpd.conf, say after
the script alias. I'm guessing at the moment Apache has only applied
those mappings to port 80 communications. I have almost duplicate
entries in each VirtualHost for the http and https to do the mapping so
it is very clear to Apache what domains, ports and mount points are
being routed through ajp13 and which worker again for when you deploy
more than one instance. Also for the http I don't even map the backend
applications as I have no desire for anybody using http to talk to the
catalog application.
I choose not to route the /images mount through ajp13 to Tomcat as
Apache is well seasoned at serving static content. Maybe this will
change if and when image content becomes more dynamic and you want to
control access to certain resources, otherwise just set up an alias
directive into the relevant ofbiz images folder.
If your https ecommerce url's keep showing port 8443 then you also need
to change your webstore data as the default demo data sets it as 8443,
so it will constantly be trying to divert the next https request to
8443. For a true test you should also be able to turn of the Tomcat
hosting of 8080 and 8443 in the ofbiz xml config file, so it is only
available through ajp13.
Ray
Vinay Agarwal wrote:
>After doing further research, I found that http traffic is mapped to the
>default port but the https traffic is still on port 8443. Do I need two
>ajp13 workers one for http traffic and one for https traffic?
>
>The relevant config files are below.
>Thanks a lot.
>Vinay Agarwal
>
>Workers.properties
>----------------
># Setting Java Home
>workers.java_home=/usr/local/java/java
>ps=/
>worker.list=ajp13
>worker.ajp13.port=8009
>worker.ajp13.host=localhost
>worker.ajp13.type=ajp13
>
>mod_jk.conf
>-----------
>JkWorkersFile "/etc/httpd/conf/workers.properties"
>JkLogFile "/var/log/httpd/mod_jk.log"
>
> JkMount /images/* ajp13
> JkMount /static/* ajp13
> JkMount /webtools/* ajp13
> JkMount /partymgr/* ajp13
> JkMount /content/* ajp13
> JkMount /catalog/* ajp13
> JkMount /accounting/* ajp13
> JkMount /ordermgr/* ajp13
> JkMount /marketing/* ajp13
> JkMount /financials/* ajp13
> JkMount /control/* ajp13
>
>JkLogLevel emerg
>#JkLogLevel info
>#JkLogLevel debug
>
># Should mod_jk send SSL information to Tomcat (default is On)
>JkExtractSSL On
># What is the indicator for SSL (default is HTTPS)
>JkHTTPSIndicator HTTPS
># What is the indicator for SSL session (default is SSL_SESSION_ID)
>JkSESSIONIndicator SSL_SESSION_ID
># What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
>JkCIPHERIndicator SSL_CIPHER
># What is the indicator for the client SSL certificated (default is
>SSL_CLIENT_CERT)
>JkCERTSIndicator SSL_CLIENT_CERT
>
>Httpd.conf
>----------
><VirtualHost 72.29.99.94:80>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin
[hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
>/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
> Options -Indexes FollowSymLinks
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
></VirtualHost>
><VirtualHost 72.29.99.94:443>
> SSLEngine on
> SSLCipherSuite
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile
>/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert
> SSLCertificateKeyFile
>/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key
> SSLOptions +StdEnvVars +ExportCertData
>
> ServerName www.grayzilla.com
> ServerAlias www.grayzilla.com grayzilla.com
> ServerAdmin
[hidden email]
> DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
> ScriptAlias /cgi-bin/
>/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/
>
> UseCanonicalName OFF
>
> SuexecUserGroup grayzilla grayzilla
> CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
> CustomLog /var/log/httpd/domains/grayzilla.com.log combined
> ErrorLog /var/log/httpd/domains/grayzilla.com.error.log
>
> <Directory /home/grayzilla/domains/grayzilla.com/public_html>
> Options -Indexes FollowSymLinks
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
></VirtualHost>
>
>
>
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users