OFBiz OFBiz - User
Login  Register

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Posted by Vinay Agarwal on May 30, 2006; 6:12pm
URL: http://ofbiz.116.s1.nabble.com/Users-Apache-mod-jk-SSL-Cert-Why-do-I-see-OFBiz-Test-Cert-tp139503p139512.html

I updated my httpd.conf and mod_jk.conf per Ray's suggestions (below). https
traffic is still going through 8443 and uses OFBiz Test cert. :(
Regards,
Vinay

<VirtualHost 72.29.99.94:80>
        ServerName www.grayzilla.com
        ServerAlias www.grayzilla.com grayzilla.com
        ServerAdmin [hidden email]
        DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
        ScriptAlias /cgi-bin/
/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/

        Alias /images/
"/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/
"
        <Location /images/WEB-INF/ >
                AllowOverride None
                deny from all
        </Location>
        Alias /static/
"/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta
tic/"
        <Location /static/WEB-INF/ >
                AllowOverride None
                deny from all
        </Location>
        JkMount /control/* ajp13

        UseCanonicalName OFF

        SuexecUserGroup grayzilla grayzilla
        CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
        CustomLog /var/log/httpd/domains/grayzilla.com.log combined
        ErrorLog /var/log/httpd/domains/grayzilla.com.error.log

        <Directory /home/grayzilla/domains/grayzilla.com/public_html>
                Options -Indexes FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>


<VirtualHost 72.29.99.94:443>
        SSLEngine on
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile
/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert
        SSLCertificateKeyFile
/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key
        SSLOptions +StdEnvVars +ExportCertData

        ServerName www.grayzilla.com
        ServerAlias www.grayzilla.com grayzilla.com
        ServerAdmin [hidden email]
        DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
        ScriptAlias /cgi-bin/
/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/

        Alias /images/
"/home/grayzilla/domains/grayzilla.com/ofbiz/framework/images/webapp/images/
"
        <Location /images/WEB-INF/ >
                AllowOverride None
                deny from all
        </Location>
        Alias /static/
"/home/grayzilla/domains/grayzilla.com/ofbiz/hot-deploy/grayzilla/webapp/sta
tic/"
        <Location /static/WEB-INF/ >
                AllowOverride None
                deny from all
        </Location>
        JkMount /webtools/* ajp13
        JkMount /partymgr/* ajp13
        JkMount /content/* ajp13
        JkMount /catalog/* ajp13
        JkMount /accounting/* ajp13
        JkMount /ordermgr/* ajp13
        JkMount /marketing/* ajp13
        JkMount /financials/* ajp13
        JkMount /control/* ajp13

        UseCanonicalName OFF

        SuexecUserGroup grayzilla grayzilla
        CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
        CustomLog /var/log/httpd/domains/grayzilla.com.log combined
        ErrorLog /var/log/httpd/domains/grayzilla.com.error.log

        <Directory /home/grayzilla/domains/grayzilla.com/public_html>
                Options -Indexes FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Ray Barlow
Sent: Tuesday, May 30, 2006 9:06 AM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

You don't need two ajp13 workers for http and https one is fine. If you want
to deploy more than one instance then you need to create another
ajp13 worker with it's own name and port not equal to 8009.

I would suggest that you move the "JkMount /static/* ajp13" values from
mod_jk.conf in to each VirtualHost section of your httpd.conf, say after the
script alias. I'm guessing at the moment Apache has only applied those
mappings to port 80 communications. I have almost duplicate entries in each
VirtualHost for the http and https to do the mapping so it is very clear to
Apache what domains, ports and mount points are being routed through ajp13
and which worker again for when you deploy more than one instance. Also for
the http I don't even map the backend applications as I have no desire for
anybody using http to talk to the catalog application.

I choose not to route the /images mount through ajp13 to Tomcat as Apache is
well seasoned at serving static content. Maybe this will change if and when
image content becomes more dynamic and you want to control access to certain
resources, otherwise just set up an alias directive into the relevant ofbiz
images folder.

If your https ecommerce url's keep showing port 8443 then you also need to
change your webstore data as the default demo data sets it as 8443, so it
will constantly be trying to divert the next https request to 8443. For a
true test you should also be able to turn of the Tomcat hosting of 8080 and
8443 in the ofbiz xml config file, so it is only available through ajp13.

Ray



 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Free forum by Nabble Edit this page