You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by mrfitz <fi...@posintl.com> on 2012/07/06 17:18:55 UTC

Re: Removing port number from the url in production setup

Hi Mike Z,

Nube question..

I have this same situation but am Using windows7 not Linux as my server,
where would I set up the "apache (port 80) configuration file", in windows?

Is it even possible?

Thanks 
MrFitz



Mike Z wrote
> 
> Mandeep.  Nice looking site.
> 
> Regarding your issue, you REALLY want to use apache using mod_jk in front
> of ofbiz.  Here is why:
> 
> 1) You can offload the processing of images to apache (less load on ofbiz)
> 2) You can easily set cache timeouts for images, css, and other static
> content.
> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> using
> ofbiz
> 4) It is easier to offload SSL certificate management to apache
> 5) You can setup gzip compression (DEFLATE)
> 6) You can load balance to multiple instances of ofbiz via apache mod-jk.
> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the same.
> 8) Most Important:  You can add security to your site by locking out admin
> links.
> 
> Regarding #8.  If you are running an ecommerce site, you DON'T want people
> from the internet to even attempt to gain access (i.e. login as 'admin' to
> 'catalog').  Do you think amazon.com allows 'admin' login to the backend
> from their main site?  Absurd to even ask.  This is basic internet
> security.
> 
> Instead, have front-end machines that serve ecommerce, and have back-end
> machines that allows access to /catalog, etc. via a VPN, or a local
> subnet.
> 
> I have found that this setup runs faster, and you have more flexibility.
> 
> Here is a sample apache (port 80) configuration file:....
> 


--
View this message in context: http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634522.html
Sent from the OFBiz - User mailing list archive at Nabble.com.

Re: Removing port number from the url in production setup

Posted by Jacques Le Roux <ja...@les7arts.com>.

From: "Jacques Le Roux" <ja...@les7arts.com>
> From: "mrfitz" <fi...@posintl.com>
>> Hi Jacques,
>>
>> I am a nube.  And I am sorry, but I have just about memorized every one of
>> the documents you referenced.  I made the changes, but my url's still
>> contain the port ie..
>> https://posintl.sytes.net:8443/catalog/control/EditProductStore
>>
>> So, I'm a dummy, and can't quite get it figured out...
> 
> Ho I don't blame you, I got the same when I began. It was more a rant addressed to the whole audience...
> 
> This is not really an OFBiz issue. You should really try to use HTTPD as front end http://httpd.apache.org/. It's a bit more 
> involved at start, but not that much. And you will get great benefits on the long run
> For your particular problem see http://pwu-developer.blogspot.fr/2011/04/securing-tomcat-with-apache-web-server.html
> 
> Also refer to the OFBiz FAQ link I sent you before, there are good tips there
> BTW better keep the thread copied, text format is not abusing Internet mails
> Sorry at the moment Confluence is done...

was "is gone", it's back since

Jacques
 
> You may use rewrite rules to then change url you want when you want.
> For rewrite rules, an internal alternative is to use Tuckey http://tuckey.org/urlrewrite/
> 
> HTH
> 
> Jacques
> 
>>
>>
>> as far as..
>>
>>
>> Jacques Le Roux wrote
>>>
>>> BTW what is your situation now regarding
>>> http://markmail.org/message/c4neg7g2yu5wkxhi ?
>>> Note: prefer Postgres under Mysql
>>>
>>> Jacques
>>>
>>
>> I haven't got it figured out yet.  I have reread all the applicable docs and
>> posts, and it MIGHT be getting a little clearer.  I am able to connect to
>> MySql.  But I need to get the other stuff figured out.
>>
>> You mentioned "This is a solution limited to 1 OFBiz instance "  so that's
>> probably not going to work for me in my long term plans.  I have been
>> reading many posts that discuss using a single code base with multi tenants
>> to provide a type of SAS config.  That's really what I want.
>>
>> Thanks for being patient with the nube.  If you can point me to more info, I
>> would appreciate it.  Once I get up to speed, I will be able to contribute
>> training aids.
>>
>> MrFitz
>>
>>
>> --
>> View this message in context: 
>> http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634528.html
>> Sent from the OFBiz - User mailing list archive at Nabble.com.

Re: Removing port number from the url in production setup

Posted by Jacques Le Roux <ja...@les7arts.com>.

From: "mrfitz" <fi...@posintl.com>
> Hi Jacques,
>
> I am a nube.  And I am sorry, but I have just about memorized every one of
> the documents you referenced.  I made the changes, but my url's still
> contain the port ie..
> https://posintl.sytes.net:8443/catalog/control/EditProductStore
>
> So, I'm a dummy, and can't quite get it figured out...

Ho I don't blame you, I got the same when I began. It was more a rant addressed to the whole audience...

This is not really an OFBiz issue. You should really try to use HTTPD as front end http://httpd.apache.org/. It's a bit more 
involved at start, but not that much. And you will get great benefits on the long run
For your particular problem see http://pwu-developer.blogspot.fr/2011/04/securing-tomcat-with-apache-web-server.html

Also refer to the OFBiz FAQ link I sent you before, there are good tips there
BTW better keep the thread copied, text format is not abusing Internet mails
Sorry at the moment Confluence is done...

You may use rewrite rules to then change url you want when you want.
For rewrite rules, an internal alternative is to use Tuckey http://tuckey.org/urlrewrite/

HTH

Jacques

>
>
> as far as..
>
>
> Jacques Le Roux wrote
>>
>> BTW what is your situation now regarding
>> http://markmail.org/message/c4neg7g2yu5wkxhi ?
>> Note: prefer Postgres under Mysql
>>
>> Jacques
>>
>
> I haven't got it figured out yet.  I have reread all the applicable docs and
> posts, and it MIGHT be getting a little clearer.  I am able to connect to
> MySql.  But I need to get the other stuff figured out.
>
> You mentioned "This is a solution limited to 1 OFBiz instance "  so that's
> probably not going to work for me in my long term plans.  I have been
> reading many posts that discuss using a single code base with multi tenants
> to provide a type of SAS config.  That's really what I want.
>
> Thanks for being patient with the nube.  If you can point me to more info, I
> would appreciate it.  Once I get up to speed, I will be able to contribute
> training aids.
>
> MrFitz
>
>
> --
> View this message in context: 
> http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634528.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.

Re: Removing port number from the url in production setup

Posted by mrfitz <fi...@posintl.com>.

Hi Jacques,

I am a nube.  And I am sorry, but I have just about memorized every one of
the documents you referenced.  I made the changes, but my url's still
contain the port ie..
https://posintl.sytes.net:8443/catalog/control/EditProductStore

So, I'm a dummy, and can't quite get it figured out...



as far as..  


Jacques Le Roux wrote
> 
> BTW what is your situation now regarding
> http://markmail.org/message/c4neg7g2yu5wkxhi ?
> Note: prefer Postgres under Mysql
> 
> Jacques
> 

I haven't got it figured out yet.  I have reread all the applicable docs and
posts, and it MIGHT be getting a little clearer.  I am able to connect to
MySql.  But I need to get the other stuff figured out.

You mentioned "This is a solution limited to 1 OFBiz instance "  so that's
probably not going to work for me in my long term plans.  I have been
reading many posts that discuss using a single code base with multi tenants
to provide a type of SAS config.  That's really what I want.

Thanks for being patient with the nube.  If you can point me to more info, I
would appreciate it.  Once I get up to speed, I will be able to contribute
training aids.

MrFitz


--
View this message in context: http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634528.html
Sent from the OFBiz - User mailing list archive at Nabble.com.

Re: Removing port number from the url in production setup

Posted by Jacques Le Roux <ja...@les7arts.com>.

I don't want to RTFM, but really
from
https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Documentation+Index
Configuration Documents
https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Documentation+Index#OFBizDocumentationIndex-ConfigurationDocuments
Apache OFBiz Technical Production Setup Guide
https://cwiki.apache.org/confluence/display/OFBTECH/Apache+OFBiz+Technical+Production+Setup+Guide
URL and Port Settings
https://cwiki.apache.org/confluence/display/OFBTECH/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-URLandPortSettings
Apache OFBiz Business Setup Guide (for users)
https://cwiki.apache.org/confluence/display/OFBENDUSER/Apache+OFBiz+Business+Setup+Guide
WebSite Setup (ok this one is not obvious)
https://cwiki.apache.org/confluence/display/OFBENDUSER/Apache+OFBiz+Business+Setup+Guide#ApacheOFBizBusinessSetupGuide-WebSiteSetup

Is that so hard?

You can change in the Website associated with the ProductStore (80 and 443 are default HHTP/S port and will not show in URLs)
for instance https://demo-trunk.ofbiz.apache.org/content/control/EditWebSite?webSiteId=WebStore
You can also change in url.properties (all websites, the previous setting surcharges url.properties, or url.properties is a fallback
if you prefer)
This is a solution limited to 1 OFBiz instance

If you need more, and in most cases anyway, it's better to use a FrontEnd like Apache HTTPD
https://cwiki.apache.org/confluence/display/OFBIZ/FAQ+-+Tips+-+Tricks+-+Cookbook+-+HowTo#FAQ-Tips-Tricks-Cookbook-HowTo-ApacheHTTPD(ApacheWebserver)
HTTPD works also on Windows

BTW what is your situation now regarding http://markmail.org/message/c4neg7g2yu5wkxhi ?
Note: prefer Postgres under Mysql

Jacques

From: "mrfitz" <fi...@posintl.com>
> Hi Mike Z,
>
> Nube question..
>
> I have this same situation but am Using windows7 not Linux as my server,
> where would I set up the "apache (port 80) configuration file", in windows?
>
> Is it even possible?
>
> Thanks
> MrFitz
>
>
>
> Mike Z wrote
>>
>> Mandeep.  Nice looking site.
>>
>> Regarding your issue, you REALLY want to use apache using mod_jk in front
>> of ofbiz.  Here is why:
>>
>> 1) You can offload the processing of images to apache (less load on ofbiz)
>> 2) You can easily set cache timeouts for images, css, and other static
>> content.
>> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
>> using
>> ofbiz
>> 4) It is easier to offload SSL certificate management to apache
>> 5) You can setup gzip compression (DEFLATE)
>> 6) You can load balance to multiple instances of ofbiz via apache mod-jk.
>> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the same.
>> 8) Most Important:  You can add security to your site by locking out admin
>> links.
>>
>> Regarding #8.  If you are running an ecommerce site, you DON'T want people
>> from the internet to even attempt to gain access (i.e. login as 'admin' to
>> 'catalog').  Do you think amazon.com allows 'admin' login to the backend
>> from their main site?  Absurd to even ask.  This is basic internet
>> security.
>>
>> Instead, have front-end machines that serve ecommerce, and have back-end
>> machines that allows access to /catalog, etc. via a VPN, or a local
>> subnet.
>>
>> I have found that this setup runs faster, and you have more flexibility.
>>
>> Here is a sample apache (port 80) configuration file:....
>>
>
>
> --
> View this message in context:
> http://ofbiz.135035.n4.nabble.com/Removing-port-number-from-the-url-in-production-setup-tp4632743p4634522.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.