You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Ingo Wolfmayr <in...@wolfix.at> on 2022/02/07 16:56:47 UTC
distTar
Hi everybody,
I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
./gradlew build (build the project and see if everything is fine)
./gradlew "ofbiz start"
Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
Thanks for every hint.
Best regards,
Ingo
Re: AW: AW: AW: AW: AW: distTar
Posted by Jacques Le Roux <ja...@les7arts.com>.
OK, then you need to set HTTPD ahead to handle that
This should help you:
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=82706476#FAQTipsTricksCookbookHowTo-HTTPD
notably look for "Sometime it is useful to let Apache Web Server to serve the static resources such as images, css, js etc for performance or other
reasons."
I never did that for tenants, I guess you can infer...
Jacques
Le 18/03/2022 à 10:58, Ingo Wolfmayr a écrit :
> Hi Jacques,
>
> put the images have to be in path of the webapp. In default "/themes/common-theme/images/webapp/images". The primary problem was that distTar and distZip inlude everything in project path.
>
> As I mentioned earlier, uploading images outsite the project path works fine. The images are in place. But viewing the images does not work as the path to the image is not a webapp path.
>
> For example the image "/home/user/products/GZ-1000/original.JPG" is outside the project - not a webapp path. Viewing wont work.
>
> So I guess I have to tell the tomcat webapp to look in a different folder ("/home/user/products").
>
> Maybe we are talking from differen things? The default image process for tenants works fine :)
>
> Best regards,
> Ingo
>
> -----Ursprüngliche Nachricht-----
> Von: Jacques Le Roux<ja...@les7arts.com>
> Gesendet: Freitag, 18. März 2022 09:58
> An:user@ofbiz.apache.org
> Betreff: Re: AW: AW: AW: AW: distTar
>
> Hi Ingo,
>
> I guess you noticed that I earlier mentioned:
>
> <<There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.>>
>
> It's also in image.url.prefix
>
> <<# -- Image upload path on the server
> image.server.path=${sys:getProperty('ofbiz.home')}/themes/common-theme/images/webapp/images/${tenantId}
>
> # -- The prefix to put on auto-generated image urls (can be relative or absolute, whatever you want)
> image.url.prefix=/images/${tenantId}>>
>
> I guess you should look at that
>
> HTH
>
> Jacques
>
> Le 17/03/2022 à 19:03, Jacques Le Roux a écrit :
>> I use the default setup and the URL for the original files is
>>
>> https://localhost:8443/images/products/GZ-1000/original.JPG
>>
>> There are other files there:
>>
>>
>> 17/03/2022 18:58 <REP> .
>> 17/03/2022 18:58 <REP> ..
>> 17/03/2022 18:58 2 889 100x75.JPG
>> 17/03/2022 18:58 132 623 1024x768.JPG
>> 17/03/2022 18:58 195 694 1280x1024.JPG
>> 17/03/2022 18:58 4 997 150x112.JPG
>> 17/03/2022 18:58 287 749 1600x1200.JPG
>> 17/03/2022 18:58 17 456 320x240.JPG
>> 17/03/2022 18:58 58 108 640x480.JPG
>> 17/03/2022 18:58 86 271 800x600.JPG
>> 16/03/2022 11:42 <REP> additional1
>> 23/11/2021 10:04 <REP> additionalE
>> 17/03/2022 18:58 52 565 detail.JPG
>> 17/03/2022 18:58 8 000 large.JPG
>> 17/03/2022 18:58 2 889 medium.JPG
>> 17/03/2022 18:58 1 378 793 original.JPG
>> 17/03/2022 18:58 1 278 small.JPG
>> 17/03/2022 18:58 2 889 thumbnail.JPG
>>
>> They can be accessed/viewed by using
>>
>> https://localhost:8443/images/products/GZ-1000/100x75.JPG
>> [...]
>> https://localhost:8443/images/products/GZ-1000/thumbnail.JPG
>>
>> HTH
>>
>>
>> Le 17/03/2022 à 18:11, Ingo Wolfmayr a écrit :
>>> Hi Jaqcues,
>>>
>>> may I ask how did you setup the values in catalog.properties? And how does the url of the uploaded image look like.
>>>
>>> Thanks!
>>>
>>> Best regards
>>> Ingo
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Jacques Le Roux<ja...@les7arts.com>
>>> Gesendet: Donnerstag, 17. März 2022 17:21
>>> An:user@ofbiz.apache.org
>>> Betreff: Re: AW: AW: AW: distTar
>>>
>>> Hi Ingo,
>>>
>>> I see you are using multitenant, right? Maybe it's the reason
>>>
>>> Because it works here, as you can see at
>>> https://user-images.githubusercontent.com/557941/158845946-08df08f0-e
>>> e91-4cf1-8756-4092113015ce.png
>>>
>>> HTH
>>>
>>> Jaqcues
>>>
>>> Le 17/03/2022 à 08:06, Ingo Wolfmayr a écrit :
>>>> Hi Jacques,
>>>>
>>>> I refere to the default product images uploaded via the upload form
>>>> on EditProductContent. The images are correctly uploaded and scaled. They cannot be viewed for example on the same screen (preview images).
>>>>
>>>> Example:
>>>> Upload to: /images/tenant/demo/products/demoproduct/small.JPG
>>>> Views via:
>>>> https://mydomain/images/tenant/demo/products/demoproduct/small.JPG
>>>>
>>>> If the are not uploaded in the webapp folder that referes to the web-path /images they will not be displayed.
>>>>
>>>> Content images are handled differently -
>>>> https://mydomain/stream?contentId=10000
>>>>
>>>> Best regards,
>>>> Ingo
>>>>
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Jacques Le Roux<ja...@les7arts.com>
>>>> Gesendet: Donnerstag, 17. März 2022 07:53
>>>> An:user@ofbiz.apache.org
>>>> Betreff: Re: AW: AW: distTar
>>>>
>>>> Hi Ingo,
>>>>
>>>> What images are you speaking about and from where do you try to view these images?
>>>>
>>>> As a 1st step, I guess it's products images. If it's additional
>>>> imaged added through product/content you should be able to see them on ecommerce site.
>>>>
>>>> Note: I'm currently reviewing the situation of "images" and will get back to that later on dev ML with maybe a copy here too...
>>>>
>>>> Jacques
>>>>
>>>> Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit :
>>>>> Hi Jaques,
>>>>>
>>>>> I have one more question to the image path: When I set the
>>>>> "image.server.path" to for example "/home/ofbiz/images" the file is
>>>>> uploaded fine - the files are in the right path. Unfortunately
>>>>> viewing the image requires it to be available via a webpath as by
>>>>> default /images
>>>>>
>>>>> Do you have a recommendation on how to set it up correctly?
>>>>>
>>>>> Best regards,
>>>>> Ingo
>>>>>
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: Jacques Le Roux<ja...@les7arts.com>
>>>>> Gesendet: Freitag, 11. Februar 2022 19:06
>>>>> An:user@ofbiz.apache.org
>>>>> Betreff: Re: AW: distTar
>>>>>
>>>>> Hi Ingo, All,
>>>>>
>>>>> To clarify my thoughts and message.
>>>>>
>>>>> Actually I was wrong when I said that "a feature was lost when
>>>>> common-theme was put in". The rest is right. This feature is the
>>>>> possibility, through image.server.path property in
>>>>> catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of other malicious files uploads. The same is true for the other property image.management.path.
>>>>>
>>>>> So the fact that before common-theme was put in, with the folder
>>>>> for images /themes/common/images/webapp/images/, this folder was /framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
>>>>>
>>>>> There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
>>>>>
>>>>> So I finally don't think it's necessary to put the images and
>>>>> image.management in runtime. This would add nothing. I'll remove
>>>>> the FIXMEs
>>>>>
>>>>> Jacques
>>>>>
>>>>> Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
>>>>>> Hi Jacques,
>>>>>>
>>>>>> thanks for the fast response. I will do it exactly as you say.
>>>>>>
>>>>>> Best regards
>>>>>> Ingo
>>>>>>
>>>>>>
>>>>>> -----Ursprüngliche Nachricht-----
>>>>>> Von: Jacques Le Roux<ja...@les7arts.com>
>>>>>> Gesendet: Montag, 7. Februar 2022 19:21An:user@ofbiz.apache.org
>>>>>> Betreff: Re: distTar
>>>>>>
>>>>>> Hi Ingo,
>>>>>>
>>>>>> You don't need to use
>>>>>>
>>>>>> ./gradlew "ofbiz start"
>>>>>>
>>>>>> ./gradlew ofbiz
>>>>>> is enough and does not generate zip/tar.
>>>>>>
>>>>>> This said I'm currently working on a feature that was lost when
>>>>>> common-theme was put in. Fortunately tt was then documented by
>>>>>> these FIXMEs #FIXME the image server path need to be moved on
>>>>>> runtime #FIXME the image management path need to be moved on
>>>>>> runtime
>>>>>>
>>>>>> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>>>>>>
>>>>>> I'm actually also working on this for security reason. It's a NSA recommendation*:
>>>>>>
>>>>>> <<Officials explained that web applications should not be
>>>>>> given permissions to write directly to a web accessible directory
>>>>>> or modify web
>>>>>> accessible code.
>>>>>> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
>>>>>> according to the guidance. “To preserve functionality,
>>>>>> some web applications require configuration changes to save
>>>>>> uploads to a non-web accessible
>>>>>> area.”>>
>>>>>>
>>>>>> “To preserve functionality, some web applications require
>>>>>> configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>>>>>>
>>>>>> Having images, and at large static files, in a specific location can also allow to speed things...
>>>>>>
>>>>>>
>>>>>> HTH
>>>>>>
>>>>>> Jacques
>>>>>> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-m
>>>>>> al
>>>>>> w
>>>>>> a
>>>>>> re-vulnerabilities-mitigation
>>>>>>
>>>>>>
>>>>>> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>>>>>>> Hi everybody,
>>>>>>>
>>>>>>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>>>>>>
>>>>>>> ./gradlew build (build the project and see if everything is fine)
>>>>>>> ./gradlew "ofbiz start"
>>>>>>>
>>>>>>> Now I am working with the current trunk and when I start
>>>>>>> ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>>>>>>
>>>>>>> Thanks for every hint.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Ingo
>>>>>>>
>>>>>>>
AW: AW: AW: AW: AW: distTar
Posted by Ingo Wolfmayr <in...@wolfix.at>.
Hi Jacques,
put the images have to be in path of the webapp. In default "/themes/common-theme/images/webapp/images". The primary problem was that distTar and distZip inlude everything in project path.
As I mentioned earlier, uploading images outsite the project path works fine. The images are in place. But viewing the images does not work as the path to the image is not a webapp path.
For example the image "/home/user/products/GZ-1000/original.JPG" is outside the project - not a webapp path. Viewing wont work.
So I guess I have to tell the tomcat webapp to look in a different folder ("/home/user/products").
Maybe we are talking from differen things? The default image process for tenants works fine :)
Best regards,
Ingo
-----Ursprüngliche Nachricht-----
Von: Jacques Le Roux <ja...@les7arts.com>
Gesendet: Freitag, 18. März 2022 09:58
An: user@ofbiz.apache.org
Betreff: Re: AW: AW: AW: AW: distTar
Hi Ingo,
I guess you noticed that I earlier mentioned:
<<There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.>>
It's also in image.url.prefix
<<# -- Image upload path on the server
image.server.path=${sys:getProperty('ofbiz.home')}/themes/common-theme/images/webapp/images/${tenantId}
# -- The prefix to put on auto-generated image urls (can be relative or absolute, whatever you want)
image.url.prefix=/images/${tenantId}>>
I guess you should look at that
HTH
Jacques
Le 17/03/2022 à 19:03, Jacques Le Roux a écrit :
> I use the default setup and the URL for the original files is
>
> https://localhost:8443/images/products/GZ-1000/original.JPG
>
> There are other files there:
>
>
> 17/03/2022 18:58 <REP> .
> 17/03/2022 18:58 <REP> ..
> 17/03/2022 18:58 2 889 100x75.JPG
> 17/03/2022 18:58 132 623 1024x768.JPG
> 17/03/2022 18:58 195 694 1280x1024.JPG
> 17/03/2022 18:58 4 997 150x112.JPG
> 17/03/2022 18:58 287 749 1600x1200.JPG
> 17/03/2022 18:58 17 456 320x240.JPG
> 17/03/2022 18:58 58 108 640x480.JPG
> 17/03/2022 18:58 86 271 800x600.JPG
> 16/03/2022 11:42 <REP> additional1
> 23/11/2021 10:04 <REP> additionalE
> 17/03/2022 18:58 52 565 detail.JPG
> 17/03/2022 18:58 8 000 large.JPG
> 17/03/2022 18:58 2 889 medium.JPG
> 17/03/2022 18:58 1 378 793 original.JPG
> 17/03/2022 18:58 1 278 small.JPG
> 17/03/2022 18:58 2 889 thumbnail.JPG
>
> They can be accessed/viewed by using
>
> https://localhost:8443/images/products/GZ-1000/100x75.JPG
> [...]
> https://localhost:8443/images/products/GZ-1000/thumbnail.JPG
>
> HTH
>
>
> Le 17/03/2022 à 18:11, Ingo Wolfmayr a écrit :
>> Hi Jaqcues,
>>
>> may I ask how did you setup the values in catalog.properties? And how does the url of the uploaded image look like.
>>
>> Thanks!
>>
>> Best regards
>> Ingo
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Jacques Le Roux <ja...@les7arts.com>
>> Gesendet: Donnerstag, 17. März 2022 17:21
>> An: user@ofbiz.apache.org
>> Betreff: Re: AW: AW: AW: distTar
>>
>> Hi Ingo,
>>
>> I see you are using multitenant, right? Maybe it's the reason
>>
>> Because it works here, as you can see at
>> https://user-images.githubusercontent.com/557941/158845946-08df08f0-e
>> e91-4cf1-8756-4092113015ce.png
>>
>> HTH
>>
>> Jaqcues
>>
>> Le 17/03/2022 à 08:06, Ingo Wolfmayr a écrit :
>>> Hi Jacques,
>>>
>>> I refere to the default product images uploaded via the upload form
>>> on EditProductContent. The images are correctly uploaded and scaled. They cannot be viewed for example on the same screen (preview images).
>>>
>>> Example:
>>> Upload to: /images/tenant/demo/products/demoproduct/small.JPG
>>> Views via:
>>> https://mydomain/images/tenant/demo/products/demoproduct/small.JPG
>>>
>>> If the are not uploaded in the webapp folder that referes to the web-path /images they will not be displayed.
>>>
>>> Content images are handled differently -
>>> https://mydomain/stream?contentId=10000
>>>
>>> Best regards,
>>> Ingo
>>>
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Jacques Le Roux <ja...@les7arts.com>
>>> Gesendet: Donnerstag, 17. März 2022 07:53
>>> An: user@ofbiz.apache.org
>>> Betreff: Re: AW: AW: distTar
>>>
>>> Hi Ingo,
>>>
>>> What images are you speaking about and from where do you try to view these images?
>>>
>>> As a 1st step, I guess it's products images. If it's additional
>>> imaged added through product/content you should be able to see them on ecommerce site.
>>>
>>> Note: I'm currently reviewing the situation of "images" and will get back to that later on dev ML with maybe a copy here too...
>>>
>>> Jacques
>>>
>>> Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit :
>>>> Hi Jaques,
>>>>
>>>> I have one more question to the image path: When I set the
>>>> "image.server.path" to for example "/home/ofbiz/images" the file is
>>>> uploaded fine - the files are in the right path. Unfortunately
>>>> viewing the image requires it to be available via a webpath as by
>>>> default /images
>>>>
>>>> Do you have a recommendation on how to set it up correctly?
>>>>
>>>> Best regards,
>>>> Ingo
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Jacques Le Roux <ja...@les7arts.com>
>>>> Gesendet: Freitag, 11. Februar 2022 19:06
>>>> An: user@ofbiz.apache.org
>>>> Betreff: Re: AW: distTar
>>>>
>>>> Hi Ingo, All,
>>>>
>>>> To clarify my thoughts and message.
>>>>
>>>> Actually I was wrong when I said that "a feature was lost when
>>>> common-theme was put in". The rest is right. This feature is the
>>>> possibility, through image.server.path property in
>>>> catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of other malicious files uploads. The same is true for the other property image.management.path.
>>>>
>>>> So the fact that before common-theme was put in, with the folder
>>>> for images /themes/common/images/webapp/images/, this folder was /framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
>>>>
>>>> There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
>>>>
>>>> So I finally don't think it's necessary to put the images and
>>>> image.management in runtime. This would add nothing. I'll remove
>>>> the FIXMEs
>>>>
>>>> Jacques
>>>>
>>>> Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
>>>>> Hi Jacques,
>>>>>
>>>>> thanks for the fast response. I will do it exactly as you say.
>>>>>
>>>>> Best regards
>>>>> Ingo
>>>>>
>>>>>
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: Jacques Le Roux<ja...@les7arts.com>
>>>>> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org
>>>>> Betreff: Re: distTar
>>>>>
>>>>> Hi Ingo,
>>>>>
>>>>> You don't need to use
>>>>>
>>>>> ./gradlew "ofbiz start"
>>>>>
>>>>> ./gradlew ofbiz
>>>>> is enough and does not generate zip/tar.
>>>>>
>>>>> This said I'm currently working on a feature that was lost when
>>>>> common-theme was put in. Fortunately tt was then documented by
>>>>> these FIXMEs #FIXME the image server path need to be moved on
>>>>> runtime #FIXME the image management path need to be moved on
>>>>> runtime
>>>>>
>>>>> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>>>>>
>>>>> I'm actually also working on this for security reason. It's a NSA recommendation*:
>>>>>
>>>>> <<Officials explained that web applications should not be
>>>>> given permissions to write directly to a web accessible directory
>>>>> or modify web
>>>>> accessible code.
>>>>> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
>>>>> according to the guidance. “To preserve functionality,
>>>>> some web applications require configuration changes to save
>>>>> uploads to a non-web accessible
>>>>> area.”>>
>>>>>
>>>>> “To preserve functionality, some web applications require
>>>>> configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>>>>>
>>>>> Having images, and at large static files, in a specific location can also allow to speed things...
>>>>>
>>>>>
>>>>> HTH
>>>>>
>>>>> Jacques
>>>>> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-m
>>>>> al
>>>>> w
>>>>> a
>>>>> re-vulnerabilities-mitigation
>>>>>
>>>>>
>>>>> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>>>>>> Hi everybody,
>>>>>>
>>>>>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>>>>>
>>>>>> ./gradlew build (build the project and see if everything is fine)
>>>>>> ./gradlew "ofbiz start"
>>>>>>
>>>>>> Now I am working with the current trunk and when I start
>>>>>> ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>>>>>
>>>>>> Thanks for every hint.
>>>>>>
>>>>>> Best regards,
>>>>>> Ingo
>>>>>>
>>>>>>
Re: AW: AW: AW: AW: distTar
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi Ingo,
I guess you noticed that I earlier mentioned:
<<There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.>>
It's also in image.url.prefix
<<# -- Image upload path on the server
image.server.path=${sys:getProperty('ofbiz.home')}/themes/common-theme/images/webapp/images/${tenantId}
# -- The prefix to put on auto-generated image urls (can be relative or absolute, whatever you want)
image.url.prefix=/images/${tenantId}>>
I guess you should look at that
HTH
Jacques
Le 17/03/2022 à 19:03, Jacques Le Roux a écrit :
> I use the default setup and the URL for the original files is
>
> https://localhost:8443/images/products/GZ-1000/original.JPG
>
> There are other files there:
>
>
> 17/03/2022 18:58 <REP> .
> 17/03/2022 18:58 <REP> ..
> 17/03/2022 18:58 2 889 100x75.JPG
> 17/03/2022 18:58 132 623 1024x768.JPG
> 17/03/2022 18:58 195 694 1280x1024.JPG
> 17/03/2022 18:58 4 997 150x112.JPG
> 17/03/2022 18:58 287 749 1600x1200.JPG
> 17/03/2022 18:58 17 456 320x240.JPG
> 17/03/2022 18:58 58 108 640x480.JPG
> 17/03/2022 18:58 86 271 800x600.JPG
> 16/03/2022 11:42 <REP> additional1
> 23/11/2021 10:04 <REP> additionalE
> 17/03/2022 18:58 52 565 detail.JPG
> 17/03/2022 18:58 8 000 large.JPG
> 17/03/2022 18:58 2 889 medium.JPG
> 17/03/2022 18:58 1 378 793 original.JPG
> 17/03/2022 18:58 1 278 small.JPG
> 17/03/2022 18:58 2 889 thumbnail.JPG
>
> They can be accessed/viewed by using
>
> https://localhost:8443/images/products/GZ-1000/100x75.JPG
> [...]
> https://localhost:8443/images/products/GZ-1000/thumbnail.JPG
>
> HTH
>
>
> Le 17/03/2022 à 18:11, Ingo Wolfmayr a écrit :
>> Hi Jaqcues,
>>
>> may I ask how did you setup the values in catalog.properties? And how does the url of the uploaded image look like.
>>
>> Thanks!
>>
>> Best regards
>> Ingo
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Jacques Le Roux <ja...@les7arts.com>
>> Gesendet: Donnerstag, 17. März 2022 17:21
>> An: user@ofbiz.apache.org
>> Betreff: Re: AW: AW: AW: distTar
>>
>> Hi Ingo,
>>
>> I see you are using multitenant, right? Maybe it's the reason
>>
>> Because it works here, as you can see at https://user-images.githubusercontent.com/557941/158845946-08df08f0-ee91-4cf1-8756-4092113015ce.png
>>
>> HTH
>>
>> Jaqcues
>>
>> Le 17/03/2022 à 08:06, Ingo Wolfmayr a écrit :
>>> Hi Jacques,
>>>
>>> I refere to the default product images uploaded via the upload form on EditProductContent. The images are correctly uploaded and scaled. They
>>> cannot be viewed for example on the same screen (preview images).
>>>
>>> Example:
>>> Upload to: /images/tenant/demo/products/demoproduct/small.JPG
>>> Views via:
>>> https://mydomain/images/tenant/demo/products/demoproduct/small.JPG
>>>
>>> If the are not uploaded in the webapp folder that referes to the web-path /images they will not be displayed.
>>>
>>> Content images are handled differently -
>>> https://mydomain/stream?contentId=10000
>>>
>>> Best regards,
>>> Ingo
>>>
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Jacques Le Roux <ja...@les7arts.com>
>>> Gesendet: Donnerstag, 17. März 2022 07:53
>>> An: user@ofbiz.apache.org
>>> Betreff: Re: AW: AW: distTar
>>>
>>> Hi Ingo,
>>>
>>> What images are you speaking about and from where do you try to view these images?
>>>
>>> As a 1st step, I guess it's products images. If it's additional imaged added through product/content you should be able to see them on ecommerce
>>> site.
>>>
>>> Note: I'm currently reviewing the situation of "images" and will get back to that later on dev ML with maybe a copy here too...
>>>
>>> Jacques
>>>
>>> Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit :
>>>> Hi Jaques,
>>>>
>>>> I have one more question to the image path: When I set the
>>>> "image.server.path" to for example "/home/ofbiz/images" the file is
>>>> uploaded fine - the files are in the right path. Unfortunately
>>>> viewing the image requires it to be available via a webpath as by
>>>> default /images
>>>>
>>>> Do you have a recommendation on how to set it up correctly?
>>>>
>>>> Best regards,
>>>> Ingo
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Jacques Le Roux <ja...@les7arts.com>
>>>> Gesendet: Freitag, 11. Februar 2022 19:06
>>>> An: user@ofbiz.apache.org
>>>> Betreff: Re: AW: distTar
>>>>
>>>> Hi Ingo, All,
>>>>
>>>> To clarify my thoughts and message.
>>>>
>>>> Actually I was wrong when I said that "a feature was lost when common-theme was put in". The rest is right. This feature is the possibility,
>>>> through image.server.path property in catalog.properties file, to place the images, and other the static files as well, in a location that fits
>>>> with you for any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads
>>>> and all kind of other malicious files uploads. The same is true for the other property image.management.path.
>>>>
>>>> So the fact that before common-theme was put in, with the folder for images /themes/common/images/webapp/images/, this folder was
>>>> /framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
>>>>
>>>> There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
>>>>
>>>> So I finally don't think it's necessary to put the images and
>>>> image.management in runtime. This would add nothing. I'll remove the
>>>> FIXMEs
>>>>
>>>> Jacques
>>>>
>>>> Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
>>>>> Hi Jacques,
>>>>>
>>>>> thanks for the fast response. I will do it exactly as you say.
>>>>>
>>>>> Best regards
>>>>> Ingo
>>>>>
>>>>>
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: Jacques Le Roux<ja...@les7arts.com>
>>>>> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org
>>>>> Betreff: Re: distTar
>>>>>
>>>>> Hi Ingo,
>>>>>
>>>>> You don't need to use
>>>>>
>>>>> ./gradlew "ofbiz start"
>>>>>
>>>>> ./gradlew ofbiz
>>>>> is enough and does not generate zip/tar.
>>>>>
>>>>> This said I'm currently working on a feature that was lost when
>>>>> common-theme was put in. Fortunately tt was then documented by these
>>>>> FIXMEs #FIXME the image server path need to be moved on runtime
>>>>> #FIXME the image management path need to be moved on runtime
>>>>>
>>>>> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>>>>>
>>>>> I'm actually also working on this for security reason. It's a NSA recommendation*:
>>>>>
>>>>> <<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
>>>>> accessible code.
>>>>> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
>>>>> according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web
>>>>> accessible
>>>>> area.”>>
>>>>>
>>>>> “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly
>>>>> what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>>>>>
>>>>> Having images, and at large static files, in a specific location can also allow to speed things...
>>>>>
>>>>>
>>>>> HTH
>>>>>
>>>>> Jacques
>>>>> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-mal
>>>>> w
>>>>> a
>>>>> re-vulnerabilities-mitigation
>>>>>
>>>>>
>>>>> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>>>>>> Hi everybody,
>>>>>>
>>>>>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>>>>>
>>>>>> ./gradlew build (build the project and see if everything is fine)
>>>>>> ./gradlew "ofbiz start"
>>>>>>
>>>>>> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of
>>>>>> images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>>>>>
>>>>>> Thanks for every hint.
>>>>>>
>>>>>> Best regards,
>>>>>> Ingo
>>>>>>
>>>>>>
Re: AW: AW: AW: AW: distTar
Posted by Jacques Le Roux <ja...@les7arts.com>.
I use the default setup and the URL for the original files is
https://localhost:8443/images/products/GZ-1000/original.JPG
There are other files there:
17/03/2022 18:58 <REP> .
17/03/2022 18:58 <REP> ..
17/03/2022 18:58 2 889 100x75.JPG
17/03/2022 18:58 132 623 1024x768.JPG
17/03/2022 18:58 195 694 1280x1024.JPG
17/03/2022 18:58 4 997 150x112.JPG
17/03/2022 18:58 287 749 1600x1200.JPG
17/03/2022 18:58 17 456 320x240.JPG
17/03/2022 18:58 58 108 640x480.JPG
17/03/2022 18:58 86 271 800x600.JPG
16/03/2022 11:42 <REP> additional1
23/11/2021 10:04 <REP> additionalE
17/03/2022 18:58 52 565 detail.JPG
17/03/2022 18:58 8 000 large.JPG
17/03/2022 18:58 2 889 medium.JPG
17/03/2022 18:58 1 378 793 original.JPG
17/03/2022 18:58 1 278 small.JPG
17/03/2022 18:58 2 889 thumbnail.JPG
They can be accessed/viewed by using
https://localhost:8443/images/products/GZ-1000/100x75.JPG
[...]
https://localhost:8443/images/products/GZ-1000/thumbnail.JPG
HTH
Le 17/03/2022 à 18:11, Ingo Wolfmayr a écrit :
> Hi Jaqcues,
>
> may I ask how did you setup the values in catalog.properties? And how does the url of the uploaded image look like.
>
> Thanks!
>
> Best regards
> Ingo
>
> -----Ursprüngliche Nachricht-----
> Von: Jacques Le Roux <ja...@les7arts.com>
> Gesendet: Donnerstag, 17. März 2022 17:21
> An: user@ofbiz.apache.org
> Betreff: Re: AW: AW: AW: distTar
>
> Hi Ingo,
>
> I see you are using multitenant, right? Maybe it's the reason
>
> Because it works here, as you can see at https://user-images.githubusercontent.com/557941/158845946-08df08f0-ee91-4cf1-8756-4092113015ce.png
>
> HTH
>
> Jaqcues
>
> Le 17/03/2022 à 08:06, Ingo Wolfmayr a écrit :
>> Hi Jacques,
>>
>> I refere to the default product images uploaded via the upload form on EditProductContent. The images are correctly uploaded and scaled. They cannot be viewed for example on the same screen (preview images).
>>
>> Example:
>> Upload to: /images/tenant/demo/products/demoproduct/small.JPG
>> Views via:
>> https://mydomain/images/tenant/demo/products/demoproduct/small.JPG
>>
>> If the are not uploaded in the webapp folder that referes to the web-path /images they will not be displayed.
>>
>> Content images are handled differently -
>> https://mydomain/stream?contentId=10000
>>
>> Best regards,
>> Ingo
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Jacques Le Roux <ja...@les7arts.com>
>> Gesendet: Donnerstag, 17. März 2022 07:53
>> An: user@ofbiz.apache.org
>> Betreff: Re: AW: AW: distTar
>>
>> Hi Ingo,
>>
>> What images are you speaking about and from where do you try to view these images?
>>
>> As a 1st step, I guess it's products images. If it's additional imaged added through product/content you should be able to see them on ecommerce site.
>>
>> Note: I'm currently reviewing the situation of "images" and will get back to that later on dev ML with maybe a copy here too...
>>
>> Jacques
>>
>> Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit :
>>> Hi Jaques,
>>>
>>> I have one more question to the image path: When I set the
>>> "image.server.path" to for example "/home/ofbiz/images" the file is
>>> uploaded fine - the files are in the right path. Unfortunately
>>> viewing the image requires it to be available via a webpath as by
>>> default /images
>>>
>>> Do you have a recommendation on how to set it up correctly?
>>>
>>> Best regards,
>>> Ingo
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Jacques Le Roux <ja...@les7arts.com>
>>> Gesendet: Freitag, 11. Februar 2022 19:06
>>> An: user@ofbiz.apache.org
>>> Betreff: Re: AW: distTar
>>>
>>> Hi Ingo, All,
>>>
>>> To clarify my thoughts and message.
>>>
>>> Actually I was wrong when I said that "a feature was lost when common-theme was put in". The rest is right. This feature is the possibility, through image.server.path property in catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of other malicious files uploads. The same is true for the other property image.management.path.
>>>
>>> So the fact that before common-theme was put in, with the folder for images /themes/common/images/webapp/images/, this folder was /framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
>>>
>>> There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
>>>
>>> So I finally don't think it's necessary to put the images and
>>> image.management in runtime. This would add nothing. I'll remove the
>>> FIXMEs
>>>
>>> Jacques
>>>
>>> Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
>>>> Hi Jacques,
>>>>
>>>> thanks for the fast response. I will do it exactly as you say.
>>>>
>>>> Best regards
>>>> Ingo
>>>>
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Jacques Le Roux<ja...@les7arts.com>
>>>> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org
>>>> Betreff: Re: distTar
>>>>
>>>> Hi Ingo,
>>>>
>>>> You don't need to use
>>>>
>>>> ./gradlew "ofbiz start"
>>>>
>>>> ./gradlew ofbiz
>>>> is enough and does not generate zip/tar.
>>>>
>>>> This said I'm currently working on a feature that was lost when
>>>> common-theme was put in. Fortunately tt was then documented by these
>>>> FIXMEs #FIXME the image server path need to be moved on runtime
>>>> #FIXME the image management path need to be moved on runtime
>>>>
>>>> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>>>>
>>>> I'm actually also working on this for security reason. It's a NSA recommendation*:
>>>>
>>>> <<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
>>>> accessible code.
>>>> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
>>>> according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible
>>>> area.”>>
>>>>
>>>> “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>>>>
>>>> Having images, and at large static files, in a specific location can also allow to speed things...
>>>>
>>>>
>>>> HTH
>>>>
>>>> Jacques
>>>> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-mal
>>>> w
>>>> a
>>>> re-vulnerabilities-mitigation
>>>>
>>>>
>>>> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>>>>> Hi everybody,
>>>>>
>>>>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>>>>
>>>>> ./gradlew build (build the project and see if everything is fine)
>>>>> ./gradlew "ofbiz start"
>>>>>
>>>>> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>>>>
>>>>> Thanks for every hint.
>>>>>
>>>>> Best regards,
>>>>> Ingo
>>>>>
>>>>>
AW: AW: AW: AW: distTar
Posted by Ingo Wolfmayr <in...@wolfix.at>.
Hi Jaqcues,
may I ask how did you setup the values in catalog.properties? And how does the url of the uploaded image look like.
Thanks!
Best regards
Ingo
-----Ursprüngliche Nachricht-----
Von: Jacques Le Roux <ja...@les7arts.com>
Gesendet: Donnerstag, 17. März 2022 17:21
An: user@ofbiz.apache.org
Betreff: Re: AW: AW: AW: distTar
Hi Ingo,
I see you are using multitenant, right? Maybe it's the reason
Because it works here, as you can see at https://user-images.githubusercontent.com/557941/158845946-08df08f0-ee91-4cf1-8756-4092113015ce.png
HTH
Jaqcues
Le 17/03/2022 à 08:06, Ingo Wolfmayr a écrit :
> Hi Jacques,
>
> I refere to the default product images uploaded via the upload form on EditProductContent. The images are correctly uploaded and scaled. They cannot be viewed for example on the same screen (preview images).
>
> Example:
> Upload to: /images/tenant/demo/products/demoproduct/small.JPG
> Views via:
> https://mydomain/images/tenant/demo/products/demoproduct/small.JPG
>
> If the are not uploaded in the webapp folder that referes to the web-path /images they will not be displayed.
>
> Content images are handled differently -
> https://mydomain/stream?contentId=10000
>
> Best regards,
> Ingo
>
>
> -----Ursprüngliche Nachricht-----
> Von: Jacques Le Roux <ja...@les7arts.com>
> Gesendet: Donnerstag, 17. März 2022 07:53
> An: user@ofbiz.apache.org
> Betreff: Re: AW: AW: distTar
>
> Hi Ingo,
>
> What images are you speaking about and from where do you try to view these images?
>
> As a 1st step, I guess it's products images. If it's additional imaged added through product/content you should be able to see them on ecommerce site.
>
> Note: I'm currently reviewing the situation of "images" and will get back to that later on dev ML with maybe a copy here too...
>
> Jacques
>
> Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit :
>> Hi Jaques,
>>
>> I have one more question to the image path: When I set the
>> "image.server.path" to for example "/home/ofbiz/images" the file is
>> uploaded fine - the files are in the right path. Unfortunately
>> viewing the image requires it to be available via a webpath as by
>> default /images
>>
>> Do you have a recommendation on how to set it up correctly?
>>
>> Best regards,
>> Ingo
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Jacques Le Roux <ja...@les7arts.com>
>> Gesendet: Freitag, 11. Februar 2022 19:06
>> An: user@ofbiz.apache.org
>> Betreff: Re: AW: distTar
>>
>> Hi Ingo, All,
>>
>> To clarify my thoughts and message.
>>
>> Actually I was wrong when I said that "a feature was lost when common-theme was put in". The rest is right. This feature is the possibility, through image.server.path property in catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of other malicious files uploads. The same is true for the other property image.management.path.
>>
>> So the fact that before common-theme was put in, with the folder for images /themes/common/images/webapp/images/, this folder was /framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
>>
>> There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
>>
>> So I finally don't think it's necessary to put the images and
>> image.management in runtime. This would add nothing. I'll remove the
>> FIXMEs
>>
>> Jacques
>>
>> Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
>>> Hi Jacques,
>>>
>>> thanks for the fast response. I will do it exactly as you say.
>>>
>>> Best regards
>>> Ingo
>>>
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Jacques Le Roux<ja...@les7arts.com>
>>> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org
>>> Betreff: Re: distTar
>>>
>>> Hi Ingo,
>>>
>>> You don't need to use
>>>
>>> ./gradlew "ofbiz start"
>>>
>>> ./gradlew ofbiz
>>> is enough and does not generate zip/tar.
>>>
>>> This said I'm currently working on a feature that was lost when
>>> common-theme was put in. Fortunately tt was then documented by these
>>> FIXMEs #FIXME the image server path need to be moved on runtime
>>> #FIXME the image management path need to be moved on runtime
>>>
>>> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>>>
>>> I'm actually also working on this for security reason. It's a NSA recommendation*:
>>>
>>> <<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
>>> accessible code.
>>> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
>>> according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible
>>> area.”>>
>>>
>>> “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>>>
>>> Having images, and at large static files, in a specific location can also allow to speed things...
>>>
>>>
>>> HTH
>>>
>>> Jacques
>>> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-mal
>>> w
>>> a
>>> re-vulnerabilities-mitigation
>>>
>>>
>>> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>>>> Hi everybody,
>>>>
>>>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>>>
>>>> ./gradlew build (build the project and see if everything is fine)
>>>> ./gradlew "ofbiz start"
>>>>
>>>> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>>>
>>>> Thanks for every hint.
>>>>
>>>> Best regards,
>>>> Ingo
>>>>
>>>>
Re: AW: AW: AW: distTar
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi Ingo,
I see you are using multitenant, right? Maybe it's the reason
Because it works here, as you can see at https://user-images.githubusercontent.com/557941/158845946-08df08f0-ee91-4cf1-8756-4092113015ce.png
HTH
Jaqcues
Le 17/03/2022 à 08:06, Ingo Wolfmayr a écrit :
> Hi Jacques,
>
> I refere to the default product images uploaded via the upload form on EditProductContent. The images are correctly uploaded and scaled. They cannot be viewed for example on the same screen (preview images).
>
> Example:
> Upload to: /images/tenant/demo/products/demoproduct/small.JPG
> Views via: https://mydomain/images/tenant/demo/products/demoproduct/small.JPG
>
> If the are not uploaded in the webapp folder that referes to the web-path /images they will not be displayed.
>
> Content images are handled differently - https://mydomain/stream?contentId=10000
>
> Best regards,
> Ingo
>
>
> -----Ursprüngliche Nachricht-----
> Von: Jacques Le Roux <ja...@les7arts.com>
> Gesendet: Donnerstag, 17. März 2022 07:53
> An: user@ofbiz.apache.org
> Betreff: Re: AW: AW: distTar
>
> Hi Ingo,
>
> What images are you speaking about and from where do you try to view these images?
>
> As a 1st step, I guess it's products images. If it's additional imaged added through product/content you should be able to see them on ecommerce site.
>
> Note: I'm currently reviewing the situation of "images" and will get back to that later on dev ML with maybe a copy here too...
>
> Jacques
>
> Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit :
>> Hi Jaques,
>>
>> I have one more question to the image path: When I set the
>> "image.server.path" to for example "/home/ofbiz/images" the file is
>> uploaded fine - the files are in the right path. Unfortunately viewing
>> the image requires it to be available via a webpath as by default
>> /images
>>
>> Do you have a recommendation on how to set it up correctly?
>>
>> Best regards,
>> Ingo
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Jacques Le Roux <ja...@les7arts.com>
>> Gesendet: Freitag, 11. Februar 2022 19:06
>> An: user@ofbiz.apache.org
>> Betreff: Re: AW: distTar
>>
>> Hi Ingo, All,
>>
>> To clarify my thoughts and message.
>>
>> Actually I was wrong when I said that "a feature was lost when common-theme was put in". The rest is right. This feature is the possibility, through image.server.path property in catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of other malicious files uploads. The same is true for the other property image.management.path.
>>
>> So the fact that before common-theme was put in, with the folder for images /themes/common/images/webapp/images/, this folder was /framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
>>
>> There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
>>
>> So I finally don't think it's necessary to put the images and
>> image.management in runtime. This would add nothing. I'll remove the
>> FIXMEs
>>
>> Jacques
>>
>> Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
>>> Hi Jacques,
>>>
>>> thanks for the fast response. I will do it exactly as you say.
>>>
>>> Best regards
>>> Ingo
>>>
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Jacques Le Roux<ja...@les7arts.com>
>>> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org
>>> Betreff: Re: distTar
>>>
>>> Hi Ingo,
>>>
>>> You don't need to use
>>>
>>> ./gradlew "ofbiz start"
>>>
>>> ./gradlew ofbiz
>>> is enough and does not generate zip/tar.
>>>
>>> This said I'm currently working on a feature that was lost when
>>> common-theme was put in. Fortunately tt was then documented by these
>>> FIXMEs #FIXME the image server path need to be moved on runtime
>>> #FIXME the image management path need to be moved on runtime
>>>
>>> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>>>
>>> I'm actually also working on this for security reason. It's a NSA recommendation*:
>>>
>>> <<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
>>> accessible code.
>>> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
>>> according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible
>>> area.”>>
>>>
>>> “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>>>
>>> Having images, and at large static files, in a specific location can also allow to speed things...
>>>
>>>
>>> HTH
>>>
>>> Jacques
>>> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malw
>>> a
>>> re-vulnerabilities-mitigation
>>>
>>>
>>> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>>>> Hi everybody,
>>>>
>>>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>>>
>>>> ./gradlew build (build the project and see if everything is fine)
>>>> ./gradlew "ofbiz start"
>>>>
>>>> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>>>
>>>> Thanks for every hint.
>>>>
>>>> Best regards,
>>>> Ingo
>>>>
>>>>
AW: AW: AW: distTar
Posted by Ingo Wolfmayr <in...@wolfix.at>.
Hi Jacques,
I refere to the default product images uploaded via the upload form on EditProductContent. The images are correctly uploaded and scaled. They cannot be viewed for example on the same screen (preview images).
Example:
Upload to: /images/tenant/demo/products/demoproduct/small.JPG
Views via: https://mydomain/images/tenant/demo/products/demoproduct/small.JPG
If the are not uploaded in the webapp folder that referes to the web-path /images they will not be displayed.
Content images are handled differently - https://mydomain/stream?contentId=10000
Best regards,
Ingo
-----Ursprüngliche Nachricht-----
Von: Jacques Le Roux <ja...@les7arts.com>
Gesendet: Donnerstag, 17. März 2022 07:53
An: user@ofbiz.apache.org
Betreff: Re: AW: AW: distTar
Hi Ingo,
What images are you speaking about and from where do you try to view these images?
As a 1st step, I guess it's products images. If it's additional imaged added through product/content you should be able to see them on ecommerce site.
Note: I'm currently reviewing the situation of "images" and will get back to that later on dev ML with maybe a copy here too...
Jacques
Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit :
> Hi Jaques,
>
> I have one more question to the image path: When I set the
> "image.server.path" to for example "/home/ofbiz/images" the file is
> uploaded fine - the files are in the right path. Unfortunately viewing
> the image requires it to be available via a webpath as by default
> /images
>
> Do you have a recommendation on how to set it up correctly?
>
> Best regards,
> Ingo
>
> -----Ursprüngliche Nachricht-----
> Von: Jacques Le Roux <ja...@les7arts.com>
> Gesendet: Freitag, 11. Februar 2022 19:06
> An: user@ofbiz.apache.org
> Betreff: Re: AW: distTar
>
> Hi Ingo, All,
>
> To clarify my thoughts and message.
>
> Actually I was wrong when I said that "a feature was lost when common-theme was put in". The rest is right. This feature is the possibility, through image.server.path property in catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of other malicious files uploads. The same is true for the other property image.management.path.
>
> So the fact that before common-theme was put in, with the folder for images /themes/common/images/webapp/images/, this folder was /framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
>
> There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
>
> So I finally don't think it's necessary to put the images and
> image.management in runtime. This would add nothing. I'll remove the
> FIXMEs
>
> Jacques
>
> Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
>> Hi Jacques,
>>
>> thanks for the fast response. I will do it exactly as you say.
>>
>> Best regards
>> Ingo
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Jacques Le Roux<ja...@les7arts.com>
>> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org
>> Betreff: Re: distTar
>>
>> Hi Ingo,
>>
>> You don't need to use
>>
>> ./gradlew "ofbiz start"
>>
>> ./gradlew ofbiz
>> is enough and does not generate zip/tar.
>>
>> This said I'm currently working on a feature that was lost when
>> common-theme was put in. Fortunately tt was then documented by these
>> FIXMEs #FIXME the image server path need to be moved on runtime
>> #FIXME the image management path need to be moved on runtime
>>
>> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>>
>> I'm actually also working on this for security reason. It's a NSA recommendation*:
>>
>> <<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
>> accessible code.
>> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
>> according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible
>> area.”>>
>>
>> “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>>
>> Having images, and at large static files, in a specific location can also allow to speed things...
>>
>>
>> HTH
>>
>> Jacques
>> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malw
>> a
>> re-vulnerabilities-mitigation
>>
>>
>> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>>> Hi everybody,
>>>
>>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>>
>>> ./gradlew build (build the project and see if everything is fine)
>>> ./gradlew "ofbiz start"
>>>
>>> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>>
>>> Thanks for every hint.
>>>
>>> Best regards,
>>> Ingo
>>>
>>>
Re: AW: AW: distTar
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi Ingo,
What images are you speaking about and from where do you try to view these images?
As a 1st step, I guess it's products images. If it's additional imaged added through product/content you should be able to see them on ecommerce site.
Note: I'm currently reviewing the situation of "images" and will get back to that later on dev ML with maybe a copy here too...
Jacques
Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit :
> Hi Jaques,
>
> I have one more question to the image path: When I set the "image.server.path" to for example "/home/ofbiz/images" the file is uploaded fine - the files are in the right path. Unfortunately viewing the image requires it to be available via a webpath as by default /images
>
> Do you have a recommendation on how to set it up correctly?
>
> Best regards,
> Ingo
>
> -----Ursprüngliche Nachricht-----
> Von: Jacques Le Roux <ja...@les7arts.com>
> Gesendet: Freitag, 11. Februar 2022 19:06
> An: user@ofbiz.apache.org
> Betreff: Re: AW: distTar
>
> Hi Ingo, All,
>
> To clarify my thoughts and message.
>
> Actually I was wrong when I said that "a feature was lost when common-theme was put in". The rest is right. This feature is the possibility, through image.server.path property in catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of other malicious files uploads. The same is true for the other property image.management.path.
>
> So the fact that before common-theme was put in, with the folder for images /themes/common/images/webapp/images/, this folder was /framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
>
> There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
>
> So I finally don't think it's necessary to put the images and image.management in runtime. This would add nothing. I'll remove the FIXMEs
>
> Jacques
>
> Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
>> Hi Jacques,
>>
>> thanks for the fast response. I will do it exactly as you say.
>>
>> Best regards
>> Ingo
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Jacques Le Roux<ja...@les7arts.com>
>> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org
>> Betreff: Re: distTar
>>
>> Hi Ingo,
>>
>> You don't need to use
>>
>> ./gradlew "ofbiz start"
>>
>> ./gradlew ofbiz
>> is enough and does not generate zip/tar.
>>
>> This said I'm currently working on a feature that was lost when
>> common-theme was put in. Fortunately tt was then documented by these
>> FIXMEs #FIXME the image server path need to be moved on runtime #FIXME
>> the image management path need to be moved on runtime
>>
>> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>>
>> I'm actually also working on this for security reason. It's a NSA recommendation*:
>>
>> <<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
>> accessible code.
>> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
>> according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible
>> area.”>>
>>
>> “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>>
>> Having images, and at large static files, in a specific location can also allow to speed things...
>>
>>
>> HTH
>>
>> Jacques
>> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malwa
>> re-vulnerabilities-mitigation
>>
>>
>> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>>> Hi everybody,
>>>
>>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>>
>>> ./gradlew build (build the project and see if everything is fine)
>>> ./gradlew "ofbiz start"
>>>
>>> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>>
>>> Thanks for every hint.
>>>
>>> Best regards,
>>> Ingo
>>>
>>>
AW: AW: distTar
Posted by Ingo Wolfmayr <in...@wolfix.at>.
Hi Jaques,
I have one more question to the image path: When I set the "image.server.path" to for example "/home/ofbiz/images" the file is uploaded fine - the files are in the right path. Unfortunately viewing the image requires it to be available via a webpath as by default /images
Do you have a recommendation on how to set it up correctly?
Best regards,
Ingo
-----Ursprüngliche Nachricht-----
Von: Jacques Le Roux <ja...@les7arts.com>
Gesendet: Freitag, 11. Februar 2022 19:06
An: user@ofbiz.apache.org
Betreff: Re: AW: distTar
Hi Ingo, All,
To clarify my thoughts and message.
Actually I was wrong when I said that "a feature was lost when common-theme was put in". The rest is right. This feature is the possibility, through image.server.path property in catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of other malicious files uploads. The same is true for the other property image.management.path.
So the fact that before common-theme was put in, with the folder for images /themes/common/images/webapp/images/, this folder was /framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
So I finally don't think it's necessary to put the images and image.management in runtime. This would add nothing. I'll remove the FIXMEs
Jacques
Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
> Hi Jacques,
>
> thanks for the fast response. I will do it exactly as you say.
>
> Best regards
> Ingo
>
>
> -----Ursprüngliche Nachricht-----
> Von: Jacques Le Roux<ja...@les7arts.com>
> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org
> Betreff: Re: distTar
>
> Hi Ingo,
>
> You don't need to use
>
> ./gradlew "ofbiz start"
>
> ./gradlew ofbiz
> is enough and does not generate zip/tar.
>
> This said I'm currently working on a feature that was lost when
> common-theme was put in. Fortunately tt was then documented by these
> FIXMEs #FIXME the image server path need to be moved on runtime #FIXME
> the image management path need to be moved on runtime
>
> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>
> I'm actually also working on this for security reason. It's a NSA recommendation*:
>
> <<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
> accessible code.
> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
> according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible
> area.”>>
>
> “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>
> Having images, and at large static files, in a specific location can also allow to speed things...
>
>
> HTH
>
> Jacques
> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malwa
> re-vulnerabilities-mitigation
>
>
> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>> Hi everybody,
>>
>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>
>> ./gradlew build (build the project and see if everything is fine)
>> ./gradlew "ofbiz start"
>>
>> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>
>> Thanks for every hint.
>>
>> Best regards,
>> Ingo
>>
>>
Re: AW: distTar
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi Ingo, All,
To clarify my thoughts and message.
Actually I was wrong when I said that "a feature was lost when common-theme was put in". The rest is right. This feature is the possibility, through
image.server.path property in catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for
any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of
other malicious files uploads. The same is true for the other property image.management.path.
So the fact that before common-theme was put in, with the folder for images /themes/common/images/webapp/images/, this folder was
/framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
There is also a ${tenantId} var used in image.server.path property that is used in case of multi-tenant, that's another thing.
So I finally don't think it's necessary to put the images and image.management in runtime. This would add nothing. I'll remove the FIXMEs
Jacques
Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
> Hi Jacques,
>
> thanks for the fast response. I will do it exactly as you say.
>
> Best regards
> Ingo
>
>
> -----Ursprüngliche Nachricht-----
> Von: Jacques Le Roux<ja...@les7arts.com>
> Gesendet: Montag, 7. Februar 2022 19:21
> An:user@ofbiz.apache.org
> Betreff: Re: distTar
>
> Hi Ingo,
>
> You don't need to use
>
> ./gradlew "ofbiz start"
>
> ./gradlew ofbiz
> is enough and does not generate zip/tar.
>
> This said I'm currently working on a feature that was lost when common-theme was put in. Fortunately tt was then documented by these FIXMEs #FIXME the image server path need to be moved on runtime #FIXME the image management path need to be moved on runtime
>
> The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
>
> I'm actually also working on this for security reason. It's a NSA recommendation*:
>
> <<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
> accessible code.
> “Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
> according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible
> area.”>>
>
> “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
>
> Having images, and at large static files, in a specific location can also allow to speed things...
>
>
> HTH
>
> Jacques
> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malware-vulnerabilities-mitigation
>
>
> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>> Hi everybody,
>>
>> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>>
>> ./gradlew build (build the project and see if everything is fine)
>> ./gradlew "ofbiz start"
>>
>> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>>
>> Thanks for every hint.
>>
>> Best regards,
>> Ingo
>>
>>
AW: distTar
Posted by Ingo Wolfmayr <in...@wolfix.at>.
Hi Jacques,
thanks for the fast response. I will do it exactly as you say.
Best regards
Ingo
-----Ursprüngliche Nachricht-----
Von: Jacques Le Roux <ja...@les7arts.com>
Gesendet: Montag, 7. Februar 2022 19:21
An: user@ofbiz.apache.org
Betreff: Re: distTar
Hi Ingo,
You don't need to use
./gradlew "ofbiz start"
./gradlew ofbiz
is enough and does not generate zip/tar.
This said I'm currently working on a feature that was lost when common-theme was put in. Fortunately tt was then documented by these FIXMEs #FIXME the image server path need to be moved on runtime #FIXME the image management path need to be moved on runtime
The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
I'm actually also working on this for security reason. It's a NSA recommendation*:
<<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
accessible code.
“Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible
area.”>>
“To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
Having images, and at large static files, in a specific location can also allow to speed things...
HTH
Jacques
*https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malware-vulnerabilities-mitigation
Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
> Hi everybody,
>
> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>
> ./gradlew build (build the project and see if everything is fine)
> ./gradlew "ofbiz start"
>
> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>
> Thanks for every hint.
>
> Best regards,
> Ingo
>
>
Re: distTar
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi Ingo,
You don't need to use
./gradlew "ofbiz start"
./gradlew ofbiz
is enough and does not generate zip/tar.
This said I'm currently working on a feature that was lost when common-theme was put in. Fortunately tt was then documented by these FIXMEs
#FIXME the image server path need to be moved on runtime
#FIXME the image management path need to be moved on runtime
The idea is to not have the images under OFBiz tree but in a specific location unrelated to OFBiz.
I'm actually also working on this for security reason. It's a NSA recommendation*:
<<Officials explained that web applications should not be given permissions to write directly to a web accessible directory or modify web
accessible code.
“Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory,”
according to the guidance. “To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible
area.”>>
“To preserve functionality, some web applications require configuration changes to save uploads to a non-web accessible area.” That's exactly what we lost with common-theme. Fortunately it was documented and I stumbled upon it while working on related security issues.
Having images, and at large static files, in a specific location can also allow to speed things...
HTH
Jacques
*https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malware-vulnerabilities-mitigation
Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
> Hi everybody,
>
> I have a question about building ofbiz. In previous versions for example 17.12 I had the following process:
>
> ./gradlew build (build the project and see if everything is fine)
> ./gradlew "ofbiz start"
>
> Now I am working with the current trunk and when I start ./gradlew build it starts "disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses lots of disk space and time. Is my process wrong? Is there "correct" way of how it should be done?
>
> Thanks for every hint.
>
> Best regards,
> Ingo
>
>