You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Mandeep Sidhu <ma...@gmail.com> on 2012/06/03 19:50:11 UTC
Re: Removing port number from the url in production setup
One quick q here Mike, the configuration you shared with me worked fine.
However I still see the port 8443 and 8080 on my website, this happens when
the user clicks on any link which is generated using <@ofbizurl>.
Any idea, as to how do I get rid of these port numbers appended to the url.
I tried removing entry 8443 from ofbiz-containers.xml and url.properties
file, but after doing that, the webtools link on https stopped working.
Any help is much appreciated.
Thanks and regards,
Mandeep Sidhu
On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <ma...@gmail.com>wrote:
> Excellent, Thanks Mike for such a detailed explanation, definitely I am
> going for mod_jk now, will keep you posted.
>
> Thanks a ton everybody :)
>
> Cheers,
> Mandeep
>
>
> On Wed, May 30, 2012 at 9:02 PM, Mike <mz...@gmail.com> wrote:
>
>> Mandeep. Nice looking site.
>>
>> Regarding your issue, you REALLY want to use apache using mod_jk in front
>> of ofbiz. Here is why:
>>
>> 1) You can offload the processing of images to apache (less load on ofbiz)
>> 2) You can easily set cache timeouts for images, css, and other static
>> content.
>> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
>> using
>> ofbiz
>> 4) It is easier to offload SSL certificate management to apache
>> 5) You can setup gzip compression (DEFLATE)
>> 6) You can load balance to multiple instances of ofbiz via apache mod-jk.
>> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same.
>> 8) Most Important: You can add security to your site by locking out admin
>> links.
>>
>> Regarding #8. If you are running an ecommerce site, you DON'T want people
>> from the internet to even attempt to gain access (i.e. login as 'admin' to
>> 'catalog'). Do you think amazon.com allows 'admin' login to the backend
>> from their main site? Absurd to even ask. This is basic internet
>> security.
>>
>> Instead, have front-end machines that serve ecommerce, and have back-end
>> machines that allows access to /catalog, etc. via a VPN, or a local
>> subnet.
>>
>> I have found that this setup runs faster, and you have more flexibility.
>>
>> Here is a sample apache (port 80) configuration file:
>> --------------------------------------------------------------------------
>> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
>> DocumentRoot /var/www/
>> <Directory />
>> Options FollowSymLinks
>> AllowOverride None
>> </Directory>
>> <Directory /var/www/>
>> Options FollowSymLinks MultiViews
>> AllowOverride None
>> Order allow,deny
>> allow from all
>> </Directory>
>>
>> ExpiresActive On
>> #ExpiresByType text/html "access plus 1 day"
>> ExpiresByType text/css "access plus 1 day"
>> ExpiresByType text/javascript "access plus 1 day"
>> ExpiresByType image/gif "access plus 1 week"
>> ExpiresByType image/jpeg "access plus 1 week"
>> ExpiresByType image/png "access plus 1 week"
>> ExpiresByType image/bmp "access plus 1 week"
>> ExpiresByType application/x-javascript "access plus 1 day"
>> ExpiresByType application/x-shockwave-flash "access plus 1 day"
>>
>> ProxyRequests Off
>> <Proxy *>
>> AddDefaultCharset off
>> Order deny,allow
>> Allow from all
>> </Proxy>
>>
>> ProxyVia On
>>
>> NameVirtualHost *:80
>>
>> <VirtualHost *:80>
>> # General setup for the virtual host.
>> ServerName example.com
>> ServerAdmin mike@example.com
>> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
>> application/x-javascript text/javascript text/x-js application/json
>> application/xml application/javascript
>> BrowserMatch ^Mozilla/4 gzip-only-text/html
>> BrowserMatch ^Mozilla/4\.0[678] no-gzip
>> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
>> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
>>
>> ProxyRequests Off
>> ProxyPreserveHost On
>>
>> ProxyPassMatch ^(/images/.*)$ !
>> proxyPass /content ajp://127.0.0.1:8009/content
>> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
>> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
>> #proxyPass / ajp://127.0.0.1:8009/
>>
>> RewriteEngine On
>> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
>> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
>> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
>> </VirtualHost>
>> --------------------------------------------------------------------------
>>
>> Here the matching SSL (port 443) apache config:
>> ----------------------------------------------------------------------
>> <IfModule mod_ssl.c>
>> <VirtualHost *:443>
>> ServerName example.com
>> ServerAdmin mike@example.com
>>
>> ProxyRequests Off
>> ProxyPreserveHost On
>> ProxyPassMatch ^(/images/.*)$ !
>> proxyPass /content ajp://127.0.0.1:8009/content
>> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
>> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
>> #proxyPass / ajp://127.0.0.1:8009/
>>
>> RewriteEngine On
>> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
>> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
>> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
>>
>> # SSL Engine Switch:
>> # Enable/Disable SSL for this virtual host.
>> SSLEngine on
>> SSLCertificateFile /etc/ssl/certs/example.com.crt
>> SSLCertificateKeyFile /etc/ssl/private/example.com.key
>>
>> <FilesMatch "\.(cgi|shtml|phtml|php)$">
>> SSLOptions +StdEnvVars
>> </FilesMatch>
>> <Directory /usr/lib/cgi-bin>
>> SSLOptions +StdEnvVars
>> </Directory>
>>
>> BrowserMatch "MSIE [2-6]" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>> # MSIE 7 and newer should be able to use keepalive
>> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
>> </VirtualHost>
>> </IfModule>
>> ----------------------------------------------------------------------
>>
>> If you decide that you don't care about locking out /catalog and other
>> admin stuff, just use the:
>>
>> proxyPass / ajp://127.0.0.1:8009/
>>
>> And comment out the other proxy statements.
>>
>> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <mandeep1985ster@gmail.com
>> >wrote:
>>
>> > Hi,
>> >
>> > I am developing an ecommerce store using ofbiz, can be found here
>> >
>> > http://www.simbacart.com
>> >
>> >
>> > The production system is a Unix box, running apache server and then
>> Ofbiz
>> > as a service.
>> >
>> > My question to you is, how to map the 80 port of prod server with the
>> > ofbiz's 8080 port, also about the mapping of 8443 port.
>> >
>> > I was able to map the 80 port by making an entry into the IP table of
>> the
>> > Unix system thereby forwarding requests from 80 port to 8080.
>> >
>> > http://www.simbacart.com
>> >
>> > Above mentioned is the store in conversation.
>> >
>> > Now, here's the problem, till 80 port it is fine, but when it comes to
>> 8443
>> > this is the kind of URL I get.
>> >
>> >
>> >
>> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
>> >
>> > Notice the 8443 in the url.
>> > This url came when I used the tag <@o...@ofbizUrl>.
>> >
>> > Can you please help me out in setting up this, I'd really appreciate it.
>> >
>> > --
>> > Mandeep Singh Sidhu
>> >
>>
>
>
>
> --
> Mandeep Singh Sidhu
>
--
Mandeep Singh Sidhu
Re: Removing port number from the url in production setup
Posted by Mandeep Sidhu <ma...@gmail.com>.
Perfect, that worked for me, thanks a ton Mike :)
On Mon, Jun 4, 2012 at 7:55 AM, <mz...@gmail.com> wrote:
> Just comment out the 8080 and 8443 lines out of url.properties, and
> restart. You still need the https line (see my example).
>
> Sent via BlackBerry by AT&T
>
> -----Original Message-----
> From: Mandeep Sidhu <ma...@gmail.com>
> Date: Mon, 4 Jun 2012 07:43:01
> To: <us...@ofbiz.apache.org>
> Reply-To: user@ofbiz.apache.org
> Subject: Re: Removing port number from the url in production setup
>
> So what exact change will remove the 8080 and 8443 from the url that's
> generated when I user <@ofbizurl> tag to render a url??
> I mean, instead of
> https://www.example.com:8443/control/newcustomer
>
> I'd require something like
> https://www.example.com/control/newcustomer
>
> how can I achieve that in production.
>
> On Mon, Jun 4, 2012 at 3:55 AM, Mike <mz...@gmail.com> wrote:
>
> > I just checked mine: It looks like I'm still listening in on 8080 and
> > 8443:
> >
> > root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN
> > java 18326 ofbiz 6u IPv4 508592 0t0 TCP
> localhost:10523
> > (LISTEN)
> > java 18326 ofbiz 114u IPv4 508688 0t0 TCP *:1099
> (LISTEN)
> > java 18326 ofbiz 297u IPv4 509471 0t0 TCP *:8080
> (LISTEN)
> > java 18326 ofbiz 300u IPv4 509483 0t0 TCP *:8443
> (LISTEN)
> > java 18326 ofbiz 302u IPv4 508690 0t0 TCP *:52139
> > (LISTEN)
> > java 18326 ofbiz 361u IPv4 509537 0t0 TCP *:8009
> (LISTEN)
> >
> > So, I don't think you need to mess with ofbiz-containers. Regarding the
> > other ports, I'm behind a firewall, and I'm fronted by apache via AJP
> > (8009).
> >
> > On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <
> mandeep1985ster@gmail.com
> > >wrote:
> >
> > > One quick q here Mike, the configuration you shared with me worked
> fine.
> > >
> > > However I still see the port 8443 and 8080 on my website, this happens
> > when
> > > the user clicks on any link which is generated using <@ofbizurl>.
> > >
> > > Any idea, as to how do I get rid of these port numbers appended to the
> > url.
> > >
> > > I tried removing entry 8443 from ofbiz-containers.xml and
> url.properties
> > > file, but after doing that, the webtools link on https stopped working.
> > >
> > > Any help is much appreciated.
> > >
> > > Thanks and regards,
> > > Mandeep Sidhu
> > >
> > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> > mandeep1985ster@gmail.com
> > > >wrote:
> > >
> > > > Excellent, Thanks Mike for such a detailed explanation, definitely I
> am
> > > > going for mod_jk now, will keep you posted.
> > > >
> > > > Thanks a ton everybody :)
> > > >
> > > > Cheers,
> > > > Mandeep
> > > >
> > > >
> > > > On Wed, May 30, 2012 at 9:02 PM, Mike <mz...@gmail.com> wrote:
> > > >
> > > >> Mandeep. Nice looking site.
> > > >>
> > > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > > front
> > > >> of ofbiz. Here is why:
> > > >>
> > > >> 1) You can offload the processing of images to apache (less load on
> > > ofbiz)
> > > >> 2) You can easily set cache timeouts for images, css, and other
> static
> > > >> content.
> > > >> 3) You can easily add a normal HTML static pages (/static/*.html)
> w/o
> > > >> using
> > > >> ofbiz
> > > >> 4) It is easier to offload SSL certificate management to apache
> > > >> 5) You can setup gzip compression (DEFLATE)
> > > >> 6) You can load balance to multiple instances of ofbiz via apache
> > > mod-jk.
> > > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the
> > same.
> > > >> 8) Most Important: You can add security to your site by locking out
> > > admin
> > > >> links.
> > > >>
> > > >> Regarding #8. If you are running an ecommerce site, you DON'T want
> > > people
> > > >> from the internet to even attempt to gain access (i.e. login as
> > 'admin'
> > > to
> > > >> 'catalog'). Do you think amazon.com allows 'admin' login to the
> > > backend
> > > >> from their main site? Absurd to even ask. This is basic internet
> > > >> security.
> > > >>
> > > >> Instead, have front-end machines that serve ecommerce, and have
> > back-end
> > > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > > >> subnet.
> > > >>
> > > >> I have found that this setup runs faster, and you have more
> > flexibility.
> > > >>
> > > >> Here is a sample apache (port 80) configuration file:
> > > >>
> > >
> >
> --------------------------------------------------------------------------
> > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > > >> DocumentRoot /var/www/
> > > >> <Directory />
> > > >> Options FollowSymLinks
> > > >> AllowOverride None
> > > >> </Directory>
> > > >> <Directory /var/www/>
> > > >> Options FollowSymLinks MultiViews
> > > >> AllowOverride None
> > > >> Order allow,deny
> > > >> allow from all
> > > >> </Directory>
> > > >>
> > > >> ExpiresActive On
> > > >> #ExpiresByType text/html "access plus 1 day"
> > > >> ExpiresByType text/css "access plus 1 day"
> > > >> ExpiresByType text/javascript "access plus 1 day"
> > > >> ExpiresByType image/gif "access plus 1 week"
> > > >> ExpiresByType image/jpeg "access plus 1 week"
> > > >> ExpiresByType image/png "access plus 1 week"
> > > >> ExpiresByType image/bmp "access plus 1 week"
> > > >> ExpiresByType application/x-javascript "access plus 1 day"
> > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > > >>
> > > >> ProxyRequests Off
> > > >> <Proxy *>
> > > >> AddDefaultCharset off
> > > >> Order deny,allow
> > > >> Allow from all
> > > >> </Proxy>
> > > >>
> > > >> ProxyVia On
> > > >>
> > > >> NameVirtualHost *:80
> > > >>
> > > >> <VirtualHost *:80>
> > > >> # General setup for the virtual host.
> > > >> ServerName example.com
> > > >> ServerAdmin mike@example.com
> > > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml
> > text/css
> > > >> application/x-javascript text/javascript text/x-js application/json
> > > >> application/xml application/javascript
> > > >> BrowserMatch ^Mozilla/4 gzip-only-text/html
> > > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > > >>
> > > >> ProxyRequests Off
> > > >> ProxyPreserveHost On
> > > >>
> > > >> ProxyPassMatch ^(/images/.*)$ !
> > > >> proxyPass /content ajp://127.0.0.1:8009/content
> > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > > >> #proxyPass / ajp://127.0.0.1:8009/
> > > >>
> > > >> RewriteEngine On
> > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > > >> </VirtualHost>
> > > >>
> > >
> >
> --------------------------------------------------------------------------
> > > >>
> > > >> Here the matching SSL (port 443) apache config:
> > > >>
> ----------------------------------------------------------------------
> > > >> <IfModule mod_ssl.c>
> > > >> <VirtualHost *:443>
> > > >> ServerName example.com
> > > >> ServerAdmin mike@example.com
> > > >>
> > > >> ProxyRequests Off
> > > >> ProxyPreserveHost On
> > > >> ProxyPassMatch ^(/images/.*)$ !
> > > >> proxyPass /content ajp://127.0.0.1:8009/content
> > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > > >> #proxyPass / ajp://127.0.0.1:8009/
> > > >>
> > > >> RewriteEngine On
> > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > > >>
> > > >> # SSL Engine Switch:
> > > >> # Enable/Disable SSL for this virtual host.
> > > >> SSLEngine on
> > > >> SSLCertificateFile /etc/ssl/certs/example.com.crt
> > > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > > >>
> > > >> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > > >> SSLOptions +StdEnvVars
> > > >> </FilesMatch>
> > > >> <Directory /usr/lib/cgi-bin>
> > > >> SSLOptions +StdEnvVars
> > > >> </Directory>
> > > >>
> > > >> BrowserMatch "MSIE [2-6]" \
> > > >> nokeepalive ssl-unclean-shutdown \
> > > >> downgrade-1.0 force-response-1.0
> > > >> # MSIE 7 and newer should be able to use keepalive
> > > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > > >> </VirtualHost>
> > > >> </IfModule>
> > > >>
> ----------------------------------------------------------------------
> > > >>
> > > >> If you decide that you don't care about locking out /catalog and
> other
> > > >> admin stuff, just use the:
> > > >>
> > > >> proxyPass / ajp://127.0.0.1:8009/
> > > >>
> > > >> And comment out the other proxy statements.
> > > >>
> > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > > mandeep1985ster@gmail.com
> > > >> >wrote:
> > > >>
> > > >> > Hi,
> > > >> >
> > > >> > I am developing an ecommerce store using ofbiz, can be found here
> > > >> >
> > > >> > http://www.simbacart.com
> > > >> >
> > > >> >
> > > >> > The production system is a Unix box, running apache server and
> then
> > > >> Ofbiz
> > > >> > as a service.
> > > >> >
> > > >> > My question to you is, how to map the 80 port of prod server with
> > the
> > > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > > >> >
> > > >> > I was able to map the 80 port by making an entry into the IP table
> > of
> > > >> the
> > > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > > >> >
> > > >> > http://www.simbacart.com
> > > >> >
> > > >> > Above mentioned is the store in conversation.
> > > >> >
> > > >> > Now, here's the problem, till 80 port it is fine, but when it
> comes
> > to
> > > >> 8443
> > > >> > this is the kind of URL I get.
> > > >> >
> > > >> >
> > > >> >
> > > >>
> > >
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > > >> >
> > > >> > Notice the 8443 in the url.
> > > >> > This url came when I used the tag
> > <@o...@ofbizUrl>.
> > > >> >
> > > >> > Can you please help me out in setting up this, I'd really
> appreciate
> > > it.
> > > >> >
> > > >> > --
> > > >> > Mandeep Singh Sidhu
> > > >> >
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > Mandeep Singh Sidhu
> > > >
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> >
>
>
>
> --
> Mandeep Singh Sidhu
>
>
--
Mandeep Singh Sidhu
Re: Removing port number from the url in production setup
Posted by mz...@gmail.com.
Just comment out the 8080 and 8443 lines out of url.properties, and restart. You still need the https line (see my example).
Sent via BlackBerry by AT&T
-----Original Message-----
From: Mandeep Sidhu <ma...@gmail.com>
Date: Mon, 4 Jun 2012 07:43:01
To: <us...@ofbiz.apache.org>
Reply-To: user@ofbiz.apache.org
Subject: Re: Removing port number from the url in production setup
So what exact change will remove the 8080 and 8443 from the url that's
generated when I user <@ofbizurl> tag to render a url??
I mean, instead of
https://www.example.com:8443/control/newcustomer
I'd require something like
https://www.example.com/control/newcustomer
how can I achieve that in production.
On Mon, Jun 4, 2012 at 3:55 AM, Mike <mz...@gmail.com> wrote:
> I just checked mine: It looks like I'm still listening in on 8080 and
> 8443:
>
> root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN
> java 18326 ofbiz 6u IPv4 508592 0t0 TCP localhost:10523
> (LISTEN)
> java 18326 ofbiz 114u IPv4 508688 0t0 TCP *:1099 (LISTEN)
> java 18326 ofbiz 297u IPv4 509471 0t0 TCP *:8080 (LISTEN)
> java 18326 ofbiz 300u IPv4 509483 0t0 TCP *:8443 (LISTEN)
> java 18326 ofbiz 302u IPv4 508690 0t0 TCP *:52139
> (LISTEN)
> java 18326 ofbiz 361u IPv4 509537 0t0 TCP *:8009 (LISTEN)
>
> So, I don't think you need to mess with ofbiz-containers. Regarding the
> other ports, I'm behind a firewall, and I'm fronted by apache via AJP
> (8009).
>
> On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <mandeep1985ster@gmail.com
> >wrote:
>
> > One quick q here Mike, the configuration you shared with me worked fine.
> >
> > However I still see the port 8443 and 8080 on my website, this happens
> when
> > the user clicks on any link which is generated using <@ofbizurl>.
> >
> > Any idea, as to how do I get rid of these port numbers appended to the
> url.
> >
> > I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> > file, but after doing that, the webtools link on https stopped working.
> >
> > Any help is much appreciated.
> >
> > Thanks and regards,
> > Mandeep Sidhu
> >
> > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> mandeep1985ster@gmail.com
> > >wrote:
> >
> > > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > > going for mod_jk now, will keep you posted.
> > >
> > > Thanks a ton everybody :)
> > >
> > > Cheers,
> > > Mandeep
> > >
> > >
> > > On Wed, May 30, 2012 at 9:02 PM, Mike <mz...@gmail.com> wrote:
> > >
> > >> Mandeep. Nice looking site.
> > >>
> > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > front
> > >> of ofbiz. Here is why:
> > >>
> > >> 1) You can offload the processing of images to apache (less load on
> > ofbiz)
> > >> 2) You can easily set cache timeouts for images, css, and other static
> > >> content.
> > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> > >> using
> > >> ofbiz
> > >> 4) It is easier to offload SSL certificate management to apache
> > >> 5) You can setup gzip compression (DEFLATE)
> > >> 6) You can load balance to multiple instances of ofbiz via apache
> > mod-jk.
> > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the
> same.
> > >> 8) Most Important: You can add security to your site by locking out
> > admin
> > >> links.
> > >>
> > >> Regarding #8. If you are running an ecommerce site, you DON'T want
> > people
> > >> from the internet to even attempt to gain access (i.e. login as
> 'admin'
> > to
> > >> 'catalog'). Do you think amazon.com allows 'admin' login to the
> > backend
> > >> from their main site? Absurd to even ask. This is basic internet
> > >> security.
> > >>
> > >> Instead, have front-end machines that serve ecommerce, and have
> back-end
> > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > >> subnet.
> > >>
> > >> I have found that this setup runs faster, and you have more
> flexibility.
> > >>
> > >> Here is a sample apache (port 80) configuration file:
> > >>
> >
> --------------------------------------------------------------------------
> > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > >> DocumentRoot /var/www/
> > >> <Directory />
> > >> Options FollowSymLinks
> > >> AllowOverride None
> > >> </Directory>
> > >> <Directory /var/www/>
> > >> Options FollowSymLinks MultiViews
> > >> AllowOverride None
> > >> Order allow,deny
> > >> allow from all
> > >> </Directory>
> > >>
> > >> ExpiresActive On
> > >> #ExpiresByType text/html "access plus 1 day"
> > >> ExpiresByType text/css "access plus 1 day"
> > >> ExpiresByType text/javascript "access plus 1 day"
> > >> ExpiresByType image/gif "access plus 1 week"
> > >> ExpiresByType image/jpeg "access plus 1 week"
> > >> ExpiresByType image/png "access plus 1 week"
> > >> ExpiresByType image/bmp "access plus 1 week"
> > >> ExpiresByType application/x-javascript "access plus 1 day"
> > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > >>
> > >> ProxyRequests Off
> > >> <Proxy *>
> > >> AddDefaultCharset off
> > >> Order deny,allow
> > >> Allow from all
> > >> </Proxy>
> > >>
> > >> ProxyVia On
> > >>
> > >> NameVirtualHost *:80
> > >>
> > >> <VirtualHost *:80>
> > >> # General setup for the virtual host.
> > >> ServerName example.com
> > >> ServerAdmin mike@example.com
> > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml
> text/css
> > >> application/x-javascript text/javascript text/x-js application/json
> > >> application/xml application/javascript
> > >> BrowserMatch ^Mozilla/4 gzip-only-text/html
> > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > >>
> > >> ProxyRequests Off
> > >> ProxyPreserveHost On
> > >>
> > >> ProxyPassMatch ^(/images/.*)$ !
> > >> proxyPass /content ajp://127.0.0.1:8009/content
> > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >> #proxyPass / ajp://127.0.0.1:8009/
> > >>
> > >> RewriteEngine On
> > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >> </VirtualHost>
> > >>
> >
> --------------------------------------------------------------------------
> > >>
> > >> Here the matching SSL (port 443) apache config:
> > >> ----------------------------------------------------------------------
> > >> <IfModule mod_ssl.c>
> > >> <VirtualHost *:443>
> > >> ServerName example.com
> > >> ServerAdmin mike@example.com
> > >>
> > >> ProxyRequests Off
> > >> ProxyPreserveHost On
> > >> ProxyPassMatch ^(/images/.*)$ !
> > >> proxyPass /content ajp://127.0.0.1:8009/content
> > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >> #proxyPass / ajp://127.0.0.1:8009/
> > >>
> > >> RewriteEngine On
> > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >>
> > >> # SSL Engine Switch:
> > >> # Enable/Disable SSL for this virtual host.
> > >> SSLEngine on
> > >> SSLCertificateFile /etc/ssl/certs/example.com.crt
> > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > >>
> > >> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > >> SSLOptions +StdEnvVars
> > >> </FilesMatch>
> > >> <Directory /usr/lib/cgi-bin>
> > >> SSLOptions +StdEnvVars
> > >> </Directory>
> > >>
> > >> BrowserMatch "MSIE [2-6]" \
> > >> nokeepalive ssl-unclean-shutdown \
> > >> downgrade-1.0 force-response-1.0
> > >> # MSIE 7 and newer should be able to use keepalive
> > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > >> </VirtualHost>
> > >> </IfModule>
> > >> ----------------------------------------------------------------------
> > >>
> > >> If you decide that you don't care about locking out /catalog and other
> > >> admin stuff, just use the:
> > >>
> > >> proxyPass / ajp://127.0.0.1:8009/
> > >>
> > >> And comment out the other proxy statements.
> > >>
> > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > mandeep1985ster@gmail.com
> > >> >wrote:
> > >>
> > >> > Hi,
> > >> >
> > >> > I am developing an ecommerce store using ofbiz, can be found here
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> >
> > >> > The production system is a Unix box, running apache server and then
> > >> Ofbiz
> > >> > as a service.
> > >> >
> > >> > My question to you is, how to map the 80 port of prod server with
> the
> > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > >> >
> > >> > I was able to map the 80 port by making an entry into the IP table
> of
> > >> the
> > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> > Above mentioned is the store in conversation.
> > >> >
> > >> > Now, here's the problem, till 80 port it is fine, but when it comes
> to
> > >> 8443
> > >> > this is the kind of URL I get.
> > >> >
> > >> >
> > >> >
> > >>
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > >> >
> > >> > Notice the 8443 in the url.
> > >> > This url came when I used the tag
> <@o...@ofbizUrl>.
> > >> >
> > >> > Can you please help me out in setting up this, I'd really appreciate
> > it.
> > >> >
> > >> > --
> > >> > Mandeep Singh Sidhu
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
>
--
Mandeep Singh Sidhu
Re: Removing port number from the url in production setup
Posted by Mandeep Sidhu <ma...@gmail.com>.
So what exact change will remove the 8080 and 8443 from the url that's
generated when I user <@ofbizurl> tag to render a url??
I mean, instead of
https://www.example.com:8443/control/newcustomer
I'd require something like
https://www.example.com/control/newcustomer
how can I achieve that in production.
On Mon, Jun 4, 2012 at 3:55 AM, Mike <mz...@gmail.com> wrote:
> I just checked mine: It looks like I'm still listening in on 8080 and
> 8443:
>
> root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN
> java 18326 ofbiz 6u IPv4 508592 0t0 TCP localhost:10523
> (LISTEN)
> java 18326 ofbiz 114u IPv4 508688 0t0 TCP *:1099 (LISTEN)
> java 18326 ofbiz 297u IPv4 509471 0t0 TCP *:8080 (LISTEN)
> java 18326 ofbiz 300u IPv4 509483 0t0 TCP *:8443 (LISTEN)
> java 18326 ofbiz 302u IPv4 508690 0t0 TCP *:52139
> (LISTEN)
> java 18326 ofbiz 361u IPv4 509537 0t0 TCP *:8009 (LISTEN)
>
> So, I don't think you need to mess with ofbiz-containers. Regarding the
> other ports, I'm behind a firewall, and I'm fronted by apache via AJP
> (8009).
>
> On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <mandeep1985ster@gmail.com
> >wrote:
>
> > One quick q here Mike, the configuration you shared with me worked fine.
> >
> > However I still see the port 8443 and 8080 on my website, this happens
> when
> > the user clicks on any link which is generated using <@ofbizurl>.
> >
> > Any idea, as to how do I get rid of these port numbers appended to the
> url.
> >
> > I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> > file, but after doing that, the webtools link on https stopped working.
> >
> > Any help is much appreciated.
> >
> > Thanks and regards,
> > Mandeep Sidhu
> >
> > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> mandeep1985ster@gmail.com
> > >wrote:
> >
> > > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > > going for mod_jk now, will keep you posted.
> > >
> > > Thanks a ton everybody :)
> > >
> > > Cheers,
> > > Mandeep
> > >
> > >
> > > On Wed, May 30, 2012 at 9:02 PM, Mike <mz...@gmail.com> wrote:
> > >
> > >> Mandeep. Nice looking site.
> > >>
> > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > front
> > >> of ofbiz. Here is why:
> > >>
> > >> 1) You can offload the processing of images to apache (less load on
> > ofbiz)
> > >> 2) You can easily set cache timeouts for images, css, and other static
> > >> content.
> > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> > >> using
> > >> ofbiz
> > >> 4) It is easier to offload SSL certificate management to apache
> > >> 5) You can setup gzip compression (DEFLATE)
> > >> 6) You can load balance to multiple instances of ofbiz via apache
> > mod-jk.
> > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the
> same.
> > >> 8) Most Important: You can add security to your site by locking out
> > admin
> > >> links.
> > >>
> > >> Regarding #8. If you are running an ecommerce site, you DON'T want
> > people
> > >> from the internet to even attempt to gain access (i.e. login as
> 'admin'
> > to
> > >> 'catalog'). Do you think amazon.com allows 'admin' login to the
> > backend
> > >> from their main site? Absurd to even ask. This is basic internet
> > >> security.
> > >>
> > >> Instead, have front-end machines that serve ecommerce, and have
> back-end
> > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > >> subnet.
> > >>
> > >> I have found that this setup runs faster, and you have more
> flexibility.
> > >>
> > >> Here is a sample apache (port 80) configuration file:
> > >>
> >
> --------------------------------------------------------------------------
> > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > >> DocumentRoot /var/www/
> > >> <Directory />
> > >> Options FollowSymLinks
> > >> AllowOverride None
> > >> </Directory>
> > >> <Directory /var/www/>
> > >> Options FollowSymLinks MultiViews
> > >> AllowOverride None
> > >> Order allow,deny
> > >> allow from all
> > >> </Directory>
> > >>
> > >> ExpiresActive On
> > >> #ExpiresByType text/html "access plus 1 day"
> > >> ExpiresByType text/css "access plus 1 day"
> > >> ExpiresByType text/javascript "access plus 1 day"
> > >> ExpiresByType image/gif "access plus 1 week"
> > >> ExpiresByType image/jpeg "access plus 1 week"
> > >> ExpiresByType image/png "access plus 1 week"
> > >> ExpiresByType image/bmp "access plus 1 week"
> > >> ExpiresByType application/x-javascript "access plus 1 day"
> > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > >>
> > >> ProxyRequests Off
> > >> <Proxy *>
> > >> AddDefaultCharset off
> > >> Order deny,allow
> > >> Allow from all
> > >> </Proxy>
> > >>
> > >> ProxyVia On
> > >>
> > >> NameVirtualHost *:80
> > >>
> > >> <VirtualHost *:80>
> > >> # General setup for the virtual host.
> > >> ServerName example.com
> > >> ServerAdmin mike@example.com
> > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml
> text/css
> > >> application/x-javascript text/javascript text/x-js application/json
> > >> application/xml application/javascript
> > >> BrowserMatch ^Mozilla/4 gzip-only-text/html
> > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > >>
> > >> ProxyRequests Off
> > >> ProxyPreserveHost On
> > >>
> > >> ProxyPassMatch ^(/images/.*)$ !
> > >> proxyPass /content ajp://127.0.0.1:8009/content
> > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >> #proxyPass / ajp://127.0.0.1:8009/
> > >>
> > >> RewriteEngine On
> > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >> </VirtualHost>
> > >>
> >
> --------------------------------------------------------------------------
> > >>
> > >> Here the matching SSL (port 443) apache config:
> > >> ----------------------------------------------------------------------
> > >> <IfModule mod_ssl.c>
> > >> <VirtualHost *:443>
> > >> ServerName example.com
> > >> ServerAdmin mike@example.com
> > >>
> > >> ProxyRequests Off
> > >> ProxyPreserveHost On
> > >> ProxyPassMatch ^(/images/.*)$ !
> > >> proxyPass /content ajp://127.0.0.1:8009/content
> > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >> #proxyPass / ajp://127.0.0.1:8009/
> > >>
> > >> RewriteEngine On
> > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >>
> > >> # SSL Engine Switch:
> > >> # Enable/Disable SSL for this virtual host.
> > >> SSLEngine on
> > >> SSLCertificateFile /etc/ssl/certs/example.com.crt
> > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > >>
> > >> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > >> SSLOptions +StdEnvVars
> > >> </FilesMatch>
> > >> <Directory /usr/lib/cgi-bin>
> > >> SSLOptions +StdEnvVars
> > >> </Directory>
> > >>
> > >> BrowserMatch "MSIE [2-6]" \
> > >> nokeepalive ssl-unclean-shutdown \
> > >> downgrade-1.0 force-response-1.0
> > >> # MSIE 7 and newer should be able to use keepalive
> > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > >> </VirtualHost>
> > >> </IfModule>
> > >> ----------------------------------------------------------------------
> > >>
> > >> If you decide that you don't care about locking out /catalog and other
> > >> admin stuff, just use the:
> > >>
> > >> proxyPass / ajp://127.0.0.1:8009/
> > >>
> > >> And comment out the other proxy statements.
> > >>
> > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > mandeep1985ster@gmail.com
> > >> >wrote:
> > >>
> > >> > Hi,
> > >> >
> > >> > I am developing an ecommerce store using ofbiz, can be found here
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> >
> > >> > The production system is a Unix box, running apache server and then
> > >> Ofbiz
> > >> > as a service.
> > >> >
> > >> > My question to you is, how to map the 80 port of prod server with
> the
> > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > >> >
> > >> > I was able to map the 80 port by making an entry into the IP table
> of
> > >> the
> > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> > Above mentioned is the store in conversation.
> > >> >
> > >> > Now, here's the problem, till 80 port it is fine, but when it comes
> to
> > >> 8443
> > >> > this is the kind of URL I get.
> > >> >
> > >> >
> > >> >
> > >>
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > >> >
> > >> > Notice the 8443 in the url.
> > >> > This url came when I used the tag
> <@o...@ofbizUrl>.
> > >> >
> > >> > Can you please help me out in setting up this, I'd really appreciate
> > it.
> > >> >
> > >> > --
> > >> > Mandeep Singh Sidhu
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
>
--
Mandeep Singh Sidhu
Re: Removing port number from the url in production setup
Posted by Mike <mz...@gmail.com>.
I just checked mine: It looks like I'm still listening in on 8080 and 8443:
root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN
java 18326 ofbiz 6u IPv4 508592 0t0 TCP localhost:10523
(LISTEN)
java 18326 ofbiz 114u IPv4 508688 0t0 TCP *:1099 (LISTEN)
java 18326 ofbiz 297u IPv4 509471 0t0 TCP *:8080 (LISTEN)
java 18326 ofbiz 300u IPv4 509483 0t0 TCP *:8443 (LISTEN)
java 18326 ofbiz 302u IPv4 508690 0t0 TCP *:52139 (LISTEN)
java 18326 ofbiz 361u IPv4 509537 0t0 TCP *:8009 (LISTEN)
So, I don't think you need to mess with ofbiz-containers. Regarding the
other ports, I'm behind a firewall, and I'm fronted by apache via AJP
(8009).
On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <ma...@gmail.com>wrote:
> One quick q here Mike, the configuration you shared with me worked fine.
>
> However I still see the port 8443 and 8080 on my website, this happens when
> the user clicks on any link which is generated using <@ofbizurl>.
>
> Any idea, as to how do I get rid of these port numbers appended to the url.
>
> I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> file, but after doing that, the webtools link on https stopped working.
>
> Any help is much appreciated.
>
> Thanks and regards,
> Mandeep Sidhu
>
> On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <mandeep1985ster@gmail.com
> >wrote:
>
> > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > going for mod_jk now, will keep you posted.
> >
> > Thanks a ton everybody :)
> >
> > Cheers,
> > Mandeep
> >
> >
> > On Wed, May 30, 2012 at 9:02 PM, Mike <mz...@gmail.com> wrote:
> >
> >> Mandeep. Nice looking site.
> >>
> >> Regarding your issue, you REALLY want to use apache using mod_jk in
> front
> >> of ofbiz. Here is why:
> >>
> >> 1) You can offload the processing of images to apache (less load on
> ofbiz)
> >> 2) You can easily set cache timeouts for images, css, and other static
> >> content.
> >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> >> using
> >> ofbiz
> >> 4) It is easier to offload SSL certificate management to apache
> >> 5) You can setup gzip compression (DEFLATE)
> >> 6) You can load balance to multiple instances of ofbiz via apache
> mod-jk.
> >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same.
> >> 8) Most Important: You can add security to your site by locking out
> admin
> >> links.
> >>
> >> Regarding #8. If you are running an ecommerce site, you DON'T want
> people
> >> from the internet to even attempt to gain access (i.e. login as 'admin'
> to
> >> 'catalog'). Do you think amazon.com allows 'admin' login to the
> backend
> >> from their main site? Absurd to even ask. This is basic internet
> >> security.
> >>
> >> Instead, have front-end machines that serve ecommerce, and have back-end
> >> machines that allows access to /catalog, etc. via a VPN, or a local
> >> subnet.
> >>
> >> I have found that this setup runs faster, and you have more flexibility.
> >>
> >> Here is a sample apache (port 80) configuration file:
> >>
> --------------------------------------------------------------------------
> >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> >> DocumentRoot /var/www/
> >> <Directory />
> >> Options FollowSymLinks
> >> AllowOverride None
> >> </Directory>
> >> <Directory /var/www/>
> >> Options FollowSymLinks MultiViews
> >> AllowOverride None
> >> Order allow,deny
> >> allow from all
> >> </Directory>
> >>
> >> ExpiresActive On
> >> #ExpiresByType text/html "access plus 1 day"
> >> ExpiresByType text/css "access plus 1 day"
> >> ExpiresByType text/javascript "access plus 1 day"
> >> ExpiresByType image/gif "access plus 1 week"
> >> ExpiresByType image/jpeg "access plus 1 week"
> >> ExpiresByType image/png "access plus 1 week"
> >> ExpiresByType image/bmp "access plus 1 week"
> >> ExpiresByType application/x-javascript "access plus 1 day"
> >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> >>
> >> ProxyRequests Off
> >> <Proxy *>
> >> AddDefaultCharset off
> >> Order deny,allow
> >> Allow from all
> >> </Proxy>
> >>
> >> ProxyVia On
> >>
> >> NameVirtualHost *:80
> >>
> >> <VirtualHost *:80>
> >> # General setup for the virtual host.
> >> ServerName example.com
> >> ServerAdmin mike@example.com
> >> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
> >> application/x-javascript text/javascript text/x-js application/json
> >> application/xml application/javascript
> >> BrowserMatch ^Mozilla/4 gzip-only-text/html
> >> BrowserMatch ^Mozilla/4\.0[678] no-gzip
> >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> >>
> >> ProxyRequests Off
> >> ProxyPreserveHost On
> >>
> >> ProxyPassMatch ^(/images/.*)$ !
> >> proxyPass /content ajp://127.0.0.1:8009/content
> >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> >> #proxyPass / ajp://127.0.0.1:8009/
> >>
> >> RewriteEngine On
> >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> >> </VirtualHost>
> >>
> --------------------------------------------------------------------------
> >>
> >> Here the matching SSL (port 443) apache config:
> >> ----------------------------------------------------------------------
> >> <IfModule mod_ssl.c>
> >> <VirtualHost *:443>
> >> ServerName example.com
> >> ServerAdmin mike@example.com
> >>
> >> ProxyRequests Off
> >> ProxyPreserveHost On
> >> ProxyPassMatch ^(/images/.*)$ !
> >> proxyPass /content ajp://127.0.0.1:8009/content
> >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> >> #proxyPass / ajp://127.0.0.1:8009/
> >>
> >> RewriteEngine On
> >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> >>
> >> # SSL Engine Switch:
> >> # Enable/Disable SSL for this virtual host.
> >> SSLEngine on
> >> SSLCertificateFile /etc/ssl/certs/example.com.crt
> >> SSLCertificateKeyFile /etc/ssl/private/example.com.key
> >>
> >> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> >> SSLOptions +StdEnvVars
> >> </FilesMatch>
> >> <Directory /usr/lib/cgi-bin>
> >> SSLOptions +StdEnvVars
> >> </Directory>
> >>
> >> BrowserMatch "MSIE [2-6]" \
> >> nokeepalive ssl-unclean-shutdown \
> >> downgrade-1.0 force-response-1.0
> >> # MSIE 7 and newer should be able to use keepalive
> >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> >> </VirtualHost>
> >> </IfModule>
> >> ----------------------------------------------------------------------
> >>
> >> If you decide that you don't care about locking out /catalog and other
> >> admin stuff, just use the:
> >>
> >> proxyPass / ajp://127.0.0.1:8009/
> >>
> >> And comment out the other proxy statements.
> >>
> >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> mandeep1985ster@gmail.com
> >> >wrote:
> >>
> >> > Hi,
> >> >
> >> > I am developing an ecommerce store using ofbiz, can be found here
> >> >
> >> > http://www.simbacart.com
> >> >
> >> >
> >> > The production system is a Unix box, running apache server and then
> >> Ofbiz
> >> > as a service.
> >> >
> >> > My question to you is, how to map the 80 port of prod server with the
> >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> >> >
> >> > I was able to map the 80 port by making an entry into the IP table of
> >> the
> >> > Unix system thereby forwarding requests from 80 port to 8080.
> >> >
> >> > http://www.simbacart.com
> >> >
> >> > Above mentioned is the store in conversation.
> >> >
> >> > Now, here's the problem, till 80 port it is fine, but when it comes to
> >> 8443
> >> > this is the kind of URL I get.
> >> >
> >> >
> >> >
> >>
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> >> >
> >> > Notice the 8443 in the url.
> >> > This url came when I used the tag <@o...@ofbizUrl>.
> >> >
> >> > Can you please help me out in setting up this, I'd really appreciate
> it.
> >> >
> >> > --
> >> > Mandeep Singh Sidhu
> >> >
> >>
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
>
>
>
> --
> Mandeep Singh Sidhu
>
Re: Removing port number from the url in production setup
Posted by Mike <mz...@gmail.com>.
I remember going through this. I believe (it's been a while) that the key
is in framework/webapp/config/url.properties:
This is what mine looks like:
----------------------------------------------------------------------------------------------------------
# HTTPS Port (Secure port)
port.https.enabled=Y
#port.https=8443
#force.https.host=example.com
# HTTP Port (Not Secure port)
#port.http=8080
#force.http.host=example.com
# Static Content URLs to make it easy to move the serving load for static
content to other machines
# -- thse are for general content such as images, js & css files, or
non-dynamic HTML files
content.url.prefix.secure=
content.url.prefix.standard=
# Here you can set the domain string to use for new cookies
#cookie.domain=example.com
<snip>
----------------------------------------------------------------------------------------------------------
So, it appears that there is no 8080 --or-- 8443 configured. See if that
works.
On Sun, Jun 3, 2012 at 11:33 AM, Mandeep Sidhu <ma...@gmail.com>wrote:
> so what configuration should I give here for production usage?
>
> On Sun, Jun 3, 2012 at 11:44 PM, Deepak Agarwal <dagarwal82@gmail.com
> >wrote:
>
> > Go to Content->website , choose ur website. there you will find it.
> >
> > On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu <
> mandeep1985ster@gmail.com
> > >wrote:
> >
> > > One quick q here Mike, the configuration you shared with me worked
> fine.
> > >
> > > However I still see the port 8443 and 8080 on my website, this happens
> > when
> > > the user clicks on any link which is generated using <@ofbizurl>.
> > >
> > > Any idea, as to how do I get rid of these port numbers appended to the
> > url.
> > >
> > > I tried removing entry 8443 from ofbiz-containers.xml and
> url.properties
> > > file, but after doing that, the webtools link on https stopped working.
> > >
> > > Any help is much appreciated.
> > >
> > > Thanks and regards,
> > > Mandeep Sidhu
> > >
> > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> > mandeep1985ster@gmail.com
> > > >wrote:
> > >
> > > > Excellent, Thanks Mike for such a detailed explanation, definitely I
> am
> > > > going for mod_jk now, will keep you posted.
> > > >
> > > > Thanks a ton everybody :)
> > > >
> > > > Cheers,
> > > > Mandeep
> > > >
> > > >
> > > > On Wed, May 30, 2012 at 9:02 PM, Mike <mz...@gmail.com> wrote:
> > > >
> > > >> Mandeep. Nice looking site.
> > > >>
> > > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > > front
> > > >> of ofbiz. Here is why:
> > > >>
> > > >> 1) You can offload the processing of images to apache (less load on
> > > ofbiz)
> > > >> 2) You can easily set cache timeouts for images, css, and other
> static
> > > >> content.
> > > >> 3) You can easily add a normal HTML static pages (/static/*.html)
> w/o
> > > >> using
> > > >> ofbiz
> > > >> 4) It is easier to offload SSL certificate management to apache
> > > >> 5) You can setup gzip compression (DEFLATE)
> > > >> 6) You can load balance to multiple instances of ofbiz via apache
> > > mod-jk.
> > > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the
> > same.
> > > >> 8) Most Important: You can add security to your site by locking out
> > > admin
> > > >> links.
> > > >>
> > > >> Regarding #8. If you are running an ecommerce site, you DON'T want
> > > people
> > > >> from the internet to even attempt to gain access (i.e. login as
> > 'admin'
> > > to
> > > >> 'catalog'). Do you think amazon.com allows 'admin' login to the
> > > backend
> > > >> from their main site? Absurd to even ask. This is basic internet
> > > >> security.
> > > >>
> > > >> Instead, have front-end machines that serve ecommerce, and have
> > back-end
> > > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > > >> subnet.
> > > >>
> > > >> I have found that this setup runs faster, and you have more
> > flexibility.
> > > >>
> > > >> Here is a sample apache (port 80) configuration file:
> > > >>
> > >
> >
> --------------------------------------------------------------------------
> > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > > >> DocumentRoot /var/www/
> > > >> <Directory />
> > > >> Options FollowSymLinks
> > > >> AllowOverride None
> > > >> </Directory>
> > > >> <Directory /var/www/>
> > > >> Options FollowSymLinks MultiViews
> > > >> AllowOverride None
> > > >> Order allow,deny
> > > >> allow from all
> > > >> </Directory>
> > > >>
> > > >> ExpiresActive On
> > > >> #ExpiresByType text/html "access plus 1 day"
> > > >> ExpiresByType text/css "access plus 1 day"
> > > >> ExpiresByType text/javascript "access plus 1 day"
> > > >> ExpiresByType image/gif "access plus 1 week"
> > > >> ExpiresByType image/jpeg "access plus 1 week"
> > > >> ExpiresByType image/png "access plus 1 week"
> > > >> ExpiresByType image/bmp "access plus 1 week"
> > > >> ExpiresByType application/x-javascript "access plus 1 day"
> > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > > >>
> > > >> ProxyRequests Off
> > > >> <Proxy *>
> > > >> AddDefaultCharset off
> > > >> Order deny,allow
> > > >> Allow from all
> > > >> </Proxy>
> > > >>
> > > >> ProxyVia On
> > > >>
> > > >> NameVirtualHost *:80
> > > >>
> > > >> <VirtualHost *:80>
> > > >> # General setup for the virtual host.
> > > >> ServerName example.com
> > > >> ServerAdmin mike@example.com
> > > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml
> > text/css
> > > >> application/x-javascript text/javascript text/x-js application/json
> > > >> application/xml application/javascript
> > > >> BrowserMatch ^Mozilla/4 gzip-only-text/html
> > > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > > >>
> > > >> ProxyRequests Off
> > > >> ProxyPreserveHost On
> > > >>
> > > >> ProxyPassMatch ^(/images/.*)$ !
> > > >> proxyPass /content ajp://127.0.0.1:8009/content
> > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > > >> #proxyPass / ajp://127.0.0.1:8009/
> > > >>
> > > >> RewriteEngine On
> > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > > >> </VirtualHost>
> > > >>
> > >
> >
> --------------------------------------------------------------------------
> > > >>
> > > >> Here the matching SSL (port 443) apache config:
> > > >>
> ----------------------------------------------------------------------
> > > >> <IfModule mod_ssl.c>
> > > >> <VirtualHost *:443>
> > > >> ServerName example.com
> > > >> ServerAdmin mike@example.com
> > > >>
> > > >> ProxyRequests Off
> > > >> ProxyPreserveHost On
> > > >> ProxyPassMatch ^(/images/.*)$ !
> > > >> proxyPass /content ajp://127.0.0.1:8009/content
> > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > > >> #proxyPass / ajp://127.0.0.1:8009/
> > > >>
> > > >> RewriteEngine On
> > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > > >>
> > > >> # SSL Engine Switch:
> > > >> # Enable/Disable SSL for this virtual host.
> > > >> SSLEngine on
> > > >> SSLCertificateFile /etc/ssl/certs/example.com.crt
> > > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > > >>
> > > >> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > > >> SSLOptions +StdEnvVars
> > > >> </FilesMatch>
> > > >> <Directory /usr/lib/cgi-bin>
> > > >> SSLOptions +StdEnvVars
> > > >> </Directory>
> > > >>
> > > >> BrowserMatch "MSIE [2-6]" \
> > > >> nokeepalive ssl-unclean-shutdown \
> > > >> downgrade-1.0 force-response-1.0
> > > >> # MSIE 7 and newer should be able to use keepalive
> > > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > > >> </VirtualHost>
> > > >> </IfModule>
> > > >>
> ----------------------------------------------------------------------
> > > >>
> > > >> If you decide that you don't care about locking out /catalog and
> other
> > > >> admin stuff, just use the:
> > > >>
> > > >> proxyPass / ajp://127.0.0.1:8009/
> > > >>
> > > >> And comment out the other proxy statements.
> > > >>
> > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > > mandeep1985ster@gmail.com
> > > >> >wrote:
> > > >>
> > > >> > Hi,
> > > >> >
> > > >> > I am developing an ecommerce store using ofbiz, can be found here
> > > >> >
> > > >> > http://www.simbacart.com
> > > >> >
> > > >> >
> > > >> > The production system is a Unix box, running apache server and
> then
> > > >> Ofbiz
> > > >> > as a service.
> > > >> >
> > > >> > My question to you is, how to map the 80 port of prod server with
> > the
> > > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > > >> >
> > > >> > I was able to map the 80 port by making an entry into the IP table
> > of
> > > >> the
> > > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > > >> >
> > > >> > http://www.simbacart.com
> > > >> >
> > > >> > Above mentioned is the store in conversation.
> > > >> >
> > > >> > Now, here's the problem, till 80 port it is fine, but when it
> comes
> > to
> > > >> 8443
> > > >> > this is the kind of URL I get.
> > > >> >
> > > >> >
> > > >> >
> > > >>
> > >
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > > >> >
> > > >> > Notice the 8443 in the url.
> > > >> > This url came when I used the tag
> > <@o...@ofbizUrl>.
> > > >> >
> > > >> > Can you please help me out in setting up this, I'd really
> appreciate
> > > it.
> > > >> >
> > > >> > --
> > > >> > Mandeep Singh Sidhu
> > > >> >
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > Mandeep Singh Sidhu
> > > >
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> > > --
> > > Thanks,
> > > Deepak Agarwal,
> > >
> > > Paxcel Technologies Pvt Ltd.
> > > Hartron Complex, Sector 18, Gurgaon, India.
> > > E-Mail: deepak.agarwal@paxcel.net
> > > Mobile: +91 9910322604
> > >
> > >
> >
>
>
>
> --
> Mandeep Singh Sidhu
>
Re: Removing port number from the url in production setup
Posted by Mandeep Sidhu <ma...@gmail.com>.
so what configuration should I give here for production usage?
On Sun, Jun 3, 2012 at 11:44 PM, Deepak Agarwal <da...@gmail.com>wrote:
> Go to Content->website , choose ur website. there you will find it.
>
> On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu <mandeep1985ster@gmail.com
> >wrote:
>
> > One quick q here Mike, the configuration you shared with me worked fine.
> >
> > However I still see the port 8443 and 8080 on my website, this happens
> when
> > the user clicks on any link which is generated using <@ofbizurl>.
> >
> > Any idea, as to how do I get rid of these port numbers appended to the
> url.
> >
> > I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> > file, but after doing that, the webtools link on https stopped working.
> >
> > Any help is much appreciated.
> >
> > Thanks and regards,
> > Mandeep Sidhu
> >
> > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> mandeep1985ster@gmail.com
> > >wrote:
> >
> > > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > > going for mod_jk now, will keep you posted.
> > >
> > > Thanks a ton everybody :)
> > >
> > > Cheers,
> > > Mandeep
> > >
> > >
> > > On Wed, May 30, 2012 at 9:02 PM, Mike <mz...@gmail.com> wrote:
> > >
> > >> Mandeep. Nice looking site.
> > >>
> > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > front
> > >> of ofbiz. Here is why:
> > >>
> > >> 1) You can offload the processing of images to apache (less load on
> > ofbiz)
> > >> 2) You can easily set cache timeouts for images, css, and other static
> > >> content.
> > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> > >> using
> > >> ofbiz
> > >> 4) It is easier to offload SSL certificate management to apache
> > >> 5) You can setup gzip compression (DEFLATE)
> > >> 6) You can load balance to multiple instances of ofbiz via apache
> > mod-jk.
> > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the
> same.
> > >> 8) Most Important: You can add security to your site by locking out
> > admin
> > >> links.
> > >>
> > >> Regarding #8. If you are running an ecommerce site, you DON'T want
> > people
> > >> from the internet to even attempt to gain access (i.e. login as
> 'admin'
> > to
> > >> 'catalog'). Do you think amazon.com allows 'admin' login to the
> > backend
> > >> from their main site? Absurd to even ask. This is basic internet
> > >> security.
> > >>
> > >> Instead, have front-end machines that serve ecommerce, and have
> back-end
> > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > >> subnet.
> > >>
> > >> I have found that this setup runs faster, and you have more
> flexibility.
> > >>
> > >> Here is a sample apache (port 80) configuration file:
> > >>
> >
> --------------------------------------------------------------------------
> > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > >> DocumentRoot /var/www/
> > >> <Directory />
> > >> Options FollowSymLinks
> > >> AllowOverride None
> > >> </Directory>
> > >> <Directory /var/www/>
> > >> Options FollowSymLinks MultiViews
> > >> AllowOverride None
> > >> Order allow,deny
> > >> allow from all
> > >> </Directory>
> > >>
> > >> ExpiresActive On
> > >> #ExpiresByType text/html "access plus 1 day"
> > >> ExpiresByType text/css "access plus 1 day"
> > >> ExpiresByType text/javascript "access plus 1 day"
> > >> ExpiresByType image/gif "access plus 1 week"
> > >> ExpiresByType image/jpeg "access plus 1 week"
> > >> ExpiresByType image/png "access plus 1 week"
> > >> ExpiresByType image/bmp "access plus 1 week"
> > >> ExpiresByType application/x-javascript "access plus 1 day"
> > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > >>
> > >> ProxyRequests Off
> > >> <Proxy *>
> > >> AddDefaultCharset off
> > >> Order deny,allow
> > >> Allow from all
> > >> </Proxy>
> > >>
> > >> ProxyVia On
> > >>
> > >> NameVirtualHost *:80
> > >>
> > >> <VirtualHost *:80>
> > >> # General setup for the virtual host.
> > >> ServerName example.com
> > >> ServerAdmin mike@example.com
> > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml
> text/css
> > >> application/x-javascript text/javascript text/x-js application/json
> > >> application/xml application/javascript
> > >> BrowserMatch ^Mozilla/4 gzip-only-text/html
> > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > >>
> > >> ProxyRequests Off
> > >> ProxyPreserveHost On
> > >>
> > >> ProxyPassMatch ^(/images/.*)$ !
> > >> proxyPass /content ajp://127.0.0.1:8009/content
> > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >> #proxyPass / ajp://127.0.0.1:8009/
> > >>
> > >> RewriteEngine On
> > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >> </VirtualHost>
> > >>
> >
> --------------------------------------------------------------------------
> > >>
> > >> Here the matching SSL (port 443) apache config:
> > >> ----------------------------------------------------------------------
> > >> <IfModule mod_ssl.c>
> > >> <VirtualHost *:443>
> > >> ServerName example.com
> > >> ServerAdmin mike@example.com
> > >>
> > >> ProxyRequests Off
> > >> ProxyPreserveHost On
> > >> ProxyPassMatch ^(/images/.*)$ !
> > >> proxyPass /content ajp://127.0.0.1:8009/content
> > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >> #proxyPass / ajp://127.0.0.1:8009/
> > >>
> > >> RewriteEngine On
> > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >>
> > >> # SSL Engine Switch:
> > >> # Enable/Disable SSL for this virtual host.
> > >> SSLEngine on
> > >> SSLCertificateFile /etc/ssl/certs/example.com.crt
> > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > >>
> > >> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > >> SSLOptions +StdEnvVars
> > >> </FilesMatch>
> > >> <Directory /usr/lib/cgi-bin>
> > >> SSLOptions +StdEnvVars
> > >> </Directory>
> > >>
> > >> BrowserMatch "MSIE [2-6]" \
> > >> nokeepalive ssl-unclean-shutdown \
> > >> downgrade-1.0 force-response-1.0
> > >> # MSIE 7 and newer should be able to use keepalive
> > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > >> </VirtualHost>
> > >> </IfModule>
> > >> ----------------------------------------------------------------------
> > >>
> > >> If you decide that you don't care about locking out /catalog and other
> > >> admin stuff, just use the:
> > >>
> > >> proxyPass / ajp://127.0.0.1:8009/
> > >>
> > >> And comment out the other proxy statements.
> > >>
> > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > mandeep1985ster@gmail.com
> > >> >wrote:
> > >>
> > >> > Hi,
> > >> >
> > >> > I am developing an ecommerce store using ofbiz, can be found here
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> >
> > >> > The production system is a Unix box, running apache server and then
> > >> Ofbiz
> > >> > as a service.
> > >> >
> > >> > My question to you is, how to map the 80 port of prod server with
> the
> > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > >> >
> > >> > I was able to map the 80 port by making an entry into the IP table
> of
> > >> the
> > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> > Above mentioned is the store in conversation.
> > >> >
> > >> > Now, here's the problem, till 80 port it is fine, but when it comes
> to
> > >> 8443
> > >> > this is the kind of URL I get.
> > >> >
> > >> >
> > >> >
> > >>
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > >> >
> > >> > Notice the 8443 in the url.
> > >> > This url came when I used the tag
> <@o...@ofbizUrl>.
> > >> >
> > >> > Can you please help me out in setting up this, I'd really appreciate
> > it.
> > >> >
> > >> > --
> > >> > Mandeep Singh Sidhu
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
> > --
> > Thanks,
> > Deepak Agarwal,
> >
> > Paxcel Technologies Pvt Ltd.
> > Hartron Complex, Sector 18, Gurgaon, India.
> > E-Mail: deepak.agarwal@paxcel.net
> > Mobile: +91 9910322604
> >
> >
>
--
Mandeep Singh Sidhu
Re: Removing port number from the url in production setup
Posted by Deepak Agarwal <da...@gmail.com>.
Go to Content->website , choose ur website. there you will find it.
On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu <ma...@gmail.com>wrote:
> One quick q here Mike, the configuration you shared with me worked fine.
>
> However I still see the port 8443 and 8080 on my website, this happens when
> the user clicks on any link which is generated using <@ofbizurl>.
>
> Any idea, as to how do I get rid of these port numbers appended to the url.
>
> I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> file, but after doing that, the webtools link on https stopped working.
>
> Any help is much appreciated.
>
> Thanks and regards,
> Mandeep Sidhu
>
> On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <mandeep1985ster@gmail.com
> >wrote:
>
> > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > going for mod_jk now, will keep you posted.
> >
> > Thanks a ton everybody :)
> >
> > Cheers,
> > Mandeep
> >
> >
> > On Wed, May 30, 2012 at 9:02 PM, Mike <mz...@gmail.com> wrote:
> >
> >> Mandeep. Nice looking site.
> >>
> >> Regarding your issue, you REALLY want to use apache using mod_jk in
> front
> >> of ofbiz. Here is why:
> >>
> >> 1) You can offload the processing of images to apache (less load on
> ofbiz)
> >> 2) You can easily set cache timeouts for images, css, and other static
> >> content.
> >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> >> using
> >> ofbiz
> >> 4) It is easier to offload SSL certificate management to apache
> >> 5) You can setup gzip compression (DEFLATE)
> >> 6) You can load balance to multiple instances of ofbiz via apache
> mod-jk.
> >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same.
> >> 8) Most Important: You can add security to your site by locking out
> admin
> >> links.
> >>
> >> Regarding #8. If you are running an ecommerce site, you DON'T want
> people
> >> from the internet to even attempt to gain access (i.e. login as 'admin'
> to
> >> 'catalog'). Do you think amazon.com allows 'admin' login to the
> backend
> >> from their main site? Absurd to even ask. This is basic internet
> >> security.
> >>
> >> Instead, have front-end machines that serve ecommerce, and have back-end
> >> machines that allows access to /catalog, etc. via a VPN, or a local
> >> subnet.
> >>
> >> I have found that this setup runs faster, and you have more flexibility.
> >>
> >> Here is a sample apache (port 80) configuration file:
> >>
> --------------------------------------------------------------------------
> >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> >> DocumentRoot /var/www/
> >> <Directory />
> >> Options FollowSymLinks
> >> AllowOverride None
> >> </Directory>
> >> <Directory /var/www/>
> >> Options FollowSymLinks MultiViews
> >> AllowOverride None
> >> Order allow,deny
> >> allow from all
> >> </Directory>
> >>
> >> ExpiresActive On
> >> #ExpiresByType text/html "access plus 1 day"
> >> ExpiresByType text/css "access plus 1 day"
> >> ExpiresByType text/javascript "access plus 1 day"
> >> ExpiresByType image/gif "access plus 1 week"
> >> ExpiresByType image/jpeg "access plus 1 week"
> >> ExpiresByType image/png "access plus 1 week"
> >> ExpiresByType image/bmp "access plus 1 week"
> >> ExpiresByType application/x-javascript "access plus 1 day"
> >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> >>
> >> ProxyRequests Off
> >> <Proxy *>
> >> AddDefaultCharset off
> >> Order deny,allow
> >> Allow from all
> >> </Proxy>
> >>
> >> ProxyVia On
> >>
> >> NameVirtualHost *:80
> >>
> >> <VirtualHost *:80>
> >> # General setup for the virtual host.
> >> ServerName example.com
> >> ServerAdmin mike@example.com
> >> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
> >> application/x-javascript text/javascript text/x-js application/json
> >> application/xml application/javascript
> >> BrowserMatch ^Mozilla/4 gzip-only-text/html
> >> BrowserMatch ^Mozilla/4\.0[678] no-gzip
> >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> >>
> >> ProxyRequests Off
> >> ProxyPreserveHost On
> >>
> >> ProxyPassMatch ^(/images/.*)$ !
> >> proxyPass /content ajp://127.0.0.1:8009/content
> >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> >> #proxyPass / ajp://127.0.0.1:8009/
> >>
> >> RewriteEngine On
> >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> >> </VirtualHost>
> >>
> --------------------------------------------------------------------------
> >>
> >> Here the matching SSL (port 443) apache config:
> >> ----------------------------------------------------------------------
> >> <IfModule mod_ssl.c>
> >> <VirtualHost *:443>
> >> ServerName example.com
> >> ServerAdmin mike@example.com
> >>
> >> ProxyRequests Off
> >> ProxyPreserveHost On
> >> ProxyPassMatch ^(/images/.*)$ !
> >> proxyPass /content ajp://127.0.0.1:8009/content
> >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> >> #proxyPass / ajp://127.0.0.1:8009/
> >>
> >> RewriteEngine On
> >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> >>
> >> # SSL Engine Switch:
> >> # Enable/Disable SSL for this virtual host.
> >> SSLEngine on
> >> SSLCertificateFile /etc/ssl/certs/example.com.crt
> >> SSLCertificateKeyFile /etc/ssl/private/example.com.key
> >>
> >> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> >> SSLOptions +StdEnvVars
> >> </FilesMatch>
> >> <Directory /usr/lib/cgi-bin>
> >> SSLOptions +StdEnvVars
> >> </Directory>
> >>
> >> BrowserMatch "MSIE [2-6]" \
> >> nokeepalive ssl-unclean-shutdown \
> >> downgrade-1.0 force-response-1.0
> >> # MSIE 7 and newer should be able to use keepalive
> >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> >> </VirtualHost>
> >> </IfModule>
> >> ----------------------------------------------------------------------
> >>
> >> If you decide that you don't care about locking out /catalog and other
> >> admin stuff, just use the:
> >>
> >> proxyPass / ajp://127.0.0.1:8009/
> >>
> >> And comment out the other proxy statements.
> >>
> >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> mandeep1985ster@gmail.com
> >> >wrote:
> >>
> >> > Hi,
> >> >
> >> > I am developing an ecommerce store using ofbiz, can be found here
> >> >
> >> > http://www.simbacart.com
> >> >
> >> >
> >> > The production system is a Unix box, running apache server and then
> >> Ofbiz
> >> > as a service.
> >> >
> >> > My question to you is, how to map the 80 port of prod server with the
> >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> >> >
> >> > I was able to map the 80 port by making an entry into the IP table of
> >> the
> >> > Unix system thereby forwarding requests from 80 port to 8080.
> >> >
> >> > http://www.simbacart.com
> >> >
> >> > Above mentioned is the store in conversation.
> >> >
> >> > Now, here's the problem, till 80 port it is fine, but when it comes to
> >> 8443
> >> > this is the kind of URL I get.
> >> >
> >> >
> >> >
> >>
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> >> >
> >> > Notice the 8443 in the url.
> >> > This url came when I used the tag <@o...@ofbizUrl>.
> >> >
> >> > Can you please help me out in setting up this, I'd really appreciate
> it.
> >> >
> >> > --
> >> > Mandeep Singh Sidhu
> >> >
> >>
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
>
>
>
> --
> Mandeep Singh Sidhu
>
> --
> Thanks,
> Deepak Agarwal,
>
> Paxcel Technologies Pvt Ltd.
> Hartron Complex, Sector 18, Gurgaon, India.
> E-Mail: deepak.agarwal@paxcel.net
> Mobile: +91 9910322604
>
>