Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@geronimo.apache.org
Received-SPF: pass (asf.osuosl.org: domain of hcunico@gmail.com designates
 64.233.184.195 as permitted sender)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
        b=FGQTPjHlzzXCOsKP5/7paphIKXphCCDWvVc9byydOWglajdnY7hSZI2Wym0g/qCsdlb+vZKBr6g/cN6oycHqrvLaSRTOh3Udq5LwN3xSp+hdTic9z5XtWo9CBQVnAwk104+3jwdY//5VSUTghFmZf/M7nOgWbZ9lGCPcko/5gGI=
Message-ID: <43FA06A7.5030601@gmail.com>
Date: Mon, 20 Feb 2006 13:12:55 -0500
From: Hernan Cunico <hcunico@gmail.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
MIME-Version: 1.0
To: dev@geronimo.apache.org
Subject: Re: How to configure a remote HTTPd
References: <43F9EB22.7030608@gmail.com> <43F9F62E.9080201@apache.org>
In-Reply-To: <43F9F62E.9080201@apache.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi Jeff,
I normally use the console as the sample application because it is the easiest application to test 
and everybody knows where it is. I personally do not believe that anybody will be interested in 
having the console exposed :) but for the "just in case", I added a couple of *WARNINGS* in red to 
catch the readers attention there ;)  ..btw, thanks for the feedback..

I am planning to add an article to discuss different topologies for implementing Geronimo, discuss 
the pros and cons of each topology (security, performance, high availability, etc). I think it would 
be good to have a few different topologies described (solution oriented) where you could see the 
different nodes (remote http, app server, db, ldap, etc.), likelyhood of firewalls and the 
connectivity requirements between the nodes.

It would be great to have a few extra hands for working on this topic, volunteers welcome :)

Cheers!
Hernan

Jeff Genender wrote:
> Hernan,
> 
> Great article.  One thing you may wish to add is discussion of the
> security consequences of exposing /console.  This will usually be a URL
> that is not exposed to the public via a front ended httpd setup...as it
> would be considered a security risk.  Typically, a front ended web
> server will be used for production, so this may be a good tip to add.
> Perhaps in your examples you could expose one of the example
> applications, or show how to expose the whole server, but offer an
> example of where you can deny access to the console for security
> purposes.  Its just a small hint for security conscious folks.
> 
> Jeff
> 
> Hernan Cunico wrote:
> 
>>Hi All,
>>I just updated the documentation. The following article covers how to
>>configure the Apache HTTPd to forward client requests to Geronimo in two
>>different ways, either as a reverse proxy or using the Jakarta Tomcat
>>Connector.
>>
>>http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Remote+HTTPd+Server
>>
>>
>>Cheers!
>>Hernan
> 
>