ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mz4whee...@gmail.com
Subject Re: Removing port number from the url in production setup
Date Mon, 04 Jun 2012 02:25:25 GMT
Just comment out the 8080 and 8443 lines out of url.properties, and restart. You still need
the https line (see my example).  

Sent via BlackBerry by AT&T

-----Original Message-----
From: Mandeep Sidhu <mandeep1985ster@gmail.com>
Date: Mon, 4 Jun 2012 07:43:01 
To: <user@ofbiz.apache.org>
Reply-To: user@ofbiz.apache.org
Subject: Re: Removing port number from the url in production setup

So what exact change will remove the 8080 and 8443 from the url that's
generated when I user <@ofbizurl> tag to render a url??
I mean, instead of
https://www.example.com:8443/control/newcustomer

I'd require something like
https://www.example.com/control/newcustomer

how can I achieve that in production.

On Mon, Jun 4, 2012 at 3:55 AM, Mike <mz4wheeler@gmail.com> wrote:

> I just checked mine:  It looks like I'm still listening in on 8080 and
> 8443:
>
> root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN
> java    18326 ofbiz    6u  IPv4     508592      0t0     TCP localhost:10523
> (LISTEN)
> java    18326 ofbiz  114u  IPv4     508688      0t0     TCP *:1099 (LISTEN)
> java    18326 ofbiz  297u  IPv4     509471      0t0     TCP *:8080 (LISTEN)
> java    18326 ofbiz  300u  IPv4     509483      0t0     TCP *:8443 (LISTEN)
> java    18326 ofbiz  302u  IPv4     508690      0t0     TCP *:52139
> (LISTEN)
> java    18326 ofbiz  361u  IPv4     509537      0t0     TCP *:8009 (LISTEN)
>
> So, I don't think you need to mess with ofbiz-containers.  Regarding the
> other ports, I'm behind a firewall, and I'm fronted by apache via AJP
> (8009).
>
> On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu <mandeep1985ster@gmail.com
> >wrote:
>
> > One quick q here Mike, the configuration you shared with me worked fine.
> >
> > However I still see the port 8443 and 8080 on my website, this happens
> when
> > the user clicks on any link which is generated using <@ofbizurl>.
> >
> > Any idea, as to how do I get rid of these port numbers appended to the
> url.
> >
> > I tried removing entry 8443 from ofbiz-containers.xml and url.properties
> > file, but after doing that, the webtools link on https stopped working.
> >
> > Any help is much appreciated.
> >
> > Thanks and regards,
> > Mandeep Sidhu
> >
> > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <
> mandeep1985ster@gmail.com
> > >wrote:
> >
> > > Excellent, Thanks Mike for such a detailed explanation, definitely I am
> > > going for mod_jk now, will keep you posted.
> > >
> > > Thanks a ton everybody :)
> > >
> > > Cheers,
> > > Mandeep
> > >
> > >
> > > On Wed, May 30, 2012 at 9:02 PM, Mike <mz4wheeler@gmail.com> wrote:
> > >
> > >> Mandeep.  Nice looking site.
> > >>
> > >> Regarding your issue, you REALLY want to use apache using mod_jk in
> > front
> > >> of ofbiz.  Here is why:
> > >>
> > >> 1) You can offload the processing of images to apache (less load on
> > ofbiz)
> > >> 2) You can easily set cache timeouts for images, css, and other static
> > >> content.
> > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o
> > >> using
> > >> ofbiz
> > >> 4) It is easier to offload SSL certificate management to apache
> > >> 5) You can setup gzip compression (DEFLATE)
> > >> 6) You can load balance to multiple instances of ofbiz via apache
> > mod-jk.
> > >> 7) Apache runs as the user 'nobody' (not root).  Ofbiz can do the
> same.
> > >> 8) Most Important:  You can add security to your site by locking out
> > admin
> > >> links.
> > >>
> > >> Regarding #8.  If you are running an ecommerce site, you DON'T want
> > people
> > >> from the internet to even attempt to gain access (i.e. login as
> 'admin'
> > to
> > >> 'catalog').  Do you think amazon.com allows 'admin' login to the
> > backend
> > >> from their main site?  Absurd to even ask.  This is basic internet
> > >> security.
> > >>
> > >> Instead, have front-end machines that serve ecommerce, and have
> back-end
> > >> machines that allows access to /catalog, etc. via a VPN, or a local
> > >> subnet.
> > >>
> > >> I have found that this setup runs faster, and you have more
> flexibility.
> > >>
> > >> Here is a sample apache (port 80) configuration file:
> > >>
> >
> --------------------------------------------------------------------------
> > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/
> > >> DocumentRoot /var/www/
> > >> <Directory />
> > >>   Options FollowSymLinks
> > >>   AllowOverride None
> > >> </Directory>
> > >> <Directory /var/www/>
> > >>   Options FollowSymLinks MultiViews
> > >>   AllowOverride None
> > >>   Order allow,deny
> > >>   allow from all
> > >> </Directory>
> > >>
> > >> ExpiresActive On
> > >> #ExpiresByType text/html "access plus 1 day"
> > >> ExpiresByType text/css "access plus 1 day"
> > >> ExpiresByType text/javascript "access plus 1 day"
> > >> ExpiresByType image/gif "access plus 1 week"
> > >> ExpiresByType image/jpeg "access plus 1 week"
> > >> ExpiresByType image/png "access plus 1 week"
> > >> ExpiresByType image/bmp "access plus 1 week"
> > >> ExpiresByType application/x-javascript "access plus 1 day"
> > >> ExpiresByType application/x-shockwave-flash "access plus 1 day"
> > >>
> > >> ProxyRequests Off
> > >> <Proxy *>
> > >>        AddDefaultCharset off
> > >>        Order deny,allow
> > >>        Allow from all
> > >> </Proxy>
> > >>
> > >> ProxyVia On
> > >>
> > >> NameVirtualHost *:80
> > >>
> > >> <VirtualHost *:80>
> > >>    #   General setup for the virtual host.
> > >>    ServerName example.com
> > >>    ServerAdmin mike@example.com
> > >>    AddOutputFilterByType DEFLATE text/html text/plain text/xml
> text/css
> > >> application/x-javascript text/javascript text/x-js application/json
> > >> application/xml application/javascript
> > >>    BrowserMatch ^Mozilla/4 gzip-only-text/html
> > >>    BrowserMatch ^Mozilla/4\.0[678] no-gzip
> > >>    BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
> > >>    BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
> > >>
> > >>    ProxyRequests Off
> > >>    ProxyPreserveHost On
> > >>
> > >>    ProxyPassMatch ^(/images/.*)$ !
> > >>    proxyPass /content   ajp://127.0.0.1:8009/content
> > >>    proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >>    proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >>    #proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >>    RewriteEngine On
> > >>    ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >>    RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >>    RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >> </VirtualHost>
> > >>
> >
> --------------------------------------------------------------------------
> > >>
> > >> Here the matching SSL (port 443) apache config:
> > >> ----------------------------------------------------------------------
> > >> <IfModule mod_ssl.c>
> > >> <VirtualHost *:443>
> > >>        ServerName example.com
> > >>        ServerAdmin mike@example.com
> > >>
> > >>        ProxyRequests Off
> > >>        ProxyPreserveHost On
> > >>        ProxyPassMatch ^(/images/.*)$ !
> > >>        proxyPass /content   ajp://127.0.0.1:8009/content
> > >>        proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
> > >>        proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
> > >>        #proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >>        RewriteEngine On
> > >>        ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
> > >>        RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
> > >>        RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
> > >>
> > >>        #   SSL Engine Switch:
> > >>        #   Enable/Disable SSL for this virtual host.
> > >>        SSLEngine on
> > >>        SSLCertificateFile    /etc/ssl/certs/example.com.crt
> > >>        SSLCertificateKeyFile /etc/ssl/private/example.com.key
> > >>
> > >>        <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > >>                SSLOptions +StdEnvVars
> > >>        </FilesMatch>
> > >>        <Directory /usr/lib/cgi-bin>
> > >>                SSLOptions +StdEnvVars
> > >>        </Directory>
> > >>
> > >>        BrowserMatch "MSIE [2-6]" \
> > >>                nokeepalive ssl-unclean-shutdown \
> > >>                downgrade-1.0 force-response-1.0
> > >>        # MSIE 7 and newer should be able to use keepalive
> > >>        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> > >> </VirtualHost>
> > >> </IfModule>
> > >> ----------------------------------------------------------------------
> > >>
> > >> If you decide that you don't care about locking out /catalog and other
> > >> admin stuff, just use the:
> > >>
> > >> proxyPass /        ajp://127.0.0.1:8009/
> > >>
> > >> And comment out the other proxy statements.
> > >>
> > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <
> > mandeep1985ster@gmail.com
> > >> >wrote:
> > >>
> > >> > Hi,
> > >> >
> > >> > I am developing an ecommerce store using ofbiz, can be found here
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> >
> > >> > The production system is a Unix box, running apache server and then
> > >> Ofbiz
> > >> > as a service.
> > >> >
> > >> > My question to you is, how to map the 80 port of prod server with
> the
> > >> > ofbiz's 8080 port, also about the mapping of 8443 port.
> > >> >
> > >> > I was able to map the 80 port by making an entry into the IP table
> of
> > >> the
> > >> > Unix system thereby forwarding requests from 80 port to 8080.
> > >> >
> > >> > http://www.simbacart.com
> > >> >
> > >> > Above mentioned is the store in conversation.
> > >> >
> > >> > Now, here's the problem, till 80 port it is fine, but when it comes
> to
> > >> 8443
> > >> > this is the kind of URL I get.
> > >> >
> > >> >
> > >> >
> > >>
> >
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
> > >> >
> > >> > Notice the 8443 in the url.
> > >> > This url came when I used the tag
> <@ofbizUrl>/newcustomer</@ofbizUrl>.
> > >> >
> > >> > Can you please help me out in setting up this, I'd really appreciate
> > it.
> > >> >
> > >> > --
> > >> > Mandeep Singh Sidhu
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Mandeep Singh Sidhu
> > >
> >
> >
> >
> > --
> > Mandeep Singh Sidhu
> >
>



-- 
Mandeep Singh Sidhu

Mime
View raw message