ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Byers <r.ted.by...@gmail.com>
Subject Re: accessing ofbiz only over SSL/TLS using Apache's httpd server
Date Sat, 09 Mar 2013 17:49:21 GMT
Thanks Mike,

On Sat, Mar 9, 2013 at 12:38 PM, Mike <mz4wheeler@gmail.com> wrote:
> There are a couple of ways to do it, each of which requires you to really
> know apache the AJP module:
> On a running ofbiz system, there is this "runtime" directory:
> ls /opt/ofbiz.1104/runtime/catalina/work/default-server/
> accounting  bizznesstime  droppingcrumbs  example googlecheckout multiflex
> ordermgr tempfiles workeffort ap bluelight     ebay exampleext  hhfacility
> myportal osafe_theme  tomahawk  ar catalog ebaystore facility humanres
> oagis partymgr   assetmaint cmssite ecommerce flatgrey iCalendar
> manufacturing  ofbiz projectmgr webpos content images marketing
>  ofbizsetup  webslinge birt googlebase  ismgr  minimal  sfa webtools
> These are all reserved paths that ofbiz creates when started, so you can
> create a bunch of <Location>...</Location> tags for each of the above
> --or-- you can also just use: (with out /Location tags).
> proxyPass /catalog ajp://
> proxyPass /cmssite ajp://
> proxyPass /content ajp://
> However, just looking at the shear amount of mount points that ofbiz
> exposes by default it is crazy to expose all of them on the internet.  You
> can probably lock down the external facing mounts that you really need
> (like /ecommerce) and just access the backend via a direct connection to
> port 8080/8443, only from your LAN.

Would I not be able to handle the security implications of exposing
some selection of mounts for the back end by requiring client side
certificates for them.  If so, I know how to add support or a
requirement, for client side certificates in Apache's httpd server,
but what about the application server OFBiz lives in?



View raw message