I'm running Redhat and installed the binary for tomcat thx
Mark Diggory wrote: > It depends on the linux vendor, which linux are you running and how > did you install tomcat originally? (RedHat, Debian, Ubuntu, Gentoo? > etc). > > -Mark > > On Jan 25, 2007, at 9:10 AM, Susan Teague Rector wrote: > > >> Hi All, >> I thought I'd jump in here >> >> I have just installed Dspace on a test server and am running it on : >> 80. I think I want to move to the model you all are listing where >> we log in through https:// thus running Tomcat under Apache. >> >> I have a silly question though - Do I need to build the mod_jk >> connector in Linux? It doesn't look like there's a binary >> distribution? >> >> Thanks, >> >> -- >> Susan Teague Rector >> Web Applications Manager >> VCU Libraries: Library Information Systems >> 804.827.3554 | [EMAIL PROTECTED] >> >> >> Mark Diggory wrote: >> >>> John, >>> >>> It is mounted vi mod_jk, connector which allows apache to >>> communicate with tomcat directly. I left that out, those details >>> are available in tomcats server.xml. There are two configurations >>> that you are hearing back from Larry Stone and myself about. >>> 1.) Use Apache and mod_jk in front of tomcat to handle http/https >>> requests. In which apache handles which port a request goes to ala >>> URL Rewrites/Redirects, tomcat listens via the mod_jk/ajp >>> connector for requests. This is a the solution usually taken in >>> production environments running tomcat. It allows the System >>> Administrator to control the entire request process and its >>> behavior. There are many "mods" in Apache that can do things like >>> bandwidth filtering, redirecting and URL rewriting which are >>> difficult if not impossible to find for Tomcat directly. This >>> solution does not require having to recompile the dspace >>> webapplication to administer these aspects, it allows your System >>> Admin to take control in this area while your application >>> developers deal with the web-application side. >>> >>> 2.) Use Tomcat to directly serve http/https and security >>> constraints. This requires rebuilding the war (or just editing the >>> security constraint in web.xml <http://web.xml>) to enforce this >>> restriction. Note, you have open tomcat up on two ports http and >>> https You also need to hack the JSP's to redirect you back out of >>> https after your user is leaving a protected area. >>> This is why I choose the former solution, it is always in the >>> hands of the system administrator, who is the expert in this area >>> and actualy needs to control these security aspects of a service >>> as the responsibility of his/her position. It requires zero >>> modification of the DSpace web-application JSPs and configuration >>> and thus is very easy to maintain across dspace upgrades. Each >>> solution has its nuances and complexities. You'll need to evaluate >>> for yourself, which seems most appropriate for your taste and >>> situation. >>> -Mark Diggory >>> >>> >>> On Jan 24, 2007, at 3:19 PM, John Preston wrote: >>> >>> >>>> I see that you are redirecting to the apache https service. Where >>>> is the tomcat server, I presume on 84343 port. >>>> >>>> John >>>> >>>> On 1/24/07, *Mark Diggory* < [EMAIL PROTECTED] >>>> <mailto:[EMAIL PROTECTED]>> wrote: >>>> >>>> We accomplish this within our Apache httpd service in front of >>>> Tomcat. Basically I use mod_rewrite to force specific url's into >>>> http or https. (for example: >>>> >>>> >>>> >>>>> ## SSL Virtual Host Context >>>>> <VirtualHost 18.51.3.31:443 <http://18.51.3.31:443>> >>>>> >>>>> >>>>> >>>> ... >>>> >>>> >>>>> RewriteEngine on >>>>> >>>>> RewriteCond %{REQUEST_URI} !^/certificate-login.* >>>>> RewriteCond %{REQUEST_URI} !^/password-login.* >>>>> RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [L,R] >>>>> >>>>> >>>> ... >>>> >>>> >>>>> </VirtualHost> >>>>> <VirtualHost 18.51.3.31:80 <http://18.51.3.31:80>> >>>>> >>>>> >>>> ... >>>> >>>> >>>>> RewriteEngine on >>>>> >>>>> RewriteCond %{REQUEST_URI} ^/certificate- >>>>> login.* [OR] >>>>> RewriteCond %{REQUEST_URI} ^/password-login.* >>>>> RewriteRule ^/(.*) https://%{HTTP_HOST}:443/$1 [L,R] >>>>> >>>> -Mark >>>> >>>> >>>> On Jan 24, 2007, at 2:15 PM, John Preston wrote: >>>> >>>> >>>>> Can anyone tell me if it is possible to use https for just the >>>>> login steps and regualr unsecured http to access my dspace >>>>> site. >>>>> I need to secure the login username/password phase but once >>>>> logged in I want to use the regular http so it is as fast as >>>>> possible. >>>>> >>>> Mark R. Diggory >>>> ~~~~~~~~~~~~~ >>>> DSpace Systems Manager >>>> MIT Libraries, Systems and Technology Services >>>> Massachusetts Institute of Technology >>>> >>>> >>>> >>>> >>> Mark R. Diggory >>> ~~~~~~~~~~~~~ >>> DSpace Systems Manager >>> MIT Libraries, Systems and Technology Services >>> Massachusetts Institute of Technology >>> >>> >>> --------------------------------------------------------------------- >>> --- >>> >>> --------------------------------------------------------------------- >>> ---- >>> Take Surveys. Earn Cash. Influence the Future of IT >>> Join SourceForge.net's Techsay panel and you'll get the chance to >>> share your >>> opinions on IT & business topics through brief surveys - and earn >>> cash >>> http://www.techsay.com/default.php? >>> page=join.php&p=sourceforge&CID=DEVDEV >>> --------------------------------------------------------------------- >>> --- >>> >>> _______________________________________________ >>> DSpace-tech mailing list >>> DSpace-tech@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/dspace-tech >>> >>> >> > > Mark R. Diggory > ~~~~~~~~~~~~~ > DSpace Systems Manager > MIT Libraries, Systems and Technology Services > Massachusetts Institute of Technology > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech > -- Susan Teague Rector Web Applications Manager VCU Libraries: Library Information Systems 804.827.3554 | [EMAIL PROTECTED] ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
