Hi All, I thought I'd jump in here I have just installed Dspace on a test server and am running it on :80. I think I want to move to the model you all are listing where we log in through https:// thus running Tomcat under Apache.
I have a silly question though - Do I need to build the mod_jk connector in Linux? It doesn't look like there's a binary distribution? Thanks, -- Susan Teague Rector Web Applications Manager VCU Libraries: Library Information Systems 804.827.3554 | [EMAIL PROTECTED] Mark Diggory wrote: > John, > > It is mounted vi mod_jk, connector which allows apache to communicate > with tomcat directly. I left that out, those details are available in > tomcats server.xml. There are two configurations that you are hearing > back from Larry Stone and myself about. > > 1.) Use Apache and mod_jk in front of tomcat to handle http/https > requests. In which apache handles which port a request goes to ala URL > Rewrites/Redirects, tomcat listens via the mod_jk/ajp connector for > requests. This is a the solution usually taken in production > environments running tomcat. It allows the System Administrator to > control the entire request process and its behavior. There are many > "mods" in Apache that can do things like bandwidth filtering, > redirecting and URL rewriting which are difficult if not impossible to > find for Tomcat directly. This solution does not require having to > recompile the dspace webapplication to administer these aspects, it > allows your System Admin to take control in this area while your > application developers deal with the web-application side. > > 2.) Use Tomcat to directly serve http/https and security constraints. > This requires rebuilding the war (or just editing the security > constraint in web.xml <http://web.xml>) to enforce this restriction. > Note, you have open tomcat up on two ports http and https You also > need to hack the JSP's to redirect you back out of https after your > user is leaving a protected area. > > This is why I choose the former solution, it is always in the hands of > the system administrator, who is the expert in this area and actualy > needs to control these security aspects of a service as the > responsibility of his/her position. It requires zero modification of > the DSpace web-application JSPs and configuration and thus is very > easy to maintain across dspace upgrades. Each solution has its > nuances and complexities. You'll need to evaluate for yourself, which > seems most appropriate for your taste and situation. > > -Mark Diggory > > > On Jan 24, 2007, at 3:19 PM, John Preston wrote: > >> I see that you are redirecting to the apache https service. Where is >> the tomcat server, I presume on 84343 port. >> >> John >> >> On 1/24/07, *Mark Diggory* < [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> wrote: >> >> We accomplish this within our Apache httpd service in front of >> Tomcat. Basically I use mod_rewrite to force specific url's into >> http or https. (for example: >> >> >>> ## SSL Virtual Host Context >>> <VirtualHost 18.51.3.31:443 <http://18.51.3.31:443>> >>> >>> >> ... >> >>> RewriteEngine on >>> >>> RewriteCond %{REQUEST_URI} !^/certificate-login.* >>> RewriteCond %{REQUEST_URI} !^/password-login.* >>> RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [L,R] >>> >> ... >> >>> </VirtualHost> >>> >>> <VirtualHost 18.51.3.31:80 <http://18.51.3.31:80>> >>> >> >> ... >> >>> RewriteEngine on >>> >>> RewriteCond %{REQUEST_URI} ^/certificate-login.* [OR] >>> RewriteCond %{REQUEST_URI} ^/password-login.* >>> RewriteRule ^/(.*) https://%{HTTP_HOST}:443/$1 [L,R] >> >> >> -Mark >> >> >> On Jan 24, 2007, at 2:15 PM, John Preston wrote: >> >>> Can anyone tell me if it is possible to use https for just the >>> login steps and regualr unsecured http to access my dspace site. >>> I need to secure the login username/password phase but once >>> logged in I want to use the regular http so it is as fast as >>> possible. >> >> Mark R. Diggory >> ~~~~~~~~~~~~~ >> DSpace Systems Manager >> MIT Libraries, Systems and Technology Services >> Massachusetts Institute of Technology >> >> >> > > Mark R. Diggory > ~~~~~~~~~~~~~ > DSpace Systems Manager > MIT Libraries, Systems and Technology Services > Massachusetts Institute of Technology > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > ------------------------------------------------------------------------ > > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
