It depends on the linux vendor, which linux are you running and how did you install tomcat originally? (RedHat, Debian, Ubuntu, Gentoo? etc).
-Mark On Jan 25, 2007, at 9:10 AM, Susan Teague Rector wrote: > Hi All, > I thought I'd jump in here > > I have just installed Dspace on a test server and am running it on : > 80. I think I want to move to the model you all are listing where > we log in through https:// thus running Tomcat under Apache. > > I have a silly question though - Do I need to build the mod_jk > connector in Linux? It doesn't look like there's a binary > distribution? > > Thanks, > > -- > Susan Teague Rector > Web Applications Manager > VCU Libraries: Library Information Systems > 804.827.3554 | [EMAIL PROTECTED] > > > Mark Diggory wrote: >> John, >> >> It is mounted vi mod_jk, connector which allows apache to >> communicate with tomcat directly. I left that out, those details >> are available in tomcats server.xml. There are two configurations >> that you are hearing back from Larry Stone and myself about. >> 1.) Use Apache and mod_jk in front of tomcat to handle http/https >> requests. In which apache handles which port a request goes to ala >> URL Rewrites/Redirects, tomcat listens via the mod_jk/ajp >> connector for requests. This is a the solution usually taken in >> production environments running tomcat. It allows the System >> Administrator to control the entire request process and its >> behavior. There are many "mods" in Apache that can do things like >> bandwidth filtering, redirecting and URL rewriting which are >> difficult if not impossible to find for Tomcat directly. This >> solution does not require having to recompile the dspace >> webapplication to administer these aspects, it allows your System >> Admin to take control in this area while your application >> developers deal with the web-application side. >> >> 2.) Use Tomcat to directly serve http/https and security >> constraints. This requires rebuilding the war (or just editing the >> security constraint in web.xml <http://web.xml>) to enforce this >> restriction. Note, you have open tomcat up on two ports http and >> https You also need to hack the JSP's to redirect you back out of >> https after your user is leaving a protected area. >> This is why I choose the former solution, it is always in the >> hands of the system administrator, who is the expert in this area >> and actualy needs to control these security aspects of a service >> as the responsibility of his/her position. It requires zero >> modification of the DSpace web-application JSPs and configuration >> and thus is very easy to maintain across dspace upgrades. Each >> solution has its nuances and complexities. You'll need to evaluate >> for yourself, which seems most appropriate for your taste and >> situation. >> -Mark Diggory >> >> >> On Jan 24, 2007, at 3:19 PM, John Preston wrote: >> >>> I see that you are redirecting to the apache https service. Where >>> is the tomcat server, I presume on 84343 port. >>> >>> John >>> >>> On 1/24/07, *Mark Diggory* < [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>> wrote: >>> >>> We accomplish this within our Apache httpd service in front of >>> Tomcat. Basically I use mod_rewrite to force specific url's into >>> http or https. (for example: >>> >>> >>>> ## SSL Virtual Host Context >>>> <VirtualHost 18.51.3.31:443 <http://18.51.3.31:443>> >>>> >>>> >>> ... >>> >>>> RewriteEngine on >>>> >>>> RewriteCond %{REQUEST_URI} !^/certificate-login.* >>>> RewriteCond %{REQUEST_URI} !^/password-login.* >>>> RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [L,R] >>>> >>> ... >>> >>>> </VirtualHost> >>>> <VirtualHost 18.51.3.31:80 <http://18.51.3.31:80>> >>>> >>> >>> ... >>> >>>> RewriteEngine on >>>> >>>> RewriteCond %{REQUEST_URI} ^/certificate- >>>> login.* [OR] >>>> RewriteCond %{REQUEST_URI} ^/password-login.* >>>> RewriteRule ^/(.*) https://%{HTTP_HOST}:443/$1 [L,R] >>> >>> >>> -Mark >>> >>> >>> On Jan 24, 2007, at 2:15 PM, John Preston wrote: >>> >>>> Can anyone tell me if it is possible to use https for just the >>>> login steps and regualr unsecured http to access my dspace >>>> site. >>>> I need to secure the login username/password phase but once >>>> logged in I want to use the regular http so it is as fast as >>>> possible. >>> >>> Mark R. Diggory >>> ~~~~~~~~~~~~~ >>> DSpace Systems Manager >>> MIT Libraries, Systems and Technology Services >>> Massachusetts Institute of Technology >>> >>> >>> >> >> Mark R. Diggory >> ~~~~~~~~~~~~~ >> DSpace Systems Manager >> MIT Libraries, Systems and Technology Services >> Massachusetts Institute of Technology >> >> >> --------------------------------------------------------------------- >> --- >> >> --------------------------------------------------------------------- >> ---- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> opinions on IT & business topics through brief surveys - and earn >> cash >> http://www.techsay.com/default.php? >> page=join.php&p=sourceforge&CID=DEVDEV >> --------------------------------------------------------------------- >> --- >> >> _______________________________________________ >> DSpace-tech mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> > > Mark R. Diggory ~~~~~~~~~~~~~ DSpace Systems Manager MIT Libraries, Systems and Technology Services Massachusetts Institute of Technology ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
