Thank you guys for the replies. I've been resisting the idea to install Apache, thinking not to install unnecessary services as much as possible. I need to think hard on this. Perhaps compromise has to be made somewhere.
Any other people using Tomcat only run into this problem (following the ServletSecurity http://wiki.dspace.org/index.php/ServletSecurity method but can't escape from https to http)? Yes, nothing wrong with using https on every page, just a bit waste. Cory, I tried Deepblue and it seems you're not running it over https because https://deepblue.lib.umich.edu/ won't return any result. On the other hand I don't know why you can't just shut port 8080 from iptables. I guess unless I intentionally type port 8080 at the url the port number won't show in any links? Thanks, Zhiwu -----Original Message----- From: Cory Snavely [mailto:[EMAIL PROTECTED] Sent: Friday, April 06, 2007 10:08 AM To: [email protected] Cc: Zhiwu Xie Subject: Re: [Dspace-tech] redirect port 8443 to 80? For folks listening in with interest, we also use NAT port forwarding to get around the requirement for mod_jk, but FWIW I haven't determined a way to close the incoming *actual* Tomcat ports (8080/8443). So, a potential downside with this approach, in addition to not having any real logic like mod_rewrite to apply at that intermediary level. Mind you, it's not really harmful or vulnerable, it's just a little ugly to have your actual nonstandard ports all hanging out like that. Cory Snavely University of Michigan Library IT Core Services On Fri, 2007-04-06 at 11:56 -0400, Mark Diggory wrote: > We use Apache, mod_jk and mod_rewrite to deliver the webapplication > on port 80 and port 443 as separate VirtualHost entries in Apache > httpd. We do not allow direct access to the tomcat server over port > 8080 or port 8443. I can send some more detail of our configuration > if you decide to go this route. > > -Mark > > On Apr 6, 2007, at 11:32 AM, James Rutherford wrote: > > > On Thu, Apr 05, 2007 at 09:39:53AM -0600, Zhiwu Xie wrote: > >> bar, but then when I click the DSpace logo from a secured page > >> such as > >> > >> https://laii-dspace.unm.edu/password-login > >> > >> all the following pages are through https regardless of which the > >> page > >> is, which bothers me. > > > > The links used in DSpace are relative, so if you login via https, you > > will continue with https. > > > >> But when I tried to click the dspace logo from the mit dspace page > >> > >> https://dspace.mit.edu/password-login > >> > >> the request to the https://dspace.mit.edu/ seems to be rerouted to > >> http://dspace.mit.edu/. So what's the trick? > > > > The only reason the MIT site is different is because (I assume) they > > have some custom configuration elsewhere that redirects https requests > > to http for normal use. If you try accessing https://dspace.mit.edu > > you > > will be redirected to the unsecured version at http://dspace.mit.edu. > > > > cheers, > > > > Jim > > > > -- > > James Rutherford | Hewlett-Packard Limited registered > > Office: > > Research Engineer | Cain Road, > > HP Labs | Bracknell, > > Bristol, UK | Berks > > +44 117 312 7066 | RG12 1HN. > > [EMAIL PROTECTED] | Registered No: 690597 England > > > > The contents of this message and any attachments to it are > > confidential and > > may be legally privileged. If you have received this message in > > error, you > > should delete it from your system immediately and advise the > > sender. To any > > recipient of this message within HP, unless otherwise stated you > > should > > consider this message and attachments as "HP CONFIDENTIAL". > > > > ---------------------------------------------------------------------- > > --- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to > > share your > > opinions on IT & business topics through brief surveys-and earn cash > > http://www.techsay.com/default.php? > > page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > > DSpace-tech mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > ~~~~~~~~~~~~~ > Mark R. Diggory - DSpace Systems Manager > MIT Libraries, Systems and Technology Services > Massachusetts Institute of Technology > Office: E25-131 > Phone: (617) 253-1096 > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
