Thanks helix, well-written answer. A couple of questions (I was hoping to touch the tomcat config as little as possible since I'm a complete tomcat neophyte)...
Why do you need to go through the chain of ports (8009 -> 8443)? First, is the 8443 necessary if. in apache's conf, you redirect all port 80 requests over to ssl 443? Second, what is "ajp" for? This may be simple-minded, but if a browser can talk directly to tomcat on 8080, why can't apace do so as well? Also, it looks like the "Contexts" you're setting up in tomcat are a little like rewrite rules or aliases in apache. Is there a reason you do them as contexts instead? Do the contexts take care outgoing urls too, or is it more like the way it looks to me, that's what the dspace configs (dspace.url etc) are really there for? Thanks again... -glenn On Tue, Feb 8, 2011 at 1:30 AM, helix84 <[email protected]> wrote: > On Tue, Feb 8, 2011 at 02:39, Glenn Little <[email protected]> wrote: >> really do. I'm trying to figure out if I can configure a virtual host >> to "transparently" run dspace through apache, without the xmlui path >> component or any tomcat port numbers etc. > > Hi Glenn, > there's really more than one way to do this. My setup does what you > want, albeit a trifle differently (I used mod_proxy instead of > mod_jk). > > dspace.cfg: > dspace.hostname = example.com > dspace.baseUrl = http://example.com > dspace.url = ${dspace.baseUrl} > > /etc/tomcat5.5/server.xml: > ... > <Service name="Catalina"> > ... > <Connector port="8009" > enableLookups="false" redirectPort="8443" protocol="AJP/1.3" > URIEncoding="UTF-8" /> > > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile="/etc/tomcat5.5/example.com.p12" > keystorePass="pass" > keystoreType="PKCS12" > /> > ... > <Host name="localhost" appBase="webapps" > unpackWARs="true" autoDeploy="true" > xmlValidation="false" xmlNamespaceAware="false"> > ... > <!-- DEFINE A CONTEXT PATH FOR DSpace XML User Interface --> > <Context path="/" docBase="/dspace/webapps/xmlui" debug="0" > reloadable="true" cachingAllowed="false" > allowLinking="true"> > <!-- DEFINE A CONTEXT PATH FOR DSpace JSP User Interface --> > <Context path="/jspui" docBase="/dspace/webapps/jspui" debug="0" > reloadable="true" cachingAllowed="false" > allowLinking="true"/> > ... > > virtual host files (or httpd.conf): > <VirtualHost *:80> > ServerName example.com > > ProxyPass / ajp://localhost:8009/ retry=10 > ProxyPassReverse / ajp://localhost:8009/ > </VirtualHost> > > <IfModule mod_ssl.c> > <VirtualHost _default_:443> > ServerName example.com > > ProxyPass / ajp://localhost:8009/ > ProxyPassReverse / ajp://localhost:8009/ > > SSLEngine on > > SSLCertificateFile /etc/apache2/ssl/example.com.pem > SSLCertificateKeyFile /etc/apache2/ssl/dspace.key > SSLCertificateChainFile /etc/apache2/ssl/dspace-chain.pem > <FilesMatch "\.(cgi|shtml|phtml|php)$"> > SSLOptions +StdEnvVars > </FilesMatch> > <Directory /usr/lib/cgi-bin> > SSLOptions +StdEnvVars > </Directory> > > BrowserMatch ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > </VirtualHost> > </IfModule> > > The important parts are: > * dspace.cfg points eventually to Apache (port 80), not to tomcat > (which continues to run on port 8180, though - you can firewall it > from outside when you're done). Do this only after you set up tomcat > and apache vhosts. > * Context path="/" points to /dspace/webapps/xmlui > * Other contexts can then point to other dspace interfaces, so I can > have JSPUI at "/jspui" > * Don't forget to specify AJP to run at 8009" with > URIEncoding="UTF-8", this is where mod_proxy connects to tomcat > * I included also my SSL config for reference, you can ignore it on > your first try > > Hope this helps. > > Regards, > ~~helix84 > ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
