Will they both be on the same running tomcat server or on separate servers?
Here's a quick and abbreviated example server.xml setup for both on the
same server. The config is very careful to be
sure magnoliaAuthor is only available through the localhost interface
and a SSL encrypted connector. Just
configure magnoliaAuthor to activate through the localhost connections:
<Server port="8005" shutdown="SHUTDOWN">
<!-- Global resource definitions here -->
<Service name="MgnlAuthor">
<!-- Place magnoliaAuthor.war in a new directory named mgnlAuthorApps
which resides just
inside of tomcat along side the webapps folder. The context
definition will show up at
conf/MgnlAuthor/localhost/magnoliaAuthor.xml. Authors will
access this via
https://www.yourdomainnamehere.com/magnoliaAuthor/
Activation in /subscribers/SubscriberConfig/0001 of Config
would be as follows:
active: true
address: 127.0.0.1:8081
senderURL: http://127.0.0.1:8080/magnoliaAuthor
protocol: http
requestConfirmation: false
-->
<!-- SSL connector configured with your certificate -->
<Connector port="443" maxHttpHeaderSize="8192" address="[public ip here]"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<!-- Unencrypted connection bound to the localhost interface -->
<Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true" />
<Engine name="MgnlAuthor" defaultHost="localhost">
<!-- This is configured to use a new webapps directory,
mgnlAuthorApps in
the tomcat directory -->
<Host name="localhost" appBase="mgnlAuthorApps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
<Service name="Catalina">
<!-- Name your magnolia public war file ROOT.war and place it in the
webapps folder
for deployment. Your context definition will be in
conf/Catalina/localhost/ROOT.xml
The public view the site via http://www.yourdomainhere.com/ -->
<!-- Unencrypted connection bound to the localhost interface for
content activation -->
<!-- Be careful not to use the same port as above -->
<Connector port="8081" address="127.0.0.1" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true" />
<!-- Public port 80 for general consumption -- bound to a public IP -->
<Connector port="80" address="[public server ip here]"
maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true" />
<Engine name="Catalina" defaultHost="localhost">
<!-- This is configured to use the default webapps directory -->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
</Server>
--David
(FTP) wrote:
I only want to have the Author instance SSL enabled. The rest can remain as it
is. How can you distinguish that?
Also, the user identification dialog should also go via SSL>
Thanks
On Thu, Dec 15, 2005 at 09:39:15AM -0500, David Smith wrote:
Good question. I believe the answer is yes with some caveates. The
author and public instance can talk to the client with SSL no problem.
I haven't looked at the activation code in a while, but believe author
and public can't talk to each other over SSL. There will have to be an
unencrypted connector in tomcat on author and public for that.
Tunneling might be an answer if you need that encrypted as well.
I've done the setup with author and public on the same machine. One
connector is SSL enabled for the clients and the other is a standard
HTTP connector with the attribute address="127.0.0.1". That forces the
connector to bind to the localhost interface where the public can't
access it. Setup activation on author and public to use the unencrypted
127.0.0.1 address.
--David
(FTP) wrote:
Hi,
I was looking in the archives as well but couldn't really find aworking
solution how to install/operate Magnolia 2.1.3 when SSL is switched on in
the latest Tomcat version.
Is any info on this?
Thank you
George
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
