> SSL with Magnolia Is the purpose of this to protect (encrypt) the authentication credentials of content authors?
Do you also have Apache in front of these interfaces? Does anyone run Tomcat standalone, or is it almost always put behind Apache? Why? Many www sites also link to a secure area. If I built a content tree called 'www', and another called 'secure', would it be possible to connect the 'www' tree to Apache HTTP, while connecting the 'secure' tree to Apache HTTPS? I'm beginning to think this would be a job for 2 Tomcats because even if both sites could be configured to run off magnoliaPublic, there would always be the chance of a programming bug allowing someone to gain access to the secure area, a risk my IT guys would consider unacceptable. > The context definition will show up at conf/MgnlAuthor/localhost/magnoliaAuthor.xml Does Magnolia from a WAR file create these context files? I could swear I had to create my own on order to configure a DBCP resource for use in my Magnolia site. I used the package bundled with Tomcat. Maybe its different when dropping the WARS into an existing Tomcat. > Name your magnolia public war file ROOT.war and place it in the webapps folder Does this wipe out the Tomcat default index & examples? I tried replacing '/index.jsp' with my own & it would not come up until I commented out the 'servlet' & 'servlet-mapping' elements in '../ROOT/WEB-INF/web.xml'. -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] Sent: Thursday, December 15, 2005 12:15 PM To: [email protected] Subject: Re: [magnolia-user] SSL with Magnolia Will they both be on the same running tomcat server or on separate servers? Here's a quick and abbreviated example server.xml setup for both on the same server. The config is very careful to be sure magnoliaAuthor is only available through the localhost interface and a SSL encrypted connector. Just configure magnoliaAuthor to activate through the localhost connections: <Server port="8005" shutdown="SHUTDOWN"> <!-- Global resource definitions here --> <Service name="MgnlAuthor"> <!-- Place magnoliaAuthor.war in a new directory named mgnlAuthorApps which resides just inside of tomcat along side the webapps folder. The context definition will show up at conf/MgnlAuthor/localhost/magnoliaAuthor.xml. Authors will access this via https://www.yourdomainnamehere.com/magnoliaAuthor/ Activation in /subscribers/SubscriberConfig/0001 of Config would be as follows: active: true address: 127.0.0.1:8081 senderURL: http://127.0.0.1:8080/magnoliaAuthor protocol: http requestConfirmation: false --> <!-- SSL connector configured with your certificate --> <Connector port="443" maxHttpHeaderSize="8192" address="[public ip here]" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> <!-- Unencrypted connection bound to the localhost interface --> <Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> <Engine name="MgnlAuthor" defaultHost="localhost"> <!-- This is configured to use a new webapps directory, mgnlAuthorApps in the tomcat directory --> <Host name="localhost" appBase="mgnlAuthorApps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> </Host> </Engine> </Service> <Service name="Catalina"> <!-- Name your magnolia public war file ROOT.war and place it in the webapps folder for deployment. Your context definition will be in conf/Catalina/localhost/ROOT.xml The public view the site via http://www.yourdomainhere.com/ --> <!-- Unencrypted connection bound to the localhost interface for content activation --> <!-- Be careful not to use the same port as above --> <Connector port="8081" address="127.0.0.1" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> <!-- Public port 80 for general consumption -- bound to a public IP --> <Connector port="80" address="[public server ip here]" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> <Engine name="Catalina" defaultHost="localhost"> <!-- This is configured to use the default webapps directory --> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> </Host> </Engine> </Service> </Server> --David (FTP) wrote: >I only want to have the Author instance SSL enabled. The rest can remain as it is. How can you distinguish that? > >Also, the user identification dialog should also go via SSL> > >Thanks > >On Thu, Dec 15, 2005 at 09:39:15AM -0500, David Smith wrote: > > >>Good question. I believe the answer is yes with some caveates. The >>author and public instance can talk to the client with SSL no problem. >>I haven't looked at the activation code in a while, but believe author >>and public can't talk to each other over SSL. There will have to be >>an unencrypted connector in tomcat on author and public for that. >>Tunneling might be an answer if you need that encrypted as well. >> >>I've done the setup with author and public on the same machine. One >>connector is SSL enabled for the clients and the other is a standard >>HTTP connector with the attribute address="127.0.0.1". That forces >>the connector to bind to the localhost interface where the public >>can't access it. Setup activation on author and public to use the >>unencrypted >>127.0.0.1 address. >> >>--David >> >>(FTP) wrote: >> >> >> >>>Hi, >>> >>>I was looking in the archives as well but couldn't really find >>>aworking solution how to install/operate Magnolia 2.1.3 when SSL is >>>switched on in the latest Tomcat version. >>> >>>Is any info on this? >>> >>>Thank you >>> >>>George >>> >>> >>>---------------------------------------------------------------- >>>for list details see >>>http://www.magnolia.info/en/magnolia/developer.html >>>---------------------------------------------------------------- >>> >>> >>> >>> >>---------------------------------------------------------------- >>for list details see >>http://www.magnolia.info/en/magnolia/developer.html >>---------------------------------------------------------------- >> >> > >---------------------------------------------------------------- >for list details see >http://www.magnolia.info/en/magnolia/developer.html >---------------------------------------------------------------- > > ---------------------------------------------------------------- for list details see http://www.magnolia.info/en/magnolia/developer.html ---------------------------------------------------------------- ---------------------------------------------------------------- for list details see http://www.magnolia.info/en/magnolia/developer.html ----------------------------------------------------------------
