Philip I for one would be interested in knowing how they hacked port 80 if you know.
Skip -----Original Message----- From: Philip Laing [mailto:[EMAIL PROTECTED] Sent: Monday, October 08, 2007 9:23 PM To: [email protected] Subject: Setup with more than one computer - Security and Apache for a web server Thanks Mike That is exactly what I was looking for but I didn't quite know how to word it. I have slightly changed the subject to fit more closely to where the thread might be heading Thanks for the input from everyone; I have been able to glean that: 1. IP Addresses are not an issues with OFBiz's various components talking to one another, ports and configuration of OFBiz's framework files are the important areas to consider 2. It is possible to split OFBiz into 2-3 x nodes/servers during installation Half the challenge with setting up solutions such as OFBiz is know how it thinks and what it needs to communicate between the various engines. The reason I am interested is that I has a bad experience with Compiere. During development I had left port 80 open through my firewall to single computer installation and had the web server (Tomcat) hacked into and broken. So I am very conscious of security and I am wondered if I could split the web server and place in DMZ with the rest of OZBiz safely sitting behind my firewall. If they break the web server it won't be as big an issue to fix or protect the dbase and other parts from being compromised by ID thieves looking credit card and other ID details Thanks again for your input Philip Laing Dip. Sys Admin IT ASC Consultants 33 Vendul Crescent Port Macquarie NSW 2444 Phone: 61 2 6582 7147 Mobile : 0411827147 Web Page: www.ascconsultants.com.au Email: [EMAIL PROTECTED] > -----Original Message----- > From: Mike Wong [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 9 October 2007 1:47 PM > To: [email protected] > Subject: RE: Setup with more than one computer > > Philip, > > You can deploy something like this > > Computer-1 running httpd with mod_jk > Computer-2 running ofbiz with only mod_jk port open > Computer-3 running DB > > Doing so you have to change some configurations in the url.properties file > and find some way to sync all your static files to the httpd doc root. > > Mike > > -----Original Message----- > From: Philip Laing [mailto:[EMAIL PROTECTED] > Sent: Monday, October 08, 2007 14:35 > To: [email protected] > Subject: RE: Setup with more than one computer > > > Thanks Skip > > Exactly what I needed thanks for that ... now can I install over 3 > computers? > > Computer-1 webserver > Computer-2 application server > Computer-3 database > > Thanks again ... I really appreciate your input > > Phil > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Monday, 8 October 2007 2:55 PM > > To: [email protected] > > Subject: RE: Setup with more than one computer > > > > Philip > > > > What you wanna do is pretty easy. Have a look at entityengine.xml in > > framework/entity/config. > > > > Look toward the bottom till you find the database type you use, say > > "localpostgres". Clone this and call it something else, then change > where > > the jdbc driver looks. For example, its currently set to > > jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz". > > > > You make a new one maybe like this: > > "jdbc:postgresql://192.168.1.100/ofbiz". > > > > The database server can be anywhere you want. > > > > Check this out: > > > http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Se > > tu > > p+Guide > > > > Here is another link: > > > > http://www.undersunconsulting.com/static/OFBizBasicProductionSetup.pdf > > > > Skip > > > > -----Original Message----- > > From: Philip Laing [mailto:[EMAIL PROTECTED] > > Sent: Sunday, October 07, 2007 8:50 PM > > To: [email protected] > > Subject: RE: Setup with more than one computer > > > > > > Hi BJ > > > > No ... not 2 instances ... just break up the installation over 2 > computers > > i.e. 1st computer with dbase installed and 2nd computer with application > > installed > > > > cheers > > > > Web Page: www.ascconsultants.com.au > > Email: [EMAIL PROTECTED] > > > > > -----Original Message----- > > > From: BJ Freeman [mailto:[EMAIL PROTECTED] > > > Sent: Monday, 8 October 2007 10:51 AM > > > To: [email protected] > > > Subject: Re: Setup with more than one computer > > > > > > Clarification: > > > it looks like you want to run two instances of ofbiz > > > to the same DB. > > > this takes extra configuration. > > > > > > FYI the apps use the web server > > > I think you are referring the Ecommerce side > > > > > > not sure why you want to use two instances, since the backend (apps) > is > > > ssl and 8443. > > > you can block that port through the fire wall if you only want intra > lan > > > communications. > > > > > > i run all behind a firewall, and both the http and https on the > internet > > > using a firewall for ports 80 and 8443. > > > so the DB is protected. > > > I believe you can route intra lan usage through a firewall for port > 8443 > > > (apps) > > > > > > > > > Philip Laing sent the following on 10/7/2007 4:19 PM: > > > > Hi Fellas > > > > > > > > The network topology I would like OFBiz setup is using more than one > > > > computer using the following options: > > > > 1. Application Server + Dbase > > > > 2. Web Server + Application Server + Dbase > > > > > > > > Now . I would feel confident setting up: > > > > > > > > Option 1. (Apps + Dbase) I will be placing the Apps and Dbase > between > > a > > > > firewall i.e. Apps-(192.168.0.192/24) > Firewall > Dbase- > > > (192.168.2.100/24) > > > > > > > > Option 2. (Web Server+ Apps + Dbase) Web Server-(192.168.1.100/24) > > > > > Firewall > Dbase-(192.168.2.100/24) + Apps-(192.168.2.101/24) > > > > > > > > Notice the IP Addresses and different subnet masks. The question > is: > > > OFBiz > > > > should be able to talk to the *dbase*, *webserver* and or > *application > > > > server* though ports only - Not relying on the same IP addressing? > In > > > other > > > > words, rather than relying on TCP/IP to transfer information to each > > > node > > > > ... or do I need to route the disparate IP addressing so that each > > node > > > can > > > > see each other through IP addressing > > > > > > > > Thanks in advance > > > > > > > > > > > > Phil > > > > > > > > > > > > > > > > > > > > >
