Hi Skip This article might help you with what I am getting at http://www.windowsecurity.com/articles/Secure_Architecture_SQL_Web_Server.ht ml
cheers > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 9 October 2007 2:36 PM > To: [email protected] > Subject: RE: Setup with more than one computer - Security and Apache for a > web server > > Philip > > I for one would be interested in knowing how they hacked port 80 if you > know. > > Skip > > -----Original Message----- > From: Philip Laing [mailto:[EMAIL PROTECTED] > Sent: Monday, October 08, 2007 9:23 PM > To: [email protected] > Subject: Setup with more than one computer - Security and Apache for a > web server > > > Thanks Mike > > That is exactly what I was looking for but I didn't quite know how to word > it. > > I have slightly changed the subject to fit more closely to where the > thread > might be heading > > Thanks for the input from everyone; I have been able to glean that: > > 1. IP Addresses are not an issues with OFBiz's various components talking > to > one another, ports and configuration of OFBiz's framework files are the > important areas to consider > 2. It is possible to split OFBiz into 2-3 x nodes/servers during > installation > > Half the challenge with setting up solutions such as OFBiz is know how it > thinks and what it needs to communicate between the various engines. > > The reason I am interested is that I has a bad experience with Compiere. > During development I had left port 80 open through my firewall to single > computer installation and had the web server (Tomcat) hacked into and > broken. So I am very conscious of security and I am wondered if I could > split the web server and place in DMZ with the rest of OZBiz safely > sitting > behind my firewall. If they break the web server it won't be as big an > issue to fix or protect the dbase and other parts from being compromised > by > ID thieves looking credit card and other ID details > > Thanks again for your input > > Philip Laing Dip. Sys Admin IT > ASC Consultants > 33 Vendul Crescent > Port Macquarie NSW 2444 > > Phone: 61 2 6582 7147 > Mobile : 0411827147 > > Web Page: www.ascconsultants.com.au > Email: [EMAIL PROTECTED] > > > -----Original Message----- > > From: Mike Wong [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, 9 October 2007 1:47 PM > > To: [email protected] > > Subject: RE: Setup with more than one computer > > > > Philip, > > > > You can deploy something like this > > > > Computer-1 running httpd with mod_jk > > Computer-2 running ofbiz with only mod_jk port open > > Computer-3 running DB > > > > Doing so you have to change some configurations in the url.properties > file > > and find some way to sync all your static files to the httpd doc root. > > > > Mike > > > > -----Original Message----- > > From: Philip Laing [mailto:[EMAIL PROTECTED] > > Sent: Monday, October 08, 2007 14:35 > > To: [email protected] > > Subject: RE: Setup with more than one computer > > > > > > Thanks Skip > > > > Exactly what I needed thanks for that ... now can I install over 3 > > computers? > > > > Computer-1 webserver > > Computer-2 application server > > Computer-3 database > > > > Thanks again ... I really appreciate your input > > > > Phil > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Sent: Monday, 8 October 2007 2:55 PM > > > To: [email protected] > > > Subject: RE: Setup with more than one computer > > > > > > Philip > > > > > > What you wanna do is pretty easy. Have a look at entityengine.xml in > > > framework/entity/config. > > > > > > Look toward the bottom till you find the database type you use, say > > > "localpostgres". Clone this and call it something else, then change > > where > > > the jdbc driver looks. For example, its currently set to > > > jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz". > > > > > > You make a new one maybe like this: > > > "jdbc:postgresql://192.168.1.100/ofbiz". > > > > > > The database server can be anywhere you want. > > > > > > Check this out: > > > > > > http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Se > > > tu > > > p+Guide > > > > > > Here is another link: > > > > > > http://www.undersunconsulting.com/static/OFBizBasicProductionSetup.pdf > > > > > > Skip > > > > > > -----Original Message----- > > > From: Philip Laing [mailto:[EMAIL PROTECTED] > > > Sent: Sunday, October 07, 2007 8:50 PM > > > To: [email protected] > > > Subject: RE: Setup with more than one computer > > > > > > > > > Hi BJ > > > > > > No ... not 2 instances ... just break up the installation over 2 > > computers > > > i.e. 1st computer with dbase installed and 2nd computer with > application > > > installed > > > > > > cheers > > > > > > Web Page: www.ascconsultants.com.au > > > Email: [EMAIL PROTECTED] > > > > > > > -----Original Message----- > > > > From: BJ Freeman [mailto:[EMAIL PROTECTED] > > > > Sent: Monday, 8 October 2007 10:51 AM > > > > To: [email protected] > > > > Subject: Re: Setup with more than one computer > > > > > > > > Clarification: > > > > it looks like you want to run two instances of ofbiz > > > > to the same DB. > > > > this takes extra configuration. > > > > > > > > FYI the apps use the web server > > > > I think you are referring the Ecommerce side > > > > > > > > not sure why you want to use two instances, since the backend (apps) > > is > > > > ssl and 8443. > > > > you can block that port through the fire wall if you only want intra > > lan > > > > communications. > > > > > > > > i run all behind a firewall, and both the http and https on the > > internet > > > > using a firewall for ports 80 and 8443. > > > > so the DB is protected. > > > > I believe you can route intra lan usage through a firewall for port > > 8443 > > > > (apps) > > > > > > > > > > > > Philip Laing sent the following on 10/7/2007 4:19 PM: > > > > > Hi Fellas > > > > > > > > > > The network topology I would like OFBiz setup is using more than > one > > > > > computer using the following options: > > > > > 1. Application Server + Dbase > > > > > 2. Web Server + Application Server + Dbase > > > > > > > > > > Now . I would feel confident setting up: > > > > > > > > > > Option 1. (Apps + Dbase) I will be placing the Apps and Dbase > > between > > > a > > > > > firewall i.e. Apps-(192.168.0.192/24) > Firewall > Dbase- > > > > (192.168.2.100/24) > > > > > > > > > > Option 2. (Web Server+ Apps + Dbase) Web Server-(192.168.1.100/24) > > > > > > > Firewall > Dbase-(192.168.2.100/24) + Apps-(192.168.2.101/24) > > > > > > > > > > Notice the IP Addresses and different subnet masks. The question > > is: > > > > OFBiz > > > > > should be able to talk to the *dbase*, *webserver* and or > > *application > > > > > server* though ports only - Not relying on the same IP addressing? > > In > > > > other > > > > > words, rather than relying on TCP/IP to transfer information to > each > > > > node > > > > > ... or do I need to route the disparate IP addressing so that each > > > node > > > > can > > > > > see each other through IP addressing > > > > > > > > > > Thanks in advance > > > > > > > > > > > > > > > Phil > > > > > > > > > > > > > > > > > > > > > > > > > > > >
