Mandeep. Nice looking site.
Regarding your issue, you REALLY want to use apache using mod_jk in front
of ofbiz. Here is why:
1) You can offload the processing of images to apache (less load on ofbiz)
2) You can easily set cache timeouts for images, css, and other static
content.
3) You can easily add a normal HTML static pages (/static/*.html) w/o using
ofbiz
4) It is easier to offload SSL certificate management to apache
5) You can setup gzip compression (DEFLATE)
6) You can load balance to multiple instances of ofbiz via apache mod-jk.
7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same.
8) Most Important: You can add security to your site by locking out admin
links.
Regarding #8. If you are running an ecommerce site, you DON'T want people
from the internet to even attempt to gain access (i.e. login as 'admin' to
'catalog'). Do you think amazon.com allows 'admin' login to the backend
from their main site? Absurd to even ask. This is basic internet security.
Instead, have front-end machines that serve ecommerce, and have back-end
machines that allows access to /catalog, etc. via a VPN, or a local subnet.
I have found that this setup runs faster, and you have more flexibility.
Here is a sample apache (port 80) configuration file:
--------------------------------------------------------------------------
Alias /images/ /opt/ofbiz/framework/images/webapp/images/
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ExpiresActive On
#ExpiresByType text/html "access plus 1 day"
ExpiresByType text/css "access plus 1 day"
ExpiresByType text/javascript "access plus 1 day"
ExpiresByType image/gif "access plus 1 week"
ExpiresByType image/jpeg "access plus 1 week"
ExpiresByType image/png "access plus 1 week"
ExpiresByType image/bmp "access plus 1 week"
ExpiresByType application/x-javascript "access plus 1 day"
ExpiresByType application/x-shockwave-flash "access plus 1 day"
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyVia On
NameVirtualHost *:80
<VirtualHost *:80>
# General setup for the virtual host.
ServerName example.com
ServerAdmin [email protected]
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
application/x-javascript text/javascript text/x-js application/json
application/xml application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html
ProxyRequests Off
ProxyPreserveHost On
ProxyPassMatch ^(/images/.*)$ !
proxyPass /content ajp://127.0.0.1:8009/content
proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
#proxyPass / ajp://127.0.0.1:8009/
RewriteEngine On
ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
</VirtualHost>
--------------------------------------------------------------------------
Here the matching SSL (port 443) apache config:
----------------------------------------------------------------------
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAdmin [email protected]
ProxyRequests Off
ProxyPreserveHost On
ProxyPassMatch ^(/images/.*)$ !
proxyPass /content ajp://127.0.0.1:8009/content
proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce
proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles
#proxyPass / ajp://127.0.0.1:8009/
RewriteEngine On
ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301]
RewriteRule ^/(images/.+);jsessionid=\w+$ /$1
RewriteRule ^/.*\.svn /some-non-existant-404-causing-page
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
----------------------------------------------------------------------
If you decide that you don't care about locking out /catalog and other
admin stuff, just use the:
proxyPass / ajp://127.0.0.1:8009/
And comment out the other proxy statements.
On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <[email protected]>wrote:
> Hi,
>
> I am developing an ecommerce store using ofbiz, can be found here
>
> http://www.simbacart.com
>
>
> The production system is a Unix box, running apache server and then Ofbiz
> as a service.
>
> My question to you is, how to map the 80 port of prod server with the
> ofbiz's 8080 port, also about the mapping of 8443 port.
>
> I was able to map the 80 port by making an entry into the IP table of the
> Unix system thereby forwarding requests from 80 port to 8080.
>
> http://www.simbacart.com
>
> Above mentioned is the store in conversation.
>
> Now, here's the problem, till 80 port it is fine, but when it comes to 8443
> this is the kind of URL I get.
>
>
> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1
>
> Notice the 8443 in the url.
> This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>.
>
> Can you please help me out in setting up this, I'd really appreciate it.
>
> --
> Mandeep Singh Sidhu
>
