One quick q here Mike, the configuration you shared with me worked fine. However I still see the port 8443 and 8080 on my website, this happens when the user clicks on any link which is generated using <@ofbizurl>.
Any idea, as to how do I get rid of these port numbers appended to the url. I tried removing entry 8443 from ofbiz-containers.xml and url.properties file, but after doing that, the webtools link on https stopped working. Any help is much appreciated. Thanks and regards, Mandeep Sidhu On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu <[email protected]>wrote: > Excellent, Thanks Mike for such a detailed explanation, definitely I am > going for mod_jk now, will keep you posted. > > Thanks a ton everybody :) > > Cheers, > Mandeep > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[email protected]> wrote: > >> Mandeep. Nice looking site. >> >> Regarding your issue, you REALLY want to use apache using mod_jk in front >> of ofbiz. Here is why: >> >> 1) You can offload the processing of images to apache (less load on ofbiz) >> 2) You can easily set cache timeouts for images, css, and other static >> content. >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o >> using >> ofbiz >> 4) It is easier to offload SSL certificate management to apache >> 5) You can setup gzip compression (DEFLATE) >> 6) You can load balance to multiple instances of ofbiz via apache mod-jk. >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the same. >> 8) Most Important: You can add security to your site by locking out admin >> links. >> >> Regarding #8. If you are running an ecommerce site, you DON'T want people >> from the internet to even attempt to gain access (i.e. login as 'admin' to >> 'catalog'). Do you think amazon.com allows 'admin' login to the backend >> from their main site? Absurd to even ask. This is basic internet >> security. >> >> Instead, have front-end machines that serve ecommerce, and have back-end >> machines that allows access to /catalog, etc. via a VPN, or a local >> subnet. >> >> I have found that this setup runs faster, and you have more flexibility. >> >> Here is a sample apache (port 80) configuration file: >> -------------------------------------------------------------------------- >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ >> DocumentRoot /var/www/ >> <Directory /> >> Options FollowSymLinks >> AllowOverride None >> </Directory> >> <Directory /var/www/> >> Options FollowSymLinks MultiViews >> AllowOverride None >> Order allow,deny >> allow from all >> </Directory> >> >> ExpiresActive On >> #ExpiresByType text/html "access plus 1 day" >> ExpiresByType text/css "access plus 1 day" >> ExpiresByType text/javascript "access plus 1 day" >> ExpiresByType image/gif "access plus 1 week" >> ExpiresByType image/jpeg "access plus 1 week" >> ExpiresByType image/png "access plus 1 week" >> ExpiresByType image/bmp "access plus 1 week" >> ExpiresByType application/x-javascript "access plus 1 day" >> ExpiresByType application/x-shockwave-flash "access plus 1 day" >> >> ProxyRequests Off >> <Proxy *> >> AddDefaultCharset off >> Order deny,allow >> Allow from all >> </Proxy> >> >> ProxyVia On >> >> NameVirtualHost *:80 >> >> <VirtualHost *:80> >> # General setup for the virtual host. >> ServerName example.com >> ServerAdmin [email protected] >> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css >> application/x-javascript text/javascript text/x-js application/json >> application/xml application/javascript >> BrowserMatch ^Mozilla/4 gzip-only-text/html >> BrowserMatch ^Mozilla/4\.0[678] no-gzip >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html >> >> ProxyRequests Off >> ProxyPreserveHost On >> >> ProxyPassMatch ^(/images/.*)$ ! >> proxyPass /content ajp://127.0.0.1:8009/content >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles >> #proxyPass / ajp://127.0.0.1:8009/ >> >> RewriteEngine On >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page >> </VirtualHost> >> -------------------------------------------------------------------------- >> >> Here the matching SSL (port 443) apache config: >> ---------------------------------------------------------------------- >> <IfModule mod_ssl.c> >> <VirtualHost *:443> >> ServerName example.com >> ServerAdmin [email protected] >> >> ProxyRequests Off >> ProxyPreserveHost On >> ProxyPassMatch ^(/images/.*)$ ! >> proxyPass /content ajp://127.0.0.1:8009/content >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles >> #proxyPass / ajp://127.0.0.1:8009/ >> >> RewriteEngine On >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page >> >> # SSL Engine Switch: >> # Enable/Disable SSL for this virtual host. >> SSLEngine on >> SSLCertificateFile /etc/ssl/certs/example.com.crt >> SSLCertificateKeyFile /etc/ssl/private/example.com.key >> >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> >> SSLOptions +StdEnvVars >> </FilesMatch> >> <Directory /usr/lib/cgi-bin> >> SSLOptions +StdEnvVars >> </Directory> >> >> BrowserMatch "MSIE [2-6]" \ >> nokeepalive ssl-unclean-shutdown \ >> downgrade-1.0 force-response-1.0 >> # MSIE 7 and newer should be able to use keepalive >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown >> </VirtualHost> >> </IfModule> >> ---------------------------------------------------------------------- >> >> If you decide that you don't care about locking out /catalog and other >> admin stuff, just use the: >> >> proxyPass / ajp://127.0.0.1:8009/ >> >> And comment out the other proxy statements. >> >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu <[email protected] >> >wrote: >> >> > Hi, >> > >> > I am developing an ecommerce store using ofbiz, can be found here >> > >> > http://www.simbacart.com >> > >> > >> > The production system is a Unix box, running apache server and then >> Ofbiz >> > as a service. >> > >> > My question to you is, how to map the 80 port of prod server with the >> > ofbiz's 8080 port, also about the mapping of 8443 port. >> > >> > I was able to map the 80 port by making an entry into the IP table of >> the >> > Unix system thereby forwarding requests from 80 port to 8080. >> > >> > http://www.simbacart.com >> > >> > Above mentioned is the store in conversation. >> > >> > Now, here's the problem, till 80 port it is fine, but when it comes to >> 8443 >> > this is the kind of URL I get. >> > >> > >> > >> https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 >> > >> > Notice the 8443 in the url. >> > This url came when I used the tag <@ofbizUrl>/newcustomer</@ofbizUrl>. >> > >> > Can you please help me out in setting up this, I'd really appreciate it. >> > >> > -- >> > Mandeep Singh Sidhu >> > >> > > > > -- > Mandeep Singh Sidhu > -- Mandeep Singh Sidhu
