so what configuration should I give here for production usage? On Sun, Jun 3, 2012 at 11:44 PM, Deepak Agarwal <[email protected]>wrote:
> Go to Content->website , choose ur website. there you will find it. > > On Sun, Jun 3, 2012 at 11:20 PM, Mandeep Sidhu <[email protected] > >wrote: > > > One quick q here Mike, the configuration you shared with me worked fine. > > > > However I still see the port 8443 and 8080 on my website, this happens > when > > the user clicks on any link which is generated using <@ofbizurl>. > > > > Any idea, as to how do I get rid of these port numbers appended to the > url. > > > > I tried removing entry 8443 from ofbiz-containers.xml and url.properties > > file, but after doing that, the webtools link on https stopped working. > > > > Any help is much appreciated. > > > > Thanks and regards, > > Mandeep Sidhu > > > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu < > [email protected] > > >wrote: > > > > > Excellent, Thanks Mike for such a detailed explanation, definitely I am > > > going for mod_jk now, will keep you posted. > > > > > > Thanks a ton everybody :) > > > > > > Cheers, > > > Mandeep > > > > > > > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[email protected]> wrote: > > > > > >> Mandeep. Nice looking site. > > >> > > >> Regarding your issue, you REALLY want to use apache using mod_jk in > > front > > >> of ofbiz. Here is why: > > >> > > >> 1) You can offload the processing of images to apache (less load on > > ofbiz) > > >> 2) You can easily set cache timeouts for images, css, and other static > > >> content. > > >> 3) You can easily add a normal HTML static pages (/static/*.html) w/o > > >> using > > >> ofbiz > > >> 4) It is easier to offload SSL certificate management to apache > > >> 5) You can setup gzip compression (DEFLATE) > > >> 6) You can load balance to multiple instances of ofbiz via apache > > mod-jk. > > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the > same. > > >> 8) Most Important: You can add security to your site by locking out > > admin > > >> links. > > >> > > >> Regarding #8. If you are running an ecommerce site, you DON'T want > > people > > >> from the internet to even attempt to gain access (i.e. login as > 'admin' > > to > > >> 'catalog'). Do you think amazon.com allows 'admin' login to the > > backend > > >> from their main site? Absurd to even ask. This is basic internet > > >> security. > > >> > > >> Instead, have front-end machines that serve ecommerce, and have > back-end > > >> machines that allows access to /catalog, etc. via a VPN, or a local > > >> subnet. > > >> > > >> I have found that this setup runs faster, and you have more > flexibility. > > >> > > >> Here is a sample apache (port 80) configuration file: > > >> > > > -------------------------------------------------------------------------- > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > > >> DocumentRoot /var/www/ > > >> <Directory /> > > >> Options FollowSymLinks > > >> AllowOverride None > > >> </Directory> > > >> <Directory /var/www/> > > >> Options FollowSymLinks MultiViews > > >> AllowOverride None > > >> Order allow,deny > > >> allow from all > > >> </Directory> > > >> > > >> ExpiresActive On > > >> #ExpiresByType text/html "access plus 1 day" > > >> ExpiresByType text/css "access plus 1 day" > > >> ExpiresByType text/javascript "access plus 1 day" > > >> ExpiresByType image/gif "access plus 1 week" > > >> ExpiresByType image/jpeg "access plus 1 week" > > >> ExpiresByType image/png "access plus 1 week" > > >> ExpiresByType image/bmp "access plus 1 week" > > >> ExpiresByType application/x-javascript "access plus 1 day" > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day" > > >> > > >> ProxyRequests Off > > >> <Proxy *> > > >> AddDefaultCharset off > > >> Order deny,allow > > >> Allow from all > > >> </Proxy> > > >> > > >> ProxyVia On > > >> > > >> NameVirtualHost *:80 > > >> > > >> <VirtualHost *:80> > > >> # General setup for the virtual host. > > >> ServerName example.com > > >> ServerAdmin [email protected] > > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml > text/css > > >> application/x-javascript text/javascript text/x-js application/json > > >> application/xml application/javascript > > >> BrowserMatch ^Mozilla/4 gzip-only-text/html > > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip > > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > > >> > > >> ProxyRequests Off > > >> ProxyPreserveHost On > > >> > > >> ProxyPassMatch ^(/images/.*)$ ! > > >> proxyPass /content ajp://127.0.0.1:8009/content > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > >> #proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> RewriteEngine On > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > >> </VirtualHost> > > >> > > > -------------------------------------------------------------------------- > > >> > > >> Here the matching SSL (port 443) apache config: > > >> ---------------------------------------------------------------------- > > >> <IfModule mod_ssl.c> > > >> <VirtualHost *:443> > > >> ServerName example.com > > >> ServerAdmin [email protected] > > >> > > >> ProxyRequests Off > > >> ProxyPreserveHost On > > >> ProxyPassMatch ^(/images/.*)$ ! > > >> proxyPass /content ajp://127.0.0.1:8009/content > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > >> #proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> RewriteEngine On > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > >> > > >> # SSL Engine Switch: > > >> # Enable/Disable SSL for this virtual host. > > >> SSLEngine on > > >> SSLCertificateFile /etc/ssl/certs/example.com.crt > > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key > > >> > > >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> > > >> SSLOptions +StdEnvVars > > >> </FilesMatch> > > >> <Directory /usr/lib/cgi-bin> > > >> SSLOptions +StdEnvVars > > >> </Directory> > > >> > > >> BrowserMatch "MSIE [2-6]" \ > > >> nokeepalive ssl-unclean-shutdown \ > > >> downgrade-1.0 force-response-1.0 > > >> # MSIE 7 and newer should be able to use keepalive > > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > > >> </VirtualHost> > > >> </IfModule> > > >> ---------------------------------------------------------------------- > > >> > > >> If you decide that you don't care about locking out /catalog and other > > >> admin stuff, just use the: > > >> > > >> proxyPass / ajp://127.0.0.1:8009/ > > >> > > >> And comment out the other proxy statements. > > >> > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu < > > [email protected] > > >> >wrote: > > >> > > >> > Hi, > > >> > > > >> > I am developing an ecommerce store using ofbiz, can be found here > > >> > > > >> > http://www.simbacart.com > > >> > > > >> > > > >> > The production system is a Unix box, running apache server and then > > >> Ofbiz > > >> > as a service. > > >> > > > >> > My question to you is, how to map the 80 port of prod server with > the > > >> > ofbiz's 8080 port, also about the mapping of 8443 port. > > >> > > > >> > I was able to map the 80 port by making an entry into the IP table > of > > >> the > > >> > Unix system thereby forwarding requests from 80 port to 8080. > > >> > > > >> > http://www.simbacart.com > > >> > > > >> > Above mentioned is the store in conversation. > > >> > > > >> > Now, here's the problem, till 80 port it is fine, but when it comes > to > > >> 8443 > > >> > this is the kind of URL I get. > > >> > > > >> > > > >> > > > >> > > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > >> > > > >> > Notice the 8443 in the url. > > >> > This url came when I used the tag > <@ofbizUrl>/newcustomer</@ofbizUrl>. > > >> > > > >> > Can you please help me out in setting up this, I'd really appreciate > > it. > > >> > > > >> > -- > > >> > Mandeep Singh Sidhu > > >> > > > >> > > > > > > > > > > > > -- > > > Mandeep Singh Sidhu > > > > > > > > > > > -- > > Mandeep Singh Sidhu > > > > -- > > Thanks, > > Deepak Agarwal, > > > > Paxcel Technologies Pvt Ltd. > > Hartron Complex, Sector 18, Gurgaon, India. > > E-Mail: [email protected] > > Mobile: +91 9910322604 > > > > > -- Mandeep Singh Sidhu
