Perfect, that worked for me, thanks a ton Mike :) On Mon, Jun 4, 2012 at 7:55 AM, <[email protected]> wrote:
> Just comment out the 8080 and 8443 lines out of url.properties, and > restart. You still need the https line (see my example). > > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Mandeep Sidhu <[email protected]> > Date: Mon, 4 Jun 2012 07:43:01 > To: <[email protected]> > Reply-To: [email protected] > Subject: Re: Removing port number from the url in production setup > > So what exact change will remove the 8080 and 8443 from the url that's > generated when I user <@ofbizurl> tag to render a url?? > I mean, instead of > https://www.example.com:8443/control/newcustomer > > I'd require something like > https://www.example.com/control/newcustomer > > how can I achieve that in production. > > On Mon, Jun 4, 2012 at 3:55 AM, Mike <[email protected]> wrote: > > > I just checked mine: It looks like I'm still listening in on 8080 and > > 8443: > > > > root@vm-120:/opt/ofbiz.1104/runtime# lsof -p 18326 -P | grep LISTEN > > java 18326 ofbiz 6u IPv4 508592 0t0 TCP > localhost:10523 > > (LISTEN) > > java 18326 ofbiz 114u IPv4 508688 0t0 TCP *:1099 > (LISTEN) > > java 18326 ofbiz 297u IPv4 509471 0t0 TCP *:8080 > (LISTEN) > > java 18326 ofbiz 300u IPv4 509483 0t0 TCP *:8443 > (LISTEN) > > java 18326 ofbiz 302u IPv4 508690 0t0 TCP *:52139 > > (LISTEN) > > java 18326 ofbiz 361u IPv4 509537 0t0 TCP *:8009 > (LISTEN) > > > > So, I don't think you need to mess with ofbiz-containers. Regarding the > > other ports, I'm behind a firewall, and I'm fronted by apache via AJP > > (8009). > > > > On Sun, Jun 3, 2012 at 10:50 AM, Mandeep Sidhu < > [email protected] > > >wrote: > > > > > One quick q here Mike, the configuration you shared with me worked > fine. > > > > > > However I still see the port 8443 and 8080 on my website, this happens > > when > > > the user clicks on any link which is generated using <@ofbizurl>. > > > > > > Any idea, as to how do I get rid of these port numbers appended to the > > url. > > > > > > I tried removing entry 8443 from ofbiz-containers.xml and > url.properties > > > file, but after doing that, the webtools link on https stopped working. > > > > > > Any help is much appreciated. > > > > > > Thanks and regards, > > > Mandeep Sidhu > > > > > > On Thu, May 31, 2012 at 7:09 AM, Mandeep Sidhu < > > [email protected] > > > >wrote: > > > > > > > Excellent, Thanks Mike for such a detailed explanation, definitely I > am > > > > going for mod_jk now, will keep you posted. > > > > > > > > Thanks a ton everybody :) > > > > > > > > Cheers, > > > > Mandeep > > > > > > > > > > > > On Wed, May 30, 2012 at 9:02 PM, Mike <[email protected]> wrote: > > > > > > > >> Mandeep. Nice looking site. > > > >> > > > >> Regarding your issue, you REALLY want to use apache using mod_jk in > > > front > > > >> of ofbiz. Here is why: > > > >> > > > >> 1) You can offload the processing of images to apache (less load on > > > ofbiz) > > > >> 2) You can easily set cache timeouts for images, css, and other > static > > > >> content. > > > >> 3) You can easily add a normal HTML static pages (/static/*.html) > w/o > > > >> using > > > >> ofbiz > > > >> 4) It is easier to offload SSL certificate management to apache > > > >> 5) You can setup gzip compression (DEFLATE) > > > >> 6) You can load balance to multiple instances of ofbiz via apache > > > mod-jk. > > > >> 7) Apache runs as the user 'nobody' (not root). Ofbiz can do the > > same. > > > >> 8) Most Important: You can add security to your site by locking out > > > admin > > > >> links. > > > >> > > > >> Regarding #8. If you are running an ecommerce site, you DON'T want > > > people > > > >> from the internet to even attempt to gain access (i.e. login as > > 'admin' > > > to > > > >> 'catalog'). Do you think amazon.com allows 'admin' login to the > > > backend > > > >> from their main site? Absurd to even ask. This is basic internet > > > >> security. > > > >> > > > >> Instead, have front-end machines that serve ecommerce, and have > > back-end > > > >> machines that allows access to /catalog, etc. via a VPN, or a local > > > >> subnet. > > > >> > > > >> I have found that this setup runs faster, and you have more > > flexibility. > > > >> > > > >> Here is a sample apache (port 80) configuration file: > > > >> > > > > > > -------------------------------------------------------------------------- > > > >> Alias /images/ /opt/ofbiz/framework/images/webapp/images/ > > > >> DocumentRoot /var/www/ > > > >> <Directory /> > > > >> Options FollowSymLinks > > > >> AllowOverride None > > > >> </Directory> > > > >> <Directory /var/www/> > > > >> Options FollowSymLinks MultiViews > > > >> AllowOverride None > > > >> Order allow,deny > > > >> allow from all > > > >> </Directory> > > > >> > > > >> ExpiresActive On > > > >> #ExpiresByType text/html "access plus 1 day" > > > >> ExpiresByType text/css "access plus 1 day" > > > >> ExpiresByType text/javascript "access plus 1 day" > > > >> ExpiresByType image/gif "access plus 1 week" > > > >> ExpiresByType image/jpeg "access plus 1 week" > > > >> ExpiresByType image/png "access plus 1 week" > > > >> ExpiresByType image/bmp "access plus 1 week" > > > >> ExpiresByType application/x-javascript "access plus 1 day" > > > >> ExpiresByType application/x-shockwave-flash "access plus 1 day" > > > >> > > > >> ProxyRequests Off > > > >> <Proxy *> > > > >> AddDefaultCharset off > > > >> Order deny,allow > > > >> Allow from all > > > >> </Proxy> > > > >> > > > >> ProxyVia On > > > >> > > > >> NameVirtualHost *:80 > > > >> > > > >> <VirtualHost *:80> > > > >> # General setup for the virtual host. > > > >> ServerName example.com > > > >> ServerAdmin [email protected] > > > >> AddOutputFilterByType DEFLATE text/html text/plain text/xml > > text/css > > > >> application/x-javascript text/javascript text/x-js application/json > > > >> application/xml application/javascript > > > >> BrowserMatch ^Mozilla/4 gzip-only-text/html > > > >> BrowserMatch ^Mozilla/4\.0[678] no-gzip > > > >> BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html > > > >> BrowserMatch \bMSIE\s8 !no-gzip !gzip-only-text/html > > > >> > > > >> ProxyRequests Off > > > >> ProxyPreserveHost On > > > >> > > > >> ProxyPassMatch ^(/images/.*)$ ! > > > >> proxyPass /content ajp://127.0.0.1:8009/content > > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > > >> #proxyPass / ajp://127.0.0.1:8009/ > > > >> > > > >> RewriteEngine On > > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > > >> </VirtualHost> > > > >> > > > > > > -------------------------------------------------------------------------- > > > >> > > > >> Here the matching SSL (port 443) apache config: > > > >> > ---------------------------------------------------------------------- > > > >> <IfModule mod_ssl.c> > > > >> <VirtualHost *:443> > > > >> ServerName example.com > > > >> ServerAdmin [email protected] > > > >> > > > >> ProxyRequests Off > > > >> ProxyPreserveHost On > > > >> ProxyPassMatch ^(/images/.*)$ ! > > > >> proxyPass /content ajp://127.0.0.1:8009/content > > > >> proxyPass /ecommerce ajp://127.0.0.1:8009/ecommerce > > > >> proxyPass /tempfiles ajp://127.0.0.1:8009/tempfiles > > > >> #proxyPass / ajp://127.0.0.1:8009/ > > > >> > > > >> RewriteEngine On > > > >> ReWriteRule ^/(.*);jsessionid=.*$ /$1 [R=301] > > > >> RewriteRule ^/(images/.+);jsessionid=\w+$ /$1 > > > >> RewriteRule ^/.*\.svn /some-non-existant-404-causing-page > > > >> > > > >> # SSL Engine Switch: > > > >> # Enable/Disable SSL for this virtual host. > > > >> SSLEngine on > > > >> SSLCertificateFile /etc/ssl/certs/example.com.crt > > > >> SSLCertificateKeyFile /etc/ssl/private/example.com.key > > > >> > > > >> <FilesMatch "\.(cgi|shtml|phtml|php)$"> > > > >> SSLOptions +StdEnvVars > > > >> </FilesMatch> > > > >> <Directory /usr/lib/cgi-bin> > > > >> SSLOptions +StdEnvVars > > > >> </Directory> > > > >> > > > >> BrowserMatch "MSIE [2-6]" \ > > > >> nokeepalive ssl-unclean-shutdown \ > > > >> downgrade-1.0 force-response-1.0 > > > >> # MSIE 7 and newer should be able to use keepalive > > > >> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > > > >> </VirtualHost> > > > >> </IfModule> > > > >> > ---------------------------------------------------------------------- > > > >> > > > >> If you decide that you don't care about locking out /catalog and > other > > > >> admin stuff, just use the: > > > >> > > > >> proxyPass / ajp://127.0.0.1:8009/ > > > >> > > > >> And comment out the other proxy statements. > > > >> > > > >> On Tue, May 29, 2012 at 6:29 PM, Mandeep Sidhu < > > > [email protected] > > > >> >wrote: > > > >> > > > >> > Hi, > > > >> > > > > >> > I am developing an ecommerce store using ofbiz, can be found here > > > >> > > > > >> > http://www.simbacart.com > > > >> > > > > >> > > > > >> > The production system is a Unix box, running apache server and > then > > > >> Ofbiz > > > >> > as a service. > > > >> > > > > >> > My question to you is, how to map the 80 port of prod server with > > the > > > >> > ofbiz's 8080 port, also about the mapping of 8443 port. > > > >> > > > > >> > I was able to map the 80 port by making an entry into the IP table > > of > > > >> the > > > >> > Unix system thereby forwarding requests from 80 port to 8080. > > > >> > > > > >> > http://www.simbacart.com > > > >> > > > > >> > Above mentioned is the store in conversation. > > > >> > > > > >> > Now, here's the problem, till 80 port it is fine, but when it > comes > > to > > > >> 8443 > > > >> > this is the kind of URL I get. > > > >> > > > > >> > > > > >> > > > > >> > > > > > > https://www.simbacart.com:8443/control/newcustomer;jsessionid=E34540BB92549853EAC60AC175ACECE6.jvm1 > > > >> > > > > >> > Notice the 8443 in the url. > > > >> > This url came when I used the tag > > <@ofbizUrl>/newcustomer</@ofbizUrl>. > > > >> > > > > >> > Can you please help me out in setting up this, I'd really > appreciate > > > it. > > > >> > > > > >> > -- > > > >> > Mandeep Singh Sidhu > > > >> > > > > >> > > > > > > > > > > > > > > > > -- > > > > Mandeep Singh Sidhu > > > > > > > > > > > > > > > > -- > > > Mandeep Singh Sidhu > > > > > > > > > -- > Mandeep Singh Sidhu > > -- Mandeep Singh Sidhu
