Thanks Mike, On Sat, Mar 9, 2013 at 12:38 PM, Mike <[email protected]> wrote: > There are a couple of ways to do it, each of which requires you to really > know apache the AJP module: > > On a running ofbiz system, there is this "runtime" directory: > > ls /opt/ofbiz.1104/runtime/catalina/work/default-server/0.0.0.0# > > accounting bizznesstime droppingcrumbs example googlecheckout multiflex > ordermgr tempfiles workeffort ap bluelight ebay exampleext hhfacility > myportal osafe_theme tomahawk ar catalog ebaystore facility humanres > oagis partymgr assetmaint cmssite ecommerce flatgrey iCalendar > manufacturing ofbiz projectmgr webpos content images marketing > ofbizsetup webslinge birt googlebase ismgr minimal sfa webtools > > These are all reserved paths that ofbiz creates when started, so you can > create a bunch of <Location>...</Location> tags for each of the above > --or-- you can also just use: (with out /Location tags). > > proxyPass /catalog ajp://127.0.0.1:8009/catalog > proxyPass /cmssite ajp://127.0.0.1:8009/cmssite > proxyPass /content ajp://127.0.0.1:8009/content > > However, just looking at the shear amount of mount points that ofbiz > exposes by default it is crazy to expose all of them on the internet. You > can probably lock down the external facing mounts that you really need > (like /ecommerce) and just access the backend via a direct connection to > port 8080/8443, only from your LAN. >
Would I not be able to handle the security implications of exposing some selection of mounts for the back end by requiring client side certificates for them. If so, I know how to add support or a requirement, for client side certificates in Apache's httpd server, but what about the application server OFBiz lives in? Thanks, Ted
