This seems to be a good guide: http://www.garex.net/apache/
On Sat, Mar 9, 2013 at 9:49 AM, Ted Byers <[email protected]> wrote: > Thanks Mike, > > On Sat, Mar 9, 2013 at 12:38 PM, Mike <[email protected]> wrote: > > There are a couple of ways to do it, each of which requires you to really > > know apache the AJP module: > > > > On a running ofbiz system, there is this "runtime" directory: > > > > ls /opt/ofbiz.1104/runtime/catalina/work/default-server/0.0.0.0# > > > > accounting bizznesstime droppingcrumbs example googlecheckout > multiflex > > ordermgr tempfiles workeffort ap bluelight ebay exampleext > hhfacility > > myportal osafe_theme tomahawk ar catalog ebaystore facility humanres > > oagis partymgr assetmaint cmssite ecommerce flatgrey iCalendar > > manufacturing ofbiz projectmgr webpos content images marketing > > ofbizsetup webslinge birt googlebase ismgr minimal sfa webtools > > > > These are all reserved paths that ofbiz creates when started, so you can > > create a bunch of <Location>...</Location> tags for each of the above > > --or-- you can also just use: (with out /Location tags). > > > > proxyPass /catalog ajp://127.0.0.1:8009/catalog > > proxyPass /cmssite ajp://127.0.0.1:8009/cmssite > > proxyPass /content ajp://127.0.0.1:8009/content > > > > However, just looking at the shear amount of mount points that ofbiz > > exposes by default it is crazy to expose all of them on the internet. > You > > can probably lock down the external facing mounts that you really need > > (like /ecommerce) and just access the backend via a direct connection to > > port 8080/8443, only from your LAN. > > > > Would I not be able to handle the security implications of exposing > some selection of mounts for the back end by requiring client side > certificates for them. If so, I know how to add support or a > requirement, for client side certificates in Apache's httpd server, > but what about the application server OFBiz lives in? > > Thanks, > > Ted >
