Hi Sean,
If you use Nginx in front of OFBiz, you don't have to touch ofbizssl.jks, as
the ssl connection only between client and Nginx, Nginx to OFBiz is by http. So
let Nginx use your public key and private key files directly, i.e.:
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
On the 52.165.18.243, I'd suggest to use the internal IPs of Azure, and the
nginx config may look like:
upstream ofbiz {
server 10.1.99.100:8080 srun_id=jvm1;
server 10.1.99.101:8080 srun_id=jvm2;
jvm_route $cookie_JSESSIONID reverse;
}
...
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://ofbiz/;
}
On the framework/catalina/ofbiz-component.xml (set jvm-route to jvm1 or jvm2):
<property name="default-server" value="engine">
<property name="default-host" value="0.0.0.0"/>
<property name="jvm-route" value="jvm2"/>
...
<property name="http-connector" value="connector">
<property name="allowTrace" value="false"/>
<property name="emptySessionPath" value="false"/>
<property name="enableLookups" value="false"/>
<property name="maxPostSize" value="2097152"/>
<property name="protocol" value="HTTP/1.1"/>
<property name="proxyName" value="10.1.99.101"/>
<property name="proxyPort" value="443"/>
<property name="redirectPort" value="8443"/>
<property name="scheme" value="https"/>
<property name="secure" value="false"/>
<property name="URIEncoding" value="UTF-8"/>
<property name="useBodyEncodingForURI" value="false"/>
<property name="xpoweredBy" value="true"/>
<!-- HTTP connector attributes -->
<property name="acceptCount" value="10"/>
<property name="address" value="10.1.99.101"/>
<property name="bufferSize" value="2048"/>
<property name="compression" value="on"/>
<property name="compressableMimeType"
value="text/html,text/xml,text/plain,text/javascript,text/css"/>
<property name="noCompressionUserAgents" value=""/>
<property name="connectionLinger" value="-1"/>
<property name="connectionTimeout" value="60000"/>
<property name="disableUploadTimeout" value="false"/>
<property name="maxHttpHeaderSize" value="4096"/>
<property name="maxKeepAliveRequests" value="100"/>
<property name="maxSpareThreads" value="50"/>
<property name="maxThreads" value="100"/>
<property name="minSpareThreads" value="4"/>
<property name="port" value="8080"/>
<property name="restrictedUserAgents" value=""/>
<property name="server" value=""/>
<property name="socketBuffer" value="9000"/>
<property name="strategy" value="lf"/>
<property name="tcpNoDelay" value="true"/>
<property name="threadPriority"
value="java.lang.Thread#NORM_PRIORITY"/>
</property>
I think it's OK now for the Nginx OFBiz integration, but you cannot get remote
client IP in OFBiz as X-Real-IP is not accepted by tomcat, if the remote IP is
necessary, you have to add several lines in tomcat source code to achieve it.
Kind Regards,
Shi Jinghai
PS: I like your blockfreight very much, it's the first time I understood block
chain when I visited your website. Thanks!
-----邮件原件-----
发件人: Sean Turner [mailto:[email protected]]
发送时间: 2018年3月7日 11:12
收件人: [email protected]
主题: Deploying Ofbiz on Cloud with Nginx
Hi All,
I'm trying to deploy Ofbiz on an ubuntu 16.04 VM on Azure.
I've got nginx, java version 1.8.0_161, and ofbiz 16.11 downloaded on the VM. I
can run nginx on the VM and see the welcome to Nginx page on my browser, but I
notice an error when running ./gradlew ofbiz (please see my reply for the
error) which I believe prevents me from reaching my ofbiz instance with the
browser.
Does anyone have any advice for me, or perhaps relevant reading material on
configuring ofbiz to go through nginx (also open to apache http server)?
Everything I've seen on user@ofbiz is either out of date, or leads to a webpage
that has been removed.
I ran the following lines to generate my ssl keys:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
openssl x509 -outform der -in cert.pem -out cert.der keytool -genkey -keyalg
RSA -alias ssl -keystore ofbizssl.jks keytool -import -alias ssl -trustcacerts
-file cert.der -keystore ofbizssl.jks
I modified the following files:
>> framework/catalina/ofbiz-component.xml
under container catalina-container, I changed the default-host to my VM's
public IP (52.165.18.243) from 0.0.0.0 under container http-connector, I
changed the address to my VM's public IP (
52.165.18.243) from 0.0.0.0, left port at 8080 under container https-connector,
I changed the address to my VM's public IP
(52.165.18.243) from 0.0.0.0, left port at 8443
>> framework/webapp/config/url.properties
port.https=443
port.http=80
>> etc/nginx/conf.d/ofbiz-ssl.conf
upstream ofbiz {
server 52.165.18.243:8080;
server 52.165.18.243:8080;
}
>> etc/nginx/conf.d/ofbiz-ssl.conf
upstream ofbiz-ssl {
server 52.165.18.243:8443;
server 52.165.18.243:8443;
}
>> etc/nginx/sites-available/ofbiz
server {
server_name your.domain.name;
listen 80;
# if you have IPv6 support
listen [::]:80;
# ... // your custom settings can go here
# include proxy_params;
# proxy_set_header X-Forwarded-Proto $scheme;
root /home/sean/ofbiz.16.11;
location / {
try_files $uri $uri/ @ofbiz;
}
location @ofbiz {
proxy_pass http://ofbiz;
proxy_read_timeout 180s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded_For $proxy_add_x_forwarded_for;
}
}
server {
# given a domain name, change 52.165.18.243 to my domain name
# server_name your.domain.name;
server_name 52.165.18.243;
listen 443 ssl;
# if you have IPv6 support
listen [::]:443 ssl;
# your custom settings go here
# include proxy_params;
# proxy_set_header X-Forwarded-Proto $scheme;
ssl_certificate /home/sean/cert.der;
ssl_certificate_key /home/sean/key.pem;
root /home/sean/ofbiz.16.11;
location / {
try_files $uri $uri/ @ofbiz;
}
location @ofbiz {
proxy_pass https://ofbiz-ssl;
proxy_read_timeout 180s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded_For $proxy_add_x_forwarded_for;
}
}
