Re: Apache config recommendation
Re: Apache config recommendation
- Subject: Re: Apache config recommendation
- From: Kieran Kelleher <email@hidden>
- Date: Mon, 13 Sep 2010 13:59:56 -0400
I sent this 6 hours ago from mac.com email address and still has not arrived it seems. OK, switching to gmail for mailing lists from now on.
----------------------------------------------------------------------------------------------------------
Hi Ken,
Just include the wo adaptor config in the apache config as shown by Chuck in his reply. There is nothing unusual about what you are setting up. Just standard apache stuff.
Your WO app does not necessarily need anything special for running it on 100% SSL. You can just put a redirect in apache to redirect any requests on port 80 of a specific domain to port 443. All of which is documented in apache docs.
If you have both http and https on the same domain and you want your WO app to be https only, you can add logic to check the incoming request port in your WO app and then to redirect the same request to port 443 and a full https URL using ERXRedirect (or WORedirect), and IIRC, a http status 302 response code. IIRC, there is a detailed section on switching form http to https in the Practical WebOjects book.
Search the wiki for https and there is instructions there for setting up https for development on localhost. Deployment apache might be a little different depending on the certificate provider. I don't have all the details off the top of my head Ken, and if you are setting up the deployment server yourselfm there is a little new stuff to learn about apache SSL but here is some links:
http://httpd.apache.org/docs/2.2/ssl/
and here is an example ssl virtual host config from a production server with the domain name changed to protect the innocent:
Listen 192.168.3.163:443
NameVirtualHost 192.168.3.163:443
<VirtualHost 192.168.3.163:443>
ServerName www.mydomain.com
DocumentRoot "/Library/WebServer/Documents"
DirectoryIndex "index.html" "index.php"
CustomLog "/var/log/apache2/mydomain_access_log" "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog "/var/log/apache2/mydomain_error_log"
ErrorDocument 404 /error.html
<IfModule ssl_module>
SSLEngine On
SSLCertificateFile "/etc/apache2/ssl/mydomain.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/mydomain.key"
SSLCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL"
SSLCertificateChainFile "/etc/apache2/ssl/mydomain.ca-bundle"
</IfModule>
<Directory "/Library/WebServer/Documents">
Options All -Indexes -ExecCGI -Includes +MultiViews
AllowOverride None
</Directory>
<IfModule rewrite_module>
RewriteEngine On
RewriteOptions Inherit
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</IfModule>
<IfModule mod_alias.c>
</IfModule>
LogLevel warn
</VirtualHost>
In a nutshell:
The IP address is the LAN IP address of the apache server. Your router port 443 for the external IP address forwards to 443 on that internal IP.
The key is generated by you.
The crt and ca-bundle came from the cert provider. I use Comodo usually for SSL certs. (http://www.comodo.com/e-commerce/ssl-certificates/secure-server.php)
HTH, Kieran
On Sep 12, 2010, at 10:36 PM, Ken Anderson wrote:
> Kieran,
>
> I was hoping for any WO specific type stuff... maybe there just isn't any, which would be great!
>
> Thanks,
> Ken
>
> On Sep 12, 2010, at 9:34 PM, Kieran Kelleher wrote:
>
>> For each domain, just define a virtual host in apache. Each virtual host definition can have its own webserver docs directory.
>>
>> For https, you need one IP address dedicated to each HTTPS virtual host domain.
>>
>> All this is common apache stuff. Just refer to the apache docs online, which are usually good at explaining stuff.
>>
>>
>>
>> On Sep 12, 2010, at 7:05 PM, Ken Anderson wrote:
>>
>>> All,
>>>
>>> As an apache neophyte, I would appreciate some thoughts on how to best set this up.
>>>
>>> On the same machine, I'll be running a public HTML marketing site (no WO), a public HTTP WO site (all direct actions), and a private HTTPS WO site (components, for management).
>>>
>>> What's the correct way to configure Apache for this?
>>>
>>> Thanks for any thoughts!
>>>
>>> Ken _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Webobjects-dev mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden