[opencms-dev] mod_proxy

Bernd Wolfsegger bw at code-create.com
Tue May 24 16:49:09 CEST 2005 

On Monday 23 May 2005 23:17, Arash Kaffamanesh wrote:
> getting sniffed.
>
> Perhaps paranoiac's who can't sleep at night, because of accessing some
> self signed certificate once, could donate one or two verisign
> certificates to us, so that they can sleep well ;-)

Ah, I would prefer Thawte ;)

>
> Kind Regards,
> Arash
>
>
> -----Original Message-----
> From: opencms-dev-bounces at opencms.org
> [mailto:opencms-dev-bounces at opencms.org] On Behalf Of Bernd Wolfsegger
> Sent: Montag, 23. Mai 2005 16:52
> To: opencms-dev at opencms.org
> Subject: Re: [opencms-dev] mod_proxy
>
>
> Arash,
>
> On Monday 23 May 2005 13:02, ark-d at betasystems.com wrote:
> > Bernd,
> >
> > I use a simplified templateone form module and mod_proxy and
> > mod_rewrite without installing opencms as ROOT on my private site and
> > have serveral other Installations for Intranet and Internet at work
> > with mod_jk 1.2.x , because of LoadBalancing, Clustering, ease of use,
> >
> > etc. So I think mod_jk is the right solution for high performance and
> > for multisite solutions.
>
> Perhaps there is something wrong with that form module, because why does
> it
> only work with SSL?
> But you said you use mod_jk. So where do you use the normal HTTP
> Connector
> below? Or do you use it only for the form posting and mod_jk for the
> rest? Just interested.
>
> And you can't use self signed certificates for official websites,
> because the
> user will always be prompted for a not trust worthy certificate. If
> submitting your form just then change to a SSL connection and the form
> itself was requested with a "normal" connection and you get this SSL
> popup
> and accept, the formdata will not be transmitted too.
>
> Kind regards, Bernd
>
> > > I can not afford a certificate right now
> >
> > I'm using a self signed and require ssl connection for the workplace
> > like
> > this:
> >
> > Create Self signed Certifcate:
> >
> > keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/.keystore
> >
> > -validity 365
> >
> > keytool -export -alias tomcat -file /path/to/tomcat-server.crt
> > -keystore /path/to/.keystore
> >
> > keytool -import -file /path/to/tomcat-server.crt -keystore
> > /path/to/cacerts
> >
> > server.xml settings:
> >
> > <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
> > <!-- Commnet out from server.xml-->
> > <Connector port="8443"
> > maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> > enableLookups="false" disableUploadTimeout="true" acceptCount="100"
> > scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
> > keystoreFile="/path/to/.keystore"
> > keystorePass="secret" truststoreFile="/path/to/cacerts"
> > />
> >
> > Require ssl access for the workplace:
> >
> > paste into web.xml of opencms
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>OpenCmsServlet</web-resource-name>
> > <url-pattern>/system/*</url-pattern>
> > <http-method>GET</http-method> <http-method>POST</http-method>
> > </web-resource-collection>
> >
> > <user-data-constraint>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > </security-constraint>
> >
> > > And how do you process the data?
> >
> > via the post method.
> >
> > Regards,
> > Arash
> >
> >
> >
> >
> >
> >
> >
> >
> >              Bernd Wolfsegger
> >              <bw at code-create.c
> >              om>
>
> To
>
> >              Sent by:                  <opencms-dev at opencms.org>
> >              opencms-dev-bounc
>
> cc
>
> >              es at opencms.org
>
> Subject
>
> >                                        Re: [opencms-dev] mod_proxy
> >              23.05.2005 12:02
> >
> >
> >              Please respond to
> >              Bernd Wolfsegger
> >              <bw at code-create.c
> >                 om>; Please
> >                 respond to
> >                 The OpenCms
> >                mailing list
> >              <opencms-dev at open
> >                  cms.org>
> >
> >
> >
> >
> >
> >
> > Arash,
> >
> > well, I also have a form on my site and I have no problems sending and
> >
> > receiving the data and I use mod_proxy/ROOT webapp etc. too, but no
> > mod_jk. And I do not use https because I can not afford a certificate
> > right now. But it would be better to have one for transmitting form
> > data :). So what kind of
> > form do you have? Is it a special OpenCms templateone thing or a self
> > build.
> > And how do you process the data?
> >
> > Kind Regards, Bernd
> >
> > On Monday 23 May 2005 11:11, ark-d at betasystems.com wrote:
> > > Bernd Wolfsegger wrote:
> > > > The problem ist not mod_proxy, it is the mod_alias Redirect,
> > > > because it
> > >
> > > does
> > >
> > > > not redirect form data.
> > >
> > > Bernd,
> > >
> > > thanks for the hint, but I don't have mod_alias activated and the
> > > form
> >
> > data
> >
> > > didn't got redirected.
> > > As I wrote in my previous email, it works with secure access via
> > > https://myserver/opencms/opencms/en/emailform.
> > >
> > > Regards,
> > > Arash
> > >
> > > opencms-dev-bounces at opencms.org wrote on 23.05.2005 08:40:13:
> > > > On Sunday 22 May 2005 22:47, Patrick Donker wrote:
> > > > > Arash Kaffamanesh wrote:
> > > > > >Yes it does the redirection from apache to tomcat. You don't
> > > > > >need to install it as ROOT app. But my opinion is for setting
> > > > > >up mutltisite installation it is better to have one tomcat
> > > > > >installation with
> > >
> > > serveral
> > >
> > > > > >container instances, which can be started indepedently.
> > > > >
> > > > > So basically you are saying that in general it is better to have
> > > > >
> > > > > it installed as a Root app? Or is it just the other way around
> > > > > ;)? I'm a bit confused on what a Root app does to begin with.
> > > >
> > > > As far as I know the only difference is, that the ROOT webapp has
> > > > no
> > >
> > > "name"
> > >
> > > > and so you do not need to "name" it in the URL. like other apps.
> > > >
> > > > > >The mod_proxy approach has some problems with posting forms I
> > > > > >think
> > >
> > > and
> > >
> > > > > >therfore is not included in beta3 or the latest CVS HEAD.
> > > > > >Installing opencms as ROOT had some problems with connecting
> > > > > >via https to the workplace, at least by me.
> > > > >
> > > > > Hmmm...that could become a problem as many sites have forms.
> > > >
> > > > The problem ist not mod_proxy, it is the mod_alias Redirect,
> > > > because it
> > >
> > > does
> > >
> > > > not redirect form data.
> > > >
> > > > > >I'm going to test mod_jk 1.2 and mod_rewrite with tomcat 5.5.9
> > >
> > > tomorrow,
> > >
> > > > > >perhaps it solves my problem with contact form fuctionality in
> >
> > online
> >
> > > > > >mode.
> > > > >
> > > > > Keep me informed. I'd like to hear your experiences on this as I
> > > > >
> > > > > am
> >
> > new
> >
> > > > > to Opencms.
> > > > >
> > > > > Thanks
> > > > > -Patrick
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > This mail is send to you from the opencms-dev mailing list To
> > > > > change your list options, or to unsubscribe from the list,
> > > > > please
> > >
> > > visit
> > >
> > > > > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > > >
> > > > --
> > > >
> > > > [  Code Create
> > > > [  Web Content Management and Presentation
> > > >
> > > >
> > > > [  Bernd Wolfsegger
> > > > [  Sun Certified Programmer for Java(TM) 2 Platform
> > > >
> > > >
> > > > [  Office in Germany
> > > > [
> > > > [  Lohmeyerstrasse 13
> > > > [  10587 Berlin
> > > > [  Germany
> > > > [  Fon +49 (0)30 26555788
> > > > [  Fax +49 (0)30 2651835
> > > >
> > > > [  Office in Kenya
> > > > [
> > > > [  P.O. Box 890
> > > > [  V/Market
> > > > [  00621 Nairobi
> > > > [  Kenya
> > > > [  Mobile +254 (0)720 481053
> > > >
> > > > [  bw at code-create.com
> > > > [  http://www.code-create.com/
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > This mail is send to you from the opencms-dev mailing list To
> > > > change your list options, or to unsubscribe from the list, please
> > >
> > > visit
> > >
> > > > http://mail.opencms.org/mailman/listinfo/opencms-dev
> >
> > --
> >
> > [  Code Create
> > [  Web Content Management and Presentation
> >
> >
> > [  Bernd Wolfsegger
> > [  Sun Certified Programmer for Java(TM) 2 Platform
> >
> >
> > [  Office in Germany
> > [
> > [  Lohmeyerstrasse 13
> > [  10587 Berlin
> > [  Germany
> > [  Fon +49 (0)30 26555788
> > [  Fax +49 (0)30 2651835
> >
> > [  Office in Kenya
> > [
> > [  P.O. Box 890
> > [  V/Market
> > [  00621 Nairobi
> > [  Kenya
> > [  Mobile +254 (0)720 481053
> >
> > [  bw at code-create.com
> > [  http://www.code-create.com/
> >
> >
> >
> > _______________________________________________
> > This mail is send to you from the opencms-dev mailing list
> > To change your list options, or to unsubscribe from the list, please
> > visit http://mail.opencms.org/mailman/listinfo/opencms-dev

-- 

[  Code Create
[  Web Content Management and Presentation


[  Bernd Wolfsegger
[  Sun Certified Programmer for Java(TM) 2 Platform


[  Office in Germany
[
[  Lohmeyerstrasse 13
[  10587 Berlin
[  Germany
[  Fon +49 (0)30 26555788
[  Fax +49 (0)30 2651835

[  Office in Kenya
[
[  P.O. Box 890
[  V/Market
[  00621 Nairobi
[  Kenya
[  Mobile +254 (0)720 481053

[  bw at code-create.com
[  http://www.code-create.com/

More information about the opencms-dev mailing list