Versions Compared

Old Version 14

changes.mady.by.user Ivan Masár

Saved on

compared with

New Version Current

changes.mady.by.user Ivan Masár

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Running DSpace on Standard Ports (80 for http:// and 443 for https://)

Since it is not trivial to get a Java servlet container, such as Apache Tomcat to listen on the "standard" TCP ports for a web server, this page explains alternative ways to accomplish it.

...

Warning

When using Apache 2.4.2 (and lower) in front of a DSpace webapp deployed in Tomcat, mod_proxy_ajp and possibly mod_proxy_http breaks the connection to the back end (Tomcat) prematurely leading to response mixups. This is reported as bug CVE-2012-3502 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3502) of Apache and fixed in Apache 2.4.3 (see http://www.apache.org/dist/httpd/CHANGES_2.4). The 2.2.x branch hasn't shown this problem only the 2.4.x branch has.

See Also

Method 1 - redirecting with IP tables

This is known to work on Red Hat Enterprise Linux 3 and other similar versions of GNU/Linux. Use the iptables utility to redirect requests on the default ports to the higher-numbered ports where the DSpace servlet container is actually listening.

...

Configure your Java Servlet container to listen to ports 8080 and 8443 for HTTP and HTTPS connections, respectively.

Method 1b - Write your own iptables config file

Here is an expanded example:
edit the /etc/sysconfig/iptables file (make a backup of this file first!)

...

Code Block
keystoreFile="/usr/local/jakarta-tomcat-5.0.27/conf/ssl.new/keystore.pkcs12"
keystoreType="PKCS12"
keystorePass="changeit"

* Restart tomcat

Method 2a - Use Apache HTTPD (mod_proxy_ajp) + Tomcat (port 8009)

This assumes you have the following working:

...

  1. You'll need to reload or restart the httpd service
  2. The "!" <bang> sets Apache web-server to NOT REDIRECT everything under /do_not_touch

Method 2b - use Apache HTTPD / Tomcat connector (mod_jk)

Run Apache HTTPD as a front-end for Tomcat, see
the mod_jk wiki page
This is tricky to set up, but secure.

Method 3 - use Apache to redirect requests to Tomcat on port 8080

For RedHat LINUX server:

In /etc/httpd/conf/httpd.conf:

...

Code Block
<!-- JSPC servlet mappings start
<servlet>
<servlet-name>org.apache.jsp.index_jsp</servlet-name>
<servlet-class>org.apache.jsp.index_jsp</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>org.apache.jsp.index_jsp</servlet-name>
<url-pattern>/index.jsp</url-pattern>
</servlet-mapping>
-->

4. Re-start tomcat

Method 4 - Use Tomcat's jsvc daemon

Note: Only works for Unix like platforms.
This documentation is based on Solaris 10 using the Solaris Service Management Facility.
See http://jakarta.apache.org/commons/daemon/jsvc.html
for more details

...

Code Block
/usr/sbin/svcadm enable dspace

 Method 5 - Tomcat on low ports natively with authbind 

See: