Overview

When developing for the VIVO application it is useful to have a local server running on your development workstation, but many work places don't like it when non-servers have open ports. This guide will make sure that our MySQL, Apache, and Tomcat servers are only accessible via localhost.

Listen/Bind Setup

MySQL

MySQL is fairly simple to lock-down to only localhost access. Simply make sure the following line exists under your [mysqld] heading in the my.cnf file (usually located at /etc/my.cnf or /etc/mysql/my.cnf)

bind-address=127.0.0.1

Apache

Apache is also simple to lock-down the basic/default config to only localhost access. In the httpd.conf file (also know as apache.conf or ports.conf amongst other names) we need to change the Listen line to the following:

Listen 127.0.0.1:80

In the case of a more advanced configuration (Ubuntu loves to have a ridiculously complicated apache config layout spanning multiple folders for instance), see your distributions apache config documentation.

Tomcat

Tomcat, configured in the server.xml file is a bit more complicated, but in the default config, you have to add address="127.0.0.1" to each <Connector ... /> tag. An example tomcat config (abbreviated):

<Server ... >
  ...
  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1" address="127.0.0.1"
               connectionTimeout="20000" redirectPort="8443" />
    <Connector port="8009" protocol="AJP/1.3" address="127.0.0.1"
               redirectPort="8443" />
    <Engine ... >
      ...
      <Host ... >
        ...
      </Host>
    </Engine>
  </Service>
</Server>

Additional Security

Additional security can be provided by adding a few lines to your /etc/hosts.allow and /etc/hosts.deny files.

hosts.allow

Allows connections from localhost and loopback (repetitive, but sometimes needed if /etc/host.conf is not setup correctly)

mysqld : localhost : ALLOW
mysqld : 127.0.0.1 : ALLOW
httpd : localhost : ALLOW
httpd : 127.0.0.1 : ALLOW

hosts.deny

Denys connections from anything else

mysqld : ALL
httpd : ALL