When developing for the VIVO application it is useful to have a local server running on your development workstation, but many work places don't like it when non-servers have open ports. This guide will make sure that our MySQL, Apache, and Tomcat servers are only accessible via localhost.
MySQL is fairly simple to lock-down to only localhost access. Simply make sure the following line exists under your [mysqld]
heading in the my.cnf
file (usually located at /etc/my.cnf
or /etc/mysql/my.cnf
)
bind-address=127.0.0.1 |
Apache is also simple to lock-down the basic/default config to only localhost access. In the httpd.conf
file (also know as apache.conf
or ports.conf
amongst other names) we need to change the Listen
line to the following:
Listen 127.0.0.1:80 |
In the case of a more advanced configuration (Ubuntu loves to have a ridiculously complicated apache config layout spanning multiple folders for instance), see your distributions apache config documentation.
Tomcat, configured in the server.xml
file is a bit more complicated, but in the default config, you have to add address="127.0.0.1"
to each <Connector ... />
tag. An example tomcat config (abbreviated):
<Server ... > ... <Service name="Catalina"> <Connector port="8080" protocol="HTTP/1.1" address="127.0.0.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8009" protocol="AJP/1.3" address="127.0.0.1" redirectPort="8443" /> <Engine ... > ... <Host ... > ... </Host> </Engine> </Service> </Server> |
Additional security can be provided by adding a few lines to your /etc/hosts.allow
and /etc/hosts.deny
files.
Allows connections from localhost and loopback (repetitive, but sometimes needed if /etc/host.conf
is not setup correctly)
mysqld : localhost : ALLOW mysqld : 127.0.0.1 : ALLOW httpd : localhost : ALLOW httpd : 127.0.0.1 : ALLOW |
Denys connections from anything else
mysqld : ALL httpd : ALL |