From 5a27dbbc725d5746c03fc6a1530e66b1ef14923a Mon Sep 17 00:00:00 2001 From: Pete Meyer Date: Thu, 15 Nov 2018 13:29:40 -0500 Subject: [PATCH 1/2] document how to configure glassfish to listen from localhost only --- doc/sphinx-guides/source/installation/config.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst index 7237bdbc6d8..f73a1fea166 100644 --- a/doc/sphinx-guides/source/installation/config.rst +++ b/doc/sphinx-guides/source/installation/config.rst @@ -90,6 +90,12 @@ If you really don't want to front Glassfish with any proxy (not recommended), yo What about port 80? Even if you don't front Dataverse with Apache, you may want to let Apache run on port 80 just to rewrite HTTP to HTTPS as described above. You can use a similar command as above to change the HTTP port that Glassfish uses from 8080 to 80 (substitute ``http-listener-1.port=80``). Glassfish can be used to enforce HTTPS on its own without Apache, but configuring this is an exercise for the reader. Answers here may be helpful: http://stackoverflow.com/questions/25122025/glassfish-v4-java-7-port-unification-error-not-able-to-redirect-http-to +If you are running an installation with apache and Glassfish on the same server, and would like to restrict Glassfish from responding to any requests to port 8080 from external hosts (in other words, not through apache), you can restrict the AJP listener to localhost only with: + +``./asadmin set server-config.network-config.network-listeners.network-listener.http-listener-1.address=127.0.0.1`` + +You should **NOT** use the configuration option above if you are running in a load-balanced environment, or otherwise have the web server on a different host than the application server. + Root Dataverse Permissions -------------------------- From c10b75f6a0f4d3f2769f92904bd174fb06d37d71 Mon Sep 17 00:00:00 2001 From: Philip Durbin Date: Thu, 15 Nov 2018 14:15:45 -0500 Subject: [PATCH 2/2] capitalize "Apache" --- doc/sphinx-guides/source/installation/config.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst index f73a1fea166..3cbc0b0757e 100644 --- a/doc/sphinx-guides/source/installation/config.rst +++ b/doc/sphinx-guides/source/installation/config.rst @@ -90,7 +90,7 @@ If you really don't want to front Glassfish with any proxy (not recommended), yo What about port 80? Even if you don't front Dataverse with Apache, you may want to let Apache run on port 80 just to rewrite HTTP to HTTPS as described above. You can use a similar command as above to change the HTTP port that Glassfish uses from 8080 to 80 (substitute ``http-listener-1.port=80``). Glassfish can be used to enforce HTTPS on its own without Apache, but configuring this is an exercise for the reader. Answers here may be helpful: http://stackoverflow.com/questions/25122025/glassfish-v4-java-7-port-unification-error-not-able-to-redirect-http-to -If you are running an installation with apache and Glassfish on the same server, and would like to restrict Glassfish from responding to any requests to port 8080 from external hosts (in other words, not through apache), you can restrict the AJP listener to localhost only with: +If you are running an installation with Apache and Glassfish on the same server, and would like to restrict Glassfish from responding to any requests to port 8080 from external hosts (in other words, not through Apache), you can restrict the AJP listener to localhost only with: ``./asadmin set server-config.network-config.network-listeners.network-listener.http-listener-1.address=127.0.0.1``