Hi Jens,
strictly speaking SGD depends on http *and* AIP. To secure everything
and push it over a single port you have most of the steps from
previous responses here, but from my notes the last time I did this
there are a few other steps you could consider.
- secure soap
- disabling port 80 in httpd.conf (like you did)
- enable SGD firewall forwarding (like you did)
- configure SGD to only accept secure connections (i.e. only secure AIP)
You could go further to hide things by disabling the web server
signature, disabling directory listings, etc.
Hope this helps..
Curtis.
On Apr 7, 2008, at 11:01 PM, Remold Krol | Everett wrote:
"Listen 127.0.0.1:80" works like a charm.
Securing the SOAP connections and disable port 80 (or complete
redirect 80->443) works as well, but takes more time and is a bit
more difficult (an extra certificate has to be installed).
To use the "Listen 127.0.0.1:80" option use the following steps:
- login to commandline of ssgd-server
- become root
- cd /opt/tarantella/webserver/apache/<version>/conf
- vi httpd.conf
- search for '80' (via '/80')
- insert '127.0.0.1:' before '80' (or use: ':%s/80/127.0.0.1:80/g')
- save httpd.conf
- restart webserver (/opt/tarantella/bin/tarantella webserver
restart --ssl
That's it :)
- Remold
At 09:24 PM 4/7/2008, you wrote:
Before disabling port 80, you need to Secure your SOAP connections,
as per: http://docs.sun.com/source/820-2550/secure_webservices.html
Or you can probably just do something like "Listen 127.0.0.1:80" in
Apache (tho I haven't tried that), or just Redirect port 80 users
to the https port (a less fascist approach) - but you can't
redirect until you've secured the SOAP connections.
Rick
Jens wrote:
Hi,
thanks. The problem is that http works parallel to https. We want
to disable http complete.
This didnt work atm. If we disable Port 80 in the config we cant
login because java need port 80 - or something.
Still searching :-)
Jens
2008/4/7, Brian Knoblauch <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]
>>:
http://docs.sun.com/source/819-6255/firewall_traverse.html
On Mon, 2008-04-07 at 08:44, Jens wrote:
> Hi,
>
> how can we disable http and work only via https?
> We try something but it looks like that we make some mistakes
because
> only both works or nothing.
>
> Thanks for any hints
>
> Jens
~~~
Curtis Cunningham
consulting (at) drumgit.com
"There are 10 kinds of people in the world, those
that understand binary .. and those that don't"
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
