In a standard installation of CMS Fiona, the Website provided can be reached on port 8080. On this port, the Trifork server listens for requests. For security reasons it is recommended to make the Trifork server inaccessible from outside. This short guide describes how this can be done using the Apache HTTP server and the Apache webserver module
mod-jk. Further details can also be found on the following web pages:
This guide assumes that you have already installed and configured the Apache HTTP server. Please adapt the symbolic names and port numbers used here according to your environment.
mod_jk and proceed as described in the file
readme.txt to install and compile the module:
$> cd tomcat-connectors-1.2.26-src/native $> ./configure --with-apxs=/usr/sbin/apxs # apxs lets you compile and configure modules available as # source code by means of a single command $> make $> su -c 'make install'
This creates the module
Integrate this module into your Apache HTTP server installation so that it is loaded when the server starts.
Integrate the configuration of the module,
jk.conf, into the configuration of the Apache server. The following is a sample
mod_jk configuration (please adapt the paths):
<IfModule mod_jk.c> # Path to mod_jk log file (please adapt!) JkLogFile "/var/log/apache2/mod_jk.log" JkLogLevel info # Path to the configuration of the AJP worker JkWorkersFile "/usr/local/apache2/conf/workers.properties" # Forwarding to the web applications # Editorial system and preview JkMount /default/* Name # Content JkMount /PM/* Name </IfModule>
jk.conf example above,
Name is the name of a
worker which is defined in the
workers.properties file (see below).
The paths specified above (such as
/PM/*) are passed to the Trifork server, meaning that they must have been defined there too.
Please note that in the Trifork configuration file
instance\default\webapps\PM\META-INF\trifork-app-conf.xml the URL prefix path (context) must have been set. Furthermore, for delivering content to the live side, the
documentRoot needs to be defined in
In the file
worker.properties, please define the worker specified above for communicating with the Trifork server:
# Define worker for communication # List of workers used. Specify as Name # the name of the web application, for example. worker.list=Name # The worker is defined here. Its type is ajp13 worker.Name.port=8009 worker.Name.host=localhost worker.Name.type=ajp13
In the Trifork server, set
enable. You can reach the administration console via http://server:8090/console -> default -> HTTP -> DEFAULT_ENDPOINT.
Finally, for security reasons, bind Trifork Server to
localhost to deny access from outside. For this, add the following lines to the file