Versions Compared

Old Version 3

changes.mady.by.user Rob Hebron

Saved on

compared with

New Version 4

changes.mady.by.user Rob Hebron

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Client browsers connect to a webserver on port 80 by default (for non-secure connections) and 443 (for default connections). Connecting to an alternative port requires that port to be included in the address in the form http://<server>:<port>/<location>. Typically users prefer not to bother with the port
  • Ports below 1024 are typically reserved for privileged users (such as root). Tomcat could listen on Port 80 instead of 8080, but would need to run as root in order to do so. This would mean that all code running inside Tomcat would also be running as root - not a good idea from a security point of view!
  • Apache HTTPD server is engineered to initialise as a privileged user, then run all processes as a non-privileged user. It is therefore an ideal candidate for acting as an intermediary between the client browser and tomcat
  • Typically, port 80 is allowed through firewalls (perhaps via a proxy server), but port 8080 is not
  • It is a good idea to access the Grouper UI through an encrypted connection. Setting Apache up to service an SSL connection is easier than doing so for Tomcat

Image Added

Obtaining and installing Apache HTTPD server is beyond the scope of this document, and procedures depend on your operating system and distribution. Apache HTTPD 2.2 with the mod_proxy and mod_proxy_ajp modules is recommended, so please consult your system documentation to go about getting it. Once it's up and running, the following configuration snippet will proxy incoming connections to the tomcat ajp connector running on port 8009:

...

Rename the GROUPER_UI_SRC/build.properties.template file to GROUPER_UI_SRC/build.properties and edit it. Change the value of the grouper.folder property so that it points to your GROUPER_HOME directory (the location of the grouper.apiBinary-<VERSION> in which you edited the configuration files and ran gsh during setup). This ensures that the build process has access to the grouper libraries and your configuration files. This will mean that it will connect to the same grouper database and subject source(s) as the grouper Daemon, which is required.
If you wish, copy the file GROUPER_UI_SRC/log4j.properties.template to GROUPER_UI_SRC/log4j.properties and edit it to change the log levels and locations

Open a command line, and from within GROUPER_UI_SRC run this command:

...

You should show be able to log in as GrouperSystem using the password you set in tomcat-users.xml.

Your Grouper architecture will now look like this, with the Grouper Loader Daemon and Grouper UI existing as standalone applications, both communicating with the same database. For simplicity the subject source has been omitted from the diagram.

Image Added