Hi,
Following on from my http://forum.servoy.com/viewtopic.php?t=3028 post on setting up servoy server on a headless server I have some more questions:
1. What exactly are the RMI settings for in the servoy configuration? Does the servoy client connect to the server using RMI or webservices over HTTP or neither? If so is communitcaion via HTTP possible (easier with firewalls) if not then what is RMI for?
2. The http://mydomain:8080/servoy-admin/ web app is accessable only over http. This is insecure. Is there any way to enforce that it is only available over https? Can I change the tomcat settings manually?
3. The only way I can see to use the production server is by
3.1 Export the solution from my completely seperate development machine setup and
3.1 Import it into the production server via the web admin interface.
Is it at all possible to have our server running on a headless remote machine and have servoy developer connect to it rather than connecting to the local server? Would this be equivalent to manually editing the repository (and log and user data) database server setup in servoy.properties to point to the database server on the production server?
4. What are the advisable user permissions for the user that runs servoy (I have seen its not recommended to be run as root, probably for the standard reasons)
Cheers
Willie
RMI HTTP Admin Page and SSL
3 posts
• Page 1 of 1
RMI HTTP Admin Page and SSL
by willieseabrook » Mon Oct 11, 2004 4:19 am
- willieseabrook
- Posts: 27
- Joined: Wed Jul 28, 2004 10:26 am
by jcompagner » Mon Oct 11, 2004 4:13 pm
1> the client and the server are talking to each other over RMI
client talks to the server over the rmi port specified in the admin page. (mostly 1099)
The server talks to the client over a anomym port. Will be choosen by startup of a client. (poort beginning at 2000 and then for every client one port higher)
Above tunneling over http is currently not possible. Will look into that if this is possible in the further. You could set youre rmi port on 80 .... But then tomcat can't be on 80 so you need atleast 2 incomming ports.
2> there is no real sensitive information being send over that 8080 but you can add (or enable) the https connector in the \server\conf\server.xml file:
But you need to make a keystore ect for that please look at the tomcat documentation for that.
3>
This is in my eyes the best way to work. Production is production you shouldn't do youre development there..
A developer can't connect to the servoy server right now. This is a feature that is planned for the next big servoy version.
You can connect to the database with the developer. The changes won't be seen directly by the servoy server. You have to flush the changed solutions first before seeing any changes in a client.
4> just a standard users that has permissions to write in the servoy directory. this works best.
client talks to the server over the rmi port specified in the admin page. (mostly 1099)
The server talks to the client over a anomym port. Will be choosen by startup of a client. (poort beginning at 2000 and then for every client one port higher)
Above tunneling over http is currently not possible. Will look into that if this is possible in the further. You could set youre rmi port on 80 .... But then tomcat can't be on 80 so you need atleast 2 incomming ports.
2> there is no real sensitive information being send over that 8080 but you can add (or enable) the https connector in the \server\conf\server.xml file:
- Code: Select all
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="2" maxProcessors="5"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" />
</Connector>
But you need to make a keystore ect for that please look at the tomcat documentation for that.
3>
This is in my eyes the best way to work. Production is production you shouldn't do youre development there..
A developer can't connect to the servoy server right now. This is a feature that is planned for the next big servoy version.
You can connect to the database with the developer. The changes won't be seen directly by the servoy server. You have to flush the changed solutions first before seeing any changes in a client.
4> just a standard users that has permissions to write in the servoy directory. this works best.
Johan Compagner
Servoy
Servoy
-
jcompagner - Posts: 8833
- Joined: Tue May 27, 2003 7:26 pm
- Location: The Internet
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 30 guests