OFBiz relies heavily on the underlying TCP/IP networking stack, as well as the embedded Catalina/Tomcat servlet container in which it runs for Internet communication support. For example, the Catalina servlet container provides all the basic HTTP and HTTPS connection handling on the default IP ports of 8080 and 8443 respectively. Ports 8080 and 8443 by convention do not require any special usage privileges on the hosting system. This means that any non-privileged user may startup an OFBiz instance from the install directory.
A downside of running web servers on ports 8080 and 8443 is that client browsers expect to find URLs on ports 80 and 443. Port 80 is used for non-secure connections while port 443 is used for secure, HTTPS-based communications. To run a web server on IP ports 80 and 443 often requires special privileges, sometimes called "root" or "superuser", on the host server. When OFBiz is configured to run on these ports, it is considered by some to be more secure.
A second set of ports, 9990 and 9991, that should be secured before deploying OFBiz in a production environment, are ports used to access the BeanShell interpreter through the TELNET protocol. You may either disable these ports or protect them using an external firewall.
Communication ports 80 and 443 may be set up by the following steps:
- To change the HTTP/HTTPS ports, open the following file:
~framework/base/config/ofbiz-containers.xml
- To change the default HTTP port from 8080 to 80, first locate the
http-connectorproperty. Within thehttp-connectorspecification, find theportproperty. Edit this property value as shown:<property name="http-connector" value="connector"> <!--Note property declarations removed. See file for details.--> <property name="port" value="80"/> <!--Note property declarations removed. See file for details.--> </property>
- To change the default HTTPS port from 8443 to 443, first locate the
https-connectorproperty. Within thehttps-connectorspecification, find theportproperty. Edit this property value as shown:<property name="https-connector" value="connector"> <!--Note property declarations removed. See file for details.--> <property name="port" value="443"/> <!--Note property declarations removed. See file for details.--> </property>
- To change or disable the default BeanShell ports, locate the
beanshell-containerproperty. To disable these ports, wrap the entire container definition in XML comments (<!-- -->). To change the ports, edit the property values as shown:<container name="beanshell-container" class="org.ofbiz.base.container.BeanShellContainer"> <property name="telnet-port" value="9911"/> <property name="app-name" value="OFBiz"/> </container>
- Save and close the file.
- Restart OFBiz to make IP port configuration changes effective.
The OFBiz distribution comes integrated with the Catalina servlet container. This container provides the basic communication support necessary for OFBiz to act as a web server on the Internet. As with most of OFBiz, the Catalina servlet container is completely configurable. What you get out-of-the-box are generic settings based on the experience of the project team.
All available Tomcat/Catalina servlet container configuration parameters are exposed in the ~framework/base/config/ofbiz-containers.xml file within the named container element. When OFBiz starts up, it passes the configuration settings in this file to the Tomcat/Catalina container(s) for processing. This means that you may tune your servlet container instance by changing settings in this file.
If you change servlet container HTTP/HTTPS settings, you probably will want to change the following settings within the ~framework/webapp/config/url.properties file. These settings are used internally by OFBiz to support automatic URL conversions. These settings are not passed to the servlet container:
port.https.enabled=Y port.https=443 port.http=80
There are several other TCP/IP ports that OFBiz uses and that you should be aware of when configuring firewalls or other software running on the same server as an OFBiz instance.
Note
Note: it is possible to run many instances of OFBiz on the same server if care is taken to set TCP/IP so there are no conflicts.
These ports include, but are not limited to:
- Database Ports: Any port(s) used by the entity engine as configured in
~framework/entity/config/entityengine.xmlwill need safe passage through any firewall if the target database system(s) are remotely located. - RMI/JNDI ports: Details of using OFBiz as either a provider of Remote Method Invocation (RMI)/Java Naming and Directory Interface (JNDI)-based services are beyond the scope of this book. However, RMI may be used in a number of places throughout the code base, and RMI IP port settings are a consideration when readying OFBiz for production environments. The primary RMI configuration file used when setting up an OFBiz RMI server is the
~framework/base/config/ofbiz-containers.xmlfile.RMI may also be configured for use with the Service engine as either a service client or by settings in this file:
~framework/service/config/serviceengine.xml(defaults to 1099).
There are many other Catalina/Tomcat settings in the ofbiz-containers.xml file that may affect OFBiz security and performance. To see a complete list of Tomcat/Catalina-specific settings, please refer to the appropriate Tomcat documentation available at:
For more information on TCP/IP port usage, please see Apache OFBiz Technical Production Setup Guide:
https://cwiki.apache.org/confluence/display/OFBTECH/ Apache+OFBiz+Technical+Production+Setup+Guide