OFBiz relies heavily on the underlying TCP/IP networking stack, as well as the embedded Catalina/Tomcat servlet container in which it runs for Internet communication support. For example, the Catalina servlet container provides all the basic HTTP and HTTPS connection handling on the default IP ports of 8080 and 8443 respectively. Ports 8080 and 8443 by convention do not require any special usage privileges on the hosting system. This means that any non-privileged user may startup an OFBiz instance from the install directory.
A downside of running web servers on ports 8080 and 8443 is that client browsers expect to find URLs on ports 80 and 443. Port 80 is used for non-secure connections while port 443 is used for secure, HTTPS-based communications. To run a web server on IP ports 80 and 443 often requires special privileges, sometimes called "root" or "superuser", on the host server. When OFBiz is configured to run on these ports, it is considered by some to be more secure.
A second set of ports, 9990 and 9991, that should be secured before deploying OFBiz in a production environment, are ports used to access the BeanShell interpreter through the TELNET protocol. You may either disable these ports or protect them using an external firewall.
Communication ports 80 and 443 may be set up by the following steps:
~framework/base/config/ofbiz-containers.xml
http-connector
property. Within the http-connector
specification, find the port
property. Edit this property value as shown:<property name="http-connector" value="connector"> <!--Note property declarations removed. See file for details.--> <property name="port" value="80"/> <!--Note property declarations removed. See file for details.--> </property>
https-connector
property. Within the https-connector
specification, find the port
property. Edit this property value as shown:<property name="https-connector" value="connector"> <!--Note property declarations removed. See file for details.--> <property name="port" value="443"/> <!--Note property declarations removed. See file for details.--> </property>
beanshell-container
property. To disable these ports, wrap the entire container definition in XML comments (<!-- -->)
. To change the ports, edit the property values as shown:<container name="beanshell-container" class="org.ofbiz.base.container.BeanShellContainer"> <property name="telnet-port" value="9911"/> <property name="app-name" value="OFBiz"/> </container>
The OFBiz distribution comes integrated with the Catalina servlet container. This container provides the basic communication support necessary for OFBiz to act as a web server on the Internet. As with most of OFBiz, the Catalina servlet container is completely configurable. What you get out-of-the-box are generic settings based on the experience of the project team.
All available Tomcat/Catalina servlet container configuration parameters are exposed in the ~framework/base/config/ofbiz-containers.xml
file within the named container element. When OFBiz starts up, it passes the configuration settings in this file to the Tomcat/Catalina container(s) for processing. This means that you may tune your servlet container instance by changing settings in this file.
If you change servlet container HTTP/HTTPS settings, you probably will want to change the following settings within the ~framework/webapp/config/url.properties
file. These settings are used internally by OFBiz to support automatic URL conversions. These settings are not passed to the servlet container:
port.https.enabled=Y port.https=443 port.http=80
There are several other TCP/IP ports that OFBiz uses and that you should be aware of when configuring firewalls or other software running on the same server as an OFBiz instance.
Note: it is possible to run many instances of OFBiz on the same server if care is taken to set TCP/IP so there are no conflicts.
These ports include, but are not limited to:
~framework/entity/config/entityengine.xml
will need safe passage through any firewall if the target database system(s) are remotely located. ~framework/base/config/ofbiz-containers.xml
file.RMI may also be configured for use with the Service engine as either a service client or by settings in this file: ~framework/service/config/serviceengine.xml
(defaults to 1099).
There are many other Catalina/Tomcat settings in the ofbiz-containers.xml
file that may affect OFBiz security and performance. To see a complete list of Tomcat/Catalina-specific settings, please refer to the appropriate Tomcat documentation available at:
For more information on TCP/IP port usage, please see Apache OFBiz Technical Production Setup Guide:
https://cwiki.apache.org/confluence/display/OFBTECH/ Apache+OFBiz+Technical+Production+Setup+Guide
3.148.113.229