*Deprecated* This material is for historical purposes only See https://wiki.duraspace.org/display/VIVODOC/All+Documentation
for current documentation
*Deprecated* See https://wiki.duraspace.org/display/VIVODOC/All+Documentation for current documentation
Overview
When developing for the VIVO application it is useful to have a local server running on your development workstation, but many work places don't like it when non-servers have open ports. This guide will make sure that our MySQL, Apache, and Tomcat servers are only accessible via localhost.
Listen/Bind Setup
MySQL
MySQL is fairly simple to lock-down to only localhost access. Simply make sure the following line exists under your [mysqld] heading in the my.cnf file (usually located at /etc/my.cnf or /etc/mysql/my.cnf)
bind-address=127.0.0.1
Apache
Apache is also simple to lock-down the basic/default config to only localhost access. In the httpd.conf file (also know as apache.conf or ports.conf amongst other names) we need to change the Listen line to the following:
Listen 127.0.0.1:80
In the case of a more advanced configuration (Ubuntu loves to have a ridiculously complicated apache config layout spanning multiple folders for instance), see your distributions apache config documentation.
Tomcat
Tomcat, configured in the server.xml file is a bit more complicated, but in the default config, you have to add address="127.0.0.1" to each <Connector ... /> tag. An example tomcat config (abbreviated):
<Server ... >
...
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1" address="127.0.0.1"
connectionTimeout="20000" redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" address="127.0.0.1"
redirectPort="8443" />
<Engine ... >
...
<Host ... >
...
</Host>
</Engine>
</Service>
</Server>
Additional Security
Additional security can be provided by adding a few lines to your /etc/hosts.allow and /etc/hosts.deny files.
hosts.allow
Allows connections from localhost and loopback (repetitive, but sometimes needed if /etc/host.conf is not setup correctly)
mysqld : localhost : ALLOW mysqld : 127.0.0.1 : ALLOW httpd : localhost : ALLOW httpd : 127.0.0.1 : ALLOW
hosts.deny
Denys connections from anything else
mysqld : ALL httpd : ALL
Overview
Content Tools
*Deprecated* See https://wiki.duraspace.org/display/VIVODOC/All+Documentation for current documentation