*Deprecated* This material is for historical purposes only See https://wiki.duraspace.org/display/VIVODOC/All+Documentation for current documentation

Page tree

*Deprecated* See https://wiki.duraspace.org/display/VIVODOC/All+Documentation for current documentation

Skip to end of metadata
Go to start of metadata


When developing for the VIVO application it is useful to have a local server running on your development workstation, but many work places don't like it when non-servers have open ports. This guide will make sure that our MySQL, Apache, and Tomcat servers are only accessible via localhost.

Listen/Bind Setup


MySQL is fairly simple to lock-down to only localhost access. Simply make sure the following line exists under your [mysqld] heading in the my.cnf file (usually located at /etc/my.cnf or /etc/mysql/my.cnf)



Apache is also simple to lock-down the basic/default config to only localhost access. In the httpd.conf file (also know as apache.conf or ports.conf amongst other names) we need to change the Listen line to the following:


In the case of a more advanced configuration (Ubuntu loves to have a ridiculously complicated apache config layout spanning multiple folders for instance), see your distributions apache config documentation.


Tomcat, configured in the server.xml file is a bit more complicated, but in the default config, you have to add address="" to each <Connector ... /> tag. An example tomcat config (abbreviated):

<Server ... >
  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1" address=""
               connectionTimeout="20000" redirectPort="8443" />
    <Connector port="8009" protocol="AJP/1.3" address=""
               redirectPort="8443" />
    <Engine ... >
      <Host ... >

Additional Security

Additional security can be provided by adding a few lines to your /etc/hosts.allow and /etc/hosts.deny files.


Allows connections from localhost and loopback (repetitive, but sometimes needed if /etc/host.conf is not setup correctly)

mysqld : localhost : ALLOW
mysqld : : ALLOW
httpd : localhost : ALLOW
httpd : : ALLOW


Denys connections from anything else

mysqld : ALL
httpd : ALL