Connection issue with Endian firewall [resolved]

[chungvoky]

Hi all,
I have a OpenKM instance work well in LAN and over Internet. But I have a big problem with OpenKM when access from Internet over Endian Firewall. In some our branch, the user access internet through Endian firewall router. When user connect to OpenKM site, it takes many time to load a OpenKM page (about 5-10 mins) while access normal with other site. If I connect to OpenKM directly without Endian Firewall with same connection, it works normal (take about 10-20s to load a page). Please help me resolve it.
Thanks all,

[jllort]

For what I understanding:
1- Intranet use is correctly no ?
2- Problem is with extranet users when accessing from outside your office to your OpenKM server ( intranet -> router -> firewal -> openkm server ). Here we got the problem no ?

[chungvoky]

1. Yes, Intranet use correctly. If users access from Intranet, it works.
2. Have two ways to connect to my OpenKM server:
- Users -> Internet -> My router -> OpenKM server: It works OK.
- Branch users -> Endian router (firewall) -> Internet -> My router -> OpenKM server: It's very slow (5-10mins per page)
If I use the same physical connection of branch as follow:
- Branch users -> Other router -> Internet -> My router -> OpenKM server: It works OK
I think that have some conflicts between OpenKM (maybe JBoss) and Endian firewall (EFW) but can't find thats.

[jllort]

When you say conflict you should say bad configuration with firewall. I suggest you configure OpenKM behind tomcat ( proxy ) take a look here
http://wiki.openkm.com/index.php/Apache

It's not good idea - for security reason - directly accessing to 8080 jboss port.
If you make this changes probably you'll get better results in your firewall, probaly yuu're missing some configuration with port 8080 and with 80 ( web ) you will find more information in your firewall about how doing it. Do not concentrate in jboss 8080 etc... there's no problem with jboss it's on firewall hand.

[chungvoky]

I'm already config OpenKM with Apache. My users access OpenKM with port 80. The firewall doesn't block OpenKM because my users can access OpenKm through firewall. It's slow only. I'll try connect directly by port 8080 and report to you later.

[chungvoky]

As you guided, I've just trying connect to OpenKM directly by port 8080 and have a nice surprise. It run very fast. What wrong?
This is my apache config for OpenKM:

Code: Select all

<VirtualHost *:80>
    ServerName openkm.mydomain.com
    RedirectMatch ^/$ /OpenKM
    <Location /OpenKM>
        ProxyPass ajp://127.0.0.1:8009/OpenKM
        ProxyPassReverse http://openkm.mydomain.com/OpenKM
    </Location>
</VirtualHost>

[chungvoky]

This issue is resolved. I've enable 3 modules of Apache: rewrite, proxy_http and headers as described in http://wiki.openkm.com/index.php/Apache. Now I can access OpenKM normally. Thanks jllort's supports.