Page 1 of 1
Connection issue with Endian firewall [resolved]
PostPosted:Sat Oct 06, 2012 4:59 am
by chungvoky
Hi all,
I have a OpenKM instance work well in LAN and over Internet. But I have a big problem with OpenKM when access from Internet over Endian Firewall. In some our branch, the user access internet through Endian firewall router. When user connect to OpenKM site, it takes many time to load a OpenKM page (about 5-10 mins) while access normal with other site. If I connect to OpenKM directly without Endian Firewall with same connection, it works normal (take about 10-20s to load a page). Please help me resolve it.
Thanks all,
Re: Connection issue with Endian firewall
PostPosted:Sat Oct 06, 2012 7:46 pm
by jllort
For what I understanding:
1- Intranet use is correctly no ?
2- Problem is with extranet users when accessing from outside your office to your OpenKM server ( intranet -> router -> firewal -> openkm server ). Here we got the problem no ?
Re: Connection issue with Endian firewall
PostPosted:Sun Oct 07, 2012 2:51 pm
by chungvoky
1. Yes, Intranet use correctly. If users access from Intranet, it works.
2. Have two ways to connect to my OpenKM server:
- Users -> Internet -> My router -> OpenKM server: It works OK.
- Branch users -> Endian router (firewall) -> Internet -> My router -> OpenKM server: It's very slow (5-10mins per page)
If I use the same physical connection of branch as follow:
- Branch users -> Other router -> Internet -> My router -> OpenKM server: It works OK
I think that have some conflicts between OpenKM (maybe JBoss) and Endian firewall (EFW) but can't find thats.
Re: Connection issue with Endian firewall
PostPosted:Sun Oct 07, 2012 6:41 pm
by jllort
When you say conflict you should say bad configuration with firewall. I suggest you configure OpenKM behind tomcat ( proxy ) take a look here
http://wiki.openkm.com/index.php/Apache
It's not good idea - for security reason - directly accessing to 8080 jboss port.
If you make this changes probably you'll get better results in your firewall, probaly yuu're missing some configuration with port 8080 and with 80 ( web ) you will find more information in your firewall about how doing it. Do not concentrate in jboss 8080 etc... there's no problem with jboss it's on firewall hand.
Re: Connection issue with Endian firewall
PostPosted:Mon Oct 08, 2012 3:25 am
by chungvoky
I'm already config OpenKM with Apache. My users access OpenKM with port 80. The firewall doesn't block OpenKM because my users can access OpenKm through firewall. It's slow only. I'll try connect directly by port 8080 and report to you later.
Re: Connection issue with Endian firewall
PostPosted:Mon Oct 08, 2012 3:43 am
by chungvoky
As you guided, I've just trying connect to OpenKM directly by port 8080 and have a nice surprise. It run very fast. What wrong?
This is my apache config for OpenKM:
Code: Select all<VirtualHost *:80>
ServerName openkm.mydomain.com
RedirectMatch ^/$ /OpenKM
<Location /OpenKM>
ProxyPass ajp://127.0.0.1:8009/OpenKM
ProxyPassReverse http://openkm.mydomain.com/OpenKM
</Location>
</VirtualHost>
Re: Connection issue with Endian firewall [resolved]
PostPosted:Mon Oct 08, 2012 5:34 am
by chungvoky
This issue is resolved. I've enable 3 modules of Apache: rewrite, proxy_http and headers as described in
http://wiki.openkm.com/index.php/Apache. Now I can access OpenKM normally. Thanks jllort's supports.