Greetings All, Currently running Moqui on embedded web server (the Jetty Servlet Container), what is the best practice to configure a secure connection using ssl, in our ofbiz instances we put an Apache http server in the front and connect to servlet container using AJP, is that an option here, or is there another way to do this. Appreciate any pointers.
1 Like
This depends on what your risk tolerance is and where you’re running the server.
An easy way to do this is to have a web-server in front of moqui like Apache or Nginx that has auto renewing certificates using the ACME protocol.
We talked about this a bit on the community call on April 15th. The AJP protocol is largely deprecated these days and was removed from Jetty in version 9, which is the current version used in moqui-framework.
The typical approach is to use nginx or httpd in from of the Jetty server, have SSL terminate there, and run it as a reverse-proxy using HTTP to communicate with the Moqui server(s). This may be different if there is a load balancer or something in front of the Moqui server that handles SSL termination (ie HTTPS is handled before the request gets to the server running Moqui even if that server is also running a nginx or httpd reverse proxy).
1 Like