Webserver Configuration

We recommend the use of a web server in combination with Scipio ERP. Although we generally recommend the use of nginx for this purpose, pretty much any webserver can be used. The following templates are meant as a starting point for a webserver configuration.

In addition, in order to prepare your own installation of Scipio ERP to run under a specific domain, you will also be required to tell Scipio ERP to generate URLs according to the new domain settings – regardless of the webserver, you will be required to make these modifications.

 

Scipio ERP

Set your default domain in /framework/webapp/config/url.properties:

 # HTTPS Port (Secure port)
 port.https.enabled=Y
 port.https=
 force.https.host=https://mydomain.com/

 # HTTP Port (Not Secure port) -> can be mostly ignored nowadays
 port.http=8080
 force.http.host=

In order for Scipio ERP to generate URLs according to your own domain specifics, update your  “WebSite” data for each of the productstores:


<WebSite productStoreId="ScipioShop" siteName="SCIPIO Shop Web Site" visualThemeSelectorScript="component://common/webcommon/WEB-INF/actions/includes/GetWebSiteStoreVisualThemeId.groovy" visualThemeSetId="ECOMMERCE" webSiteId="ScipioWebStore"
 httpHost=""
 httpPort=""
 httpsHost=""
 httpsPort=""
 enableHttps=""
 standardContentPrefix="" 
 secureContentPrefix=""
 cookieDomain=""
 />

This process is also described in more detail here (check the URLs tab).

nginx

Add a nginx proxy-redirect configuration for each of your domain:


location / {
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto https;
        proxy_cookie_path ~*^/.* /;
        add_header Front-End-Https   on;

        proxy_pass  http://localhost:8080/shop/;
     }

    location /solr/ {
           auth_basic "Restricted";
           auth_basic_user_file /var/www/.../private/.htpasswd;
            proxy_set_header Host $host;
            proxy_pass  http://localhost:8080/solr/;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-for $remote_addr;
            port_in_redirect off;
            proxy_connect_timeout 300;
            proxy_pass_header Set-Cookie;
    }

    location /base-theme/ {
                    proxy_set_header Host $host;
                    proxy_pass  http://localhost:8080/base-theme/;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-for $remote_addr;
                    port_in_redirect off;
                    proxy_connect_timeout 300;
                    proxy_pass_header Set-Cookie;
    }

    location /images/ {
                    proxy_set_header Host $host;
                    proxy_pass  http://localhost:8080/images/;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-for $remote_addr;
                    port_in_redirect off;
                    proxy_connect_timeout 300;
                    proxy_pass_header Set-Cookie;
    }

    location /foundation-shop-theme/ {
                    proxy_set_header Host $host;
                    proxy_pass  http://localhost:8080/foundation-shop-theme/;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-for $remote_addr;
                    port_in_redirect off;
                    proxy_connect_timeout 300;
                    proxy_pass_header Set-Cookie;
    }

    location /ordermgr-js/ {
                    proxy_set_header Host $host;
                    proxy_pass  http://localhost:8080/ordermgr-js/;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-for $remote_addr;
                    port_in_redirect off;
                    proxy_connect_timeout 300;
                    proxy_pass_header Set-Cookie;
    }

 

Apache Webserver

Alternatively, for Apache Webserver use:

<VirtualHost localhost:443>
	ErrorLog "${INSTALL_DIR}/logs/apache_error.log"
	CustomLog "${INSTALL_DIR}/logs/access.log" common
	
	SSLEngine on
	SSLProxyEngine on
	ServerName localhost
        # Modify according to your own cert directory
	SSLCertificateFile "../apache/certificate.crt"
	SSLCertificateKeyFile "../apache/private.key"
	
	# Redirect to trailing slash urls
	RewriteEngine On
	RewriteCond %{REQUEST_URI} ^/$
	RewriteRule ^(.*)$ https://%{HTTP_HOST}$1/ [R=301,L]

	# Settings for Apache Reverse Proxying
	ProxyRequests Off	  
	ProxyPreserveHost On
	# Set RequestHeader to always transport as https - we will terminate ssl for the actual proxy
	RequestHeader set X-Forwarded-Proto "https" early 
	
	# Proxy from subdirectory https://localhost/ to scipio server 
	<LocationMatch ^/(.*)$>
	  # Proxy pass to scipioserver - replace localhost with scipio instance
	  ProxyPassMatch  http://127.0.0.1:8080/$1
	  ProxyPassReverse http://127.0.0.1:8080/$1
	  
	  # Set cookies for proper session handling
	  ProxyPassReverseCookiePath / /
	  ProxyPassReverseCookieDomain / /
	  
	  # Fix relative urls - replace https://localhost/ with proper path
	  SetOutputFilter proxy-content
	  RequestHeader unset Accept-Encoding
	  ProxyHTMLEnable On
	  ProxyHTMLExtended On
	  ProxyHTMLURLMap ^(?!//.*)/(.*)$ https://localhost/$1 R
	</LocationMatch>
 
</VirtualHost>

HaProxy

You can then rewrite the context path as desired with the reqrep directive, there are some examples over here.

global
    daemon
    maxconn 2048
    tune.ssl.default-dh-param 2048
    log 127.0.0.1 syslog debug

defaults
    option forwardfor
    option http-server-close

    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000ms
    timeout client  50000ms
    timeout server  50000ms

frontend www-https
    bind $_EXTIFACE:443 ssl crt /etc/haproxy/certs/mydomain.com.pem
    default_backend www-backend

backend www-backend
   server www-1 127.0.0.1:8080 check