Hi Pierre-Yves,
Just a well meant word of warning: if you don't isolate the sites on your server, a compromised site can attack the other sites and maybe even the server itself (by planting a backdoor for instance).
As an additional security measure, since you're using Apache, you might want to consider ModSecurity (maybe you already did). ModSecurity easily fends off 90-95% of attacks in the default config, even more if you spend some time on it.
best, Marc
On Tue, 30 Jan 2024, Pierre-Yves Jallud wrote:
Hi Marc,
well, containers is still obscure for me and I know APACHE... and all the chain between DNS and virtual host. Moreover, BaseX is enough designed to be configured as I need. Specifying the ports, a .basex (a data and webapp repository with DBPATH and WEBPATH) for each site and the BASEX_JM variable (BASEX_JM="-Dorg.basex.path=/basex/home/path") can do the job =) But maybe one day I will evoluate... if it's necessary đ
I still have a problem for stopping BaseX instances but that will be another message đ (just after).
Greetings Pierre-Yves
Le 26/01/2024 à 12:21, Marc Coenegracht a écrit :
Hello Pierre-Yves and Maud,
I'm also trying to figure out a multi-site setup with BaseX and I'm very curious about your structure and config. Are you using containers with the reversed proxy? Especially Podman might be a secure and easy to maintain option (if setup correctly) for a multi-site scenario with multiple BaseX instances.
regards, Marc
On Fri, 26 Jan 2024, Pierre-Yves Jallud wrote:
HĂ€llĂžw Christian,
many thanks for your answer! I finaly came to this solution yesterday afternoon and I was answering to my question when you send your answer. I first tried to use an relative directory... until I tried an absolute one and I succeeded to pass the java system property (something like export BASEX_JM="-Dorg.basex.path=/basex/home/path").
To explain the context of our lab, we are using several instances of BaseX in the same machine (LINUX). To facilitate the administration (mainly the BaseX code update), we try to use a single BaseX repository for several sites. Each site has its own environment (data, webapp and .logs) and the basex repository is a symbolic link. We are using an APACHE HTTP server to access each BaseX with virtualhosts and proxypass configurations...
And well, it seems to work now đ€©! But if you have recommendations or other suggestions to facilitate system administration for a BaseX cluster, we are completly open =) Furthermore, we are not yet at the intensive production stage. If we encounter other problems, we'll ask for your help đ
Many thanks to you and all the BaseX team! You're making a great job!
Greetings Pierre-Yves and Maud
Le 25/01/2024 Ă 17:02, Christian GrĂŒn a Ă©crit :
Salut Pierre-Yves,
The home directory can be specified via the Java system property âorg.basex.pathâ. As itâs required before BaseX is even started, it must be passed on to the JDK, e.g. via â-Dorg.basex.path=/path/to/my/basexâ. This string can beâŠ
âą statically added to the BASEX_JVM property in your âbasexhttpâ start script, or âą dynamically assigned to JDK_JAVA_OPTIONS on command-line before running âbasexhttpâ (export JDK_JAVA_OPTIONS=...).
Hope this helps. If not, just keep on asking ;)
Merci et salutations, Christian
On Wed, Jan 24, 2024 at 5:09âŻPM Pierre-Yves Jallud pierre-yves.jallud@ens-lyon.fr wrote:
Hi all, I would like to precise the home directory of BaseX using org.basex.path (cf. https://docs.basex.org/wiki/Configuration#Home_Directory). Is it possible to configure this when I launch the basexhttp? For exemple, something like (befor launching basexhttp): export org.basex.path=/path/to/my/basex Or maybe: basexhttp -S org.basex.path=/path/to/my/basex ... or what else? Many thanks in advance to enlighten me đ Pierre-Yves PS: as you can see, I didn't use Java for a long time đ ------------------------------------------------------------------------ *Pierre-Yves Jallud* /PĂŽle HumanitĂ© NumĂ©riques / IngĂ©nieur en ingĂ©nierie logicielle/ ------------------------------------------------------------------------ IHRIM - UMR 5317<http://ihrim.ens-lyon.fr> CNRS<https://www.cnrs.fr> ENS de Lyon<http://www.ens-lyon.fr> 15 Parvis RenĂ© Descartes - BP7000 - 69342 Lyon CEDEX 07 +33 (0)4 37 37 63 83 -pierre-yves.jallud@ens-lyon.fr ------------------------------------------------------------------------
*Pierre-Yves Jallud* /PÎle Humanité Numériques / Ingénieur en ingénierie logicielle/
IHRIM - UMR 5317http://ihrim.ens-lyon.fr CNRShttps://www.cnrs.fr ENS de Lyonhttp://www.ens-lyon.fr 15 Parvis René Descartes - BP7000 - 69342 Lyon CEDEX 07
+33 (0)4 37 37 63 83 -pierre-yves.jallud@ens-lyon.fr
*Pierre-Yves Jallud* /PÎle Humanité Numériques / Ingénieur en ingénierie logicielle/
IHRIM - UMR 5317 http://ihrim.ens-lyon.fr CNRS https://www.cnrs.fr ENS de Lyon http://www.ens-lyon.fr 15 Parvis René Descartes - BP7000 - 69342 Lyon CEDEX 07
+33 (0)4 37 37 63 83 - pierre-yves.jallud@ens-lyon.fr