Operations tips for the application¶
The application is not meant to be operated on a port open to the internet. It should run behind front end web server like Apache or nginx. The front end web server should handle the SSL handshake and rewrite the URL to the application server.
Example Apache configuration¶
For Apache you can use the following configuration. It has the following assumptions:
- The address book listens on port 13080 on localhost.
- The Apache runs handles HTTPS requests (port 443).
- The application will be bound to a sub domain, so all requests for the sub domain are redirected to the application.
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteRule ^(/?.*) http://127.0.0.1:13080/CONTAINERNAME/++vh++https:SUBDOMAINNAME.DOMAIN.TLD:443/++//$1 [P,L]
CONTAINERNAME is the ID of the address book. SUBDOMAINNAME.DOMAIN.TLD is the FQDN for the target sub domain.
The archive¶
The archive contains archived people. They cannot be found any more by the
person search, cannot be changed and are only visible in the archive for users
with the role archivist or archive visitor. The archive visitor has
read only access to the archive while the archivist is also able to
un-archive a person which moves the person outside of the archive and makes it
editable again.
Users with the role Editor are able to move persons to the archive.
Disable the archive function¶
If you don’t need an archive of persons, and you want to disable the ability to archive a person, you only need to add the Archive tab to the list of deselected tabs in Master data –> Address book.