NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The THREDDS doc page at http://www.unidata.ucar.edu/projects/THREDDS/tech/reference/TomcatBehindProxyServer.html shows how to use mod_proxy to have Apache proxy requests to THREDDS so that it just looks like it's a subdirectory in the virtual host you are running. Which is great, but I added a datasetScan element and all the TDS-generated pages showed the machine name and port in the base URL for the request. So I wondered - how can you mask the machine name and port on the TDS-generated pages as well? I noticed NGDC had this already set up on their server - for example: http://www.ngdc.noaa.gov/thredds/catalog/sst/SST_50km/catalog.html?dataset=sst/SST_50km/NPR.STGL.NL.D02012.nc rather than http://machine name:port/thredds/catalog/sst/SST_50km/catalog.html?dataset=sst/SST_50km/NPR.STGL.NL.D02012.nc So with a tip from Ernie Joynt, a sysad there, and some experimenting, I found the solution. After the sentence: "The section between <Proxy... And </Proxy> can usually be omitted...", you could add: "You can also add additional proxy directives to mask the THREDDS URL and port in any TDS-generated file access pages. The above ProxyPass and ProxyPassReverse directives mask the machine name and port using mod_proxy during an initial THREDDS URL request, but leave this information visible on the data access page generated by TDS. If you add the following directives BEFORE the directives above, Apache will use mod_proxy_ajp in addition to the mod_proxy directives, so that any TDS-generated access pages will use the same URL as shown in the initial THREDDS request (example shown for Apache 2.2): LoadModule proxy_ajp_module modules/mod_proxy_ajp.so ProxyPass /thredds ajp://localhost:8009/thredds ProxyPassReverse /thredds ajp://localhost:8009/thredds This also requires uncommenting the AJP connector (port 8009) in the Tomcat server.xml file." Thanks to Ernie Joynt at NGDC for the tip-off on this. This made my security guy happy. Greg - -- Greg Keith - Web System Administrator greg.keith(-at-)noaa.gov NOAA ESRL Physical Sciences Division http://www.esrl.noaa.gov/psd R/PSD, 325 Broadway, Boulder, CO phone: 303-497-6645 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFJSXxI8IR34NeP2BwRAk/8AJ94W9e24O4qL3BzdNZ/E6d9oT0utgCeOc2A rBAYuY9DfLt6uq1sdDTDp8o= =Gbnd -----END PGP SIGNATURE-----
thredds archives: