服务器安全和通过 Rest 访问 OrientDB

本文介绍了服务器安全和通过 Rest 访问 OrientDB的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

猜猜这是一个令人尴尬的初学者问题，无论如何...

Guess this is an embarrassing beginner question,anyways...

在服务器安全"下的 OrientDB 文档中，我们发现:

In the OrientDB documentation under "server security" we find:

虽然 OrientDB Server 可以作为普通的 Web Server，但不建议您将其直接暴露给 Internet 或公共网络.相反，始终将 OrientDB 服务器隐藏在专用网络中.

这是否意味着 OrientDB 用于侦听 HTTP 连接的端口 2480 应该只在本地打开而不暴露给外界?

Does this mean that the port 2480 which OrientDB uses for listening to HTTP connections should be open only locally but not being exposed to the outside world?

推荐答案

您可以使用反向代理从公共网络隐藏"您的 OrientDB 服务器.我在 AWS AMI Linux 机器上.使用 httpd 我在/etc/httpd/conf.d 中创建了一个名为 virtualhosts.conf 的文件.您如何设置虚拟主机可能取决于您的 linux 风格.virtualhosts.conf 的内容:

You can use a reverse proxy to "hide" your OrientDB server from the public web. I am on an AWS AMI Linux machine. Using httpd I created a file in /etc/httpd/conf.d called virtualhosts.conf. How you set up virtualhosts may depend on your linux flavor. Contents of virtualhosts.conf:

<VirtualHost *:80>
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    ServerName orientdb.mydomain.com
    DocumentRoot $ORIENTDBHOME$/www 
    ProxyRequests Off
    ProxyPass / http://127.0.0.1:2480/
    ProxyPassReverse / http://127.0.0.1:2480/
</VirtualHost>

<VirtualHost *:80>
    ServerName www.mydomain.com
    DocumentRoot /var/www
</VirtualHost>

用您的 OrientDB 安装路径替换 $ORIENTDBHOME$.所以我的子域 orientdb (orientdb.mydomain.com) 在端口 2480 转发到 OrientDB 服务器，但浏览器维护 orientdb.mydomain.com URL.我按照此处的说明进行操作，但还为我的主域.

Substitute $ORIENTDBHOME$ with the path to your OrientDB install. So my subdomain orientdb (orientdb.mydomain.com) forwards to the OrientDB server at port 2480 but the browser maintains the orientdb.mydomain.com URL. I followed the instructions here, but also added a virtualhost for my main domain.

更新:如果您的子域有 SSL 证书并将其设置为虚拟主机，请在 ssl.conf 文件中执行相同的代理设置.(将上述 VirtualHost 中的最后三行复制/粘贴到 SSL 虚拟主机中).

Update:Do the same Proxy settings for in your ssl.conf file if you have an SSL certificate for your subdomain and you have it set up as a virtualhost. (Copy/paste the last three lines from the above VirtualHost into your virtualhost for SSL).

更新 2:您可能甚至不想将 *:80 公开给公众，但它是为了演示而展示的.您可能也可以转发到 https，但您必须继续寻找该解决方案.

Update 2: You probably don't even want to expose the *:80 one to the public, but it's shown for demonstration. You probably can also forward to https, but you'll have to keep looking for that solution.

这篇关于服务器安全和通过 Rest 访问 OrientDB的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！