What do you think? Discuss, post comments, or ask questions at the end of this article [More about me]

Skip to end of metadata
Go to start of metadata

Problem

By default crowd root (/) requests go a landing page that provides a link to setting up crowd, a few demo applications (which outlines using Crowd with OpenID etc.).  I'd prefer not to have this landing page publicly accessible.

Solution

One way around this is to simply redirect all traffic NOT to the /crowd/ context to the /crowd/ context.  So, any traffic to / or /openidserver/ will get redirected to the proper crowd application login.  You can do this using your preferred web server (Apachenginx, ...).

I use Apache2 and outline it's use specifically for Atlassian web apps here.  Below is part of my VirtualHost config for Crowd, with the redirect enabled

<VirtualHost *:443>
    ServerName crowd.jaytaala.com
 
    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On
 
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/crowd/ [OR]
    RewriteCond %{REQUEST_URI} about.jsp$
    RewriteRule ^(.*)$ http://127.0.0.1:8095/crowd/ [P,L]
 
    ProxyPass / http://127.0.0.1:8095/
    ProxyPassReverse / http://127.0.0.1:8095/
 
    ...

</VirtualHost>

Lines 8-11 show the rewrite rule that is used to redirect traffic to the /crowd/ context.

Line 10 will also redirect the about.jsp page back to the main login page.  I prefer to keep everything locked down and not accessible publicly, including the about page with information about versions etc.

References

  1. my brain...
  2. http://httpd.apache.org/docs/current/mod/mod_rewrite.html