Template:ApacheAppSuiteConf: Difference between revisions
From Open-Xchange
No edit summary |
No edit summary |
||
| Line 116: | Line 116: | ||
If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at: | If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at: | ||
* [[AppSuite:Grizzly#.2Fopt.2Fopen-xchange.2Fetc.2Fserver.conf|Grizzly configuration]] in general, and specifically: | |||
* [[AppSuite:Grizzly#X-FORWARDED-PROTO_Header|X-FORWARDED-PROTO Header]] | * [[AppSuite:Grizzly#X-FORWARDED-PROTO_Header|X-FORWARDED-PROTO Header]] | ||
* [[AppSuite:Grizzly# | * [[AppSuite:Grizzly#X-FORWARDED-FOR_Header|X-FORWARDED-FOR Header]] | ||
to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.<noinclude> | to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.<noinclude> | ||
{{Template:ApacheAppSuiteConf/doc}} | {{Template:ApacheAppSuiteConf/doc}} | ||
</noinclude> | </noinclude> | ||
Revision as of 09:13, 22 May 2014
Configure the mod_proxy_ajp module by creating a new Apache configuration file.
$ vim {{{ajpconf}}}
{{{loadmodule}}}
<IfModule mod_proxy_ajp.c>
ProxyRequests Off
ProxyStatus On
# Please note that the servlet path to the soap API has changed:
<Location /webservices>
# restrict access to the soap provisioning API
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
# you might add more ip addresses / networks here
# Allow from 192.168 10 172.16
</Location>
# The old path is kept for compatibility reasons
<Location /servlet/axis2/services>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>
# Enable the balancer manager mentioned in
# http://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster
<IfModule mod_status.c>
<Location /balancer-manager>
SetHandler balancer-manager
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>
</IfModule>
<Proxy balancer://oxcluster>
Order deny,allow
Allow from all
# multiple server setups need to have the hostname inserted instead localhost
BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX1
# Enable and maybe add additional hosts running OX here
# BalancerMember ajp://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX2
ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
</Proxy>
# The standalone documentconverter(s) within your setup (if installed)
#<Proxy balancer://oxcluster_docs>
# Order deny,allow
# Allow from all
# BalancerMember ajp://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=OX3
# ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
# SetEnv proxy-initial-not-pooled
# SetEnv proxy-sendchunked
#</Proxy>
# When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of
# mappings have to be ordered from longest URL to shortest URL.
#
# Example:
# ProxyPass /ajax balancer://oxcluster_with_100s_timeout/ajax
# ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test
#
# Requests to /ajax/test would have a timeout of 100s instead of 200s
#
# See:
# - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives
# - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing
ProxyPass /ajax balancer://oxcluster/ajax
ProxyPass /appsuite/api balancer://oxcluster/ajax
ProxyPass /infostore balancer://oxcluster/infostore
ProxyPass /publications balancer://oxcluster/publications
ProxyPass /servlet balancer://oxcluster/servlet
ProxyPass /webservices balancer://oxcluster/webservices
#ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws
ProxyPass /usm-json balancer://oxcluster/usm-json
ProxyPass /Microsoft-Server-ActiveSync balancer://oxcluster/Microsoft-Server-ActiveSync
</IfModule>
Modify the default website settings to display the Open-Xchange GUI
$ vim {{{apacheconf}}}
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
RedirectMatch ^/$ /appsuite/
</Directory>
<Directory /var/www/appsuite>
Options None +SymLinksIfOwnerMatch
AllowOverride Indexes FileInfo
</Directory>
</VirtualHost>
If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at:
* Grizzly configuration in general, and specifically: * X-FORWARDED-PROTO Header * X-FORWARDED-FOR Header
to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.
Usage
Parameters used by this template
- connector
- ajp or http, fallback to ajp if empty
- connectorConf
- path to the configuration file of the chosen connector, fallback to ajpConf (deprecated)
- loadmodule
- Loadmodule directive needed for apache on RedHat based distros e.g.: LoadModule proxy_http_module modules/mod_proxy_http.so
- apacheconf
- path to the config file of the default apache vhost(http)
- docroot
- path to the apache docroot, fallback to /var/www
- easProxyName
- the proxyName to use for the eas specific proxy container, only when using http for the connector parameter