Difference between revisions of "Template:ApacheAppSuiteConf"
(36 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
− | Configure the '' | + | Configure the ''mod_proxy_{{#if:{{{connector|}}}|{{{connector}}}|ajp}}'' module by creating a new Apache configuration file. |
+ | |||
+ | $ vim {{#if:{{{connectorConf|}}}|{{{connectorConf}}}|{{{ajpconf}}}}} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
{{{loadmodule}}} | {{{loadmodule}}} | ||
− | <IfModule | + | <IfModule mod_proxy_{{#if:{{{connector|}}}|{{{connector}}}|ajp}}.c> |
ProxyRequests Off | ProxyRequests Off | ||
+ | ProxyStatus On | ||
+ | {{#ifeq: {{{connector}}} | http | {{Template:ApacheAppSuiteConf/httpProxyPreserveHost}} | }} | ||
+ | # Please note that the servlet path to the soap API has changed: | ||
+ | <Location /webservices> | ||
+ | # restrict access to the soap provisioning API | ||
+ | Order Deny,Allow | ||
+ | Deny from all | ||
+ | Allow from 127.0.0.1 | ||
+ | # you might add more ip addresses / networks here | ||
+ | # Allow from 192.168 10 172.16 | ||
+ | </Location> | ||
+ | |||
+ | # The old path is kept for compatibility reasons | ||
+ | <Location /servlet/axis2/services> | ||
+ | Order Deny,Allow | ||
+ | Deny from all | ||
+ | Allow from 127.0.0.1 | ||
+ | </Location> | ||
+ | |||
+ | # Enable the balancer manager mentioned in | ||
+ | # https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster | ||
+ | <IfModule mod_status.c> | ||
+ | <Location /balancer-manager> | ||
+ | SetHandler balancer-manager | ||
+ | Order Deny,Allow | ||
+ | Deny from all | ||
+ | Allow from 127.0.0.1 | ||
+ | </Location> | ||
+ | </IfModule> | ||
+ | |||
<Proxy balancer://oxcluster> | <Proxy balancer://oxcluster> | ||
Order deny,allow | Order deny,allow | ||
Allow from all | Allow from all | ||
# multiple server setups need to have the hostname inserted instead localhost | # multiple server setups need to have the hostname inserted instead localhost | ||
− | BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route= | + | BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1 |
# Enable and maybe add additional hosts running OX here | # Enable and maybe add additional hosts running OX here | ||
− | # BalancerMember ajp://oxhost2:8009 timeout=100 | + | # BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2 |
− | + | ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On | |
+ | {{#ifeq: {{{connector}}} | http | | ||
+ | SetEnv proxy-initial-not-pooled | ||
+ | SetEnv proxy-sendchunked | ||
+ | | }} | ||
</Proxy> | </Proxy> | ||
+ | |||
+ | # The standalone documentconverter(s) within your setup (if installed) | ||
+ | # Make sure to restrict access to backends only | ||
+ | # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos | ||
+ | #<Proxy balancer://oxcluster_docs> | ||
+ | # Order Deny,Allow | ||
+ | # Deny from all | ||
+ | # Allow from backend1IP | ||
+ | # BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3 | ||
+ | # ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On | ||
+ | # SetEnv proxy-initial-not-pooled | ||
+ | # SetEnv proxy-sendchunked | ||
+ | #</Proxy> | ||
+ | {{#ifeq: {{{connector}}} | http | {{Template:ApacheAppSuiteConf/easHttpProxy|syncProxyName={{{syncProxyName}}}}} | }} | ||
+ | |||
+ | # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of | ||
+ | # mappings have to be ordered from longest URL to shortest URL. | ||
+ | # | ||
+ | # Example: | ||
+ | # ProxyPass /ajax balancer://oxcluster_with_100s_timeout/ajax | ||
+ | # ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test | ||
+ | # | ||
+ | # Requests to /ajax/test would have a timeout of 100s instead of 200s | ||
+ | # | ||
+ | # See: | ||
+ | # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives | ||
+ | # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing | ||
+ | ProxyPass /ajax balancer://oxcluster/ajax | ||
+ | ProxyPass /appsuite/api balancer://oxcluster/ajax | ||
+ | ProxyPass /drive balancer://oxcluster/drive | ||
+ | ProxyPass /infostore balancer://oxcluster/infostore | ||
+ | {{#ifeq: {{{connector}}} | http | ProxyPass /realtime balancer://oxcluster/realtime | }} | ||
+ | ProxyPass /servlet balancer://oxcluster/servlet | ||
+ | ProxyPass /webservices balancer://oxcluster/webservices | ||
− | # | + | #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws |
− | + | ||
− | + | ProxyPass /usm-json balancer://{{#if:{{{syncProxyName|}}}|{{{syncProxyName}}}|oxcluster}}/usm-json | |
− | + | ProxyPass /Microsoft-Server-ActiveSync balancer://{{#if:{{{syncProxyName|}}}|{{{syncProxyName}}}|oxcluster}}/Microsoft-Server-ActiveSync | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</IfModule> | </IfModule> | ||
Line 78: | Line 101: | ||
ServerAdmin webmaster@localhost | ServerAdmin webmaster@localhost | ||
− | DocumentRoot /var/www | + | DocumentRoot {{#if:{{{docroot|}}}|{{{docroot}}}|/var/www}} |
− | <Directory | + | <Directory {{#if:{{{docroot|}}}|{{{docroot}}}|/var/www}}> |
− | + | Options -Indexes +FollowSymLinks +MultiViews | |
− | |||
− | |||
− | |||
− | Options Indexes FollowSymLinks MultiViews | ||
AllowOverride None | AllowOverride None | ||
Order allow,deny | Order allow,deny | ||
allow from all | allow from all | ||
+ | RedirectMatch ^/$ /appsuite/ | ||
</Directory> | </Directory> | ||
− | + | ||
− | <Directory {{#if:{{{docroot|}}}|{{{docroot}}}|/var/www/appsuite}}> | + | <Directory {{#if:{{{docroot|}}}|{{{docroot}}}/appsuite|/var/www/appsuite}}> |
Options None +SymLinksIfOwnerMatch | Options None +SymLinksIfOwnerMatch | ||
AllowOverride Indexes FileInfo | AllowOverride Indexes FileInfo | ||
</Directory> | </Directory> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</VirtualHost> | </VirtualHost> | ||
+ | |||
+ | If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at: | ||
+ | |||
+ | * [[AppSuite:Grizzly#.2Fopt.2Fopen-xchange.2Fetc.2Fserver.conf|Grizzly configuration]] in general, and specifically: | ||
+ | * [[AppSuite:Grizzly#X-FORWARDED-PROTO_Header|X-FORWARDED-PROTO Header]] | ||
+ | * [[AppSuite:Grizzly#X-FORWARDED-FOR_Header|X-FORWARDED-FOR Header]] | ||
+ | |||
+ | |||
+ | to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.<noinclude> | ||
+ | {{Template:ApacheAppSuiteConf/doc}} | ||
+ | </noinclude> |
Latest revision as of 10:53, 25 January 2021
Configure the mod_proxy_ajp module by creating a new Apache configuration file.
$ vim {{{ajpconf}}}
{{{loadmodule}}} <IfModule mod_proxy_ajp.c> ProxyRequests Off ProxyStatus On # Please note that the servlet path to the soap API has changed: <Location /webservices> # restrict access to the soap provisioning API Order Deny,Allow Deny from all Allow from 127.0.0.1 # you might add more ip addresses / networks here # Allow from 192.168 10 172.16 </Location> # The old path is kept for compatibility reasons <Location /servlet/axis2/services> Order Deny,Allow Deny from all Allow from 127.0.0.1 </Location> # Enable the balancer manager mentioned in # https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster <IfModule mod_status.c> <Location /balancer-manager> SetHandler balancer-manager Order Deny,Allow Deny from all Allow from 127.0.0.1 </Location> </IfModule> <Proxy balancer://oxcluster> Order deny,allow Allow from all # multiple server setups need to have the hostname inserted instead localhost BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1 # Enable and maybe add additional hosts running OX here # BalancerMember ajp://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2 ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On </Proxy> # The standalone documentconverter(s) within your setup (if installed) # Make sure to restrict access to backends only # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos #<Proxy balancer://oxcluster_docs> # Order Deny,Allow # Deny from all # Allow from backend1IP # BalancerMember ajp://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3 # ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On # SetEnv proxy-initial-not-pooled # SetEnv proxy-sendchunked #</Proxy> # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of # mappings have to be ordered from longest URL to shortest URL. # # Example: # ProxyPass /ajax balancer://oxcluster_with_100s_timeout/ajax # ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test # # Requests to /ajax/test would have a timeout of 100s instead of 200s # # See: # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing ProxyPass /ajax balancer://oxcluster/ajax ProxyPass /appsuite/api balancer://oxcluster/ajax ProxyPass /drive balancer://oxcluster/drive ProxyPass /infostore balancer://oxcluster/infostore ProxyPass /servlet balancer://oxcluster/servlet ProxyPass /webservices balancer://oxcluster/webservices #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws ProxyPass /usm-json balancer://oxcluster/usm-json ProxyPass /Microsoft-Server-ActiveSync balancer://oxcluster/Microsoft-Server-ActiveSync </IfModule>
Modify the default website settings to display the Open-Xchange GUI
$ vim {{{apacheconf}}}
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /var/www> Options -Indexes +FollowSymLinks +MultiViews AllowOverride None Order allow,deny allow from all RedirectMatch ^/$ /appsuite/ </Directory> <Directory /var/www/appsuite> Options None +SymLinksIfOwnerMatch AllowOverride Indexes FileInfo </Directory> </VirtualHost>
If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at:
- Grizzly configuration in general, and specifically:
- X-FORWARDED-PROTO Header
- X-FORWARDED-FOR Header
to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.
Usage
Parameters used by this template
- connector
- ajp or http, fallback to ajp if empty
- connectorConf
- path to the configuration file of the chosen connector, fallback to ajpConf (deprecated)
- loadmodule
- Loadmodule directive needed for apache on RedHat based distros e.g.: LoadModule proxy_http_module modules/mod_proxy_http.so
- apacheconf
- path to the config file of the default apache vhost(http)
- docroot
- path to the apache docroot, fallback to /var/www
- easProxyName
- the proxyName to use for the eas specific proxy container, only when using http for the connector parameter