Template:ApacheAppSuiteConf: Difference between revisions

From Open-Xchange
No edit summary
No edit summary
 
(37 intermediate revisions by 6 users not shown)
Line 1: Line 1:
Configure the ''mod_proxy_ajp'' module by creating a new Apache configuration file.
Configure the ''mod_proxy_{{#if:{{{connector|}}}|{{{connector}}}|ajp}}'' module by creating a new Apache configuration file.
$ vim {{#if:{{{connectorConf|}}}|{{{connectorConf}}}|{{{ajpconf}}}}}


$ vim {{{ajpconf}}}


# Please note that the servlet path to the soap API has changed:
<Location /webservices>
    # restrict access to the soap provisioning API
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    # you might add more ip addresses / networks here
    # Allow from 192.168 10 172.16
</Location>
# the old path is kept for compatibility reasons
<Location /servlet/axis2/services>
    # restrict access to the soap provisioning API
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    # you might add more ip addresses / networks here
    # Allow from 192.168 10 172.16
</Location>
  {{{loadmodule}}}
  {{{loadmodule}}}
   
   
  <IfModule mod_proxy_ajp.c>
  <IfModule mod_proxy_{{#if:{{{connector|}}}|{{{connector}}}|ajp}}.c>
     ProxyRequests Off
     ProxyRequests Off
    ProxyStatus On
    {{#ifeq: {{{connector}}} | http | {{Template:ApacheAppSuiteConf/httpProxyPreserveHost}} | }}
    # Please note that the servlet path to the soap API has changed:
    <Location /webservices>
        # restrict access to the soap provisioning API
        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1
        # you might add more ip addresses / networks here
        # Allow from 192.168 10 172.16
    </Location>
 
    # The old path is kept for compatibility reasons
    <Location /servlet/axis2/services>
        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1
    </Location>
   
    # Enable the balancer manager mentioned in
    # https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster
    <IfModule mod_status.c>
      <Location /balancer-manager>
        SetHandler balancer-manager
        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1
      </Location>
    </IfModule>
   
     <Proxy balancer://oxcluster>
     <Proxy balancer://oxcluster>
         Order deny,allow
         Order deny,allow
         Allow from all
         Allow from all
         # multiple server setups need to have the hostname inserted instead localhost
         # multiple server setups need to have the hostname inserted instead localhost
         BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX1
         BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1
         # Enable and maybe add additional hosts running OX here
         # Enable and maybe add additional hosts running OX here
         # BalancerMember ajp://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX2
         # BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2
        ProxySet stickysession=JSESSIONID
      ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
      {{#ifeq: {{{connector}}} | http |
      SetEnv proxy-initial-not-pooled
      SetEnv proxy-sendchunked
      | }}
     </Proxy>
     </Proxy>
   
    # The standalone documentconverter(s) within your setup (if installed)
    # Make sure to restrict access to backends only
    # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos
    #<Proxy balancer://oxcluster_docs>
    #    Order Deny,Allow
    #    Deny from all
    #    Allow from backend1IP
    #    BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3
    #    ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
    #   SetEnv proxy-initial-not-pooled
    #    SetEnv proxy-sendchunked
    #</Proxy>
    {{#ifeq: {{{connector}}} | http | {{Template:ApacheAppSuiteConf/easHttpProxy|syncProxyName={{{syncProxyName}}}}} | }}
   
    # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of
    # mappings have to be ordered from longest URL to shortest URL.
    #
    # Example:
    #  ProxyPass /ajax      balancer://oxcluster_with_100s_timeout/ajax
    #  ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test
    #
    # Requests to /ajax/test would have a timeout of 100s instead of 200s
    # 
    # See:
    # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives
    # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing
    ProxyPass /ajax balancer://oxcluster/ajax
    ProxyPass /appsuite/api balancer://oxcluster/ajax
    ProxyPass /drive balancer://oxcluster/drive
    ProxyPass /infostore balancer://oxcluster/infostore
    {{#ifeq: {{{connector}}} | http | ProxyPass /realtime balancer://oxcluster/realtime | }}
    ProxyPass /servlet balancer://oxcluster/servlet
    ProxyPass /webservices balancer://oxcluster/webservices
   
   
     # OX AppSuite frontend
     #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws
    <Proxy /appsuite/api>
 
        ProxyPass balancer://oxcluster/ajax
    ProxyPass /usm-json balancer://{{#if:{{{syncProxyName|}}}|{{{syncProxyName}}}|oxcluster}}/usm-json
     </Proxy>
     ProxyPass /Microsoft-Server-ActiveSync balancer://{{#if:{{{syncProxyName|}}}|{{{syncProxyName}}}|oxcluster}}/Microsoft-Server-ActiveSync
   
   
    # OX6 frontend
    <Proxy /ajax>
        ProxyPass balancer://oxcluster/ajax
    </Proxy>
    <Proxy /servlet>
        ProxyPass balancer://oxcluster/servlet
    </Proxy>
    <Proxy /infostore>
        ProxyPass balancer://oxcluster/infostore
    </Proxy>
    <Proxy /publications>
        ProxyPass balancer://oxcluster/publications
    </Proxy>
    # OXtender
    <Proxy /Microsoft-Server-ActiveSync>
        ProxyPass balancer://oxcluster/Microsoft-Server-ActiveSync
    </Proxy>
    <Proxy /usm-json>
        ProxyPass balancer://oxcluster/usm-json
    </Proxy>
    # SOAP
    <Proxy /webservices>
        ProxyPass balancer://oxcluster/webservices
  </Proxy>
  </IfModule>
  </IfModule>


Line 78: Line 101:
         ServerAdmin webmaster@localhost
         ServerAdmin webmaster@localhost
   
   
         DocumentRoot /var/www
         DocumentRoot {{#if:{{{docroot|}}}|{{{docroot}}}|/var/www}}
         <Directory />
         <Directory {{#if:{{{docroot|}}}|{{{docroot}}}|/var/www}}>
                Options FollowSymLinks
                 Options -Indexes +FollowSymLinks +MultiViews
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                 Options Indexes FollowSymLinks MultiViews
                 AllowOverride None
                 AllowOverride None
                 Order allow,deny
                 Order allow,deny
                 allow from all
                 allow from all
                RedirectMatch ^/$ /appsuite/
         </Directory>
         </Directory>
 
         <Directory /var/www/appsuite>
         <Directory {{#if:{{{docroot|}}}|{{{docroot}}}/appsuite|/var/www/appsuite}}>
                 Options None +SymLinksIfOwnerMatch
                 Options None +SymLinksIfOwnerMatch
                 AllowOverride Indexes FileInfo
                 AllowOverride Indexes FileInfo
         </Directory>
         </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined
  </VirtualHost>
  </VirtualHost>
If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at:
* [[AppSuite:Grizzly#.2Fopt.2Fopen-xchange.2Fetc.2Fserver.conf|Grizzly configuration]] in general, and specifically:
* [[AppSuite:Grizzly#X-FORWARDED-PROTO_Header|X-FORWARDED-PROTO Header]]
* [[AppSuite:Grizzly#X-FORWARDED-FOR_Header|X-FORWARDED-FOR Header]]
to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.<noinclude>
{{Template:ApacheAppSuiteConf/doc}}
</noinclude>

Latest revision as of 10:53, 25 January 2021

Configure the mod_proxy_ajp module by creating a new Apache configuration file. 

$ vim {{{ajpconf}}}



{{{loadmodule}}}

<IfModule mod_proxy_ajp.c>
   ProxyRequests Off
   ProxyStatus On
   
   # Please note that the servlet path to the soap API has changed:
   <Location /webservices>
       # restrict access to the soap provisioning API
       Order Deny,Allow
       Deny from all
       Allow from 127.0.0.1
       # you might add more ip addresses / networks here
       # Allow from 192.168 10 172.16
   </Location>
 
   # The old path is kept for compatibility reasons
   <Location /servlet/axis2/services>
       Order Deny,Allow
       Deny from all
       Allow from 127.0.0.1
   </Location>
   
   # Enable the balancer manager mentioned in
   # https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster
   <IfModule mod_status.c>
     <Location /balancer-manager>
       SetHandler balancer-manager
       Order Deny,Allow
       Deny from all
       Allow from 127.0.0.1
     </Location>
   </IfModule>
   
   <Proxy balancer://oxcluster>
       Order deny,allow
       Allow from all
       # multiple server setups need to have the hostname inserted instead localhost
       BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1
       # Enable and maybe add additional hosts running OX here
       # BalancerMember ajp://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2
      ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
      
   </Proxy>
   
   # The standalone documentconverter(s) within your setup (if installed)
   # Make sure to restrict access to backends only
   # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos
   #<Proxy balancer://oxcluster_docs>
   #    Order Deny,Allow
   #    Deny from all
   #    Allow from backend1IP
   #    BalancerMember ajp://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3
   #    ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
   #	   SetEnv proxy-initial-not-pooled
   #    SetEnv proxy-sendchunked
   #</Proxy>
   
   
   # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of
   # mappings have to be ordered from longest URL to shortest URL.
   # 
   # Example:
   #   ProxyPass /ajax      balancer://oxcluster_with_100s_timeout/ajax
   #   ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test
   #
   # Requests to /ajax/test would have a timeout of 100s instead of 200s 
   #   
   # See:
   # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives
   # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing
   ProxyPass /ajax balancer://oxcluster/ajax
   ProxyPass /appsuite/api balancer://oxcluster/ajax
   ProxyPass /drive balancer://oxcluster/drive
   ProxyPass /infostore balancer://oxcluster/infostore
   
   ProxyPass /servlet balancer://oxcluster/servlet
   ProxyPass /webservices balancer://oxcluster/webservices

   #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws
 
   ProxyPass /usm-json balancer://oxcluster/usm-json
   ProxyPass /Microsoft-Server-ActiveSync balancer://oxcluster/Microsoft-Server-ActiveSync

</IfModule>


Modify the default website settings to display the Open-Xchange GUI 

$ vim {{{apacheconf}}}

<VirtualHost *:80>
       ServerAdmin webmaster@localhost

       DocumentRoot /var/www
       <Directory /var/www>
               Options -Indexes +FollowSymLinks +MultiViews
               AllowOverride None
               Order allow,deny
               allow from all
               RedirectMatch ^/$ /appsuite/
       </Directory>

       <Directory /var/www/appsuite>
               Options None +SymLinksIfOwnerMatch
               AllowOverride Indexes FileInfo
       </Directory>
</VirtualHost>

If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at:


to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.

Usage

Parameters used by this template

connector
ajp or http, fallback to ajp if empty
connectorConf
path to the configuration file of the chosen connector, fallback to ajpConf (deprecated)
loadmodule
Loadmodule directive needed for apache on RedHat based distros e.g.: LoadModule proxy_http_module modules/mod_proxy_http.so
apacheconf
path to the config file of the default apache vhost(http)
docroot
path to the apache docroot, fallback to /var/www
easProxyName
the proxyName to use for the eas specific proxy container, only when using http for the connector parameter

See also

Template:ApacheAppSuiteConf/testcases

Retrieved from "https://wiki.open-xchange.com/wiki/index.php?title=Template:ApacheAppSuiteConf&oldid=25695"