Template:ApacheAppSuiteConf: Difference between revisions

From Open-Xchange
No edit summary
No edit summary
 
(23 intermediate revisions by 6 users not shown)
Line 3: Line 3:
  $ vim {{#if:{{{connectorConf|}}}|{{{connectorConf}}}|{{{ajpconf}}}}}
  $ vim {{#if:{{{connectorConf|}}}|{{{connectorConf}}}|{{{ajpconf}}}}}


# Please note that the servlet path to the soap API has changed:
 
<Location /webservices>
    # restrict access to the soap provisioning API
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    # you might add more ip addresses / networks here
    # Allow from 192.168 10 172.16
</Location>
# the old path is kept for compatibility reasons
<Location /servlet/axis2/services>
    # restrict access to the soap provisioning API
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    # you might add more ip addresses / networks here
    # Allow from 192.168 10 172.16
</Location>
  {{{loadmodule}}}
  {{{loadmodule}}}
   
   
  <IfModule mod_proxy_{{#if:{{{connector|}}}|{{{connector}}}|ajp}}.c>
  <IfModule mod_proxy_{{#if:{{{connector|}}}|{{{connector}}}|ajp}}.c>
     ProxyRequests Off
     ProxyRequests Off
    ProxyStatus On
     {{#ifeq: {{{connector}}} | http | {{Template:ApacheAppSuiteConf/httpProxyPreserveHost}} | }}
     {{#ifeq: {{{connector}}} | http | {{Template:ApacheAppSuiteConf/httpProxyPreserveHost}} | }}
    # Please note that the servlet path to the soap API has changed:
    <Location /webservices>
        # restrict access to the soap provisioning API
        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1
        # you might add more ip addresses / networks here
        # Allow from 192.168 10 172.16
    </Location>
 
    # The old path is kept for compatibility reasons
    <Location /servlet/axis2/services>
        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1
    </Location>
   
    # Enable the balancer manager mentioned in
    # https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster
    <IfModule mod_status.c>
      <Location /balancer-manager>
        SetHandler balancer-manager
        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1
      </Location>
    </IfModule>
   
     <Proxy balancer://oxcluster>
     <Proxy balancer://oxcluster>
         Order deny,allow
         Order deny,allow
         Allow from all
         Allow from all
         # multiple server setups need to have the hostname inserted instead localhost
         # multiple server setups need to have the hostname inserted instead localhost
         BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX1
         BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1
         # Enable and maybe add additional hosts running OX here
         # Enable and maybe add additional hosts running OX here
         # BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX2
         # BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2
       ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
       ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
       {{#ifeq: {{{connector}}} | http |
       {{#ifeq: {{{connector}}} | http |
Line 40: Line 50:
       SetEnv proxy-sendchunked
       SetEnv proxy-sendchunked
       | }}
       | }}
    </Proxy>
    {{#ifeq: {{{connector}}} | http | {{Template:ApacheAppSuiteConf/easHttpProxy|easProxyName={{{easProxyName}}}}} | }}
    # OX AppSuite frontend
    <Proxy /appsuite/api>
        ProxyPass balancer://oxcluster/ajax
     </Proxy>
     </Proxy>
   
    # The standalone documentconverter(s) within your setup (if installed)
    # Make sure to restrict access to backends only
    # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos
    #<Proxy balancer://oxcluster_docs>
    #    Order Deny,Allow
    #    Deny from all
    #    Allow from backend1IP
    #    BalancerMember {{#if:{{{connector|}}}|{{{connector}}}|ajp}}://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3
    #    ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
    #   SetEnv proxy-initial-not-pooled
    #    SetEnv proxy-sendchunked
    #</Proxy>
    {{#ifeq: {{{connector}}} | http | {{Template:ApacheAppSuiteConf/easHttpProxy|syncProxyName={{{syncProxyName}}}}} | }}
   
    # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of
    # mappings have to be ordered from longest URL to shortest URL.
    #
    # Example:
    #  ProxyPass /ajax      balancer://oxcluster_with_100s_timeout/ajax
    #  ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test
    #
    # Requests to /ajax/test would have a timeout of 100s instead of 200s
    # 
    # See:
    # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives
    # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing
    ProxyPass /ajax balancer://oxcluster/ajax
    ProxyPass /appsuite/api balancer://oxcluster/ajax
    ProxyPass /drive balancer://oxcluster/drive
    ProxyPass /infostore balancer://oxcluster/infostore
    {{#ifeq: {{{connector}}} | http | ProxyPass /realtime balancer://oxcluster/realtime | }}
    ProxyPass /servlet balancer://oxcluster/servlet
    ProxyPass /webservices balancer://oxcluster/webservices
    #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws
 
    ProxyPass /usm-json balancer://{{#if:{{{syncProxyName|}}}|{{{syncProxyName}}}|oxcluster}}/usm-json
    ProxyPass /Microsoft-Server-ActiveSync balancer://{{#if:{{{syncProxyName|}}}|{{{syncProxyName}}}|oxcluster}}/Microsoft-Server-ActiveSync
   
   
    # OX frontend
    <Proxy /ajax>
        ProxyPass balancer://oxcluster/ajax
    </Proxy>
    <Proxy /servlet>
        ProxyPass balancer://oxcluster/servlet
    </Proxy>
    <Proxy /infostore>
        ProxyPass balancer://oxcluster/infostore
    </Proxy>
    <Proxy /publications>
        ProxyPass balancer://oxcluster/publications
    </Proxy>
    # USM
    <Proxy /usm-json>
        ProxyPass balancer://oxcluster/usm-json
    </Proxy>
    # SOAP
    <Proxy /webservices>
        ProxyPass balancer://oxcluster/webservices
  </Proxy>
  {{#ifeq: {{{connector}}} | http |
    <Proxy /realtime>
        ProxyPass balancer://oxcluster/realtime
  </Proxy>
  | }}
    # OXtender{{#ifeq: {{{connector}}} | http | /EAS specific proxy container with higher timeout | }}
    <Proxy /Microsoft-Server-ActiveSync>
        ProxyPass balancer://{{#if:{{{easProxyName|}}}|{{{easProxyName}}}|oxcluster}}/Microsoft-Server-ActiveSync
    </Proxy>
  </IfModule>
  </IfModule>


Line 89: Line 103:
         DocumentRoot {{#if:{{{docroot|}}}|{{{docroot}}}|/var/www}}
         DocumentRoot {{#if:{{{docroot|}}}|{{{docroot}}}|/var/www}}
         <Directory {{#if:{{{docroot|}}}|{{{docroot}}}|/var/www}}>
         <Directory {{#if:{{{docroot|}}}|{{{docroot}}}|/var/www}}>
                 Options Indexes FollowSymLinks MultiViews
                 Options -Indexes +FollowSymLinks +MultiViews
                 AllowOverride None
                 AllowOverride None
                 Order allow,deny
                 Order allow,deny
Line 100: Line 114:
                 AllowOverride Indexes FileInfo
                 AllowOverride Indexes FileInfo
         </Directory>
         </Directory>
   
  </VirtualHost>
        # Possible values include: debug, info, notice, warn, error, crit,
 
        # alert, emerg.
If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at:
        LogLevel warn
 
* [[AppSuite:Grizzly#.2Fopt.2Fopen-xchange.2Fetc.2Fserver.conf|Grizzly configuration]] in general, and specifically:
        CustomLog ${APACHE_LOG_DIR}/access.log combined
* [[AppSuite:Grizzly#X-FORWARDED-PROTO_Header|X-FORWARDED-PROTO Header]]
</VirtualHost><noinclude>
* [[AppSuite:Grizzly#X-FORWARDED-FOR_Header|X-FORWARDED-FOR Header]]
 
 
to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.<noinclude>
{{Template:ApacheAppSuiteConf/doc}}
{{Template:ApacheAppSuiteConf/doc}}
</noinclude>
</noinclude>

Latest revision as of 10:53, 25 January 2021

Configure the mod_proxy_ajp module by creating a new Apache configuration file. 

$ vim {{{ajpconf}}}



{{{loadmodule}}}

<IfModule mod_proxy_ajp.c>
   ProxyRequests Off
   ProxyStatus On
   
   # Please note that the servlet path to the soap API has changed:
   <Location /webservices>
       # restrict access to the soap provisioning API
       Order Deny,Allow
       Deny from all
       Allow from 127.0.0.1
       # you might add more ip addresses / networks here
       # Allow from 192.168 10 172.16
   </Location>
 
   # The old path is kept for compatibility reasons
   <Location /servlet/axis2/services>
       Order Deny,Allow
       Deny from all
       Allow from 127.0.0.1
   </Location>
   
   # Enable the balancer manager mentioned in
   # https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster
   <IfModule mod_status.c>
     <Location /balancer-manager>
       SetHandler balancer-manager
       Order Deny,Allow
       Deny from all
       Allow from 127.0.0.1
     </Location>
   </IfModule>
   
   <Proxy balancer://oxcluster>
       Order deny,allow
       Allow from all
       # multiple server setups need to have the hostname inserted instead localhost
       BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1
       # Enable and maybe add additional hosts running OX here
       # BalancerMember ajp://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2
      ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
      
   </Proxy>
   
   # The standalone documentconverter(s) within your setup (if installed)
   # Make sure to restrict access to backends only
   # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos
   #<Proxy balancer://oxcluster_docs>
   #    Order Deny,Allow
   #    Deny from all
   #    Allow from backend1IP
   #    BalancerMember ajp://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3
   #    ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
   #	   SetEnv proxy-initial-not-pooled
   #    SetEnv proxy-sendchunked
   #</Proxy>
   
   
   # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of
   # mappings have to be ordered from longest URL to shortest URL.
   # 
   # Example:
   #   ProxyPass /ajax      balancer://oxcluster_with_100s_timeout/ajax
   #   ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test
   #
   # Requests to /ajax/test would have a timeout of 100s instead of 200s 
   #   
   # See:
   # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives
   # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing
   ProxyPass /ajax balancer://oxcluster/ajax
   ProxyPass /appsuite/api balancer://oxcluster/ajax
   ProxyPass /drive balancer://oxcluster/drive
   ProxyPass /infostore balancer://oxcluster/infostore
   
   ProxyPass /servlet balancer://oxcluster/servlet
   ProxyPass /webservices balancer://oxcluster/webservices

   #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws
 
   ProxyPass /usm-json balancer://oxcluster/usm-json
   ProxyPass /Microsoft-Server-ActiveSync balancer://oxcluster/Microsoft-Server-ActiveSync

</IfModule>


Modify the default website settings to display the Open-Xchange GUI 

$ vim {{{apacheconf}}}

<VirtualHost *:80>
       ServerAdmin webmaster@localhost

       DocumentRoot /var/www
       <Directory /var/www>
               Options -Indexes +FollowSymLinks +MultiViews
               AllowOverride None
               Order allow,deny
               allow from all
               RedirectMatch ^/$ /appsuite/
       </Directory>

       <Directory /var/www/appsuite>
               Options None +SymLinksIfOwnerMatch
               AllowOverride Indexes FileInfo
       </Directory>
</VirtualHost>

If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at:


to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.

Usage

Parameters used by this template

connector
ajp or http, fallback to ajp if empty
connectorConf
path to the configuration file of the chosen connector, fallback to ajpConf (deprecated)
loadmodule
Loadmodule directive needed for apache on RedHat based distros e.g.: LoadModule proxy_http_module modules/mod_proxy_http.so
apacheconf
path to the config file of the default apache vhost(http)
docroot
path to the apache docroot, fallback to /var/www
easProxyName
the proxyName to use for the eas specific proxy container, only when using http for the connector parameter

See also

Template:ApacheAppSuiteConf/testcases

Retrieved from "https://wiki.open-xchange.com/wiki/index.php?title=Template:ApacheAppSuiteConf&oldid=25695"