├── .gitattributes ├── .github └── workflows │ └── build.yml ├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── NOTICE ├── PULL_REQUEST_TEMPLATE.md ├── README.md ├── ams └── 2.6 │ └── etc │ └── httpd │ ├── conf.d │ ├── 000_init_ootb_vars.conf │ ├── 001_init_ams_vars.conf │ ├── README │ ├── available_vhosts │ │ ├── 000_unhealthy_author.vhost │ │ ├── 000_unhealthy_publish.vhost │ │ ├── aem_author.vhost │ │ ├── aem_flush.vhost │ │ ├── aem_flush_author.vhost │ │ ├── aem_health.vhost │ │ ├── aem_publish.vhost │ │ └── ams_lc.vhost │ ├── dispatcher_vhost.conf │ ├── logformat.conf │ ├── mimetypes3d.conf │ ├── remoteip.conf │ ├── rewrites │ │ ├── base_rewrite.rules │ │ └── xforwarded_forcessl_rewrite.rules │ ├── security.conf │ ├── variables │ │ ├── ams_default.vars │ │ └── ootb.vars │ └── whitelists │ │ └── 000_base_whitelist.rules │ ├── conf.dispatcher.d │ ├── available_farms │ │ ├── 000_ams_catchall_farm.any │ │ ├── 001_ams_author_flush_farm.any │ │ ├── 001_ams_publish_flush_farm.any │ │ ├── 002_ams_author_farm.any │ │ ├── 002_ams_lc_farm.any │ │ ├── 002_ams_publish_farm.any │ │ └── 100_weretail_publish_farm.any │ ├── cache │ │ ├── ams_author_cache.any │ │ ├── ams_author_invalidate_allowed.any │ │ ├── ams_publish_cache.any │ │ └── ams_publish_invalidate_allowed.any │ ├── clientheaders │ │ ├── ams_author_clientheaders.any │ │ ├── ams_common_clientheaders.any │ │ ├── ams_lc_clientheaders.any │ │ └── ams_publish_clientheaders.any │ ├── dispatcher.any │ ├── filters │ │ ├── ams_author_filters.any │ │ ├── ams_lc_filters.any │ │ └── ams_publish_filters.any │ ├── renders │ │ ├── ams_author_renders.any │ │ ├── ams_lc_renders.any │ │ └── ams_publish_renders.any │ └── vhosts │ │ ├── ams_author_vhosts.any │ │ ├── ams_lc_vhosts.any │ │ └── ams_publish_vhosts.any │ ├── conf.modules.d │ ├── 00-base.conf │ ├── 00-dav.conf │ ├── 00-lua.conf │ ├── 00-mpm.conf │ ├── 00-proxy.conf │ ├── 00-ssl.conf │ ├── 00-systemd.conf │ ├── 01-cgi.conf │ └── 02-dispatcher.conf │ └── conf │ ├── httpd.conf │ └── magic ├── dispatcher-docker-compose ├── dispatcher-kill ├── dispatcher-login ├── dispatcher-mount ├── dispatcher-remote ├── docker-compose.yaml ├── haproxy └── haproxy.cfg ├── mnt ├── author_docroot │ └── README.md ├── log │ └── README.md └── publish_docroot │ └── README.md ├── renovate.json ├── sample ├── weretail.vhost ├── weretail_filters.any └── weretail_publish_farm.any └── scripts ├── env.sh ├── launch.sh └── setup.sh /.gitattributes: -------------------------------------------------------------------------------- 1 | *.sh text eol=lf 2 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: Buld and Deploy Images 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | tags: 8 | - v* 9 | 10 | jobs: 11 | docker: 12 | runs-on: ubuntu-latest 13 | 14 | permissions: 15 | packages: write 16 | contents: read 17 | 18 | steps: 19 | - name: Set up QEMU 20 | uses: docker/setup-qemu-action@v3 21 | - name: Set up Docker Buildx 22 | uses: docker/setup-buildx-action@v3 23 | - name: Login to GitHub Container Registry 24 | uses: docker/login-action@v3 25 | with: 26 | registry: ghcr.io 27 | username: ${{ github.actor }} 28 | password: ${{ secrets.GITHUB_TOKEN }} 29 | - name: Docker metadata 30 | id: metadata 31 | uses: docker/metadata-action@v5 32 | with: 33 | images: ghcr.io/adobe/aem-dispatcher-docker 34 | - name: Build and push 35 | uses: docker/build-push-action@v6 36 | with: 37 | platforms: linux/amd64,linux/arm64 38 | push: true 39 | tags: ${{ steps.metadata.outputs.tags }} 40 | labels: ${{ steps.metadata.outputs.labels }} 41 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | /.idea/ 3 | *.iml 4 | 5 | # do not check in files generated by dispatcher-mount 6 | logs/ 7 | cache/ 8 | **/enabled_vhosts 9 | **/enabled_farms 10 | 11 | # do not check in samples 12 | **/conf.d/available_vhosts/weretail.vhost 13 | **/conf.dispatcher.d/filters/weretail_filters.any 14 | **/conf.dispatcher.d/available_farms/weretail_publish_farm.any 15 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Adobe Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our project and community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. 6 | 7 | We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. 8 | 9 | ## Our Standards 10 | 11 | Examples of behavior that contribute to a positive environment for our project and community include: 12 | 13 | * Demonstrating empathy and kindness toward other people 14 | * Being respectful of differing opinions, viewpoints, and experiences 15 | * Giving and gracefully accepting constructive feedback 16 | * Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience 17 | * Focusing on what is best, not just for us as individuals but for the overall community 18 | 19 | Examples of unacceptable behavior include: 20 | 21 | * The use of sexualized language or imagery, and sexual attention or advances of any kind 22 | * Trolling, insulting or derogatory comments, and personal or political attacks 23 | * Public or private harassment 24 | * Publishing others’ private information, such as a physical or email address, without their explicit permission 25 | * Other conduct which could reasonably be considered inappropriate in a professional setting 26 | 27 | ## Our Responsibilities 28 | 29 | Project maintainers are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any instances of unacceptable behavior. 30 | 31 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for behaviors that they deem inappropriate, threatening, offensive, or harmful. 32 | 33 | ## Scope 34 | 35 | This Code of Conduct applies when an individual is representing the project or its community both within project spaces and in public spaces. Examples of representing a project or community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. 36 | 37 | ## Enforcement 38 | 39 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by first contacting the project team. Oversight of Adobe projects is handled by the Adobe Open Source Office, which has final say in any violations and enforcement of this Code of Conduct and can be reached at . All complaints will be reviewed and investigated promptly and fairly. 40 | 41 | The project team must respect the privacy and security of the reporter of any incident. 42 | 43 | Project maintainers who do not follow or enforce the Code of Conduct may face temporary or permanent repercussions as determined by other members of the project's leadership or the Adobe Open Source Office. 44 | 45 | ## Enforcement Guidelines 46 | 47 | Project maintainers will follow these Community Impact Guidelines in determining the consequences for any action they deem to be in violation of this Code of Conduct: 48 | 49 | ### 1. Correction 50 | 51 | Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. 52 | 53 | Consequence: A private, written warning from project maintainers describing the violation and why the behavior was unacceptable. A public apology may be requested from the violator before any further involvement in the project by violator. 54 | 55 | ### 2. Warning 56 | 57 | Community Impact: A relatively minor violation through a single incident or series of actions. 58 | 59 | Consequence: A written warning from project maintainers that includes stated consequences for continued unacceptable behavior. Violator must refrain from interacting with the people involved for a specified period of time as determined by the project maintainers, including, but not limited to, unsolicited interaction with those enforcing the Code of Conduct through channels such as community spaces and social media. Continued violations may lead to a temporary or permanent ban. 60 | 61 | ### 3. Temporary Ban 62 | 63 | Community Impact: A more serious violation of community standards, including sustained unacceptable behavior. 64 | 65 | Consequence: A temporary ban from any interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Failure to comply with the temporary ban may lead to a permanent ban. 66 | 67 | ### 4. Permanent Ban 68 | 69 | Community Impact: Demonstrating a consistent pattern of violation of community standards or an egregious violation of community standards, including, but not limited to, sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. 70 | 71 | Consequence: A permanent ban from any interaction with the community. 72 | 73 | ## Attribution 74 | 75 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, 76 | available at [http://contributor-covenant.org/version/2/1][version] 77 | 78 | [homepage]: http://contributor-covenant.org 79 | [version]: http://contributor-covenant.org/version/2/1 80 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Thanks for choosing to contribute! 4 | 5 | The following are a set of guidelines to follow when contributing to this project. 6 | 7 | ## Code Of Conduct 8 | 9 | This project adheres to the Adobe [code of conduct](../CODE_OF_CONDUCT.md). By participating, 10 | you are expected to uphold this code. Please report unacceptable behavior to 11 | [Grp-opensourceoffice@adobe.com](mailto:Grp-opensourceoffice@adobe.com). 12 | 13 | ## Have A Question? 14 | 15 | Start by filing an issue. The existing committers on this project work to reach 16 | consensus around project direction and issue solutions within issue threads 17 | (when appropriate). 18 | 19 | ## Contributor License Agreement 20 | 21 | All third-party contributions to this project must be accompanied by a signed contributor 22 | license agreement. This gives Adobe permission to redistribute your contributions 23 | as part of the project. [Sign our CLA](https://opensource.adobe.com/cla.html). You 24 | only need to submit an Adobe CLA one time, so if you have submitted one previously, 25 | you are good to go! 26 | 27 | ## Code Reviews 28 | 29 | All submissions should come in the form of pull requests and need to be reviewed 30 | by project committers. Read [GitHub's pull request documentation](https://help.github.com/articles/about-pull-requests/) 31 | for more information on sending pull requests. 32 | 33 | Lastly, please follow the [pull request template](PULL_REQUEST_TEMPLATE.md) when 34 | submitting a pull request! 35 | 36 | ## From Contributor To Committer 37 | 38 | We love contributions from our community! If you'd like to go a step beyond contributor 39 | and become a committer with full write access and a say in the project, you must 40 | be invited to the project. The existing committers employ an internal nomination 41 | process that must reach lazy consensus (silence is approval) before invitations 42 | are issued. If you feel you are qualified and want to get more deeply involved, 43 | feel free to reach out to existing committers to have a conversation about that. 44 | 45 | ## Security Issues 46 | 47 | Security issues shouldn't be reported on this issue tracker. Instead, [file an issue to our security experts](https://helpx.adobe.com/security/alertus.html). 48 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2024 Adobe Systems Incorporated. All rights reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | FROM --platform=$TARGETPLATFORM redhat/ubi8:8.8 17 | 18 | # Install HTTPD 19 | RUN yum -y update && yum -y install httpd mod_ssl procps haproxy iputils less openssl && yum clean all 20 | 21 | # Remove default httpd config 22 | RUN rm -rf /etc/httpd/conf/* && rm -rf /etc/httpd/conf.d/* && rm -rf /etc/httpd/conf.modules.d/* 23 | 24 | # Copy the AMS base files into the image. 25 | COPY ams/2.6/etc/httpd /etc/httpd 26 | # Setup sample configs 27 | COPY sample/weretail_filters.any /etc/httpd/conf.dispatcher.d/filters/weretail_filters.any 28 | COPY sample/weretail_publish_farm.any /etc/httpd/conf.dispatcher.d/available_farms/100_weretail_publish_farm.any 29 | COPY sample/weretail.vhost /etc/httpd/conf.d/available_vhosts/ 30 | 31 | # Copy haproxy config 32 | COPY haproxy/haproxy.cfg /etc/haproxy 33 | 34 | # Install dispatcher 35 | ARG TARGETARCH 36 | COPY scripts/setup.sh / 37 | RUN chmod +x /setup.sh 38 | # Ensuring correct file ending on windows systems 39 | RUN sed -i -e 's/\r\n/\n/' /setup.sh 40 | RUN ./setup.sh 41 | RUN rm /setup.sh 42 | 43 | COPY scripts/launch.sh / 44 | # Ensuring correct file ending on windows systems 45 | RUN sed -i -e 's/\r\n/\n/' /launch.sh 46 | RUN chmod +x /launch.sh 47 | 48 | COPY LICENSE / 49 | COPY NOTICE / 50 | 51 | EXPOSE 80 443 52 | 53 | # Start container 54 | ENTRYPOINT ["/bin/bash","/launch.sh"] 55 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright 2024 Adobe Systems Incorporated. 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | AEM Dispatcher Docker Container 2 | Copyright 2024 Adobe Systems Incorporated 3 | 4 | This software is licensed under the Apache License, Version 2.0 (see 5 | LICENSE file). 6 | 7 | This software uses the following third party libraries that may have 8 | licenses differing from that of the software itself. You can find the 9 | libraries and their respective licenses below. 10 | 11 | -------------------------------------------------------------------------------- /PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Description 4 | 5 | 6 | 7 | ## Related Issue 8 | 9 | 10 | 11 | 12 | 13 | 14 | ## Motivation and Context 15 | 16 | 17 | 18 | ## How Has This Been Tested? 19 | 20 | 21 | 22 | 23 | 24 | ## Screenshots (if appropriate) 25 | 26 | ## Types of changes 27 | 28 | 29 | 30 | - [ ] Bug fix (non-breaking change which fixes an issue) 31 | - [ ] New feature (non-breaking change which adds functionality) 32 | - [ ] Breaking change (fix or feature that would cause existing functionality to change) 33 | 34 | ## Checklist 35 | 36 | 37 | 38 | 39 | - [ ] I have signed the [Adobe Open Source CLA](https://opensource.adobe.com/cla.html). 40 | - [ ] My code follows the code style of this project. 41 | - [ ] My change requires a change to the documentation. 42 | - [ ] I have updated the documentation accordingly. 43 | - [ ] I have read the **CONTRIBUTING** document. 44 | - [ ] I have added tests to cover my changes. 45 | - [ ] All new and existing tests passed. 46 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # Dispatcher Docker image 3 | 4 | This is a simple dispatcher image that is very close to an AMS setup. 5 | It builds on top of [Redhat Universal Base Image 8.8](https://hub.docker.com/r/redhat/ubi8) and contains the default AMS Dispatcher 2.6 configuration. 6 | 7 | The default publish host has been set to `publish.docker.local` and the default renderer is set to `host.docker.internal:4503` which should point to the AEM instance running on your local computer. 8 | 9 | [HAProxy](https://www.haproxy.org/) has been embedded in the image to support SSL connections the mimic how AMS has setup their ELBs/AppGWs. 10 | 11 | Environmental variables are configured in `scripts/env.sh` 12 | 13 | # Basic Setup 14 | 15 | ## Building the image 16 | 17 | We use docker's buildx to support multi-arch images. 18 | 19 | ```shell 20 | docker buildx create --use 21 | docker buildx build --load -t dispatcher --platform=linux/amd64 . 22 | ``` 23 | 24 | To build for Apple Silicon or Windows ARM, use `--platform=linux/arm64` instead 25 | 26 | Multi-arch images can be built, but can only be pushed to a remote registry and not be directly loaded in Docker desktop. 27 | 28 | ## Checking the created image 29 | 30 | ```shell 31 | $ docker images 32 | REPOSITORY TAG IMAGE ID CREATED SIZE 33 | dispatcher latest 6b4b91a23c06 1 minute ago 725MB 34 | ``` 35 | 36 | ## How to use the image 37 | 38 | You can run the image in two different ways 39 | 40 | 1. As a completely independent remote server 41 | - This is a quick way to get dispatcher up and running locally and you're not planning to make any changes to the configuration files. 42 | 2. By keeping the configuration files on your local system and mounting them when you start the image. 43 | - This is the recommended way to start the image as it will allow you to quickly make changes and see them apply without the need to rebuild the container. 44 | 45 | ### Running the image 46 | 47 | ```shell 48 | docker run -p 80:8080 -p 443:8443 -itd --rm --env-file scripts/env.sh --name dispatcher dispatcher 49 | ``` 50 | 51 | | Quick Reference | | 52 | | ----------------- | ------------------------------------------------------------ | 53 | | -p 80:8080 | map port 80 of the host to port 8080 of the container use -p 8080:8080 if port 80 already is in use on the host) | 54 | | -p 443:8443 | map port 443 of the host to port 8443 of the container. (use -p 4443:8443 if port 443 already is in use on the host) | 55 | | -i | keep STDIN open even if not attached ("interactive") and | 56 | | -t | allocate a pseudo-tty to allow interactive logins ("tty") | 57 | | -d | run docker detached in the background | 58 | | --rm | automatically remove the container when it exits | 59 | | --env-file | Environment file to bind to the container | 60 | | --name dispatcher | assign name "dispatcher" to the container, consider setting a different name per project. | 61 | 62 | ### Using Docker Compose 63 | 64 | Provided `docker-compose.yaml` can be modified to suit your needs. In a typical scenario you would incorporate it to your own Docker Compose configuration. 65 | 66 | You can start dispatcher with Docker Compose using script `dispatcher-docker-compose` 67 | 68 | Following folders are mounted from the host os to make it easier to inspect cached files and monitor log files. 69 | 70 | | Folder | | 71 | | -------------------- | ------------------------------------------------------------ | 72 | | mnt/author_docroot | Author cached files | 73 | | mnt/publish_docroot | Publish cached files | 74 | | mnt/log | Dispatcher logs | 75 | 76 | ## Checking the container's current state 77 | 78 | ```shell 79 | $ docker container ps 80 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 81 | 8c345d523ff2 dispatcher "/bin/bash /launch.sh" About a minute ago Up About a minute 80/tcp, 443/tcp, 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp dispatcher 82 | ``` 83 | 84 | ## Testing your AEM installation 85 | 86 | The dispatcher maps `publish.docker.local` to the local publisher instance on port 4503. 87 | Run the publisher and navigate to [http://we-retail.docker.local/content/we-retail/language-masters/en.html](http://we-retail.docker.local/content/we-retail/language-masters/en.html) 88 | 89 | ## Adapting your localhost 90 | 91 | The image is based on the configuration used by AMS. If you are planning to deploy the configuration into AMS, please make sure to also read the section on **Immutable files**. 92 | 93 | The configuration is environment agnostic. It is supposed to run as-is locally, on dev, stage and prod etc without any change. All environment specific variables are stored in a file `scripts/env.sh`. 94 | 95 | The default configuration is 96 | 97 | `author.docker.local` for the Author 98 | `publish.docker.local`for the Publisher 99 | 100 | Make sure that both are mapped in your local `/etc/hosts` file. 101 | The Dispatcher connects to the Author and Publisher through `host.docker.internal` . 102 | 103 | ```shell 104 | $ cat /etc/hosts | grep docker.local 105 | 127.0.0.1 author.docker.local 106 | 127.0.0.1 publish.docker.local 107 | 127.0.0.1 we-retail.docker.local 108 | 127.0.0.1 host.docker.internal 109 | ``` 110 | 111 | # Using your own dispatcher config 112 | 113 | There are several options to use this container with your own configuration: 114 | 115 | 1. Remote web server ([dispatcher-remote](dispatcher-remote)) 116 | - Copy the configuration you are working on into the container with `docker cp` 117 | - Log into the container and restart apache 118 | - A disadvantage with `docker cp` is that it only copies and does not sync the directory contents and will require manual intervention if files were deleted locally. 119 | 2. Mount a local directory ([dispatcher-mount](dispatcher-mount)) 120 | - A local dispatcher project module is mounted read-only into the container at startup. 121 | - After each change, restart the current container or SIGHUP the httpd process. 122 | 3. Create a separate docker image 123 | - This is useful if you have a separate team working on multiple dispatcher configurations and you have access to a container repository to distribute pre-built images 124 | 125 | ## Remote web server 126 | 127 | ### Start dispatcher in container 128 | 129 | ```shell 130 | docker run -p 80:8080 -p 443:8443 -itd --rm --name dispatcher --env-file scripts/env.sh dispatcher 131 | ``` 132 | 133 | ### Copy files to docker container 134 | 135 | ```shell 136 | cd _your_project_/dispatcher/etc/httpd 137 | docker cp . dispatcher:/etc/httpd/ 138 | ``` 139 | 140 | ### Connecting to the Dispatcher terminal 141 | 142 | You can run shell commands inside the dispatcher container. 143 | 144 | ```shell 145 | docker exec -it dispatcher /bin/bash 146 | ``` 147 | 148 | ### Reloading the Dispatcher 149 | 150 | You can reload the dispatcher with following command: 151 | 152 | ```shell 153 | kill -HUP `cat /var/run/httpd/httpd.pid` 154 | ``` 155 | 156 | ### Inspecting the logs 157 | 158 | While connected to dispatcher, you can view the logs in `/var/log/httpd` 159 | 160 | ```shell 161 | $ ll /var/log/httpd/ 162 | total 36 163 | -rw-r--r-- 1 root root 14779 May 20 10:04 access_log 164 | -rw-r--r-- 1 root root 15295 May 20 10:04 dispatcher.log 165 | -rw-r--r-- 1 root root 739 May 20 10:03 error_log 166 | -rw-r--r-- 1 root root 0 May 20 10:03 healthcheck_access_log 167 | ``` 168 | 169 | ## Mount a local directory 170 | 171 | ### Start Dispatcher with local folders mapped 172 | 173 | We are assuming you have your Dispatcher configuration stored in a folder "dispatcher" in your project: 174 | 175 | ```shell 176 | cd _your_project_/dispatcher 177 | mkdir logs 178 | 179 | docker run -p 80:8080 -p 443:8443 -itd --rm --name dispatcher --env-file scripts/env.sh \ 180 | --mount type=bind,src=$(pwd)/src/conf,dst=/etc/httpd/conf,readonly=true \ 181 | --mount type=bind,src=$(pwd)/src/conf.d,dst=/etc/httpd/conf.d,readonly=true \ 182 | --mount type=bind,src=$(pwd)/src/conf.dispatcher.d,dst=/etc/httpd/conf.dispatcher.d,readonly=true \ 183 | --mount type=bind,src=$(pwd)/src/conf.modules.d,dst=/etc/httpd/conf.modules.d,readonly=true \ 184 | --mount type=bind,src=$(pwd)/logs,dst=/var/log/httpd \ 185 | --mount type=tmpfs,dst=/tmp \ 186 | dispatcher 187 | ``` 188 | 189 | | Quick Reference | | 190 | | ------------------------------------------------------------ | ------------------------------------------------------------ | 191 | | --mount type=bind,src=$(pwd)/src/conf,dst=/etc/httpd/conf,readonly=true | Binds the folder `src/conf` in the host's current working directory to /etc/httpd/conf in a read-only fashion | 192 | | --mount type=tmpfs,dst=/tmp | Uses a memory based filesystem for temporary data to (slighly) improve the performance | 193 | 194 | This is a lot to type. We had to mount each folder individually, as the Dispatcher Docker image also contains the `/modules` folder in `/etc` and mounting `/etc`would make them unavailable. 195 | 196 | Alternatively, you can use the convenience script 197 | 198 | ```shell 199 | ./dispatcher-mount 200 | ``` 201 | 202 | in this distribution. The script assumes that the "src/conf" folder is in the current directory and terminates with an error if it can't find it. 203 | 204 | ## Restarting the container 205 | 206 | You can restart the container by calling 207 | 208 | ```shell 209 | docker restart -t0 dispatcher 210 | ``` 211 | 212 | | Quick Reference | | 213 | | --------------- | ------------------------------------------------------------ | 214 | | -t0 | Kills the container after 0 seconds and does not wait for the Apache to shut down. This is safe, as the container does not preserve any crucial data. | 215 | 216 | Or - if you are lazy - just call the shell-scripts: 217 | 218 | ```shell 219 | ./dispatcher-kill 220 | ./dispatcher-mount 221 | ``` 222 | 223 | # Create your own image 224 | 225 | You can also use this image as a base image, and add your configuration on top of it with similar Dockerfile 226 | 227 | ```Dockerfile 228 | FROM dispatcher 229 | 230 | COPY yourproject/dispatcher/src/conf /etc/httpd 231 | COPY yourproject/dispatcher/src/conf.d /etc/httpd 232 | COPY yourproject/dispatcher/src/conf.dispatcher.d /etc/httpd 233 | COPY yourproject/dispatcher/src/conf.modules.d /etc/httpd 234 | COPY yourproject/dispatcher/cert.pem /etc/ssl/docker/haproxy.pem 235 | 236 | # Start container 237 | ENTRYPOINT ["/bin/bash","/launch.sh"] 238 | ``` 239 | 240 | # Immutable files 241 | 242 | Certain files on AMS hosted dispatchers are immutable, and cannot be changed. This is achieved on filesystem level by using extended attributes. Docker does not support such functionality which means that any changes to the dispatcher configuration will be reflected in your docker image, but may not be applied on an AMS environment after deployment. 243 | 244 | Those files are: 245 | 246 | ```text 247 | /etc/httpd/conf/httpd.conf 248 | /etc/httpd/conf.d/available_vhosts/aem_author.vhost 249 | /etc/httpd/conf.d/available_vhosts/aem_publish.vhost 250 | /etc/httpd/conf.d/available_vhosts/aem_flush.vhost 251 | /etc/httpd/conf.d/available_vhosts/aem_health.vhost 252 | /etc/httpd/conf.d/available_vhosts/000_unhealthy_author.vhost 253 | /etc/httpd/conf.d/available_vhosts/000_unhealthy_publish.vhost 254 | /etc/httpd/conf.d/available_vhosts/aem_flush_author.vhost 255 | /etc/httpd/conf.d/available_vhosts/ams_lc.vhost 256 | /etc/httpd/conf.d/rewrites/base_rewrite.rules 257 | /etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules 258 | /etc/httpd/conf.d/whitelists/000_base_whitelist.rules 259 | /etc/httpd/conf.d/variables/ootb.vars 260 | /etc/httpd/conf.d/dispatcher_vhost.conf 261 | /etc/httpd/conf.d/logformat.conf 262 | /etc/httpd/conf.d/security.conf 263 | /etc/httpd/conf.d/mimetypes3d.conf 264 | /etc/httpd/conf.d/remoteip.conf 265 | /etc/httpd/conf.d/000_init_ootb_vars.conf 266 | /etc/httpd/conf.d/001_init_ams_vars.conf 267 | /etc/httpd/conf.modules.d/02-dispatcher.conf 268 | /etc/httpd/conf.dispatcher.d/available_farms/000_ams_catchall_farm.any 269 | /etc/httpd/conf.dispatcher.d/available_farms/001_ams_author_flush_farm.any 270 | /etc/httpd/conf.dispatcher.d/available_farms/001_ams_publish_flush_farm.any 271 | /etc/httpd/conf.dispatcher.d/available_farms/002_ams_author_farm.any 272 | /etc/httpd/conf.dispatcher.d/available_farms/002_ams_lc_farm.any 273 | /etc/httpd/conf.dispatcher.d/available_farms/002_ams_publish_farm.any 274 | /etc/httpd/conf.dispatcher.d/cache/ams_author_cache.any 275 | /etc/httpd/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any 276 | /etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any 277 | /etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any 278 | /etc/httpd/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any 279 | /etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any 280 | /etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any 281 | /etc/httpd/conf.dispatcher.d/clientheaders/ams_lc_clientheaders.any 282 | /etc/httpd/conf.dispatcher.d/filters/ams_author_filters.any 283 | /etc/httpd/conf.dispatcher.d/filters/ams_publish_filters.any 284 | /etc/httpd/conf.dispatcher.d/filters/ams_lc_filters.any 285 | /etc/httpd/conf.dispatcher.d/renders/ams_author_renders.any 286 | /etc/httpd/conf.dispatcher.d/renders/ams_lc_renders.any 287 | /etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any 288 | /etc/httpd/conf.dispatcher.d/vhosts/ams_author_vhosts.any 289 | /etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any 290 | /etc/httpd/conf.dispatcher.d/vhosts/ams_lc_vhosts.any 291 | /etc/httpd/conf.dispatcher.d/dispatcher.any 292 | ``` 293 | 294 | # Troubleshooting 295 | 296 | ## Inspecting log files 297 | 298 | By default, the `DISP_LOG_LEVEL` is set to "4" (trace) in the file `ams_default.vars` (This setting is used in `dispatcher_vhost.conf`). 299 | 300 | Log into the remote dispatcher and view the log files call 301 | 302 | ```shell 303 | ./dispatcher-login 304 | ``` 305 | 306 | and navigate into `/var/log/httpd/` 307 | 308 | ```shell 309 | cd /var/log/httpd/ 310 | ``` 311 | 312 | > **TIP** If you mounted the logs directory, you can just inspect the logs files directly on your machine. 313 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/000_init_ootb_vars.conf: -------------------------------------------------------------------------------- 1 | Include /etc/httpd/conf.d/variables/ootb.vars -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/001_init_ams_vars.conf: -------------------------------------------------------------------------------- 1 | Include /etc/httpd/conf.d/variables/ams_*.vars -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/README: -------------------------------------------------------------------------------- 1 | 2 | This directory holds configuration files for the Apache HTTP Server; 3 | any files in this directory which have the ".conf" extension will be 4 | processed as httpd configuration files. The directory is used in 5 | addition to the directory /etc/httpd/conf.modules.d/, which contains 6 | configuration files necessary to load modules. 7 | 8 | Files are processed in alphabetical order. 9 | 10 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/available_vhosts/000_unhealthy_author.vhost: -------------------------------------------------------------------------------- 1 | 2 | ServerName unhealthyauthor 3 | ServerAlias ${AUTHOR_DEFAULT_HOSTNAME} 4 | ErrorDocument 503 /error.html 5 | DocumentRoot /mnt/var/www/default 6 | 7 | 8 | Options FollowSymLinks 9 | AllowOverride None 10 | ##### Insert filter 11 | SetOutputFilter DEFLATE 12 | ##### Don't compress images 13 | SetEnvIfNoCase Request_URI \ 14 | \.(?:gif|jpe?g|png)$ no-gzip dont-vary 15 | ##### Make sure proxies don't deliver the wrong content 16 | Header append Vary User-Agent env=!dont-vary 17 | 18 | 19 | AllowOverride None 20 | Require all granted 21 | 22 | 23 | Header always add X-Dispatcher ${DISP_ID} 24 | Header always add X-Vhost "unhealthy-author" 25 | 26 | 27 | ReWriteEngine on 28 | RewriteCond %{REQUEST_URI} !^/error.html$ 29 | RewriteRule ^/* /error.html [R=503,L,NC] 30 | 31 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/available_vhosts/000_unhealthy_publish.vhost: -------------------------------------------------------------------------------- 1 | 2 | ServerName unhealthypublish 3 | ServerAlias ${PUBLISH_DEFAULT_HOSTNAME} 4 | ErrorDocument 503 /error.html 5 | DocumentRoot /mnt/var/www/default 6 | 7 | 8 | Options FollowSymLinks 9 | AllowOverride None 10 | #### Insert filter 11 | SetOutputFilter DEFLATE 12 | #### Don't compress images 13 | SetEnvIfNoCase Request_URI \ 14 | \.(?:gif|jpe?g|png)$ no-gzip dont-vary 15 | #### Make sure proxies don't deliver the wrong content 16 | Header append Vary User-Agent env=!dont-vary 17 | 18 | 19 | AllowOverride None 20 | Require all granted 21 | 22 | 23 | Header always add X-Dispatcher ${DISP_ID} 24 | Header always add X-Vhost "unhealthy-publish" 25 | 26 | 27 | ReWriteEngine on 28 | RewriteCond %{REQUEST_URI} !^/error.html$ 29 | RewriteRule ^/* /error.html [R=503,L,NC] 30 | 31 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/available_vhosts/aem_author.vhost: -------------------------------------------------------------------------------- 1 | ## Collect any enviromental variables that are set in /etc/sysconfig/httpd 2 | ## Collect the dispatchers number 3 | PassEnv DISP_ID 4 | 5 | 6 | ## allowing slashes in the URL to be encoded and still honored 7 | AllowEncodedSlashes On 8 | ServerName "author" 9 | ServerAlias ${AUTHOR_DEFAULT_HOSTNAME} 10 | 11 | 12 | ## Use a special doc root that doesn't overlap publish doc roots or it wont fetch from author each time and authors wont see their changes 13 | DocumentRoot ${AUTHOR_DOCROOT} 14 | ## Add header breadcrumbs for help in troubleshooting 15 | 16 | Header always add X-Dispatcher ${DISP_ID} 17 | Header always add X-Vhost "author" 18 | Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'" 19 | Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'" 20 | #### Make sure proxies don't deliver the wrong content 21 | Header append Vary User-Agent env=!dont-vary 22 | ## Force SSL for author 23 | ## Add HSTS for avoiding man in the middle during browser redirect to SSL 24 | Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" 25 | 26 | 27 | Options Indexes FollowSymLinks 28 | AllowOverride None 29 | Require all granted 30 | 31 | 32 | ## Update /etc/sysconfig/httpd with setting the AUTHOR_WHITELIST_ENABLED from 0 or 1 to enable or disable ip restriction rules 33 | 34 | Include /etc/httpd/conf.d/whitelists/*_whitelist.rules 35 | 36 | 37 | ## Some items cache with the wrong mime type 38 | ## Use this option to use the name to auto-detect mime types when cached improperly 39 | ModMimeUsePathInfo On 40 | ## Use this option to avoid cache poisioning 41 | ## Sling will return /content/image.jpg as well as /content/image.jpg/ but apache can't search /content/image.jpg/ as a file 42 | ## Apache will treat that like a directory. This assures the last slash is never stored in cache 43 | DirectorySlash Off 44 | ## Enable the dispatcher file handler for apache to fetch files from AEM 45 | SetHandler dispatcher-handler 46 | 47 | Options FollowSymLinks 48 | AllowOverride None 49 | #### Insert filter 50 | SetOutputFilter DEFLATE 51 | #### Don't compress images 52 | SetEnvIfNoCase Request_URI \ 53 | \.(?:gif|jpe?g|png)$ no-gzip dont-vary 54 | #### Don't compress AEM assets 55 | SetEnvIfNoCase Request_URI assetdownload no-gzip dont-vary 56 | 57 | 58 | ## Enabled to allow rewrites to take affect and not be ignored by the dispatcher module 59 | DispatcherUseProcessedURL 1 60 | ## Default setting to allow all errors to come from the aem instance 61 | DispatcherPassError 0 62 | 63 | 64 | ReWriteEngine on 65 | LogLevel warn rewrite:info 66 | ##Global rewrite include 67 | Include /etc/httpd/conf.d/rewrites/base_rewrite.rules 68 | ## Update /etc/sysconfig/httpd with setting the AUTHOR_FORCE_SSL from 0 or 1 to enable or disable enforcing SSL 69 | 70 | Include /etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules 71 | 72 | 73 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/available_vhosts/aem_flush.vhost: -------------------------------------------------------------------------------- 1 | ## Collect any enviromental variables that are set in /etc/sysconfig/httpd 2 | ## Collect the dispatchers number 3 | PassEnv DISP_ID 4 | ## Use this vhost in conjunction with adding a Host Header (flush) to your AEM flush agent configurations so they fall into this host 5 | ## This is a deliberate flush target that doesn't conflict with customers configurations of the dispatcher 6 | 7 | ServerName "dispflush" 8 | ServerAlias flush 9 | 10 | 11 | ## Use a doc root that matches what's in the /etc/httpd/conf/publish-farm.any 12 | DocumentRoot ${PUBLISH_DOCROOT} 13 | ## Add header breadcrumbs for help in troubleshooting 14 | 15 | Header always add X-Dispatcher ${DISP_ID} 16 | Header always add X-Vhost "flush" 17 | 18 | 19 | AllowOverride None 20 | Require all granted 21 | 22 | 23 | 24 | SetHandler dispatcher-handler 25 | 26 | 27 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/available_vhosts/aem_flush_author.vhost: -------------------------------------------------------------------------------- 1 | ## Collect any enviromental variables that are set in /etc/sysconfig/httpd 2 | ## Collect the dispatchers number 3 | PassEnv DISP_ID 4 | ## Use this vhost in conjunction with adding a Host Header (authorflush) to your AEM author flush agent configurations so they fall into this host 5 | ## This is a deliberate flush target that doesn't conflict with customers configurations of the dispatcher 6 | ## This is for the intended use to flush cached directories of author content. /var/www/author 7 | 8 | ServerName "authorflush" 9 | ServerAlias "authordispflush" 10 | 11 | ## Use a doc root that matches what's in the /etc/httpd/conf/author-farm.any 12 | DocumentRoot ${AUTHOR_DOCROOT} 13 | ## Add header breadcrumbs for help in troubleshooting 14 | 15 | Header always add X-Dispatcher ${DISP_ID} 16 | Header always add X-Vhost "authorflush" 17 | 18 | 19 | AllowOverride None 20 | Require all granted 21 | 22 | 23 | 24 | SetHandler dispatcher-handler 25 | 26 | 27 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/available_vhosts/aem_health.vhost: -------------------------------------------------------------------------------- 1 | ## Collect the dispatchers number 2 | PassEnv DISP_ID 3 | ## Use this vhost in conjunction with adding a Host Header (health) to your load balancer configurations so they fall into this host 4 | ## This will execute the scripts that live in /var/www/cgi-bin/health/ 5 | ## To test this is working tail the log file: /var/log/elb/health_check.log 6 | ## Then run a curl command to run the script: curl -H 'Host: health' http://localhost:81/health/ or curl -H 'Host: health' http://localhost/health/ 7 | 8 | ## This requires a cgi-module to be loaded like: 9 | ## LoadModule cgid_module modules/mod_cgid.so 10 | ## Which should be called in /etc/httpd/conf.modules.d/01-cgi.conf 11 | 12 | Listen 81 13 | 14 | ServerName "health-aws" 15 | ServerAlias health health_check 16 | ## CustomLog for access 17 | CustomLog logs/healthcheck_access_log combined 18 | ## Set the timeouts for header and body to be larger than the idle timeout setting on the load balancer. 19 | 20 | RequestReadTimeout header=65 body=65 21 | 22 | 23 | Header always add X-Dispatcher ${DISP_ID} 24 | Header always add X-Vhost "health" 25 | 26 | 27 | AllowOverride None 28 | Options None 29 | Require all granted 30 | 31 | ScriptAlias /health/ "/var/www/cgi-bin/health/" 32 | ScriptAlias /eagle/ "/var/www/cgi-bin/health/" 33 | 34 | 35 | 36 | ServerName "health-azure" 37 | ServerAlias health health_check 38 | ## CustomLog for access 39 | CustomLog logs/healthcheck_access_log combined 40 | ## Set the timeouts for header and body to be larger than the idle timeout setting on the load balancer. 41 | 42 | RequestReadTimeout header=65 body=65 43 | 44 | 45 | Header always add X-Dispatcher ${DISP_ID} 46 | Header always add X-Vhost "health" 47 | 48 | 49 | AllowOverride None 50 | Options None 51 | Require all granted 52 | 53 | ScriptAlias /health/ "/var/www/cgi-bin/health/" 54 | ScriptAlias /eagle/ "/var/www/cgi-bin/health/" 55 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/available_vhosts/aem_publish.vhost: -------------------------------------------------------------------------------- 1 | ## Collect any enviromental variables that are set in /etc/sysconfig/httpd 2 | ## Collect the dispatchers number 3 | PassEnv DISP_ID 4 | 5 | 6 | ## allowing slashes in the URL to be encoded and still honored 7 | AllowEncodedSlashes On 8 | ServerName publish 9 | ## Put names of which domains are used for your published site/content here 10 | ServerAlias ${PUBLISH_DEFAULT_HOSTNAME} 11 | 12 | 13 | ## Use a doc root that matches what's in the /etc/httpd/conf/publish-farm.any 14 | DocumentRoot ${PUBLISH_DOCROOT} 15 | ## Add header breadcrumbs for help in troubleshooting 16 | 17 | Header always add X-Dispatcher ${DISP_ID} 18 | Header always add X-Vhost "publish" 19 | Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'" 20 | Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'" 21 | #### Make sure proxies don't deliver the wrong content 22 | Header append Vary User-Agent env=!dont-vary 23 | ## Force SSL for author 24 | ## Add HSTS for avoiding man in the middle during browser redirect to SSL 25 | Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" 26 | 27 | 28 | ## Update /etc/sysconfig/httpd with setting the PUBLISH_WHITELIST_ENABLED from 0 or 1 to enable or disable ip restriction rules 29 | 30 | Include /etc/httpd/conf.d/whitelists/*_whitelist.rules 31 | 32 | 33 | ## Some items cache with the wrong mime type 34 | ## Use this option to use the name to auto-detect mime types when cached improperly 35 | ModMimeUsePathInfo On 36 | ## Use this option to avoid cache poisioning 37 | ## Sling will return /content/image.jpg as well as /content/image.jpg/ but apache can't search /content/image.jpg/ as a file 38 | ## Apache will treat that like a directory. This assures the last slash is never stored in cache 39 | DirectorySlash Off 40 | ## Enable the dispatcher file handler for apache to fetch files from AEM 41 | SetHandler dispatcher-handler 42 | 43 | Options FollowSymLinks 44 | AllowOverride None 45 | #### Insert filter 46 | SetOutputFilter DEFLATE 47 | #### Don't compress images 48 | SetEnvIfNoCase Request_URI \ 49 | \.(?:gif|jpe?g|png)$ no-gzip dont-vary 50 | 51 | 52 | AllowOverride None 53 | Require all granted 54 | 55 | 56 | ## Enabled to allow rewrites to take affect and not be ignored by the dispatcher module 57 | DispatcherUseProcessedURL 1 58 | ## Default setting to allow all errors to come from the aem instance 59 | DispatcherPassError 0 60 | 61 | 62 | ReWriteEngine on 63 | LogLevel warn rewrite:info 64 | ##Global rewrite include 65 | Include /etc/httpd/conf.d/rewrites/base_rewrite.rules 66 | ## Update /etc/sysconfig/httpd with setting the PUBLISH_FORCE_SSL from 0 or 1 to enable or disable enforcing SSL 67 | 68 | Include /etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules 69 | 70 | 71 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/available_vhosts/ams_lc.vhost: -------------------------------------------------------------------------------- 1 | ## Collect any enviromental variables that are set in /etc/sysconfig/httpd 2 | 3 | ServerName livecycle 4 | ## Put names of which domains are used for your livecycle site/content here 5 | ServerAlias ${LIVECYCLE_DEFAULT_HOSTNAME} 6 | ## Use a doc root that matches what's in the /etc/httpd/conf.dispatcher.d/lc-farm.any 7 | DocumentRoot ${LIVECYCLE_DOCROOT} 8 | ## Add header breadcrumbs for help in troubleshooting 9 | 10 | Header always add X-Dispatcher ${DISP_ID} 11 | Header always add X-Vhost "livecycle" 12 | Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'" 13 | Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" 14 | Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'" 15 | #### Make sure proxies don't deliver the wrong content 16 | Header append Vary User-Agent env=!dont-vary 17 | 18 | 19 | ## Update /etc/sysconfig/httpd with setting the LIVECYCLE_WHITELIST_ENABLED from 0 or 1 to enable or disable ip restriction rules 20 | 21 | Include /etc/httpd/conf.d/whitelists/*_whitelist.rules 22 | 23 | 24 | ## Some items cache with the wrong mime type 25 | ## Use this option to use the name to auto-detect mime types when cached improperly 26 | ModMimeUsePathInfo On 27 | ## Use this option to avoid cache poisioning 28 | ## Sling will return /content/image.jpg as well as /content/image.jpg/ but apache can't search /content/image.jpg/ as a file 29 | ## Apache will treat that like a directory. This assures the last slash is never stored in cache 30 | DirectorySlash Off 31 | ## Enable the dispatcher file handler for apache to fetch files from AEM 32 | SetHandler dispatcher-handler 33 | 34 | Options FollowSymLinks 35 | AllowOverride None 36 | #### Insert filter 37 | SetOutputFilter DEFLATE 38 | #### Don't compress images 39 | SetEnvIfNoCase Request_URI \ 40 | \.(?:gif|jpe?g|png)$ no-gzip dont-vary 41 | 42 | 43 | AllowOverride None 44 | Require all granted 45 | 46 | 47 | ## Enabled to allow rewrites to take affect and not be ignored by the dispatcher module 48 | DispatcherUseProcessedURL 1 49 | ## Default setting to allow all errors to come from the aem instance 50 | DispatcherPassError 0 51 | 52 | 53 | ReWriteEngine on 54 | LogLevel warn rewrite:info 55 | ##Global rewrite include 56 | Include /etc/httpd/conf.d/rewrites/base_rewrite.rules 57 | ## Update /etc/sysconfig/httpd with setting the LIVECYCLE_FORCE_SSL from 0 or 1 to enable or disable enforcing SSL 58 | 59 | Include /etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules 60 | 61 | 62 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/dispatcher_vhost.conf: -------------------------------------------------------------------------------- 1 | ### This file is auto-included by httpd.conf and customers shouldn't put their changes here. Instead put then in another /etc/httpd/conf.d/*.conf file or in /etc/httpd/conf.d/available_vhosts/*.vhost 2 | 3 | ## Fake ServerName to avoid warning in startup 4 | ServerName dispatcher 5 | 6 | ##If the module loads correctly then apply base settings for the module 7 | 8 | ## location of the configuration file. eg: 'conf/dispatcher.any' 9 | DispatcherConfig conf.dispatcher.d/dispatcher.any 10 | ## location of the dispatcher log file. eg: 'logs/dispatcher.log' 11 | DispatcherLog logs/dispatcher.log 12 | ## log level for the dispatcher log default 0 for production and default 2 for non-production dispatchers 13 | ## 0 Errors 14 | ## 1 Warnings 15 | ## 2 Infos 16 | ## 3 Debug 17 | DispatcherLogLevel ${DISP_LOG_LEVEL} 18 | ## if turned to 1, request to / are not handled by the dispatcher 19 | ## use the mod_alias then for the correct mapping 20 | DispatcherDeclineRoot 0 21 | ## if turned to 1, the dispatcher uses the URL already processed 22 | ## by handlers preceeding the dispatcher (i.e. mod_rewrite) 23 | ## instead of the original one passed to the web server. 24 | DispatcherUseProcessedURL 1 25 | ## Default value of 0 but if its set to 1 then the dispatcher will have apache handle all errors 26 | ## If set to a string of error numbers it will only hand off those errors to apache to handle 27 | #DispatcherPassError 403,404 28 | #DispatcherPassError 1 29 | 30 | ## Include all of the customers *.vhost files as well as the default ones provided for author and publish URLs 31 | Include /etc/httpd/conf.d/enabled_vhosts/*.vhost 32 | 33 | 34 | ## Create a catch-all vhost 35 | ## A catch-all is a safe place for un-matched hostnames to land. 36 | ## This prevents someone pointing an-unwanted DNS record at your site and loading your pages. 37 | ## Example: yoursitesucks.com (CNAME) -> yourelbaddressQKAWZM8H-208090978.us-east-1.elb.amazonaws.com 38 | ## This host will accept any hostname and with a rewrite rule load the same index page giving away no details as to what they are hitting 39 | ## That way bots and hackers won't know what purpose a random IP listening on webports is really doing. 40 | ## Hitting the catch all doesn't let them know the customer is ExampleCo.com etc.. 41 | 42 | ServerName unmatched-host-catch-all 43 | ServerAlias "*" 44 | ErrorDocument 403 /index.html 45 | 46 | 47 | ## Azure traffic manager will hit here so lets have a custom log for that 48 | SetEnvIf User-agent .*Azure\sTraffic\sManager.* trafficmanager 49 | CustomLog logs/healthcheck_access_log combined env=trafficmanager 50 | CustomLog logs/access_log combined env=!trafficmanager 51 | ## Specify where the catch all html files live 52 | DocumentRoot /mnt/var/www/default 53 | ## Add some visible targets AKA breadcrumbs that you can see in your browser dev tools or curl -I command 54 | 55 | Options Indexes FollowSymLinks 56 | AllowOverride None 57 | Require all granted 58 | 59 | 60 | Header always add X-Vhost catch-all 61 | Header add X-Dispatcher ${DISP_ID} 62 | 63 | 64 | ReWriteEngine on 65 | RewriteCond %{REQUEST_URI} !^/index.html$ 66 | RewriteRule ^/* /index.html [F,L,NC] 67 | 68 | 69 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/logformat.conf: -------------------------------------------------------------------------------- 1 | ## Logging format to capture the Host requested, and the referer to assure we get direct requests IP and proxied requests proper public addresses in our log entries of the access_log 2 | 3 | LogFormat "%a \"%{Host}i\" %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 4 | 5 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/mimetypes3d.conf: -------------------------------------------------------------------------------- 1 | ##This is needed,if there is any intention of caching 3D files on Publish/Dispatcher, otherwise the files will be served from cache with incorrect content types. 2 | 3 | Define 3D_MIMETYPE_ENABLED 1 4 | 5 | 6 | 7 | 8 | AddType model/vnd.usdz+zip usdz 9 | AddType model/gltf-binary glb 10 | AddType model/gltf+json gltf 11 | AddType application/x-tgif obj 12 | AddType application/vnd.ms-pki.stl stl 13 | AddType model/x-adobe-dn dn 14 | 15 | 16 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/remoteip.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Extract true client IP from header added by load balancer/CDN 3 | # 4 | 5 | 6 | # valid for ALB, ELB, AppGateway or Load Balancer + CloudFront 7 | RemoteIPHeader X-Forwarded-For 8 | 9 | # valid for ALB, ELB, AppGateway or Load Balancer + Akamai 10 | #RemoteIPHeader True-Client-IP 11 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/rewrites/base_rewrite.rules: -------------------------------------------------------------------------------- 1 | ## This file is used to apply rewrite rules as an include. 2 | ## Consider the base file here as a global for re-use 3 | 4 | ##Examples: 5 | ## This ruleset would look for robots.txt and fetch it from the dam only if the domain is exampleco-dev.adobecqms.net 6 | #RewriteCond %{SERVER_NAME} exampleco-dev.adobecqms.net [NC] 7 | #RewriteRule ^/robots.txt$ /content/dam/exampleco/robots.txt [NC,PT] 8 | ## This ruleset would look for favicon.ico in exampleco's base dam folder if the domain is exampleco-brand1-dev.adobecqms.net 9 | #RewriteCond %{SERVER_NAME} exampleco-brand1-dev.adobecqms.net [NC] 10 | #RewriteRule ^/favicon.ico$ /content/dam/exampleco/favicon.ico [NC,PT] 11 | ## This ruleset would look for sitemap.xml and point it at the re-usable file in exampleco's general folder of their site pages 12 | #RewriteCond %{SERVER_NAME} exampleco-brand2-dev.adobecqms.net [NC] 13 | #RewriteRule ^/sitemap.xml$ /content/exampleco/general/sitemap.xml [NC,PT] 14 | ## This ruleset would look for logo.jpg on all sites and source it from exampleco's general folder 15 | #RewriteRule ^/logo.jpg$ /content/dam/exampleco/general/logo.jpg [NC,PT] 16 | 17 | ## This ruleset is a vanity url that exampleco's contactus site that doesn't exist on our environment 18 | #RewriteRule ^/contactus https://corp.exampleco.com/contactus.html [NC,R=301] 19 | 20 | ## Prevent X-FORWARDED-FOR spoofing 21 | RewriteCond %{HTTP:X-Forwarded-For} !^$ 22 | RewriteCond %{HTTP:X-Forwarded-For} !^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} 23 | ## For IPv6 24 | RewriteCond %{HTTP:X-Forwarded-For} !^([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{1,4}$|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}) 25 | RewriteCond %{HTTP:X-Forwarded-For} !^[a-fA-F0-9:]+,?.* 26 | RewriteRule .* - [F] 27 | ## Uncomment to force HSTS protection 28 | #Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" 29 | 30 | ## Block wordpress DDOS Attempts 31 | RewriteRule ^.*xmlrpc.php - [F] 32 | RewriteCond %{HTTP_USER_AGENT} ^.*wordpress [NC] 33 | RewriteRule .* - [F] 34 | 35 | ## Block wp-login 36 | RewriteRule ^.*wp-login - [F,NC,L] 37 | 38 | ## Block dot dot semicolon attack 39 | RewriteCond %{REQUEST_URI} ^.*\.\.;.* 40 | RewriteRule ".*" "-" [R=404] 41 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules: -------------------------------------------------------------------------------- 1 | ## This ruleset forces https in the end users browser 2 | RewriteCond %{HTTP:X-Forwarded-Proto} !https 3 | RewriteCond %{REQUEST_URI} !^/dispatcher/invalidate.cache 4 | RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301,NE] -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/security.conf: -------------------------------------------------------------------------------- 1 | ## We want to make sure the apache versions are hidden so avoid possible attack vectors 2 | ServerSignature Off 3 | ServerTokens Prod 4 | 5 | TraceEnable off 6 | 7 | 8 | Order deny,allow 9 | Deny from all 10 | 11 | 12 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/variables/ams_default.vars: -------------------------------------------------------------------------------- 1 | ## log level for the dispatcher log default 1 for production and default 2 for non-production dispatchers 2 | ## error for Errors 3 | ## warn for Warnings 4 | ## info for Infos 5 | ## debug for Debug 6 | ## trace for Trace 7 | Define DISP_LOG_LEVEL trace 8 | 9 | ## Enable IP whitelisting by setting to 1. Then put your whitelist rules in /etc/httpd/conf.d/whitelists/*_whitelist.rules 10 | Define AUTHOR_WHITELIST_ENABLED 0 11 | Define PUBLISH_WHITELIST_ENABLED 0 12 | Define LIVECYCLE_WHITELIST_ENABLED 0 13 | 14 | ## Force all traffic to be SSL 15 | Define AUTHOR_FORCE_SSL 1 16 | Define PUBLISH_FORCE_SSL 0 17 | Define LIVECYCLE_FORCE_SSL 1 18 | 19 | ## Asset Donwload defaults to deny but can be allowed by setting below to allow 20 | Define ASSET_DOWNLOAD_RULE deny 21 | 22 | ## Enable/Disable 3DMime type. Enabling default by setting to 1 23 | Define 3D_MIMETYPE_ENABLED 1 24 | 25 | ## Set the default stat level for farm files. 26 | Define DEFAULT_STAT_LEVEL 4 27 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/variables/ootb.vars: -------------------------------------------------------------------------------- 1 | ## This file is not meant to be modified. 2 | ## This file is to avoid null values for Out Of The Box variables. 3 | ## If you want to make changes to these values modify /etc/httpd/conf.d/variables/ams_default.vars. 4 | Define DISP_LOG_LEVEL info 5 | Define AUTHOR_WHITELIST_ENABLED 0 6 | Define PUBLISH_WHITELIST_ENABLED 0 7 | Define LIVECYCLE_WHITELIST_ENABLED 0 8 | Define AUTHOR_FORCE_SSL 1 9 | Define PUBLISH_FORCE_SSL 0 10 | Define LIVECYCLE_FORCE_SSL 1 11 | Define ASSET_DOWNLOAD_RULE deny 12 | Define 3D_MIMETYPE_ENABLED 1 13 | Define DEFAULT_STAT_LEVEL 4 14 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.d/whitelists/000_base_whitelist.rules: -------------------------------------------------------------------------------- 1 | ## Include this in a directory context of the virtual host you want to restrict and apply a whitelist of IP's 2 | 3 | ## Here are some examples: 4 | ### Regular expressions are used for X-FORWARDED-FOR if your dispatcher is behind a load balancer 5 | # SetEnvIf X-FORWARDED-FOR ^199\.83\.(12[8-9]|13[0-5])\.[0-9]{1,3}$ AllowIP 6 | # SetEnvIf X-FORWARDED-FOR ^198\.143\.(3[2-9]|[4-5][0-9]|6[0-3])\.[0-9]{1,3}$ AllowIP 7 | 8 | ### Setup a require any section so if any rules in there are matched it will allow them in 9 | 10 | ### We make sure the environment variable AllowIP is enforced 11 | Require env AllowIP 12 | ### Here are some rules for CIDR ip blocks and single addresses 13 | # Require ip 192.150.16.0/23 14 | # Require ip 120.242.180.10 15 | 16 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/available_farms/000_ams_catchall_farm.any: -------------------------------------------------------------------------------- 1 | /catchallfarm { 2 | /clientheaders { 3 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any" 4 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any" 5 | } 6 | ## Greedy match for all un-matched hostnames 7 | /virtualhosts { 8 | "*" 9 | } 10 | ## Intentionally redirecting renderer traffic to catch all 11 | /renders { 12 | /0 { 13 | /hostname "127.0.0.1" 14 | /port "80" 15 | /timeout "10000" 16 | } 17 | } 18 | ## only handle the requests in the following acl. default is 'none' 19 | ## the glob pattern is matched against the first request line 20 | /filter { 21 | /0001 { /type "deny" /url "*" } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/available_farms/001_ams_author_flush_farm.any: -------------------------------------------------------------------------------- 1 | 2 | /authorflushfarm { 3 | /clientheaders { 4 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any" 5 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any" 6 | } 7 | /virtualhosts { 8 | "authordispflush" 9 | "authorflush" 10 | } 11 | /renders { 12 | $include "/etc/httpd/conf.dispatcher.d/renders/ams_author_renders.any" 13 | } 14 | /filter { 15 | $include "/etc/httpd/conf.dispatcher.d/filters/ams_author_filters.any" 16 | } 17 | /cache { 18 | /docroot "${AUTHOR_DOCROOT}" 19 | /statfileslevel "${DEFAULT_STAT_LEVEL}" 20 | /rules { 21 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_author_cache.any" 22 | } 23 | /invalidate { 24 | /0000 { 25 | /glob "*" 26 | /type "allow" 27 | } 28 | } 29 | /allowedClients { 30 | ## By default block all IP from allowing to initiate the invalidation commands 31 | /0000 { 32 | /glob "*.*.*.*" 33 | /type "deny" 34 | } 35 | ## Allow certain IP's like publishers to invalidate cache 36 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any" 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/available_farms/001_ams_publish_flush_farm.any: -------------------------------------------------------------------------------- 1 | /publishflushfarm { 2 | /clientheaders { 3 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any" 4 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any" 5 | } 6 | /virtualhosts { 7 | "dispflush" 8 | "flush" 9 | } 10 | /renders { 11 | $include "/etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any" 12 | } 13 | /filter { 14 | $include "/etc/httpd/conf.dispatcher.d/filters/ams_publish_filters.any" 15 | } 16 | /cache { 17 | /docroot "${PUBLISH_DOCROOT}" 18 | /statfileslevel "${DEFAULT_STAT_LEVEL}" 19 | /rules { 20 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any" 21 | } 22 | /invalidate { 23 | /0000 { 24 | /glob "*" 25 | /type "allow" 26 | } 27 | } 28 | /allowedClients { 29 | ## By default block all IP from allowing to initiate the invalidation commands 30 | /0000 { 31 | /glob "*.*.*.*" 32 | /type "deny" 33 | } 34 | ## Allow certain IP's like publishers to invalidate cache 35 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any" 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/available_farms/002_ams_author_farm.any: -------------------------------------------------------------------------------- 1 | /authorfarm { 2 | ## client headers which should be passed through to the render instances 3 | ## (feature supported since dispatcher build 2.6.3.5222) 4 | /clientheaders { 5 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any" 6 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any" 7 | } 8 | ## hostname globbing for farm selection (virtual domain addressing) 9 | /virtualhosts { 10 | $include "/etc/httpd/conf.dispatcher.d/vhosts/ams_author_vhosts.any" 11 | } 12 | ## the load will be balanced among these render instances 13 | /renders { 14 | $include "/etc/httpd/conf.dispatcher.d/renders/ams_author_renders.any" 15 | } 16 | ## only handle the requests in the following acl. default is 'none' 17 | ## the glob pattern is matched against the first request line 18 | /filter { 19 | $include "/etc/httpd/conf.dispatcher.d/filters/ams_author_filters.any" 20 | } 21 | /cache { 22 | ## The cacheroot must be equal to the document root of the webserver 23 | /docroot "${AUTHOR_DOCROOT}" 24 | ## sets the level upto which files named ".stat" will be created in the 25 | ## document root of the webserver. when an activation request for some 26 | ## handle is received, only files within the same subtree are affected 27 | ## by the invalidation. 28 | /statfileslevel "${DEFAULT_STAT_LEVEL}" 29 | ## caches also authorized data 30 | /allowAuthorized "1" 31 | ## Flag indicating whether the dispatcher should serve stale content if 32 | ## no remote server is available. 33 | #/serveStaleOnError "0" 34 | ## the rules define, which pages should be cached. please note that 35 | ## - only GET requests are cached 36 | ## - only requests with an extension are cached 37 | ## - only requests without query parameters ( ? ) are cached 38 | ## - only unauthorized pages are cached unless allowUnauthorized is set to 1 39 | /rules { 40 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_author_cache.any" 41 | } 42 | # the invalidate section defines those pages which are 'invalidated' after 43 | # any activation. please note that, the activated page itself and all 44 | # related documents are flushed on an modification. for example: if the 45 | # page /foo/bar is activated, all /foo/bar.* files are removed from the 46 | # cache. 47 | /invalidate { 48 | /0000 { 49 | /glob "*" 50 | /type "allow" 51 | } 52 | } 53 | /allowedClients { 54 | ## By default block all IP from allowing to initiate the invalidation commands 55 | /0000 { 56 | /glob "*.*.*.*" 57 | /type "deny" 58 | } 59 | ## Allow certain IP's like publishers to invalidate cache 60 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any" 61 | } 62 | 63 | # A grace period defines the number of seconds a stale, auto-invalidated 64 | # resource may still be served from the cache after the last activation 65 | # occurring. Auto-invalidated resources are invalidated by any activation, 66 | # when their path matches the /invalidate section above. This setting 67 | # can be used in a setup, where a batch of activations would otherwise 68 | # repeatedly invalidate the entire cache. 69 | /gracePeriod "2" 70 | 71 | } 72 | ## allow propagation of replication posts (should seldomly be used) 73 | /propagateSyndPost "0" 74 | } 75 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/available_farms/002_ams_lc_farm.any: -------------------------------------------------------------------------------- 1 | /lcfarm { 2 | ## client headers which should be passed through to the render instances 3 | ## (feature supported since dispatcher build 2.6.3.5222) 4 | /clientheaders { 5 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_lc_clientheaders.any" 6 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any" 7 | } 8 | ## hostname globbing for farm selection (virtual domain addressing) 9 | /virtualhosts { 10 | $include "/etc/httpd/conf.dispatcher.d/vhosts/ams_lc_vhosts.any" 11 | } 12 | ## the load will be balanced among these render instances 13 | /renders { 14 | $include "/etc/httpd/conf.dispatcher.d/renders/ams_lc_renders.any" 15 | } 16 | ## only handle the requests in the following acl. default is 'none' 17 | ## the glob pattern is matched against the first request line 18 | /filter { 19 | $include "/etc/httpd/conf.dispatcher.d/filters/ams_lc_filters.any" 20 | } 21 | ## allow propagation of replication posts (should seldomly be used) 22 | /propagateSyndPost "0" 23 | } -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/available_farms/002_ams_publish_farm.any: -------------------------------------------------------------------------------- 1 | /publishfarm { 2 | ## client headers which should be passed through to the render instances 3 | ## (feature supported since dispatcher build 2.6.3.5222) 4 | /clientheaders { 5 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any" 6 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any" 7 | } 8 | ## hostname globbing for farm selection (virtual domain addressing) 9 | /virtualhosts { 10 | $include "/etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any" 11 | } 12 | ## the load will be balanced among these render instances 13 | /renders { 14 | $include "/etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any" 15 | } 16 | ## only handle the requests in the following acl. default is 'none' 17 | ## the glob pattern is matched against the first request line 18 | /filter { 19 | $include "/etc/httpd/conf.dispatcher.d/filters/ams_publish_filters.any" 20 | } 21 | ## if the package is installed on publishers to generate a list of all content with a vanityurl attached 22 | ## this section will auto-allow the items to bypass the normal dispatcher filters 23 | ## Reference: https://docs.adobe.com/docs/en/dispatcher/disp-config.html#Enabling%20Access%20to%20Vanity%20URLs%20-%20/vanity_urls 24 | #/vanity_urls { 25 | # /url "/libs/granite/dispatcher/content/vanityUrls.html" 26 | # /file "/tmp/vanity_urls" 27 | # /delay 300 28 | #} 29 | ## allow propagation of replication posts (should seldomly be used) 30 | /propagateSyndPost "0" 31 | ## the cache is used to store requests from the renders for faster delivery 32 | ## for a second time. 33 | /cache { 34 | ## The cacheroot must be equal to the document root of the webserver 35 | /docroot "${PUBLISH_DOCROOT}" 36 | ## sets the level upto which files named ".stat" will be created in the 37 | ## document root of the webserver. when an activation request for some 38 | ## handle is received, only files within the same subtree are affected 39 | ## by the invalidation. 40 | /statfileslevel "${DEFAULT_STAT_LEVEL}" 41 | ## caches also authorized data 42 | /allowAuthorized "0" 43 | ## Flag indicating whether the dispatcher should serve stale content if 44 | ## no remote server is available. 45 | /serveStaleOnError "1" 46 | ## the rules define, which pages should be cached. please note that 47 | ## - only GET requests are cached 48 | ## - only requests with an extension are cached 49 | ## - only requests without query parameters ( ? ) are cached 50 | ## - only unauthorized pages are cached unless allowUnauthorized is set to 1 51 | /rules { 52 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any" 53 | } 54 | # the invalidate section defines those pages which are 'invalidated' after 55 | # any activation. please note that, the activated page itself and all 56 | # related documents are flushed on an modification. for example: if the 57 | # page /foo/bar is activated, all /foo/bar.* files are removed from the 58 | # cache. 59 | /invalidate { 60 | /0000 { 61 | /glob "*" 62 | /type "deny" 63 | } 64 | /0001 { 65 | /glob "*.html" 66 | /type "allow" 67 | } 68 | } 69 | /allowedClients { 70 | ## By default block all IP from allowing to initiate the invalidation commands 71 | /0000 { 72 | /glob "*.*.*.*" 73 | /type "deny" 74 | } 75 | ## Allow certain IP's like publishers to invalidate cache 76 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any" 77 | } 78 | ## Cache response headers next to a cached file. On the first request to 79 | ## an uncached resource, all headers matching one of the values found here 80 | ## are stored in a separate file, next to the cache file. On subsequent 81 | ## requests to the cached resource, the stored headers are added to the 82 | ## response. 83 | ## Note, that file globbing characters are not allowed here. 84 | /headers { 85 | "Cache-Control" 86 | "Content-Disposition" 87 | "Content-Type" 88 | "Expires" 89 | "Last-Modified" 90 | "X-Content-Type-Options" 91 | } 92 | ## By default we want to cache every page regardless if it has a query parameter. 93 | ## For pages that render html differently based on the query parameters 94 | ## please add entries to deny the caching of those query parameters in this section 95 | /ignoreUrlParams { 96 | /0001 { /glob "*" /type "allow" } 97 | } 98 | 99 | # A grace period defines the number of seconds a stale, auto-invalidated 100 | # resource may still be served from the cache after the last activation 101 | # occurring. Auto-invalidated resources are invalidated by any activation, 102 | # when their path matches the /invalidate section above. This setting 103 | # can be used in a setup, where a batch of activations would otherwise 104 | # repeatedly invalidate the entire cache. 105 | /gracePeriod "2" 106 | 107 | ## Enable TTL evaluates the response headers from the backend, and if they 108 | ## contain a Cache-Control max-age or Expires date, an auxiliary, empty file 109 | ## next to the cache file is created, with modification time equal to the 110 | ## expiry date. When the cache file is requested past the modification time 111 | ## it is automatically re-requested from the backend. 112 | # /enableTTL "1" 113 | } 114 | } 115 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/available_farms/100_weretail_publish_farm.any: -------------------------------------------------------------------------------- 1 | /weretail-publishfarm { 2 | ## client headers which should be passed through to the render instances 3 | ## (feature supported since dispatcher build 2.6.3.5222) 4 | /clientheaders { 5 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any" 6 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any" 7 | } 8 | ## hostname globbing for farm selection (virtual domain addressing) 9 | /virtualhosts { 10 | we-retail 11 | we-retail.docker.local 12 | } 13 | ## the load will be balanced among these render instances 14 | /renders { 15 | $include "/etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any" 16 | } 17 | ## only handle the requests in the following acl. default is 'none' 18 | ## the glob pattern is matched against the first request line 19 | /filter { 20 | $include "/etc/httpd/conf.dispatcher.d/filters/weretail_filters.any" 21 | } 22 | ## if the package is installed on publishers to generate a list of all content with a vanityurl attached 23 | ## this section will auto-allow the items to bypass the normal dispatcher filters 24 | ## Reference: https://docs.adobe.com/docs/en/dispatcher/disp-config.html#Enabling%20Access%20to%20Vanity%20URLs%20-%20/vanity_urls 25 | #/vanity_urls { 26 | # /url "/libs/granite/dispatcher/content/vanityUrls.html" 27 | # /file "/tmp/vanity_urls" 28 | # /delay 300 29 | #} 30 | ## allow propagation of replication posts (should seldomly be used) 31 | /propagateSyndPost "0" 32 | ## the cache is used to store requests from the renders for faster delivery 33 | ## for a second time. 34 | /cache { 35 | ## The cacheroot must be equal to the document root of the webserver 36 | /docroot "${PUBLISH_DOCROOT}" 37 | ## sets the level upto which files named ".stat" will be created in the 38 | ## document root of the webserver. when an activation request for some 39 | ## handle is received, only files within the same subtree are affected 40 | ## by the invalidation. 41 | /statfileslevel "${DEFAULT_STAT_LEVEL}" 42 | ## caches also authorized data 43 | /allowAuthorized "0" 44 | ## Flag indicating whether the dispatcher should serve stale content if 45 | ## no remote server is available. 46 | /serveStaleOnError "1" 47 | ## the rules define, which pages should be cached. please note that 48 | ## - only GET requests are cached 49 | ## - only requests with an extension are cached 50 | ## - only requests without query parameters ( ? ) are cached 51 | ## - only unauthorized pages are cached unless allowUnauthorized is set to 1 52 | /rules { 53 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any" 54 | } 55 | # the invalidate section defines those pages which are 'invalidated' after 56 | # any activation. please note that, the activated page itself and all 57 | # related documents are flushed on an modification. for example: if the 58 | # page /foo/bar is activated, all /foo/bar.* files are removed from the 59 | # cache. 60 | /invalidate { 61 | /0000 { 62 | /glob "*" 63 | /type "deny" 64 | } 65 | /0001 { 66 | /glob "*.html" 67 | /type "allow" 68 | } 69 | } 70 | /allowedClients { 71 | ## By default block all IP from allowing to initiate the invalidation commands 72 | /0000 { 73 | /glob "*.*.*.*" 74 | /type "deny" 75 | } 76 | ## Allow certain IP's like publishers to invalidate cache 77 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any" 78 | } 79 | ## Cache response headers next to a cached file. On the first request to 80 | ## an uncached resource, all headers matching one of the values found here 81 | ## are stored in a separate file, next to the cache file. On subsequent 82 | ## requests to the cached resource, the stored headers are added to the 83 | ## response. 84 | ## Note, that file globbing characters are not allowed here. 85 | /headers { 86 | "Cache-Control" 87 | "Content-Disposition" 88 | "Content-Type" 89 | "Expires" 90 | "Last-Modified" 91 | "X-Content-Type-Options" 92 | } 93 | ## By default we want to cache every page regardless if it has a query parameter. 94 | ## For pages that render html differently based on the query parameters 95 | ## please add entries to deny the caching of those query parameters in this section 96 | /ignoreUrlParams { 97 | /0001 { /glob "*" /type "allow" } 98 | } 99 | 100 | # A grace period defines the number of seconds a stale, auto-invalidated 101 | # resource may still be served from the cache after the last activation 102 | # occurring. Auto-invalidated resources are invalidated by any activation, 103 | # when their path matches the /invalidate section above. This setting 104 | # can be used in a setup, where a batch of activations would otherwise 105 | # repeatedly invalidate the entire cache. 106 | /gracePeriod "2" 107 | 108 | ## Enable TTL evaluates the response headers from the backend, and if they 109 | ## contain a Cache-Control max-age or Expires date, an auxiliary, empty file 110 | ## next to the cache file is created, with modification time equal to the 111 | ## expiry date. When the cache file is requested past the modification time 112 | ## it is automatically re-requested from the backend. 113 | # /enableTTL "1" 114 | } 115 | } 116 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/cache/ams_author_cache.any: -------------------------------------------------------------------------------- 1 | ## Put entries of items you do or don't want to cache in apaches doc root 2 | ## the globbing pattern to be compared against the url 3 | ## example: * -> everything 4 | ## : /foo/bar.* -> only the /foo/bar documents 5 | ## : /foo/bar/* -> all pages below /foo/bar 6 | ## : /foo/bar[./]* -> all pages below and /foo/bar itself 7 | ## : *.html -> all .html files 8 | /0000 { 9 | /glob "*" 10 | /type "deny" 11 | } 12 | /0001 { 13 | /glob "/libs/*" 14 | /type "allow" 15 | } 16 | /0002 { 17 | /glob "/libs/*.html" 18 | /type "deny" 19 | } 20 | ## Don't cache csrf login tokens 21 | /0003 { 22 | /glob "/libs/granite/csrf/token.json" 23 | /type "deny" 24 | } 25 | /0004 { 26 | /glob "/apps/*" 27 | /type "allow" 28 | } 29 | /0005 { 30 | /glob "/apps/*.html" 31 | /type "deny" 32 | } 33 | ## This page contains a "Welcome, User XXX" message and shouldn't be cached 34 | /0006 { 35 | /glob "/libs/cq/core/content/welcome.*" 36 | /type "deny" 37 | } -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any: -------------------------------------------------------------------------------- 1 | ## This is where you'd put an entry for each publisher or author that you want to allow to invalidate the cache on the dispatcher 2 | /0 { 3 | /glob "${AUTHOR_IP}" 4 | /type "allow" 5 | } 6 | /01 { 7 | /glob "${PUBLISH_IP}" 8 | /type "allow" 9 | } 10 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any: -------------------------------------------------------------------------------- 1 | ## Put entries of items you do or don't want to cache in apaches doc root 2 | ## the globbing pattern to be compared against the url 3 | ## example: * -> everything 4 | ## : /foo/bar.* -> only the /foo/bar documents 5 | ## : /foo/bar/* -> all pages below /foo/bar 6 | ## : /foo/bar[./]* -> all pages below and /foo/bar itself 7 | ## : *.html -> all .html files 8 | ## Default allow all items to cache 9 | /0000 { 10 | /glob "*" 11 | /type "allow" 12 | } 13 | ## Don't cache csrf login tokens 14 | /0001 { 15 | /glob "/libs/granite/csrf/token.json" 16 | /type "deny" 17 | } -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any: -------------------------------------------------------------------------------- 1 | ## This is where you'd put an entry for each publisher or author that you want to allow to invalidate the cache on the dispatcher 2 | /0 { 3 | /glob "${AUTHOR_IP}" 4 | /type "allow" 5 | } 6 | /01 { 7 | /glob "${PUBLISH_IP}" 8 | /type "allow" 9 | } 10 | /02 { 11 | /glob "127.0.0.1" 12 | /type "allow" 13 | } 14 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any: -------------------------------------------------------------------------------- 1 | "authorization" 2 | "proxy-authorization" 3 | "proxy-connection" 4 | "cq-action" 5 | "cq-handle" 6 | "handle" 7 | "action" 8 | "cqstats" 9 | "dav" 10 | "ms-author-via" 11 | "x-destination" 12 | "x-depth" 13 | "x-overwrite" -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any: -------------------------------------------------------------------------------- 1 | "X-Forwarded-Proto" 2 | "X-Forwarded-SSL-Certificate" 3 | "X-Forwarded-SSL-Client-Cert" 4 | "X-Forwarded-SSL" 5 | "X-Forwarded-Protocol" 6 | "CSRF-Token" 7 | "referer" 8 | "user-agent" 9 | "from" 10 | "content-type" 11 | "content-length" 12 | "accept-charset" 13 | "accept-encoding" 14 | "accept-language" 15 | "accept" 16 | "host" 17 | "if-match" 18 | "if-none-match" 19 | "if-range" 20 | "if-unmodified-since" 21 | "max-forwards" 22 | "range" 23 | "cookie" 24 | "depth" 25 | "translate" 26 | "expires" 27 | "date" 28 | "if" 29 | "lock-token" 30 | "x-expected-entity-length" 31 | "destination" 32 | "Sling-uploadmode" 33 | "x-requested-with" -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/clientheaders/ams_lc_clientheaders.any: -------------------------------------------------------------------------------- 1 | ##Any livecycle specific clientheaders go here 2 | "authorization" 3 | "proxy-authorization" 4 | "proxy-connection" 5 | "cq-action" 6 | "cq-handle" 7 | "handle" 8 | "action" 9 | "cqstats" 10 | "dav" 11 | "ms-author-via" -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any: -------------------------------------------------------------------------------- 1 | ##Any publish specific clientheaders go here -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/dispatcher.any: -------------------------------------------------------------------------------- 1 | ### Name of the dispatcher 2 | /name "internet-server" 3 | 4 | ## each farm configures a set of (load-balanced) renders 5 | ### Include the author first on purpose 6 | ### Include the publish farm last. That way if the hostname isn't matched they'll end up on the last farm, better for 404 errors that are non descript than 403 authentication and redirect to a login page 7 | 8 | /farms { 9 | $include "enabled_farms/*_farm.any" 10 | } -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/filters/ams_author_filters.any: -------------------------------------------------------------------------------- 1 | ## allow everything 2 | /0001 { /type "allow" /url "*" } 3 | ## block admin tools 4 | /0010 { /type "deny" /url "/admin/*" } 5 | /0011 { /type "deny" /url "/system/*" } 6 | /0012 { /type "deny" /url "/_?jcr[:_]system.*" } 7 | /0013 {/type "allow" /path "/_jcr_system/_jcr_versionStorage/*" /extension '(js|json|css|png|jpeg|gif|html)' } 8 | ## CRX tools are default blocked but can be allowed in /etc/sysconfig/httpd but never in a production environment. 9 | /0014 { /type "${CRX_FILTER}" /url "/crx/*" } 10 | /0015 { /type "${CRX_FILTER}" /url "/bin/crxde*" } 11 | 12 | ## Block public access to our health check page 13 | /0016 { /type "deny" /path "/content/ams/healthcheck/*"} 14 | /0017 { /type "deny" /url "/content/regent.html"} 15 | 16 | ## Enable clientlibs proxy servlet 17 | /0018 { /type "allow" /method "GET" /url "/etc.clientlibs/*" /suffix '(.*.css$|.*.eot$|.*.gif$|.*.ico$|.*.jpeg$|.*.jpg$|.*.js$|.*.gif$|.*.png$|.*.svg$|.*.swf$|.*.ttf$|.*.woff$|.*.woff2$)' } 18 | 19 | ## allow some requests 20 | /0052 { /type "allow" /method "GET" /extension "html" /url "/system/sling/logout.html*" } ## allow logout 21 | #Asset download defaults to deny but can be allowed in /etc/httpd/conf.d/variables/ams_default.vars 22 | /0070 { /type "${ASSET_DOWNLOAD_RULE}" /method "GET" /url "*.assetdownload.zip/assets.zip*" } 23 | 24 | 25 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/filters/ams_lc_filters.any: -------------------------------------------------------------------------------- 1 | ## Livecycle will not have any end points filtered out 2 | /0001 { /type "allow" /url "*" } -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/filters/ams_publish_filters.any: -------------------------------------------------------------------------------- 1 | ## deny everything and allow specific entries 2 | ## Start with everything blocked as a safeguard and open things customers need and what's safe OOTB 3 | /0001 { /type "deny" /url "*" } 4 | 5 | ## Open consoles if this isn't a production environment by uncommenting the next few lines 6 | #/002 { /type "allow" /url "/crx/*" } ## allow content repository 7 | #/003 { /type "allow" /url "/system/*" } ## allow OSGi console 8 | 9 | ## allow non-public content directories if this isn't a production environment by uncommenting the next few lines 10 | #/004 { /type "allow" /url "/apps/*" } ## allow apps access 11 | #/005 { /type "allow" /url "/bin/*" } ## allow bin path access 12 | 13 | ## This rule allows content to be access 14 | /0010 { /type "allow" /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|pdf|png|svg|swf|ttf|woff|woff2|html)' /path "/content/*" } ## disable this rule to allow mapped content only 15 | 16 | ## Enable specific mime types clientlibs directories 17 | /0011 { /type "allow" /method "GET" /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)' /path "/etc/clientlibs/*" } 18 | 19 | ## Enable clientlibs proxy servlet 20 | /0012 { /type "allow" /method "GET" /url "/etc.clientlibs/*" /suffix '(.*.css$|.*.eot$|.*.gif$|.*.ico$|.*.jpeg$|.*.jpg$|.*.js$|.*.gif$|.*.png$|.*.svg$|.*.swf$|.*.ttf$|.*.woff$|.*.woff2$)' } 21 | 22 | ## Enable basic features 23 | /0013 { /type "allow" /method "GET" /url '/libs/granite/csrf/token.json' /extension 'json' } ## AEM provides a framework aimed at preventing Cross-Site Request Forgery attacks 24 | /0014 { /type "allow" /method "POST" /url "/content/[.]*.form.html" } ## allow POSTs to form selectors under content 25 | 26 | /0015 { /type "allow" /method "GET" /path "/libs/cq/personalization" } ## enable personalization 27 | /0016 { /type "allow" /method "POST" /path "/content/[.]*.commerce.cart.json" } ## allow POSTs to update the shopping cart 28 | 29 | ## Deny content grabbing for greedy queries and prevent un-intended self DOS attacks 30 | /0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' } 31 | 32 | ## Deny authoring query params 33 | /0018 { /type "deny" /method "GET" /query "debug=*" } 34 | /0019 { /type "deny" /method "GET" /query "wcmmode=*" } 35 | #### Deny front door entry 36 | /0020 { /type "deny" /path "/content/ams/healthcheck/*"} 37 | /0021 { /type "deny" /url "/content/regent.html"} 38 | 39 | ## Enable specific mime types clientlibs directories 40 | /0022 { /type "allow" /extension '(gltf|stl|obj|usdz|glb)' /method "GET" /path "/content/dam/*" } 41 | 42 | ## Deny dot dot semicolon attack 43 | /0023 { /type "deny" /url '.*/[.][.];/.*' } 44 | 45 | ## AMSSEC033 Deny AEM password hash retrieval (AMSAUTO-15449) 46 | /0024 { /type "deny" /suffix '(.*infinity.*|.*children.*|.*tidy.*)' } 47 | 48 | ## Deny bracket filter pivots like /.[./ which tries to resolve as a /../ (AMSAUTO-22244) 49 | /0027 { /type "deny" /url '.*(\\[|]).*' } 50 | 51 | ## DOT Compliance 52 | ## AMS blocks suffix and selectors by default. These are the most abused filter bypasses. Please only allow ones that you need. 53 | /0025 { /type "deny" /url "/content*" /suffix "*" } 54 | /0026 { /type "deny" /url "/content*" /selectors "*" } 55 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/renders/ams_author_renders.any: -------------------------------------------------------------------------------- 1 | ## Add values for author instances you'll pull content from 2 | /0 { 3 | /hostname "${AUTHOR_IP}" 4 | /port "${AUTHOR_PORT}" 5 | /timeout "10000" 6 | } 7 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/renders/ams_lc_renders.any: -------------------------------------------------------------------------------- 1 | ## Add values for any livecycle instances you'll pull content from. 2 | /0 { 3 | /hostname "${LIVECYCLE_IP}" 4 | /port "${LIVECYCLE_PORT}" 5 | /timeout "10000" 6 | } 7 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any: -------------------------------------------------------------------------------- 1 | ## Add values for any publish instances you'll pull content from. 2 | ## It's recommended to use paired sets of dispatchers to publishers 3 | ## Example Dispatcher1 only grabs from Publisher1 but you don't have to and can list mulitple sources here 4 | /0 { 5 | /hostname "${PUBLISH_IP}" 6 | /port "${PUBLISH_PORT}" 7 | /timeout "10000" 8 | } 9 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/vhosts/ams_author_vhosts.any: -------------------------------------------------------------------------------- 1 | ## Put hostnames that would be honored for authors blob matching works. 2 | "${AUTHOR_DEFAULT_HOSTNAME}" 3 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/vhosts/ams_lc_vhosts.any: -------------------------------------------------------------------------------- 1 | ## Put hostnames that would be honored for livecycle blob matching works. 2 | "${LIVECYCLE_DEFAULT_HOSTNAME}" -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any: -------------------------------------------------------------------------------- 1 | ## Put hostnames that would be honored for publish blob matching works. 2 | "${PUBLISH_DEFAULT_HOSTNAME}" -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.modules.d/00-base.conf: -------------------------------------------------------------------------------- 1 | # 2 | # This file loads most of the modules included with the Apache HTTP 3 | # Server itself. 4 | # 5 | 6 | LoadModule access_compat_module modules/mod_access_compat.so 7 | LoadModule actions_module modules/mod_actions.so 8 | LoadModule alias_module modules/mod_alias.so 9 | LoadModule allowmethods_module modules/mod_allowmethods.so 10 | LoadModule auth_basic_module modules/mod_auth_basic.so 11 | LoadModule auth_digest_module modules/mod_auth_digest.so 12 | LoadModule authn_anon_module modules/mod_authn_anon.so 13 | LoadModule authn_core_module modules/mod_authn_core.so 14 | LoadModule authn_dbd_module modules/mod_authn_dbd.so 15 | LoadModule authn_dbm_module modules/mod_authn_dbm.so 16 | LoadModule authn_file_module modules/mod_authn_file.so 17 | LoadModule authn_socache_module modules/mod_authn_socache.so 18 | LoadModule authz_core_module modules/mod_authz_core.so 19 | LoadModule authz_dbd_module modules/mod_authz_dbd.so 20 | LoadModule authz_dbm_module modules/mod_authz_dbm.so 21 | LoadModule authz_groupfile_module modules/mod_authz_groupfile.so 22 | LoadModule authz_host_module modules/mod_authz_host.so 23 | LoadModule authz_owner_module modules/mod_authz_owner.so 24 | LoadModule authz_user_module modules/mod_authz_user.so 25 | LoadModule autoindex_module modules/mod_autoindex.so 26 | LoadModule cache_module modules/mod_cache.so 27 | LoadModule cache_disk_module modules/mod_cache_disk.so 28 | LoadModule data_module modules/mod_data.so 29 | LoadModule dbd_module modules/mod_dbd.so 30 | LoadModule deflate_module modules/mod_deflate.so 31 | LoadModule dir_module modules/mod_dir.so 32 | LoadModule dumpio_module modules/mod_dumpio.so 33 | LoadModule echo_module modules/mod_echo.so 34 | LoadModule env_module modules/mod_env.so 35 | LoadModule expires_module modules/mod_expires.so 36 | LoadModule ext_filter_module modules/mod_ext_filter.so 37 | LoadModule filter_module modules/mod_filter.so 38 | LoadModule headers_module modules/mod_headers.so 39 | LoadModule include_module modules/mod_include.so 40 | LoadModule info_module modules/mod_info.so 41 | LoadModule log_config_module modules/mod_log_config.so 42 | LoadModule logio_module modules/mod_logio.so 43 | LoadModule mime_magic_module modules/mod_mime_magic.so 44 | LoadModule mime_module modules/mod_mime.so 45 | LoadModule negotiation_module modules/mod_negotiation.so 46 | LoadModule remoteip_module modules/mod_remoteip.so 47 | LoadModule reqtimeout_module modules/mod_reqtimeout.so 48 | LoadModule rewrite_module modules/mod_rewrite.so 49 | LoadModule setenvif_module modules/mod_setenvif.so 50 | LoadModule slotmem_plain_module modules/mod_slotmem_plain.so 51 | LoadModule slotmem_shm_module modules/mod_slotmem_shm.so 52 | LoadModule socache_dbm_module modules/mod_socache_dbm.so 53 | LoadModule socache_memcache_module modules/mod_socache_memcache.so 54 | LoadModule socache_shmcb_module modules/mod_socache_shmcb.so 55 | LoadModule status_module modules/mod_status.so 56 | LoadModule substitute_module modules/mod_substitute.so 57 | LoadModule suexec_module modules/mod_suexec.so 58 | LoadModule unique_id_module modules/mod_unique_id.so 59 | LoadModule unixd_module modules/mod_unixd.so 60 | LoadModule userdir_module modules/mod_userdir.so 61 | LoadModule version_module modules/mod_version.so 62 | LoadModule vhost_alias_module modules/mod_vhost_alias.so 63 | 64 | #LoadModule buffer_module modules/mod_buffer.so 65 | #LoadModule watchdog_module modules/mod_watchdog.so 66 | #LoadModule heartbeat_module modules/mod_heartbeat.so 67 | #LoadModule heartmonitor_module modules/mod_heartmonitor.so 68 | #LoadModule usertrack_module modules/mod_usertrack.so 69 | #LoadModule dialup_module modules/mod_dialup.so 70 | #LoadModule charset_lite_module modules/mod_charset_lite.so 71 | #LoadModule log_debug_module modules/mod_log_debug.so 72 | #LoadModule ratelimit_module modules/mod_ratelimit.so 73 | #LoadModule reflector_module modules/mod_reflector.so 74 | #LoadModule request_module modules/mod_request.so 75 | #LoadModule sed_module modules/mod_sed.so 76 | #LoadModule speling_module modules/mod_speling.so 77 | 78 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.modules.d/00-dav.conf: -------------------------------------------------------------------------------- 1 | LoadModule dav_module modules/mod_dav.so 2 | LoadModule dav_fs_module modules/mod_dav_fs.so 3 | LoadModule dav_lock_module modules/mod_dav_lock.so 4 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.modules.d/00-lua.conf: -------------------------------------------------------------------------------- 1 | LoadModule lua_module modules/mod_lua.so 2 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.modules.d/00-mpm.conf: -------------------------------------------------------------------------------- 1 | # Select the MPM module which should be used by uncommenting exactly 2 | # one of the following LoadModule lines: 3 | 4 | # prefork MPM: Implements a non-threaded, pre-forking web server 5 | # See: http://httpd.apache.org/docs/2.4/mod/prefork.html 6 | #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so 7 | 8 | # worker MPM: Multi-Processing Module implementing a hybrid 9 | # multi-threaded multi-process web server 10 | # See: http://httpd.apache.org/docs/2.4/mod/worker.html 11 | # 12 | LoadModule mpm_worker_module modules/mod_mpm_worker.so 13 | 14 | # event MPM: A variant of the worker MPM with the goal of consuming 15 | # threads only for connections with active processing 16 | # See: http://httpd.apache.org/docs/2.4/mod/event.html 17 | # 18 | #LoadModule mpm_event_module modules/mod_mpm_event.so 19 | 20 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.modules.d/00-proxy.conf: -------------------------------------------------------------------------------- 1 | # This file configures all the proxy modules: 2 | LoadModule proxy_module modules/mod_proxy.so 3 | LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so 4 | LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so 5 | LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so 6 | LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so 7 | LoadModule proxy_ajp_module modules/mod_proxy_ajp.so 8 | LoadModule proxy_balancer_module modules/mod_proxy_balancer.so 9 | LoadModule proxy_connect_module modules/mod_proxy_connect.so 10 | LoadModule proxy_express_module modules/mod_proxy_express.so 11 | LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so 12 | LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so 13 | LoadModule proxy_ftp_module modules/mod_proxy_ftp.so 14 | LoadModule proxy_http_module modules/mod_proxy_http.so 15 | LoadModule proxy_scgi_module modules/mod_proxy_scgi.so 16 | LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so 17 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.modules.d/00-ssl.conf: -------------------------------------------------------------------------------- 1 | LoadModule ssl_module modules/mod_ssl.so 2 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.modules.d/00-systemd.conf: -------------------------------------------------------------------------------- 1 | # This file configures systemd module: 2 | LoadModule systemd_module modules/mod_systemd.so 3 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.modules.d/01-cgi.conf: -------------------------------------------------------------------------------- 1 | # This configuration file loads a CGI module appropriate to the MPM 2 | # which has been configured in 00-mpm.conf. mod_cgid should be used 3 | # with a threaded MPM; mod_cgi with the prefork MPM. 4 | 5 | 6 | LoadModule cgid_module modules/mod_cgid.so 7 | 8 | 9 | LoadModule cgid_module modules/mod_cgid.so 10 | 11 | 12 | LoadModule cgi_module modules/mod_cgi.so 13 | 14 | 15 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf.modules.d/02-dispatcher.conf: -------------------------------------------------------------------------------- 1 | ##Load the dispatcher_module into runtime 2 | LoadModule dispatcher_module modules/mod_dispatcher.so -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf/httpd.conf: -------------------------------------------------------------------------------- 1 | # 2 | # This is the main Apache HTTP server configuration file. It contains the 3 | # configuration directives that give the server its instructions. 4 | # See for detailed information. 5 | # In particular, see 6 | # 7 | # for a discussion of each configuration directive. 8 | # 9 | # Do NOT simply read the instructions in here without understanding 10 | # what they do. They're here only as hints or reminders. If you are unsure 11 | # consult the online docs. You have been warned. 12 | # 13 | # Configuration and logfile names: If the filenames you specify for many 14 | # of the server's control files begin with "/" (or "drive:/" for Win32), the 15 | # server will use that explicit path. If the filenames do *not* begin 16 | # with "/", the value of ServerRoot is prepended -- so 'log/access_log' 17 | # with ServerRoot set to '/www' will be interpreted by the 18 | # server as '/www/log/access_log', where as '/log/access_log' will be 19 | # interpreted as '/log/access_log'. 20 | 21 | # 22 | # ServerRoot: The top of the directory tree under which the server's 23 | # configuration, error, and log files are kept. 24 | # 25 | # Do not add a slash at the end of the directory path. If you point 26 | # ServerRoot at a non-local disk, be sure to specify a local disk on the 27 | # Mutex directive, if file-based mutexes are used. If you wish to share the 28 | # same ServerRoot for multiple httpd daemons, you will need to change at 29 | # least PidFile. 30 | # 31 | ServerRoot "/etc/httpd" 32 | 33 | # 34 | # Listen: Allows you to bind Apache to specific IP addresses and/or 35 | # ports, instead of the default. See also the 36 | # directive. 37 | # 38 | # Change this to Listen on specific IP addresses as shown below to 39 | # prevent Apache from glomming onto all bound IP addresses. 40 | # 41 | #Listen 12.34.56.78:80 42 | Listen 80 43 | 44 | # 45 | # Dynamic Shared Object (DSO) Support 46 | # 47 | # To be able to use the functionality of a module which was built as a DSO you 48 | # have to place corresponding `LoadModule' lines at this location so the 49 | # directives contained in it are actually available _before_ they are used. 50 | # Statically compiled modules (those listed by `httpd -l') do not need 51 | # to be loaded here. 52 | # 53 | # Example: 54 | # LoadModule foo_module modules/mod_foo.so 55 | # 56 | Include conf.modules.d/*.conf 57 | 58 | # 59 | # If you wish httpd to run as a different user or group, you must run 60 | # httpd as root initially and it will switch. 61 | # 62 | # User/Group: The name (or #number) of the user/group to run httpd as. 63 | # It is usually good practice to create a dedicated user and group for 64 | # running httpd, as with most system services. 65 | # 66 | User apache 67 | Group apache 68 | 69 | # 'Main' server configuration 70 | # 71 | # The directives in this section set up the values used by the 'main' 72 | # server, which responds to any requests that aren't handled by a 73 | # definition. These values also provide defaults for 74 | # any containers you may define later in the file. 75 | # 76 | # All of these directives may appear inside containers, 77 | # in which case these default settings will be overridden for the 78 | # virtual host being defined. 79 | # 80 | 81 | # 82 | # ServerAdmin: Your address, where problems with the server should be 83 | # e-mailed. This address appears on some server-generated pages, such 84 | # as error documents. e.g. admin@your-domain.com 85 | # 86 | ServerAdmin root@localhost 87 | 88 | # 89 | # ServerName gives the name and port that the server uses to identify itself. 90 | # This can often be determined automatically, but we recommend you specify 91 | # it explicitly to prevent problems during startup. 92 | # 93 | # If your host doesn't have a registered DNS name, enter its IP address here. 94 | # 95 | #ServerName www.example.com:80 96 | 97 | # 98 | # Deny access to the entirety of your server's filesystem. You must 99 | # explicitly permit access to web content directories in other 100 | # blocks below. 101 | # 102 | 103 | AllowOverride none 104 | Require all denied 105 | 106 | 107 | # 108 | # Note that from this point forward you must specifically allow 109 | # particular features to be enabled - so if something's not working as 110 | # you might expect, make sure that you have specifically enabled it 111 | # below. 112 | # 113 | 114 | # 115 | # DocumentRoot: The directory out of which you will serve your 116 | # documents. By default, all requests are taken from this directory, but 117 | # symbolic links and aliases may be used to point to other locations. 118 | # 119 | DocumentRoot "/var/www/html" 120 | 121 | # 122 | # Relax access to content within /var/www. 123 | # 124 | 125 | AllowOverride None 126 | # Allow open access: 127 | Require all granted 128 | 129 | 130 | # Further relax access to the default document root: 131 | 132 | # 133 | # Possible values for the Options directive are "None", "All", 134 | # or any combination of: 135 | # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews 136 | # 137 | # Note that "MultiViews" must be named *explicitly* --- "Options All" 138 | # doesn't give it to you. 139 | # 140 | # The Options directive is both complicated and important. Please see 141 | # http://httpd.apache.org/docs/2.4/mod/core.html#options 142 | # for more information. 143 | # 144 | Options Indexes FollowSymLinks 145 | 146 | # 147 | # AllowOverride controls what directives may be placed in .htaccess files. 148 | # It can be "All", "None", or any combination of the keywords: 149 | # Options FileInfo AuthConfig Limit 150 | # 151 | AllowOverride None 152 | 153 | # 154 | # Controls who can get stuff from this server. 155 | # 156 | Require all granted 157 | 158 | 159 | # 160 | # DirectoryIndex: sets the file that Apache will serve if a directory 161 | # is requested. 162 | # 163 | 164 | DirectoryIndex index.html 165 | 166 | 167 | # 168 | # The following lines prevent .htaccess and .htpasswd files from being 169 | # viewed by Web clients. 170 | # 171 | 172 | Require all denied 173 | 174 | 175 | # 176 | # ErrorLog: The location of the error log file. 177 | # If you do not specify an ErrorLog directive within a 178 | # container, error messages relating to that virtual host will be 179 | # logged here. If you *do* define an error logfile for a 180 | # container, that host's errors will be logged there and not here. 181 | # 182 | ErrorLog "logs/error_log" 183 | 184 | # 185 | # LogLevel: Control the number of messages logged to the error_log. 186 | # Possible values include: debug, info, notice, warn, error, crit, 187 | # alert, emerg. 188 | # 189 | LogLevel warn 190 | 191 | 192 | # 193 | # The following directives define some format nicknames for use with 194 | # a CustomLog directive (see below). 195 | # 196 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 197 | LogFormat "%h %l %u %t \"%r\" %>s %b" common 198 | 199 | 200 | # You need to enable mod_logio.c to use %I and %O 201 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio 202 | 203 | 204 | # 205 | # The location and format of the access logfile (Common Logfile Format). 206 | # If you do not define any access logfiles within a 207 | # container, they will be logged here. Contrariwise, if you *do* 208 | # define per- access logfiles, transactions will be 209 | # logged therein and *not* in this file. 210 | # 211 | #CustomLog "logs/access_log" common 212 | 213 | # 214 | # If you prefer a logfile with access, agent, and referer information 215 | # (Combined Logfile Format) you can use the following directive. 216 | # 217 | CustomLog "logs/access_log" combined 218 | 219 | 220 | 221 | # 222 | # Redirect: Allows you to tell clients about documents that used to 223 | # exist in your server's namespace, but do not anymore. The client 224 | # will make a new request for the document at its new location. 225 | # Example: 226 | # Redirect permanent /foo http://www.example.com/bar 227 | 228 | # 229 | # Alias: Maps web paths into filesystem paths and is used to 230 | # access content that does not live under the DocumentRoot. 231 | # Example: 232 | # Alias /webpath /full/filesystem/path 233 | # 234 | # If you include a trailing / on /webpath then the server will 235 | # require it to be present in the URL. You will also likely 236 | # need to provide a section to allow access to 237 | # the filesystem path. 238 | 239 | # 240 | # ScriptAlias: This controls which directories contain server scripts. 241 | # ScriptAliases are essentially the same as Aliases, except that 242 | # documents in the target directory are treated as applications and 243 | # run by the server when requested rather than as documents sent to the 244 | # client. The same rules about trailing "/" apply to ScriptAlias 245 | # directives as to Alias. 246 | # 247 | ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" 248 | 249 | 250 | 251 | # 252 | # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased 253 | # CGI directory exists, if you have that configured. 254 | # 255 | 256 | AllowOverride None 257 | Options None 258 | Require all granted 259 | 260 | 261 | 262 | # 263 | # TypesConfig points to the file containing the list of mappings from 264 | # filename extension to MIME-type. 265 | # 266 | TypesConfig /etc/mime.types 267 | 268 | # 269 | # AddType allows you to add to or override the MIME configuration 270 | # file specified in TypesConfig for specific file types. 271 | # 272 | #AddType application/x-gzip .tgz 273 | # 274 | # AddEncoding allows you to have certain browsers uncompress 275 | # information on the fly. Note: Not all browsers support this. 276 | # 277 | #AddEncoding x-compress .Z 278 | #AddEncoding x-gzip .gz .tgz 279 | # 280 | # If the AddEncoding directives above are commented-out, then you 281 | # probably should define those extensions to indicate media types: 282 | # 283 | AddType application/x-compress .Z 284 | AddType application/x-gzip .gz .tgz 285 | 286 | # 287 | # AddHandler allows you to map certain file extensions to "handlers": 288 | # actions unrelated to filetype. These can be either built into the server 289 | # or added with the Action directive (see below) 290 | # 291 | # To use CGI scripts outside of ScriptAliased directories: 292 | # (You will also need to add "ExecCGI" to the "Options" directive.) 293 | # 294 | #AddHandler cgi-script .cgi 295 | 296 | # For type maps (negotiated resources): 297 | #AddHandler type-map var 298 | 299 | # 300 | # Filters allow you to process content before it is sent to the client. 301 | # 302 | # To parse .shtml files for server-side includes (SSI): 303 | # (You will also need to add "Includes" to the "Options" directive.) 304 | # 305 | AddType text/html .shtml 306 | AddOutputFilter INCLUDES .shtml 307 | 308 | 309 | # 310 | # Specify a default charset for all content served; this enables 311 | # interpretation of all content as UTF-8 by default. To use the 312 | # default browser choice (ISO-8859-1), or to allow the META tags 313 | # in HTML content to override this choice, comment out this 314 | # directive: 315 | # 316 | AddDefaultCharset UTF-8 317 | 318 | 319 | # 320 | # The mod_mime_magic module allows the server to use various hints from the 321 | # contents of the file itself to determine its type. The MIMEMagicFile 322 | # directive tells the module where the hint definitions are located. 323 | # 324 | MIMEMagicFile conf/magic 325 | 326 | 327 | # 328 | # Customizable error responses come in three flavors: 329 | # 1) plain text 2) local redirects 3) external redirects 330 | # 331 | # Some examples: 332 | #ErrorDocument 500 "The server made a boo boo." 333 | #ErrorDocument 404 /missing.html 334 | #ErrorDocument 404 "/cgi-bin/missing_handler.pl" 335 | #ErrorDocument 402 http://www.example.com/subscription_info.html 336 | # 337 | 338 | # 339 | # EnableMMAP and EnableSendfile: On systems that support it, 340 | # memory-mapping or the sendfile syscall may be used to deliver 341 | # files. This usually improves server performance, but must 342 | # be turned off when serving from networked-mounted 343 | # filesystems or if support for these functions is otherwise 344 | # broken on your system. 345 | # Defaults if commented: EnableMMAP On, EnableSendfile Off 346 | # 347 | #EnableMMAP off 348 | EnableSendfile on 349 | 350 | # Supplemental configuration 351 | # 352 | # Load config files in the "/etc/httpd/conf.d" directory, if any. 353 | IncludeOptional conf.d/*.conf 354 | -------------------------------------------------------------------------------- /ams/2.6/etc/httpd/conf/magic: -------------------------------------------------------------------------------- 1 | # Magic data for mod_mime_magic Apache module (originally for file(1) command) 2 | # The module is described in /manual/mod/mod_mime_magic.html 3 | # 4 | # The format is 4-5 columns: 5 | # Column #1: byte number to begin checking from, ">" indicates continuation 6 | # Column #2: type of data to match 7 | # Column #3: contents of data to match 8 | # Column #4: MIME type of result 9 | # Column #5: MIME encoding of result (optional) 10 | 11 | #------------------------------------------------------------------------------ 12 | # Localstuff: file(1) magic for locally observed files 13 | # Add any locally observed files here. 14 | 15 | #------------------------------------------------------------------------------ 16 | # end local stuff 17 | #------------------------------------------------------------------------------ 18 | 19 | #------------------------------------------------------------------------------ 20 | # Java 21 | 22 | 0 short 0xcafe 23 | >2 short 0xbabe application/java 24 | 25 | #------------------------------------------------------------------------------ 26 | # audio: file(1) magic for sound formats 27 | # 28 | # from Jan Nicolai Langfeldt , 29 | # 30 | 31 | # Sun/NeXT audio data 32 | 0 string .snd 33 | >12 belong 1 audio/basic 34 | >12 belong 2 audio/basic 35 | >12 belong 3 audio/basic 36 | >12 belong 4 audio/basic 37 | >12 belong 5 audio/basic 38 | >12 belong 6 audio/basic 39 | >12 belong 7 audio/basic 40 | 41 | >12 belong 23 audio/x-adpcm 42 | 43 | # DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format 44 | # that uses little-endian encoding and has a different magic number 45 | # (0x0064732E in little-endian encoding). 46 | 0 lelong 0x0064732E 47 | >12 lelong 1 audio/x-dec-basic 48 | >12 lelong 2 audio/x-dec-basic 49 | >12 lelong 3 audio/x-dec-basic 50 | >12 lelong 4 audio/x-dec-basic 51 | >12 lelong 5 audio/x-dec-basic 52 | >12 lelong 6 audio/x-dec-basic 53 | >12 lelong 7 audio/x-dec-basic 54 | # compressed (G.721 ADPCM) 55 | >12 lelong 23 audio/x-dec-adpcm 56 | 57 | # Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" 58 | # AIFF audio data 59 | 8 string AIFF audio/x-aiff 60 | # AIFF-C audio data 61 | 8 string AIFC audio/x-aiff 62 | # IFF/8SVX audio data 63 | 8 string 8SVX audio/x-aiff 64 | 65 | # Creative Labs AUDIO stuff 66 | # Standard MIDI data 67 | 0 string MThd audio/unknown 68 | #>9 byte >0 (format %d) 69 | #>11 byte >1 using %d channels 70 | # Creative Music (CMF) data 71 | 0 string CTMF audio/unknown 72 | # SoundBlaster instrument data 73 | 0 string SBI audio/unknown 74 | # Creative Labs voice data 75 | 0 string Creative\ Voice\ File audio/unknown 76 | ## is this next line right? it came this way... 77 | #>19 byte 0x1A 78 | #>23 byte >0 - version %d 79 | #>22 byte >0 \b.%d 80 | 81 | # [GRR 950115: is this also Creative Labs? Guessing that first line 82 | # should be string instead of unknown-endian long...] 83 | #0 long 0x4e54524b MultiTrack sound data 84 | #0 string NTRK MultiTrack sound data 85 | #>4 long x - version %ld 86 | 87 | # Microsoft WAVE format (*.wav) 88 | # [GRR 950115: probably all of the shorts and longs should be leshort/lelong] 89 | # Microsoft RIFF 90 | 0 string RIFF audio/unknown 91 | # - WAVE format 92 | >8 string WAVE audio/x-wav 93 | # MPEG audio. 94 | 0 beshort&0xfff0 0xfff0 audio/mpeg 95 | # C64 SID Music files, from Linus Walleij 96 | 0 string PSID audio/prs.sid 97 | 98 | #------------------------------------------------------------------------------ 99 | # c-lang: file(1) magic for C programs or various scripts 100 | # 101 | 102 | # XPM icons (Greg Roelofs, newt@uchicago.edu) 103 | # ideally should go into "images", but entries below would tag XPM as C source 104 | 0 string /*\ XPM image/x-xbm 7bit 105 | 106 | # this first will upset you if you're a PL/1 shop... (are there any left?) 107 | # in which case rm it; ascmagic will catch real C programs 108 | # C or REXX program text 109 | 0 string /* text/plain 110 | # C++ program text 111 | 0 string // text/plain 112 | 113 | #------------------------------------------------------------------------------ 114 | # compress: file(1) magic for pure-compression formats (no archives) 115 | # 116 | # compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. 117 | # 118 | # Formats for various forms of compressed data 119 | # Formats for "compress" proper have been moved into "compress.c", 120 | # because it tries to uncompress it to figure out what's inside. 121 | 122 | # standard unix compress 123 | 0 string \037\235 application/octet-stream x-compress 124 | 125 | # gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) 126 | 0 string \037\213 application/octet-stream x-gzip 127 | 128 | # According to gzip.h, this is the correct byte order for packed data. 129 | 0 string \037\036 application/octet-stream 130 | # 131 | # This magic number is byte-order-independent. 132 | # 133 | 0 short 017437 application/octet-stream 134 | 135 | # XXX - why *two* entries for "compacted data", one of which is 136 | # byte-order independent, and one of which is byte-order dependent? 137 | # 138 | # compacted data 139 | 0 short 0x1fff application/octet-stream 140 | 0 string \377\037 application/octet-stream 141 | # huf output 142 | 0 short 0145405 application/octet-stream 143 | 144 | # Squeeze and Crunch... 145 | # These numbers were gleaned from the Unix versions of the programs to 146 | # handle these formats. Note that I can only uncrunch, not crunch, and 147 | # I didn't have a crunched file handy, so the crunch number is untested. 148 | # Keith Waclena 149 | #0 leshort 0x76FF squeezed data (CP/M, DOS) 150 | #0 leshort 0x76FE crunched data (CP/M, DOS) 151 | 152 | # Freeze 153 | #0 string \037\237 Frozen file 2.1 154 | #0 string \037\236 Frozen file 1.0 (or gzip 0.5) 155 | 156 | # lzh? 157 | #0 string \037\240 LZH compressed data 158 | 159 | #------------------------------------------------------------------------------ 160 | # frame: file(1) magic for FrameMaker files 161 | # 162 | # This stuff came on a FrameMaker demo tape, most of which is 163 | # copyright, but this file is "published" as witness the following: 164 | # 165 | 0 string \ 177 | # and Anna Shergold 178 | # 179 | 0 string \ 192 | 0 string \14 byte 12 (OS/2 1.x format) 257 | #>14 byte 64 (OS/2 2.x format) 258 | #>14 byte 40 (Windows 3.x format) 259 | #0 string IC icon 260 | #0 string PI pointer 261 | #0 string CI color icon 262 | #0 string CP color pointer 263 | #0 string BA bitmap array 264 | 265 | 0 string \x89PNG image/png 266 | 0 string FWS application/x-shockwave-flash 267 | 0 string CWS application/x-shockwave-flash 268 | 269 | #------------------------------------------------------------------------------ 270 | # lisp: file(1) magic for lisp programs 271 | # 272 | # various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) 273 | 0 string ;; text/plain 8bit 274 | # Emacs 18 - this is always correct, but not very magical. 275 | 0 string \012( application/x-elc 276 | # Emacs 19 277 | 0 string ;ELC\023\000\000\000 application/x-elc 278 | 279 | #------------------------------------------------------------------------------ 280 | # mail.news: file(1) magic for mail and news 281 | # 282 | # There are tests to ascmagic.c to cope with mail and news. 283 | 0 string Relay-Version: message/rfc822 7bit 284 | 0 string #!\ rnews message/rfc822 7bit 285 | 0 string N#!\ rnews message/rfc822 7bit 286 | 0 string Forward\ to message/rfc822 7bit 287 | 0 string Pipe\ to message/rfc822 7bit 288 | 0 string Return-Path: message/rfc822 7bit 289 | 0 string Path: message/news 8bit 290 | 0 string Xref: message/news 8bit 291 | 0 string From: message/rfc822 7bit 292 | 0 string Article message/news 8bit 293 | #------------------------------------------------------------------------------ 294 | # msword: file(1) magic for MS Word files 295 | # 296 | # Contributor claims: 297 | # Reversed-engineered MS Word magic numbers 298 | # 299 | 300 | 0 string \376\067\0\043 application/msword 301 | 0 string \333\245-\0\0\0 application/msword 302 | 303 | # disable this one because it applies also to other 304 | # Office/OLE documents for which msword is not correct. See PR#2608. 305 | #0 string \320\317\021\340\241\261 application/msword 306 | 307 | 308 | 309 | #------------------------------------------------------------------------------ 310 | # printer: file(1) magic for printer-formatted files 311 | # 312 | 313 | # PostScript 314 | 0 string %! application/postscript 315 | 0 string \004%! application/postscript 316 | 317 | # Acrobat 318 | # (due to clamen@cs.cmu.edu) 319 | 0 string %PDF- application/pdf 320 | 321 | #------------------------------------------------------------------------------ 322 | # sc: file(1) magic for "sc" spreadsheet 323 | # 324 | 38 string Spreadsheet application/x-sc 325 | 326 | #------------------------------------------------------------------------------ 327 | # tex: file(1) magic for TeX files 328 | # 329 | # XXX - needs byte-endian stuff (big-endian and little-endian DVI?) 330 | # 331 | # From 332 | 333 | # Although we may know the offset of certain text fields in TeX DVI 334 | # and font files, we can't use them reliably because they are not 335 | # zero terminated. [but we do anyway, christos] 336 | 0 string \367\002 application/x-dvi 337 | #0 string \367\203 TeX generic font data 338 | #0 string \367\131 TeX packed font data 339 | #0 string \367\312 TeX virtual font data 340 | #0 string This\ is\ TeX, TeX transcript text 341 | #0 string This\ is\ METAFONT, METAFONT transcript text 342 | 343 | # There is no way to detect TeX Font Metric (*.tfm) files without 344 | # breaking them apart and reading the data. The following patterns 345 | # match most *.tfm files generated by METAFONT or afm2tfm. 346 | #2 string \000\021 TeX font metric data 347 | #2 string \000\022 TeX font metric data 348 | #>34 string >\0 (%s) 349 | 350 | # Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) 351 | #0 string \\input\ texinfo Texinfo source text 352 | #0 string This\ is\ Info\ file GNU Info text 353 | 354 | # correct TeX magic for Linux (and maybe more) 355 | # from Peter Tobias (tobias@server.et-inf.fho-emden.de) 356 | # 357 | 0 leshort 0x02f7 application/x-dvi 358 | 359 | # RTF - Rich Text Format 360 | 0 string {\\rtf application/rtf 361 | 362 | #------------------------------------------------------------------------------ 363 | # animation: file(1) magic for animation/movie formats 364 | # 365 | # animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) 366 | # MPEG file 367 | 0 string \000\000\001\263 video/mpeg 368 | # 369 | # The contributor claims: 370 | # I couldn't find a real magic number for these, however, this 371 | # -appears- to work. Note that it might catch other files, too, 372 | # so BE CAREFUL! 373 | # 374 | # Note that title and author appear in the two 20-byte chunks 375 | # at decimal offsets 2 and 22, respectively, but they are XOR'ed with 376 | # 255 (hex FF)! DL format SUCKS BIG ROCKS. 377 | # 378 | # DL file version 1 , medium format (160x100, 4 images/screen) 379 | 0 byte 1 video/unknown 380 | 0 byte 2 video/unknown 381 | # Quicktime video, from Linus Walleij 382 | # from Apple quicktime file format documentation. 383 | 4 string moov video/quicktime 384 | 4 string mdat video/quicktime 385 | 386 | -------------------------------------------------------------------------------- /dispatcher-docker-compose: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | VERSION="ams/2.6" 4 | PATH_TO_CONF="etc/httpd" 5 | 6 | if [ ! -d $(pwd)/$VERSION/$PATH_TO_CONF/conf ]; then 7 | echo "**** ERROR ****" 8 | echo "This script is supposed to be run in the root directory of the dispatcher project, " 9 | echo "though we could not find a directory ./$VERSION/$PATH_TO_CONF/conf conf from the current directory." 10 | echo "Please change to the projects main directory and try again." 11 | echo "" 12 | exit 1 13 | fi 14 | 15 | echo "" 16 | echo "Starting dispatcher, mounting local configuration from ./$VERSION/$PATH_TO_CONF ..." 17 | echo " Open your browser at http://publish.docker.local/content/we-retail/us/en.html " 18 | echo " **** Press Ctrl-C to stop **** " 19 | echo "" 20 | 21 | # copy sample we-retail files 22 | cp sample/weretail.vhost $VERSION/etc/httpd/conf.d/available_vhosts 23 | cp sample/weretail_publish_farm.any $VERSION/etc/httpd/conf.dispatcher.d/available_farms/100_weretail_publish_farm.any 24 | cp sample/weretail_filters.any $VERSION/etc/httpd/conf.dispatcher.d/filters 25 | 26 | # create and link up default enabled vhosts 27 | if [ ! -d $VERSION/etc/httpd/conf.d/enabled_vhosts ]; then 28 | mkdir $VERSION/etc/httpd/conf.d/enabled_vhosts 29 | fi 30 | 31 | ln -Fs ../available_vhosts/aem_author.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_author.vhost 32 | ln -Fs ../available_vhosts/aem_flush_author.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_flush_author.vhost 33 | ln -Fs ../available_vhosts/aem_publish.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_publish.vhost 34 | ln -Fs ../available_vhosts/aem_flush.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_flush.vhost 35 | ln -Fs ../available_vhosts/aem_health.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_health.vhost 36 | ln -Fs ../available_vhosts/weretail.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/weretail.vhost 37 | 38 | # create and link up default enabled farms 39 | if [ ! -d $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms ]; then 40 | mkdir $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms 41 | fi 42 | ln -Fs ../available_farms/000_ams_catchall_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/000_ams_catchall_farm.any 43 | ln -Fs ../available_farms/001_ams_author_flush_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/001_ams_author_flush_farm.any 44 | ln -Fs ../available_farms/001_ams_publish_flush_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/001_ams_publish_flush_farm.any 45 | ln -Fs ../available_farms/002_ams_author_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/002_ams_author_farm.any 46 | ln -Fs ../available_farms/002_ams_publish_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/002_ams_publish_farm.any 47 | 48 | # set up sample configs 49 | ln -Fs ../available_farms/100_weretail_publish_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/100_weretail_publish_farm.any 50 | 51 | # start dispatcher with docker-compose 52 | docker-compose up -d 53 | 54 | -------------------------------------------------------------------------------- /dispatcher-kill: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | docker kill mydispatcher -------------------------------------------------------------------------------- /dispatcher-login: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | docker exec -it mydispatcher /bin/bash 4 | -------------------------------------------------------------------------------- /dispatcher-mount: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | VERSION="ams/2.6" 4 | PATH_TO_CONF="etc/httpd" 5 | 6 | if [ ! -d $(pwd)/$VERSION/$PATH_TO_CONF/conf ]; then 7 | echo "**** ERROR ****" 8 | echo "This script is supposed to be run in the root directory of the dispatcher project, " 9 | echo "though we could not find a directory ./$VERSION/$PATH_TO_CONF/conf conf from the current directory." 10 | echo "Please change to the projects main directory and try again." 11 | echo "" 12 | exit 1 13 | fi 14 | 15 | mkdir logs 2> /dev/null 16 | mkdir cache 2> /dev/null 17 | 18 | 19 | echo "" 20 | echo "Starting dispatcher, mounting local configuration from ./$VERSION/$PATH_TO_CONF ..." 21 | echo " Open your browser at http://publish.docker.local/content/we-retail/us/en.html " 22 | echo " **** Press Ctrl-C to stop **** " 23 | echo "" 24 | 25 | # copy sample we-retail files 26 | cp sample/weretail.vhost $VERSION/etc/httpd/conf.d/available_vhosts 27 | cp sample/weretail_publish_farm.any $VERSION/etc/httpd/conf.dispatcher.d/available_farms/100_weretail_publish_farm.any 28 | cp sample/weretail_filters.any $VERSION/etc/httpd/conf.dispatcher.d/filters 29 | 30 | #create and link up default enabled vhosts 31 | if [ ! -d $VERSION/etc/httpd/conf.d/enabled_vhosts ]; then 32 | mkdir $VERSION/etc/httpd/conf.d/enabled_vhosts 33 | fi 34 | 35 | ln -Fs ../available_vhosts/aem_author.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_author.vhost 36 | ln -Fs ../available_vhosts/aem_flush_author.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_flush_author.vhost 37 | ln -Fs ../available_vhosts/aem_publish.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_publish.vhost 38 | ln -Fs ../available_vhosts/aem_flush.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_flush.vhost 39 | ln -Fs ../available_vhosts/aem_health.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_health.vhost 40 | ln -Fs ../available_vhosts/weretail.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/weretail.vhost 41 | 42 | #create and link up default enabled farms 43 | if [ ! -d $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms ]; then 44 | mkdir $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms 45 | fi 46 | ln -Fs ../available_farms/000_ams_catchall_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/000_ams_catchall_farm.any 47 | ln -Fs ../available_farms/001_ams_author_flush_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/001_ams_author_flush_farm.any 48 | ln -Fs ../available_farms/001_ams_publish_flush_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/001_ams_publish_flush_farm.any 49 | ln -Fs ../available_farms/002_ams_author_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/002_ams_author_farm.any 50 | ln -Fs ../available_farms/002_ams_publish_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/002_ams_publish_farm.any 51 | 52 | #set up sample configs 53 | ln -Fs ../available_farms/100_weretail_publish_farm.any $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/100_weretail_publish_farm.any 54 | 55 | 56 | docker run -p 80:8080 -p 443:8443 -it --rm \ 57 | --mount type=bind,src=$(pwd)/$VERSION/$PATH_TO_CONF/conf,dst=/etc/httpd/conf,readonly=true \ 58 | --mount type=bind,src=$(pwd)/$VERSION/$PATH_TO_CONF/conf.d,dst=/etc/httpd/conf.d,readonly=true \ 59 | --mount type=bind,src=$(pwd)/$VERSION/$PATH_TO_CONF/conf.dispatcher.d,dst=/etc/httpd/conf.dispatcher.d,readonly=true \ 60 | --mount type=bind,src=$(pwd)/$VERSION/$PATH_TO_CONF/conf.modules.d,dst=/etc/httpd/conf.modules.d,readonly=true \ 61 | --mount type=bind,src=$(pwd)/logs,dst=/var/log/httpd \ 62 | --mount type=bind,src=$(pwd)/cache,dst=/mnt/var/www/html \ 63 | --mount type=tmpfs,dst=/tmp \ 64 | --env-file scripts/env.sh \ 65 | --name mydispatcher dispatcher | cat 66 | 67 | -------------------------------------------------------------------------------- /dispatcher-remote: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | docker run -p 80:8080 -p 443:8443 -itd --rm --name mydispatcher --env-file scripts/env.sh dispatcher -------------------------------------------------------------------------------- /docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | dispatcher: 5 | image: dispatcher 6 | container_name: dispatcher 7 | environment: 8 | - DISP_ID=docker 9 | ## Replace value with the Author IP and Port you are using: 10 | - AUTHOR_IP=host.docker.internal 11 | - AUTHOR_PORT=4502 12 | - AUTHOR_DEFAULT_HOSTNAME=author.docker.local 13 | - AUTHOR_DOCROOT=/mnt/var/www/author 14 | ## Replace value with the Publisher IP and Port you are using: 15 | - PUBLISH_IP=host.docker.internal 16 | - PUBLISH_PORT=4503 17 | - PUBLISH_DEFAULT_HOSTNAME=publish.docker.local 18 | - PUBLISH_DOCROOT=/mnt/var/www/html 19 | ## Replace value with the LiveCycle IP and Port you are using: 20 | - LIVECYCLE_IP=127.0.0.1 21 | - LIVECYCLE_PORT=8080 22 | - LIVECYCLE_DEFAULT_HOSTNAME=aemforms-exampleco-dev.adobecqms.net 23 | - LIVECYCLE_DOCROOT=/mnt/var/www/lc 24 | - PUBLISH_FORCE_SSL=0 25 | - AUTHOR_FORCE_SSL=0 26 | ## Enable / Disable CRXDE access. Production this should be disabled 27 | - CRX_FILTER=deny 28 | ## Allow dispatcher flush from any IP 29 | - DISPATCHER_FLUSH_FROM_ANYWHERE=allow 30 | 31 | volumes: 32 | - ./ams/2.6/etc/httpd/conf:/etc/httpd/conf:ro 33 | - ./ams/2.6/etc/httpd/conf.d:/etc/httpd/conf.d:ro 34 | - ./ams/2.6/etc/httpd/conf.dispatcher.d:/etc/httpd/conf.dispatcher.d:ro 35 | - ./ams/2.6/etc/httpd/conf.modules.d:/etc/httpd/conf.modules.d:ro 36 | - ./mnt/author_docroot:/var/www/author:rw 37 | - ./mnt/publish_docroot:/var/www/html:rw 38 | - ./mnt/log:/var/log/httpd:rw 39 | tmpfs: 40 | - /tmp 41 | ports: 42 | - 80:8080 43 | - 443:8443 44 | 45 | -------------------------------------------------------------------------------- /haproxy/haproxy.cfg: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2024 Adobe Systems Incorporated. All rights reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | global 17 | user haproxy 18 | group haproxy 19 | log 127.0.0.1 local0 20 | log-tag haproxy 21 | chroot /var/lib/haproxy 22 | daemon 23 | quiet 24 | stats socket /var/lib/haproxy/stats level admin 25 | maxconn 256 26 | pidfile /var/run/haproxy.pid 27 | tune.bufsize 262144 28 | # -------------------------------------------------------------------------- 29 | # SSL/TLS defaults 30 | # -------------------------------------------------------------------------- 31 | # generated 2020-05-25, Mozilla Guideline v5.4, HAProxy 1.5.18, OpenSSL 1.0.2k, intermediate configuration 32 | # https://ssl-config.mozilla.org/#server=haproxy&version=1.5.18&config=intermediate&openssl=1.0.2k&guideline=5.4 33 | # intermediate configuration 34 | ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 35 | ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets 36 | ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 37 | ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets 38 | tune.ssl.default-dh-param 2048 39 | defaults 40 | timeout connect 1m 41 | timeout client 1m 42 | timeout server 1m 43 | log global 44 | mode http 45 | balance roundrobin 46 | option httplog 47 | option dontlognull 48 | option redispatch 49 | option tcplog 50 | option forwardfor if-none 51 | option accept-invalid-http-request 52 | retries 5 53 | # ----------------------------------------------------------------------------- 54 | # Dispatcher (HTTPS) 55 | # ----------------------------------------------------------------------------- 56 | frontend dispatcher-https-in 57 | mode http 58 | default_backend apache 59 | bind *:8443 ssl crt /etc/ssl/docker/haproxy.pem 60 | http-request set-header X-Forwarded-Proto https 61 | 62 | # ----------------------------------------------------------------------------- 63 | # Dispatcher (HTTP) 64 | # ----------------------------------------------------------------------------- 65 | frontend dispatcher-http-in 66 | mode http 67 | default_backend apache 68 | bind *:8080 69 | 70 | # ----------------------------------------------------------------------------- 71 | # Backends 72 | # ----------------------------------------------------------------------------- 73 | backend apache 74 | timeout server 5m 75 | server server1 127.0.0.1:80 maxconn 128 76 | -------------------------------------------------------------------------------- /mnt/author_docroot/README.md: -------------------------------------------------------------------------------- 1 | Folder for Author cache -------------------------------------------------------------------------------- /mnt/log/README.md: -------------------------------------------------------------------------------- 1 | Folder for Dispatcher logs -------------------------------------------------------------------------------- /mnt/publish_docroot/README.md: -------------------------------------------------------------------------------- 1 | Folder for Publisher cache -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "config:recommended" 5 | ], 6 | "ignoreDeps": [ 7 | "redhat/ubi8" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /sample/weretail.vhost: -------------------------------------------------------------------------------- 1 | ## Collect any enviromental variables that are set in /etc/sysconfig/httpd 2 | ## Collect the dispatchers number 3 | PassEnv DISP_ID 4 | 5 | 6 | ## allowing slashes in the URL to be encoded and still honored 7 | AllowEncodedSlashes On 8 | ServerName we-retail 9 | ## Put names of which domains are used for your published site/content here 10 | ServerAlias we-retail.docker.local 11 | 12 | 13 | ## Use a doc root that matches what's in the /etc/httpd/conf/publish-farm.any 14 | DocumentRoot ${PUBLISH_DOCROOT} 15 | ## Add header breadcrumbs for help in troubleshooting 16 | 17 | Header always add X-Dispatcher ${DISP_ID} 18 | Header always add X-Vhost "publish" 19 | Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'" 20 | Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'" 21 | #### Make sure proxies don't deliver the wrong content 22 | Header append Vary User-Agent env=!dont-vary 23 | ## Force SSL for author 24 | ## Add HSTS for avoiding man in the middle during browser redirect to SSL 25 | Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" 26 | 27 | 28 | ## Update /etc/sysconfig/httpd with setting the PUBLISH_WHITELIST_ENABLED from 0 or 1 to enable or disable ip restriction rules 29 | 30 | Include /etc/httpd/conf.d/whitelists/*_whitelist.rules 31 | 32 | 33 | ## Some items cache with the wrong mime type 34 | ## Use this option to use the name to auto-detect mime types when cached improperly 35 | ModMimeUsePathInfo On 36 | ## Use this option to avoid cache poisioning 37 | ## Sling will return /content/image.jpg as well as /content/image.jpg/ but apache can't search /content/image.jpg/ as a file 38 | ## Apache will treat that like a directory. This assures the last slash is never stored in cache 39 | DirectorySlash Off 40 | ## Enable the dispatcher file handler for apache to fetch files from AEM 41 | SetHandler dispatcher-handler 42 | 43 | Options FollowSymLinks 44 | AllowOverride None 45 | #### Insert filter 46 | SetOutputFilter DEFLATE 47 | #### Don't compress images 48 | SetEnvIfNoCase Request_URI \ 49 | \.(?:gif|jpe?g|png)$ no-gzip dont-vary 50 | 51 | 52 | AllowOverride None 53 | Require all granted 54 | 55 | 56 | ## Enabled to allow rewrites to take affect and not be ignored by the dispatcher module 57 | DispatcherUseProcessedURL 1 58 | ## Default setting to allow all errors to come from the aem instance 59 | DispatcherPassError 0 60 | 61 | 62 | ReWriteEngine on 63 | LogLevel warn rewrite:info 64 | ##Global rewrite include 65 | Include /etc/httpd/conf.d/rewrites/base_rewrite.rules 66 | ## Update /etc/sysconfig/httpd with setting the PUBLISH_FORCE_SSL from 0 or 1 to enable or disable enforcing SSL 67 | 68 | Include /etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules 69 | 70 | 71 | -------------------------------------------------------------------------------- /sample/weretail_filters.any: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################################### 3 | ## 4 | ## NOTE: 5 | ## This file is for educational use, only. It does not guarantee a safe configuration 6 | ## for production use! 7 | ## 8 | ## Visit https://medium.com/@achimkoch/writing-better-aem-dispatcher-filters-f23b391624a9 9 | ## for documentation on the rule style used here 10 | ## 11 | ############################################################################################### 12 | 13 | 14 | 15 | 16 | ############################################################################################### 17 | ## 18 | ## DENY LIST: 19 | ## Deny everything by default 20 | ## 21 | ############################################################################################### 22 | 23 | /DENY_ALL { /type "deny" /url "*" } 24 | 25 | 26 | ############################################################################################### 27 | ## 28 | ## ALLOW LIST: 29 | ## Allow only URLs the aplication requires and that are known to be secure. 30 | ## Whitelist entries must be as SPECIFIC as possible , i.e. they should define as many 31 | ## attributes as possible (path, extension and suffix). 32 | ## 33 | ## Note: We use mnemonic names for the rules instead of numeric ones for better readability 34 | ## 35 | ############################################################################################## 36 | 37 | 38 | ## regular content and resource access; 39 | ## pattern: /allow- { /type "allow" /method "GET" /path '' /selectors '' /extension '' /suffix '' } 40 | 41 | /allow-content-html { /type "allow" /method "GET" /path '/content/.*' /selectors '' /extension 'html' /suffix '' } 42 | /allow-content-resources { /type "allow" /method "GET" /path '/content/.*' /selectors '' /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|pdf|png|svg|swf|ttf|woff|woff2)' /suffix '' } 43 | /allow-clientlib-resources { /type "allow" /method "GET" /path '/etc/clientlibs/.*' /selectors '' /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)' /suffix '' } 44 | 45 | /allow-contexthub { /type "allow" /method "GET" /path '/content/.*/_jcr_content/contexthub' /selectors '(pagedata|commerce|cart|orderhistory|relatedproducts|smartlists)' /extension '(json)' } 46 | /allow-productimages { /type "allow" /method "GET" /path '/content/.*/_jcr_content/.*' /selectors '(img|coreimg)' /extension '(jpg|jpeg|png)' /suffix '.*(jpg|jpeg|png)' } 47 | 48 | 49 | /allow-base-clientlibs-proxyservlet { /type "allow" /method "GET" /url '/etc.clientlibs/(clientlibs|foundation|core).*\.(css|js)' } 50 | /allow-application-clientlibs-proxyservlet { /type "allow" /method "GET" /url '/etc.clientlibs/weretail/clientlibs/.*\.(css|js|woff2|ttf)' } 51 | 52 | ## individual URLs; 53 | ## pattern /allow- { /type "allow" /method "GET" /url '' } 54 | 55 | /allow-cloudsettings { /type "allow" /method "GET" /url '/etc/cloudsettings.kernel.js/libs/settings/cloudsettings/legacy/contexthub'} 56 | /allow-favicon { /type "allow" /method "GET" /url '/favicon.ico'} 57 | /allow-segmentation { /type "allow" /method "GET" /url '/conf/we-retail/settings/wcm/segments.seg.js' } 58 | 59 | 60 | ## allow basic built-in functionality 61 | /allow-csrf-token { /type "allow" /method "GET" /url '/libs/granite/csrf/token.json' /extension 'json' } 62 | 63 | #/allow-personalization { /type "allow" /method "GET" /path "/libs/cq/personalization" } 64 | #/allow-shopping-cart { /type "allow" /method "POST" /path "/content/[.]*.commerce.cart.json" } ## allow POSTs to update the shopping cart 65 | 66 | 67 | 68 | ############################################################################################### 69 | ## 70 | ## BACKSTOP: 71 | ## 72 | ## Deny all URLs that are known to be harmful. These rules must be as GENERIC as possible. 73 | ## I.e. if possible only define path-patterns, suffix-patterns or extensions. 74 | ## 75 | ############################################################################################### 76 | 77 | #/deny-sufixes { /type "deny" /url "/content*" } 78 | 79 | 80 | /deny-greedy-selectors { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' } 81 | /deny-authoring-queries-001 { /type "deny" /method "GET" /query "debug=*" } 82 | /deny-authoring-queries-002 { /type "deny" /method "GET" /query "wcmmode=*" } 83 | 84 | /deny-healthcheck-on-public-domainname { /type "deny" /path "/content/ams/healthcheck/*"} 85 | /deny-regent-on-oublic-domainname { /type "deny" /url "/content/regent.html"} 86 | /deny-path-traversal-attack { /type "deny" /url '.*/[.][.];/.*' } 87 | /deny-password-hash-retrieval { /type "deny" /suffix '(.*infinity.*|.*children.*|.*tidy.*)' } ## AMSSEC033 Deny AEM password hash retrieval (AMSAUTO-15449) 88 | /deny-bracket-filter-pivots { /type "deny" /url '.*(\\[|]).*' } ## Deny bracket filter pivots like /.[./ which tries to resolve as a /../ (AMSAUTO-22244) 89 | 90 | 91 | ## AMS blocks suffix and selectors by default. These are the most abused filter bypasses. Please only allow ones that you need. 92 | #/0025 { /type "deny" /url "/content*" /suffix "*" } 93 | #/0026 { /type "deny" /url "/content*" /selectors "*" } 94 | #/9026 { /type "allow" /url '/content/.*' /selectors '(img|coreimg)' } 95 | -------------------------------------------------------------------------------- /sample/weretail_publish_farm.any: -------------------------------------------------------------------------------- 1 | /weretail-publishfarm { 2 | ## client headers which should be passed through to the render instances 3 | ## (feature supported since dispatcher build 2.6.3.5222) 4 | /clientheaders { 5 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any" 6 | $include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any" 7 | } 8 | ## hostname globbing for farm selection (virtual domain addressing) 9 | /virtualhosts { 10 | we-retail 11 | we-retail.docker.local 12 | } 13 | ## the load will be balanced among these render instances 14 | /renders { 15 | $include "/etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any" 16 | } 17 | ## only handle the requests in the following acl. default is 'none' 18 | ## the glob pattern is matched against the first request line 19 | /filter { 20 | $include "/etc/httpd/conf.dispatcher.d/filters/weretail_filters.any" 21 | } 22 | ## if the package is installed on publishers to generate a list of all content with a vanityurl attached 23 | ## this section will auto-allow the items to bypass the normal dispatcher filters 24 | ## Reference: https://docs.adobe.com/docs/en/dispatcher/disp-config.html#Enabling%20Access%20to%20Vanity%20URLs%20-%20/vanity_urls 25 | #/vanity_urls { 26 | # /url "/libs/granite/dispatcher/content/vanityUrls.html" 27 | # /file "/tmp/vanity_urls" 28 | # /delay 300 29 | #} 30 | ## allow propagation of replication posts (should seldomly be used) 31 | /propagateSyndPost "0" 32 | ## the cache is used to store requests from the renders for faster delivery 33 | ## for a second time. 34 | /cache { 35 | ## The cacheroot must be equal to the document root of the webserver 36 | /docroot "${PUBLISH_DOCROOT}" 37 | ## sets the level upto which files named ".stat" will be created in the 38 | ## document root of the webserver. when an activation request for some 39 | ## handle is received, only files within the same subtree are affected 40 | ## by the invalidation. 41 | /statfileslevel "${DEFAULT_STAT_LEVEL}" 42 | ## caches also authorized data 43 | /allowAuthorized "0" 44 | ## Flag indicating whether the dispatcher should serve stale content if 45 | ## no remote server is available. 46 | /serveStaleOnError "1" 47 | ## the rules define, which pages should be cached. please note that 48 | ## - only GET requests are cached 49 | ## - only requests with an extension are cached 50 | ## - only requests without query parameters ( ? ) are cached 51 | ## - only unauthorized pages are cached unless allowUnauthorized is set to 1 52 | /rules { 53 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any" 54 | } 55 | # the invalidate section defines those pages which are 'invalidated' after 56 | # any activation. please note that, the activated page itself and all 57 | # related documents are flushed on an modification. for example: if the 58 | # page /foo/bar is activated, all /foo/bar.* files are removed from the 59 | # cache. 60 | /invalidate { 61 | /0000 { 62 | /glob "*" 63 | /type "deny" 64 | } 65 | /0001 { 66 | /glob "*.html" 67 | /type "allow" 68 | } 69 | } 70 | /allowedClients { 71 | ## By default block all IP from allowing to initiate the invalidation commands 72 | /0000 { 73 | /glob "*.*.*.*" 74 | /type "deny" 75 | } 76 | ## Allow certain IP's like publishers to invalidate cache 77 | $include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any" 78 | } 79 | ## Cache response headers next to a cached file. On the first request to 80 | ## an uncached resource, all headers matching one of the values found here 81 | ## are stored in a separate file, next to the cache file. On subsequent 82 | ## requests to the cached resource, the stored headers are added to the 83 | ## response. 84 | ## Note, that file globbing characters are not allowed here. 85 | /headers { 86 | "Cache-Control" 87 | "Content-Disposition" 88 | "Content-Type" 89 | "Expires" 90 | "Last-Modified" 91 | "X-Content-Type-Options" 92 | } 93 | ## By default we want to cache every page regardless if it has a query parameter. 94 | ## For pages that render html differently based on the query parameters 95 | ## please add entries to deny the caching of those query parameters in this section 96 | /ignoreUrlParams { 97 | /0001 { /glob "*" /type "allow" } 98 | } 99 | 100 | # A grace period defines the number of seconds a stale, auto-invalidated 101 | # resource may still be served from the cache after the last activation 102 | # occurring. Auto-invalidated resources are invalidated by any activation, 103 | # when their path matches the /invalidate section above. This setting 104 | # can be used in a setup, where a batch of activations would otherwise 105 | # repeatedly invalidate the entire cache. 106 | /gracePeriod "2" 107 | 108 | ## Enable TTL evaluates the response headers from the backend, and if they 109 | ## contain a Cache-Control max-age or Expires date, an auxiliary, empty file 110 | ## next to the cache file is created, with modification time equal to the 111 | ## expiry date. When the cache file is requested past the modification time 112 | ## it is automatically re-requested from the backend. 113 | # /enableTTL "1" 114 | } 115 | } 116 | -------------------------------------------------------------------------------- /scripts/env.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2024 Adobe Systems Incorporated. All rights reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | DISP_ID=docker 17 | ## Replace value with the Author IP and Port you are using: 18 | AUTHOR_IP=host.docker.internal 19 | AUTHOR_PORT=4502 20 | AUTHOR_DEFAULT_HOSTNAME=author.docker.local 21 | AUTHOR_DOCROOT=/mnt/var/www/author 22 | ## Replace value with the Publisher IP and Port you are using: 23 | PUBLISH_IP=host.docker.internal 24 | PUBLISH_PORT=4503 25 | PUBLISH_DEFAULT_HOSTNAME=publish.docker.local 26 | PUBLISH_DOCROOT=/mnt/var/www/html 27 | ## Replace value with the LiveCycle IP and Port you are using: 28 | LIVECYCLE_IP=127.0.0.1 29 | LIVECYCLE_PORT=8080 30 | LIVECYCLE_DEFAULT_HOSTNAME=aemforms-exampleco-dev.adobecqms.net 31 | LIVECYCLE_DOCROOT=/mnt/var/www/lc 32 | 33 | PUBLISH_FORCE_SSL=0 34 | AUTHOR_FORCE_SSL=0 35 | 36 | ## Enable / Disable CRXDE access. Production this should be disabled 37 | #CRX_FILTER=allow 38 | CRX_FILTER=deny 39 | 40 | ## Allow dispatcher flush from any IP 41 | ## WARNING: Set this to "allowed" on local dev environments that don't have fixed IPs 42 | ## Set to deny or comment out on prod environments 43 | DISPATCHER_FLUSH_FROM_ANYWHERE=allow 44 | 45 | ENV_TYPE=dev 46 | RUNMODE=sites 47 | -------------------------------------------------------------------------------- /scripts/launch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2024 Adobe Systems Incorporated. All rights reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | /usr/bin/cat /NOTICE 18 | 19 | /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg 20 | 21 | rm -f /run/httpd/authdigest_shm.* 22 | rm -f /run/httpd/cgisock.* 23 | rm -f /run/httpd/httpd.pid 24 | /usr/sbin/httpd -D FOREGROUND -------------------------------------------------------------------------------- /scripts/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2024 Adobe Systems Incorporated. All rights reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | DISPARCH=x86_64 18 | 19 | if [ "${TARGETARCH}" = "arm64" ]; then 20 | DISPARCH=aarch64 21 | fi 22 | 23 | #create default docroots 24 | mkdir -p /mnt/var/www/html 25 | chown apache:apache /mnt/var/www/html 26 | 27 | mkdir -p /mnt/var/www/default 28 | chown apache:apache /mnt/var/www/default 29 | 30 | mkdir -p /mnt/var/www/author 31 | chown apache:apache /mnt/var/www/author 32 | #create and link up default enabled vhosts 33 | mkdir /etc/httpd/conf.d/enabled_vhosts 34 | ln -s /etc/httpd/conf.d/available_vhosts/aem_author.vhost /etc/httpd/conf.d/enabled_vhosts/aem_author.vhost 35 | ln -s /etc/httpd/conf.d/available_vhosts/aem_flush_author.vhost /etc/httpd/conf.d/enabled_vhosts/aem_flush_author.vhost 36 | ln -s /etc/httpd/conf.d/available_vhosts/aem_publish.vhost /etc/httpd/conf.d/enabled_vhosts/aem_publish.vhost 37 | ln -s /etc/httpd/conf.d/available_vhosts/aem_flush.vhost /etc/httpd/conf.d/enabled_vhosts/aem_flush.vhost 38 | ln -s /etc/httpd/conf.d/available_vhosts/aem_health.vhost /etc/httpd/conf.d/enabled_vhosts/aem_health.vhost 39 | ln -s /etc/httpd/conf.d/available_vhosts/weretail.vhost /etc/httpd/conf.d/enabled_vhosts/weretail.vhost 40 | 41 | 42 | #create and link up default enabled farms 43 | mkdir /etc/httpd/conf.dispatcher.d/enabled_farms 44 | ln -s /etc/httpd/conf.dispatcher.d/available_farms/000_ams_catchall_farm.any /etc/httpd/conf.dispatcher.d/enabled_farms/000_ams_catchall_farm.any 45 | ln -s /etc/httpd/conf.dispatcher.d/available_farms/001_ams_author_flush_farm.any /etc/httpd/conf.dispatcher.d/enabled_farms/001_ams_author_flush_farm.any 46 | ln -s /etc/httpd/conf.dispatcher.d/available_farms/001_ams_publish_flush_farm.any /etc/httpd/conf.dispatcher.d/enabled_farms/001_ams_publish_flush_farm.any 47 | ln -s /etc/httpd/conf.dispatcher.d/available_farms/002_ams_author_farm.any /etc/httpd/conf.dispatcher.d/enabled_farms/002_ams_author_farm.any 48 | ln -s /etc/httpd/conf.dispatcher.d/available_farms/002_ams_publish_farm.any /etc/httpd/conf.dispatcher.d/enabled_farms/002_ams_publish_farm.any 49 | 50 | #set up sample configs 51 | ln -s /etc/httpd/conf.dispatcher.d/available_farms/100_weretail_publish_farm.any /etc/httpd/conf.dispatcher.d/enabled_farms/100_weretail_publish_farm.any 52 | 53 | #set up dispatcher 54 | mkdir -p /tmp/dispatcher 55 | 56 | curl -o /tmp/dispatcher/dispatcher.tar.gz https://download.macromedia.com/dispatcher/download/dispatcher-apache2.4-linux-$DISPARCH-4.3.5.tar.gz 57 | 58 | cd /tmp/dispatcher 59 | 60 | tar zxvf dispatcher.tar.gz 61 | 62 | cp -v dispatcher-apache2.4-4.3.5.so /etc/httpd/modules/mod_dispatcher.so 63 | 64 | #set up haproxy SSL 65 | mkdir -p /etc/ssl/docker && \ 66 | openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=GB/ST=London/L=London/O=Adobe/CN=localhost" \ 67 | -keyout /etc/ssl/docker/localhost.key \ 68 | -out /etc/ssl/docker/localhost.crt && \ 69 | cat /etc/ssl/docker/localhost.key /etc/ssl/docker/localhost.crt > /etc/ssl/docker/haproxy.pem 70 | --------------------------------------------------------------------------------