|
Posted by Daniel
at Jul 3, 2007 1:25:42 PM
|
Multisite-, SSL, modRewrite- Tutorial
This tutorial is based on a lot of informations from the opencms-Mailinglist, from opencms-forum.de, from alkacon opencms.org and it is based on the "Get rid of the /opencms/opencms-prefix"-Tutorial from Sebastian Himberger.
prerequsites:
installed and working
Apache2 (mod_rewrite, mod_jk, mod_proxy) (tested with 2.2.3)
Tomcat (tested with 6.0.13)
OpenCms 6 or 7 (tested with 6.7.2 (7 beta 1 and 7rc2))
goals:
- a lot of domains on one opencms
- a clean URL (no opencms/opencms)
- workplace with ssl
- setting some OpenCms-resources to encrypted
our environment:
Debian etch 2.6.16-2-amd64-k8-smp
Apache2 2.2.3
Java 1.6.0_01-b06
Apache Tomcat/5.5.23/6.0.13 with jsvc
Opencms 6.2.3,7beta1,7rc2
If a different linux distribution is in use the default directories can be different, take care about that.
Configure Tomcat:
Enable the ajp13-Connector to communicate with apache-mod_jk
edit the server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" address="127.0.0.1" protocol="AJP/1.3" redirectPort="8443" emptySessionPath="true" enableLookups="false" />
per default this tag is commeted out, just comment in and extend as in the example.
Add the attribute address to make the connector just listening for the apacheWebServer.
Comment the default connector on Port 8080 out to make the tomcat unreachable.
Compiling and using the jsvc tool from the commons-daemon project.
@see: http://tomcat.apache.org/tomcat-6.0-doc/setup.html
and the attached start/stop-Script tomcat.sh
Hint: You can install APR (Apache portable runtime) to increase the performance of tomcat.
@see: http://tomcat.apache.org/tomcat-6.0-doc/apr.html for installing and compiling instructions.
If you meet this
"configure: error: APR could not be located. Please use the --with-apr option"
try ./configure --with-apr=/usr/bin/apr-config or apr-1-config
To start the tomcat with this compiled libs add
-Djava.library.path=/usr/local/apr/lib
to CATALINA_OPTS.
The Tomcat Log will tell you if it founds the native libs or not.
Configure OpenCms:
Edit the file opencms-system.xml in WEB-INF/config/
<sites>
<workplace-server>https://worksplace.synyx.de</workplace-server>
<default-uri>/sites/default/</default-uri>
<site server="test1.synyx.de" uri="/sites/default/">
<secure server="https://test1.synyx.de" exclusive="true" error="false"/>
<alias server="foo.synyx.de"/>
<alias server="bar.synyx.de"/>
</site>
<site server="test2.synyx.de" uri="/sites/test2/">
<secure server="https://test2.synyx.de" exclusive="true" error="false"/>
</site>
</sites>
Be carefull the workplace-server must not be the same as any of the secure server.
Edit the file opencms-importexport.xml in WEB-INF/config/
Just remove the opencms-String (webapp-name, servlet-name)
<rfs-prefix>/export</rfs-prefix>
<vfs-prefix></vfs-prefix>
Login to the OpenCms-Workplace and create a new folder in the same hierarchy like
/sites/test2 (must be the same name as in opencms-system.xml)
To have the static export properly change the web.xml like this:
<error-page>
<error-code>404</error-code>
<location>/opencms/handle404</location>
</error-page
Configure mod_jk:
After installing mod_jk you have a symlink jk.load in /etc/apache2/mods-enabled/.
Create the file jk.conf in the /etc/apache2/mods-enabled directory
jk.conf
#
# mod_jk configuration
#
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat
JkShmFile /var/log/apache2/jk-runtime-status
Create the file workers.properties in the defined directory.
workers.properties
worker.list=ocms
worker.ocms.type=ajp13
worker.ocms.host=localhost
worker.ocms.port=8009
worker.ocms.retries=10
worker.ocms.connection_pool_minsize=13
Configure Apache2:
To use different domains with its own certificate we use IP-based virtualhost because namebased is not possible.
There are the directories /etc/apache2/sites-available with the virtualhostConfig and sites-enabled with symlinks to sites-available, you need the symlinks otherwise apache2 wouldn't recognize the configs.
We need two config files per domain, one for http and one for https, you can put all the config in one file but that is not very clear.
/etc/apache2/sites/available/$yourdomain.tld
<Directory /usr/share/tomcat/webapps/opencms/>
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
# IP-based virtualhost is used, can be combined with namebased virtualhost, take care of https will only work with IP-based
<VirtualHost $yourIP:80>
ServerName test.synyx.de
ServerAlias test1.synyx.de
DocumentRoot /usr/share/tomcat/webapps/opencms/
# some aliases for non Tomcat apps
Alias /phpmyadmin /var/www/phpmyadmin
Alias /webalizer /var/www/webalizer
RewriteEngine On
#if its one of the aliases above, force https and forget about the following rules
RewriteCond %{REQUEST_URI} ^/phpmyadmin.*$ [OR]
RewriteCond %{REQUEST_URI} ^/webalizer.*$ [OR]
# to get access to the probe WebApp
RewriteCond %{REQUEST_URI} ^/probe.*$ [OR]
# to get access to the webdav-servlet
RewriteCond %{REQUEST_URI} ^/opencms/webdav.*$
RewriteRule ^(.+)$ https://%{SERVER_NAME}$1 [L]
#If the request URI is starting with /nagios2 do a dummy rewrite and send to
#next uri-handler, but not mod-jk (if nothing exotic is installed later, this
#should be mod-alias ;)
RewriteCond %{REQUEST_URI} ^/nagios2.*$ [OR]
RewriteCond %{REQUEST_URI} ^/cgi-bin.*$
RewriteRule ^(.*)$ $1 [E=no-jk:true,PT]
# If the requested URI is located in the resources folder, do not forward the request
SetEnvIfNoCase Request_URI ^/opencms/resources/.*$ no-jk
# If the requested URI is static content do not forward the request
SetEnvIfNoCase Request_URI ^/export/.*$ no-jk
# If the requested URI is NOT located in the resources folder.
# Prepend an /opencms/opencms to everything that does not already starts with it
# and force the result to be handled by the next URI-handler ([PT]) (JkMount in this case)
RewriteCond %{REQUEST_URI} !^/opencms/resources/.*$
RewriteCond %{REQUEST_URI} !^/export/.*$
# get access to the opencms WebDAV-servlet
RewriteCond %{REQUEST_URI} !^/opencms/webdav.*$
RewriteRule !^/opencms/opencms/(.*)$ /opencms/opencms%{REQUEST_URI} [PT]
# These are the settings for static export. If the requested resource is not already
# statically exported create a new request to the opencms404 handler. This has to be
# a new request, because the current would not get through mod_jk because of the "no-jk" var.
RewriteCond %{REQUEST_URI} ^/export/.*$
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}/index_export.html" !-f
RewriteRule .* http://%{HTTP_HOST}/opencms/opencms/handle404?exporturi=%{REQUEST_URI}&%{QUERY_STRING}]
# If the request starts with /opencms/resources, delete the /opencms prefix
RewriteCond %{REQUEST_URI} ^/opencms/resources/.*$
RewriteRule ^/opencms/(.*)$ /$1
# Finally, forward the request to mod_jk
JkMount /* ocms
</VirtualHost>
and /etc/apache2/sites/available/$yourdomain.tld-ssl
<VirtualHost $yourIP:443>
# SSL (START)
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/synyx.de/synyx.crt
SSLCertificateKeyFile /etc/apache2/ssl/synyx.de/synyx.key
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
SSLOptions +StdEnvVars
# SSL (ENDE)
#kann auch einfach eine IP sein
ServerName test.synyx.de
ServerAlias test1.synyx.de
ServerAdmin info@synyx.de
DocumentRoot /usr/share/tomcat/webapps/opencms
Alias /phpmyadmin /var/www/phpmyadmin
Alias /webalizer /var/www/webalizer
RewriteEngine On
#rewrite rules for an URL with /opencms/opencms to clean the url
RewriteRule ^/opencms/opencms(.*)$ https://%{SERVER_NAME}$1 [R=301,L]
# If its one of the aliases above, forget about the following rules and ignore mod_jk
RewriteCond %{REQUEST_URI} ^/phpmyadmin.*$ [OR]
RewriteCond %{REQUEST_URI} ^/webalizer.*$
RewriteRule ^(.*)$ $1 [E=no-jk:true,PT]
# If the requested URI is located in the resources folder, do not forward the request
SetEnvIfNoCase Request_URI ^/opencms/resources/.*$ no-jk
# If the requested URI is static content do not forward the request
SetEnvIfNoCase Request_URI ^/export/.*$ no-jk
# If the requested URI is NOT located in the resources folder.
# Prepend an /opencms/opencms to everything that does not already starts with it
# and force the result to be handled by the next URI-handler ([PT]) (JkMount in this case)
RewriteCond %{REQUEST_URI} !^/opencms/resources/.*$
RewriteCond %{REQUEST_URI} !^/export/.*$
# Some calls should go to tomcat but to a different webapp
RewriteCond %{REQUEST_URI} !^/manager.*$
# for the webdavservlet
RewriteCond %{REQUEST_URI} !^/opencms/webdav.*$
RewriteRule !^/opencms/opencms/(.*)$ /opencms/opencms%{REQUEST_URI} [PT]
# These are the settings for static export. If the requested resource is not already
# statically exported create a new request to the opencms404 handler. This has to be
# a new request, because the current would net get through mod_jk because of the "no-jk" var.
RewriteCond %{REQUEST_URI} ^/export/.*$
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}" !-f
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}/index_export.html" !-f
RewriteRule .* https://%{HTTP_HOST}/opencms/opencms/handle404?exporturi=%{REQUEST_URI}&%{QUERY_STRING}
# If the request starts with /opencms/resources, delete the /opencms prefix
RewriteCond %{REQUEST_URI} ^/opencms/resources/.*$
RewriteRule ^/opencms/(.*)$ /$1
# Finally, forward the request to mod_jk
JkMount /* ocms
</VirtualHost>
Files attached:
- tomcat.sh (start/stop-script)
----------------------------------------
tomcat.sh
(3961 bytes)
(Download Count: 47)
(Start-,Stop-,Debug-Script)
|
