Improved we-retail filter and dispatcher-mount script (#17)

* improved we-retail filters

* Linking enable* files in dispatcher-mount + dedicated domain name for we-retail

* add we-retail to /etc/hosts

* Fix: Publish farm not copied properly in dispatcher-mount

* allow flushing from localhost

Author: ackoch

.gitignore

@@ -1,5 +1,14 @@
-
+.DS_Store
 /.idea/
-logs/
 *.iml
-.DS_Store
+
+# do not check in files generated by dispatcher-mount
+logs/
+cache/
+**/enabled_vhosts
+**/enabled_farms
+
+# do not check in samples 
+**/conf.d/available_vhosts/weretail.vhost
+**/conf.dispatcher.d/filters/weretail_filters.any
+**/conf.dispatcher.d/available_farms/weretail_publish_farm.any

Dockerfile

@@ -16,7 +16,7 @@
 FROM --platform=$TARGETPLATFORM centos:7
 
 # Install HTTPD
-RUN yum -y update && yum -y install httpd mod_ssl procps haproxy iputils tree telnet && yum clean all
+RUN yum -y update && yum -y install httpd mod_ssl procps haproxy iputils tree telnet less && yum clean all
 
 # Remove default CentOS config
 RUN rm -rf /etc/httpd/conf/* && rm -rf /etc/httpd/conf.d/* && rm -rf /etc/httpd/conf.modules.d/*
@@ -26,6 +26,7 @@ COPY ams/2.6/etc/httpd /etc/httpd
 # Setup sample configs
 COPY sample/weretail_filters.any /etc/httpd/conf.dispatcher.d/filters/weretail_filters.any
 COPY sample/weretail_publish_farm.any /etc/httpd/conf.dispatcher.d/available_farms/100_weretail_publish_farm.any
+COPY sample/weretail.vhost /etc/httpd/conf.d/available_vhosts/
 
 # Copy haproxy config
 COPY haproxy/haproxy.cfg /etc/haproxy

README.md

@@ -70,7 +70,7 @@ CONTAINER ID   IMAGE        COMMAND                  CREATED              STATUS
 ## Testing your AEM installation
 
 The dispatcher maps `publish.docker.local` to the local publisher instance on port 4503. 
-Run the publisher and navigate to [http://publish.docker.local/content/we-retail/language-masters/en.html](http://publish.docker.local/content/we-retail/language-masters/en.html)
+Run the publisher and navigate to [http://we-retail.docker.local/content/we-retail/language-masters/en.html](http://we-retail.docker.local/content/we-retail/language-masters/en.html)
 
 ## Adapting your localhost
 
@@ -90,6 +90,7 @@ The Dispatcher connects to the Author and Publisher through `host.docker.interna
 $ cat /etc/hosts | grep docker.local
 127.0.0.1 author.docker.local
 127.0.0.1 publish.docker.local
+127.0.0.1 we-retail.docker.local
 127.0.0.1 host.docker.internal
 ```
 

ams/2.6/etc/httpd/conf.dispatcher.d/available_farms/100_weretail_publish_farm.any

@@ -0,0 +1,115 @@
+/weretail-publishfarm {  
+	## client headers which should be passed through to the render instances
+	## (feature supported since dispatcher build 2.6.3.5222)
+	/clientheaders {
+		$include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any"
+		$include "/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any"
+	}
+	## hostname globbing for farm selection (virtual domain addressing)
+	/virtualhosts {
+		we-retail
+		we-retail.docker.local
+	}
+	## the load will be balanced among these render instances
+	/renders {
+		$include "/etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any"
+	}
+	## only handle the requests in the following acl. default is 'none'
+	## the glob pattern is matched against the first request line
+	/filter {
+		$include "/etc/httpd/conf.dispatcher.d/filters/weretail_filters.any"
+	}
+	## if the package is installed on publishers to generate a list of all content with a vanityurl attached
+	## this section will auto-allow the items to bypass the normal dispatcher filters
+	## Reference: https://docs.adobe.com/docs/en/dispatcher/disp-config.html#Enabling%20Access%20to%20Vanity%20URLs%20-%20/vanity_urls
+	#/vanity_urls {
+	#	/url    "/libs/granite/dispatcher/content/vanityUrls.html"
+	#	/file   "/tmp/vanity_urls"
+	#	/delay  300
+	#}
+	## allow propagation of replication posts (should seldomly be used)
+	/propagateSyndPost "0"
+	## the cache is used to store requests from the renders for faster delivery
+	## for a second time.
+	/cache {
+		## The cacheroot must be equal to the document root of the webserver
+		/docroot "${PUBLISH_DOCROOT}"
+		## sets the level upto which files named ".stat" will be created in the 
+		## document root of the webserver. when an activation request for some 
+		## handle is received, only files within the same subtree are affected 
+		## by the invalidation.
+		/statfileslevel "${DEFAULT_STAT_LEVEL}"
+		## caches also authorized data
+		/allowAuthorized "0"
+		## Flag indicating whether the dispatcher should serve stale content if
+		## no remote server is available.
+		/serveStaleOnError "1"
+		## the rules define, which pages should be cached. please note that
+		## - only GET requests are cached
+		## - only requests with an extension are cached
+		## - only requests without query parameters ( ? ) are cached
+		## - only unauthorized pages are cached unless allowUnauthorized is set to 1
+		/rules {
+			$include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any"
+		}
+		# the invalidate section defines those pages which are 'invalidated' after
+		# any activation. please note that, the activated page itself and all 
+		# related documents are flushed on an modification. for example: if the 
+		# page /foo/bar is activated, all /foo/bar.* files are removed from the
+		# cache.
+		/invalidate {
+			/0000 {
+				/glob "*"
+				/type "deny"
+			}
+			/0001 {
+				/glob "*.html"
+				/type "allow"
+			}
+		}
+		/allowedClients {
+			## By default block all IP from allowing to initiate the invalidation commands
+			/0000 {
+				/glob "*.*.*.*"
+				/type "deny"
+			}
+			## Allow certain IP's like publishers to invalidate cache
+			$include "/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any"
+		}
+		## Cache response headers next to a cached file. On the first request to
+		## an uncached resource, all headers matching one of the values found here
+		## are stored in a separate file, next to the cache file. On subsequent
+		## requests to the cached resource, the stored headers are added to the
+		## response.
+		## Note, that file globbing characters are not allowed here.
+		/headers {
+			"Cache-Control"
+			"Content-Disposition"
+			"Content-Type"
+			"Expires"
+			"Last-Modified"
+			"X-Content-Type-Options"
+		}
+		## By default we want to cache every page regardless if it has a query parameter.
+		## For pages that render html differently based on the query parameters 
+		## please add entries to deny the caching of those query parameters in this section
+		/ignoreUrlParams {
+			/0001 { /glob "*" /type "allow" }
+		}
+
+		# A grace period defines the number of seconds a stale, auto-invalidated
+		# resource may still be served from the cache after the last activation
+		# occurring. Auto-invalidated resources are invalidated by any activation,
+		# when their path matches the /invalidate section above. This setting
+		# can be used in a setup, where a batch of activations would otherwise
+		# repeatedly invalidate the entire cache.
+		/gracePeriod "2"
+
+		## Enable TTL evaluates the response headers from the backend, and if they
+		## contain a Cache-Control max-age or Expires date, an auxiliary, empty file
+		## next to the cache file is created, with modification time equal to the
+		## expiry date. When the cache file is requested past the modification time
+		## it is automatically re-requested from the backend.
+		# /enableTTL "1"
+	}
+}

ams/2.6/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any

@@ -7,3 +7,7 @@
 	/glob "${PUBLISH_IP}"
 	/type "allow"
 }
+/02 {
+	/glob "127.0.0.1"
+	/type "allow"
+}

dispatcher-kill

@@ -1,3 +1,3 @@
 #!/bin/sh
 
-docker kill dispatcher
+docker kill mydispatcher

dispatcher-login

@@ -1,3 +1,3 @@
 #!/bin/sh
 
-docker exec -it dispatcher /bin/bash
+docker exec -it mydispatcher /bin/bash

dispatcher-mount

@@ -18,10 +18,41 @@ mkdir cache 2> /dev/null
 
 echo ""
 echo "Starting dispatcher, mounting local configuration from ./$VERSION/$PATH_TO_CONF ..."
-echo " Open your browser at http://publish.docker.local/content/we-retail/us/en.html  
+echo " Open your browser at http://publish.docker.local/content/we-retail/us/en.html "
 echo " **** Press Ctrl-C to stop **** "
 echo ""
 
+# copy sample we-retail files
+cp sample/weretail.vhost             $VERSION/etc/httpd/conf.d/available_vhosts
+cp sample/weretail_publish_farm.any  $VERSION/etc/httpd/conf.dispatcher.d/available_farms/100_weretail_publish_farm.any
+cp sample/weretail_filters.any       $VERSION/etc/httpd/conf.dispatcher.d/filters
+
+#create and link up default enabled vhosts
+if [ ! -d $VERSION/etc/httpd/conf.d/enabled_vhosts ]; then
+  mkdir $VERSION/etc/httpd/conf.d/enabled_vhosts
+fi
+
+ln -Fs ../available_vhosts/aem_author.vhost       $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_author.vhost
+ln -Fs ../available_vhosts/aem_flush_author.vhost $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_flush_author.vhost
+ln -Fs ../available_vhosts/aem_publish.vhost      $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_publish.vhost
+ln -Fs ../available_vhosts/aem_flush.vhost        $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_flush.vhost
+ln -Fs ../available_vhosts/aem_health.vhost       $VERSION/etc/httpd/conf.d/enabled_vhosts/aem_health.vhost
+ln -Fs ../available_vhosts/weretail.vhost         $VERSION/etc/httpd/conf.d/enabled_vhosts/weretail.vhost
+
+#create and link up default enabled farms
+if [ ! -d $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms ]; then
+  mkdir $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms
+fi
+ln -Fs ../available_farms/000_ams_catchall_farm.any         $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/000_ams_catchall_farm.any
+ln -Fs ../available_farms/001_ams_author_flush_farm.any     $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/001_ams_author_flush_farm.any
+ln -Fs ../available_farms/001_ams_publish_flush_farm.any    $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/001_ams_publish_flush_farm.any
+ln -Fs ../available_farms/002_ams_author_farm.any           $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/002_ams_author_farm.any
+ln -Fs ../available_farms/002_ams_publish_farm.any          $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/002_ams_publish_farm.any
+
+#set up sample configs
+ln -Fs ../available_farms/100_weretail_publish_farm.any     $VERSION/etc/httpd/conf.dispatcher.d/enabled_farms/100_weretail_publish_farm.any
+
+
 docker run -p 80:8080 -p 443:8443 -it --rm  \
   --mount type=bind,src=$(pwd)/$VERSION/$PATH_TO_CONF/conf,dst=/etc/httpd/conf,readonly=true \
   --mount type=bind,src=$(pwd)/$VERSION/$PATH_TO_CONF/conf.d,dst=/etc/httpd/conf.d,readonly=true \
@@ -33,4 +64,3 @@ docker run -p 80:8080 -p 443:8443 -it --rm  \
   --env-file scripts/env.sh \
   --name mydispatcher dispatcher | cat
 
-

dispatcher-remote

@@ -1,3 +1,3 @@
 #!/bin/sh
 
-docker run -p 80:8080 -p 443:8443 -itd --rm --name dispatcher --env-file scripts/env.sh dispatcher
+docker run -p 80:8080 -p 443:8443 -itd --rm --name mydispatcher --env-file scripts/env.sh dispatcher

sample/weretail.vhost

@@ -0,0 +1,71 @@
+## Collect any enviromental variables that are set in /etc/sysconfig/httpd
+## Collect the dispatchers number
+PassEnv DISP_ID
+
+<VirtualHost *:80>
+        ## allowing slashes in the URL to be encoded and still honored
+        AllowEncodedSlashes On
+	ServerName	we-retail
+	## Put names of which domains are used for your published site/content here
+	ServerAlias	we-retail.docker.local
+
+
+	## Use a doc root that matches what's in the /etc/httpd/conf/publish-farm.any
+	DocumentRoot	${PUBLISH_DOCROOT}
+	## Add header breadcrumbs for help in troubleshooting
+	<IfModule mod_headers.c>
+			Header always add X-Dispatcher ${DISP_ID}
+			Header always add X-Vhost "publish"
+			Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'"
+			Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'"
+		#### Make sure proxies don't deliver the wrong content
+		Header append Vary User-Agent env=!dont-vary
+		    ## Force SSL for author
+		    ## Add HSTS for avoiding man in the middle during browser redirect to SSL
+		    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
+	</IfModule>
+	<Directory />
+		## Update /etc/sysconfig/httpd with setting the PUBLISH_WHITELIST_ENABLED from 0 or 1 to enable or disable ip restriction rules
+		<If "${PUBLISH_WHITELIST_ENABLED} == 1">
+			Include /etc/httpd/conf.d/whitelists/*_whitelist.rules
+		</If>
+		<IfModule disp_apache2.c>
+			## Some items cache with the wrong mime type
+			## Use this option to use the name to auto-detect mime types when cached improperly
+			ModMimeUsePathInfo On
+			## Use this option to avoid cache poisioning
+			## Sling will return /content/image.jpg as well as /content/image.jpg/ but apache can't search /content/image.jpg/ as a file
+			## Apache will treat that like a directory.  This assures the last slash is never stored in cache
+			DirectorySlash Off
+			## Enable the dispatcher file handler for apache to fetch files from AEM
+			SetHandler dispatcher-handler
+		</IfModule>
+		Options FollowSymLinks
+		AllowOverride None
+		#### Insert filter
+		SetOutputFilter DEFLATE
+		#### Don't compress images
+		SetEnvIfNoCase Request_URI \
+		\.(?:gif|jpe?g|png)$ no-gzip dont-vary
+	</Directory>
+	<Directory "${PUBLISH_DOCROOT}">
+		AllowOverride None
+		Require all granted
+	</Directory>
+	<IfModule disp_apache2.c>
+		## Enabled to allow rewrites to take affect and not be ignored by the dispatcher module
+		DispatcherUseProcessedURL	1
+		## Default setting to allow all errors to come from the aem instance
+		DispatcherPassError		0
+	</IfModule>
+	<IfModule mod_rewrite.c>
+		ReWriteEngine	on
+		LogLevel warn rewrite:info
+		##Global rewrite include
+		Include /etc/httpd/conf.d/rewrites/base_rewrite.rules
+		## Update /etc/sysconfig/httpd with setting the PUBLISH_FORCE_SSL from 0 or 1 to enable or disable enforcing SSL
+		<If "${PUBLISH_FORCE_SSL} == 1">
+			Include /etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules
+		</If>
+	</IfModule>
+</VirtualHost>