You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2007/06/28 11:05:01 UTC
svn commit: r551511 - in /lenya/docu/src/documentation/content/xdocs:
docs/1_4/tutorials/mod_proxy_ajp.xml docs/1_4/tutorials/proxy.xml site.xml
Author: andreas
Date: Thu Jun 28 02:05:00 2007
New Revision: 551511
URL: http://svn.apache.org/viewvc?view=rev&rev=551511
Log:
Enhanced mod_proxy docs, added mod_proxy_ajp docs
Added:
lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/mod_proxy_ajp.xml
Modified:
lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/proxy.xml
lenya/docu/src/documentation/content/xdocs/site.xml
Added: lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/mod_proxy_ajp.xml
URL: http://svn.apache.org/viewvc/lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/mod_proxy_ajp.xml?view=auto&rev=551511
==============================================================================
--- lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/mod_proxy_ajp.xml (added)
+++ lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/mod_proxy_ajp.xml Thu Jun 28 02:05:00 2007
@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 1999-2006 The Apache Software Foundation
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- $Id: metadata.xml 55543 2004-10-26 00:14:59Z gregor $ -->
+<!DOCTYPE document PUBLIC "-//APACHE//DTD Documentation V2.0//EN"
+ "http://forrest.apache.org/dtd/document-v20.dtd">
+<document>
+ <header>
+ <title>Running Lenya Behind Apache with mod_proxy_ajp</title>
+ </header>
+ <body>
+
+ <section>
+ <title>Introduction</title>
+
+ <p>
+ This tutorial aims at getting you started with a proxy environment.
+ We're using Apache HTTPD 2.2 with the <em>mod_proxy_ajp</em> module, which is
+ included in the Apache distribution. You'll find a lot of documentation on the
+ eb how to set up the web server on your machine.
+ </p>
+ <p>
+ Our goal is to run two virtual servers on your local machine:
+ </p>
+ <ul>
+ <li><em>cms.example.com</em> - the authoring environment of your publication</li>
+ <li><em>www.example.com</em> - the actual live site</li>
+ </ul>
+ <p>
+ Your administrators, editors etc. will use the URL <em>http://cms.example.com</em>
+ to connect to the authoring environment. We'll require an SSL connection for the
+ login usecase. Once you have established an SSL connection, your connection will
+ stay encrypted.
+ </p>
+ </section>
+
+ <section>
+ <title>Declaring the Hosts</title>
+ <p>
+ To tell your system that the <em>example.com</em> domains run on your local machine,
+ open your <code>hosts</code> file, usually located at <code>/etc/hosts</code>,
+ and add the following lines:
+ </p>
+ <source xml:space="preserve"><![CDATA[127.0.0.1 cms.example.com
+127.0.0.1 www.example.com]]></source>
+ </section>
+
+ <section>
+ <title>Configuring the AJP Connector in Tomcat</title>
+ <p>
+ The file <code>$TOMCAT_HOME/conf/server.xml</code> contains an AJP 1.3 connector on
+ port 8009 by default:
+ </p>
+ <source xml:space="preserve"><![CDATA[<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3"/>]]></source>
+ <p>
+ If the connector is not present, you have to add it.
+ </p>
+ </section>
+
+ <section>
+ <title>Configuring the Apache Web Server</title>
+ <p>
+ Now we'll declare the virtual hosts for the Apache web server. This is done in
+ a file called <code>httpd-vhosts.conf</code>. On Mac OS X, it is located in the directory
+ <code>/opt/local/apache2/conf/extra</code>. The contents of the file should
+ look like this:
+ </p>
+ <source xml:space="preserve"><![CDATA[NameVirtualHost *:80
+NameVirtualHost *:443
+
+# This is the non-SSL host for the authoring area.
+<VirtualHost *:80>
+ ServerAdmin webmaster@cms.example.com
+ ServerName cms.example.com
+ ServerAlias cms
+
+ ProxyRequests Off
+
+ RewriteEngine On
+ RewriteLog /home/john/src/www/logs/cms.example.com-rewrite_log
+ RewriteLogLevel 4
+
+ # Redirect the login usecase to https
+ RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
+ RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
+
+ <Location /lenya/>
+ ProxyPass ajp://localhost:8009/lenya/
+ ProxyPassReverse http://cms.example.com/lenya/
+ </Location>
+
+ <Location /modules/>
+ ProxyPass ajp://localhost:8009/modules/
+ ProxyPassReverse http://cms.example.com/modules/
+ </Location>
+
+ <Location /default/modules/>
+ ProxyPass ajp://localhost:8009/default/modules/
+ ProxyPassReverse http://cms.example.com/default/modules/
+ </Location>
+
+ <Location />
+ ProxyPass ajp://localhost:8009/default/authoring/
+ ProxyPassReverse http://cms.example.com/default/authoring/
+ </Location>
+
+ ErrorLog /home/john/src/www/logs/cms.example.com-error_log
+ CustomLog /home/john/src/www/logs/cms.example.com-access_log common
+</VirtualHost>
+
+# This is the SSL host for the authoring area.
+<VirtualHost *:443>
+ ServerName cms.example.com
+ ServerAlias cms
+
+ ProxyRequests Off
+
+ SSLEngine On
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLCertificateFile /home/john/pki/server.crt
+ SSLCertificateKeyFile /home/john/pki/server.key
+
+ <Location /lenya/>
+ ProxyPass ajp://localhost:8009/lenya/
+ ProxyPassReverse https://cms.example.com/lenya/
+ </Location>
+
+ <Location /modules/>
+ ProxyPass ajp://localhost:8009/modules/
+ ProxyPassReverse https://cms.example.com/modules/
+ </Location>
+
+ <Location /default/modules/>
+ ProxyPass ajp://localhost:8009/default/modules/
+ ProxyPassReverse https://cms.example.com/default/modules/
+ </Location>
+
+ <Location />
+ ProxyPass ajp://localhost:8009/default/authoring/
+ ProxyPassReverse https://cms.example.com/default/authoring/
+ </Location>
+
+ ErrorLog /home/john/src/www/logs/ssl.cms.example.com-error_log
+ CustomLog /home/john/src/www/logs/ssl.cms.example.com-access_log common
+
+</VirtualHost>
+
+# This is the non-SSL host for the live area.
+<VirtualHost *:80>
+ ServerAdmin webmaster@www.example.com
+ ServerName www.example.com
+ ServerAlias www
+
+ ProxyRequests Off
+
+ <Location />
+ ProxyPass ajp://localhost:8009/default/live/
+ ProxyPassReverse http://www.example.com/default/live/
+ </Location>
+
+ ErrorLog /home/john/src/www/logs/www.example.com-error_log
+ CustomLog /home/john/src/www/logs/www.example.com-access_log common
+</VirtualHost>]]></source>
+
+ <note>
+ You'll certainly run into cookie problems when using a non-empty context path
+ instead of running Lenya in the root context.
+ This causes errors like "The session doesn't contain the identity.".
+ You'll have to add some code to manipulate the cookies. If you need this functionality,
+ please send a mail to the developers list or file an enhancement bug.
+ </note>
+ <p>
+ The Apache web server can now be restarted using
+ </p>
+ <source xml:space="preserve">$ sudo apachectl restart</source>
+ </section>
+
+ <section>
+ <title>Configuring the Publication for Proxying</title>
+ <p>
+ When you use a proxy, Lenya has to convert all internal links accordingly.
+ Therefore you have to tell the publication about the proxy configuration.
+ Open the file <code>pubs/default/config/publication.xml</code> and uncomment
+ and modify the <code><![CDATA[<proxies/]]></code> section:
+ </p>
+ <source xml:space="preserve"><![CDATA[<proxies ssl="false" root="http://lenya.example.com">
+ <proxy ssl="false" area="authoring" url="http://cms.example.com"/>
+ <proxy ssl="false" area="live" url="http://www.example.com"/>
+</proxies>
+
+<proxies ssl="true" root="https://lenya.example.com">
+ <proxy ssl="true" area="authoring" url="https://cms.example.com"/>
+ <proxy ssl="true" area="live" url="https://www.example.com"/>
+</proxies>
+ ]]></source>
+ <p>
+ After re-deploying the publication and restarting your servlet container,
+ you should be able to access the
+ authoring environment of the default publication at the URL
+ <a href="http://cms.example.com/">http://cms.example.com/</a>.
+ </p>
+ </section>
+
+ </body>
+</document>
\ No newline at end of file
Modified: lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/proxy.xml
URL: http://svn.apache.org/viewvc/lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/proxy.xml?view=diff&rev=551511&r1=551510&r2=551511
==============================================================================
--- lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/proxy.xml (original)
+++ lenya/docu/src/documentation/content/xdocs/docs/1_4/tutorials/proxy.xml Thu Jun 28 02:05:00 2007
@@ -19,7 +19,7 @@
"http://forrest.apache.org/dtd/document-v20.dtd">
<document>
<header>
- <title>Running Lenya Behind a Proxy Server</title>
+ <title>Running Lenya Behind Apache with mod_proxy</title>
</header>
<body>
@@ -33,17 +33,17 @@
machine.
</p>
<p>
- Our goal is to run three virtual servers on your local machine:
+ Our goal is to run two virtual servers on your local machine:
</p>
<ul>
<li><em>cms.example.com</em> - the authoring environment of your publication</li>
<li><em>www.example.com</em> - the actual live site</li>
- <li><em>lenya.example.com</em> - server for shared resources (Lenya CSS, modules etc.)</li>
</ul>
<p>
Your administrators, editors etc. will use the URL <em>http://cms.example.com</em>
- to connect to the authoring environment. For the sake of simplicity we'll use
- the default publication in our example, and we won't cover SSL encryption yet.
+ to connect to the authoring environment. We'll require an SSL connection for the
+ login usecase. Once you have established an SSL connection, your connection will
+ stay encrypted.
</p>
</section>
@@ -55,8 +55,7 @@
and add the following lines:
</p>
<source xml:space="preserve"><![CDATA[127.0.0.1 cms.example.com
-127.0.0.1 www.example.com
-127.0.0.1 lenya.example.com]]></source>
+127.0.0.1 www.example.com]]></source>
</section>
<section>
@@ -68,50 +67,82 @@
contents of the file should look like this:
</p>
<source xml:space="preserve"><![CDATA[NameVirtualHost *:80
+NameVirtualHost *:443
+# This is the non-SSL host for the authoring area.
<VirtualHost *:80>
ServerAdmin webmaster@cms.example.com
ServerName cms.example.com
ServerAlias cms
+
+ # Turn proxy requests off for security reasons
ProxyRequests Off
+
RewriteEngine On
- RewriteLog /Users/john/src/www/logs/cms.example.com-rewrite_log
+ RewriteLog /home/john/src/www/logs/cms.example.com-rewrite_log
RewriteLogLevel 4
- RewriteRule ^/([^/\.]+)$ $1/ [R]
+
+ # First we match everything which is not mapped to /default/authoring
+ RewriteRule ^/lenya/(.*) http://cms.example.com:8888/lenya/$1 [P,L]
+ RewriteRule ^/modules/(.*) http://cms.example.com.com:8888/modules/$1 [P,L]
+ RewriteRule ^/default/modules/(.*) http://cms.example.com:8888/default/modules/$1 [P,L]
+
+ # Redirect the login usecase to https
+ RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
+ RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
+
+ # Forward the authoring area to the proxy
RewriteRule ^/(.*) http://cms.example.com:8888/default/authoring/$1 [P,L]
ProxyPassReverse / http://cms.example.com:8888/default/authoring/
- ErrorLog /Users/john/src/www/logs/cms.example.com-error_log
- CustomLog /Users/john/src/www/logs/cms.example.com-access_log common
+
+ ErrorLog /home/john/src/www/logs/cms.example.com-error_log
+ CustomLog /home/john/src/www/logs/cms.example.com-access_log common
</VirtualHost>
+# This is the SSL host for the authoring area.
+<VirtualHost *:443>
+ ServerAdmin webmaster@cms.example.com
+ ServerName cms.example.com
+ ServerAlias cms
+
+ SSLEngine On
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLCertificateFile /home/john/pki/server.crt
+ SSLCertificateKeyFile /home/john/pki/server.key
+
+ ProxyRequests Off
+ RewriteEngine On
+ RewriteLog /home/john/src/www/logs/cms.example.com-rewrite_log
+ RewriteLogLevel 4
+
+ RewriteRule ^/lenya/(.*) http://cms.example.com:8888/lenya/$1 [P,L]
+ RewriteRule ^/modules/(.*) http://cms.example.com.com:8888/modules/$1 [P,L]
+ RewriteRule ^/default/modules/(.*) http://cms.example.com:8888/default/modules/$1 [P,L]
+
+ RewriteRule ^/(.*) http://cms.example.com:8888/default/authoring/$1 [P,L]
+ ProxyPassReverse / http://cms.example.com:8888/default/authoring/
+
+ ErrorLog /home/john/src/www/logs/cms.example.com-error_log
+ CustomLog /home/john/src/www/logs/cms.example.com-access_log common
+</VirtualHost>
+
+# This is the non-SSL host for the live area.
<VirtualHost *:80>
ServerAdmin webmaster@www.example.com
ServerName www.example.com
ServerAlias lenya
+
ProxyRequests Off
RewriteEngine On
RewriteLog /Users/john/src/www/logs/www.example.com-rewrite_log
RewriteLogLevel 4
+
RewriteRule ^/([^/\.]+)$ $1/ [R]
RewriteRule ^/(.*) http://www.example.com:8888/default/live/$1 [P,L]
ProxyPassReverse / http://www.example.com:8888/default/live/
+
ErrorLog /Users/john/src/www/logs/www.example.com-error_log
CustomLog /Users/john/src/www/logs/www.example.com-access_log common
-</VirtualHost>
-
-<VirtualHost *:80>
- ServerAdmin webmaster@lenya.example.com
- ServerName lenya.example.com
- ServerAlias lenya
- ProxyRequests Off
- RewriteEngine On
- RewriteLog /Users/john/src/www/logs/lenya.example.com-rewrite_log
- RewriteLogLevel 4
- RewriteRule ^/([^/\.]+)$ $1/ [R]
- RewriteRule ^/(.*) http://lenya.example.com:8888/$1 [P,L]
- ProxyPassReverse / http://lenya.example.com:8888/
- ErrorLog /Users/john/src/www/logs/lenya.example.com-error_log
- CustomLog /Users/john/src/www/logs/lenya.example.com-access_log common
</VirtualHost>]]></source>
<p>
@@ -127,6 +158,14 @@
You'll have to add some code to manipulate the cookies. If you need this functionality,
please send a mail to the developers list or file an enhancement bug.
</note>
+ <note>
+ With this setup, your browser might show error messages like "You have requested an
+ encrypted page that contains some unencrypted information" when accessing a page
+ with the <code>https</code> protocol. This is because Apache always connects to Lenya
+ with the <code>http</code> protocol, so Lenya doesn't know that it should use <code>https</code>
+ links to include images etc. on this page. This problem won't occur if you use the
+ <a href="site:mod_proxy_ajp">mod_proxy_ajp</a> approach.
+ </note>
<p>
The Apache web server can now be restarted using
</p>
@@ -144,6 +183,8 @@
<source xml:space="preserve"><![CDATA[<proxies ssl="false" root="http://lenya.example.com">
<proxy ssl="false" area="authoring" url="http://cms.example.com"/>
<proxy ssl="false" area="live" url="http://www.example.com"/>
+ <proxy ssl="true" area="authoring" url="https://cms.example.com"/>
+ <proxy ssl="true" area="live" url="https://www.example.com"/>
</proxies>
]]></source>
<p>
Modified: lenya/docu/src/documentation/content/xdocs/site.xml
URL: http://svn.apache.org/viewvc/lenya/docu/src/documentation/content/xdocs/site.xml?view=diff&rev=551511&r1=551510&r2=551511
==============================================================================
--- lenya/docu/src/documentation/content/xdocs/site.xml (original)
+++ lenya/docu/src/documentation/content/xdocs/site.xml Thu Jun 28 02:05:00 2007
@@ -145,8 +145,10 @@
<newResourceTypePart5 href="part5.html" label="Editing (BXE)"/>
</newResourceType>
<setupide href="setupide/index.html" label="Setting up Eclipse"/>
- <proxy href="proxy.html" label="Setting up a Proxy"/>
- <tests href="tests.html" label="Writing Tests"/>
+ <proxy label="Proxying">
+ <proxy href="proxy.html" label="mod_proxy"/>
+ <mod_proxy_ajp href="mod_proxy_ajp.html" label="mod_proxy_ajp"/>
+ </proxy>
<bestpractises href="bestpractises.html" label="Best Practises"/>
<production-checklist href="production.html" label="Production Checklist"/>
</tutorials>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org