...
Code Block | ||
---|---|---|
| ||
<VirtualHost *:80>
ServerName www.mywebsite.com
DocumentRoot "/vol/www/mywebsite/web-docs/"
ErrorLog logs/www.mywebsite.com_error.log
CustomLog logs/www.mywebsite.com_custom.log common
<Directory "/vol/www/mywebsite/web-docs/">
Options +FollowSymLinks +includesnoexec
AllowOverride All
Require all granted
</Directory>
ProxyPass /web/ ajp://localhost:8009/web/ ttl=600
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/web/
RewriteRule ^/(.*)\.htm$ /web/$1.htm [PT,L] //xperiencentral versions r35 and lower
RewriteRule ^/(.*)\.htm$ /web/seo/$1.htm [PT,L] //xperiencentral versions r36 and higher
</IfModule>
</VirtualHost>
|
...
Code Block | ||
---|---|---|
| ||
<VirtualHost *:80> ServerName edit.mywebsite.com DocumentRoot "/vol/www/mywebsite/web-docs/" ErrorLog logs/edit.mywebsite.com_error.log CustomLog logs/edit.mywebsite.com_custom.log common <Directory "/vol/www/mywebsite/web-docs/"> Options +FollowSymLinks +includesnoexec AllowOverride All Require all granted </Directory> <Directory "/vol/www/mywebsite/web-docs/wm/b/"> ExpiresActive ON ExpiresDefault "now plus 10 minutes" Header set Cache-Control "max-age=600" </Directory> ProxyPass /web/ ajp://localhost:8009/web/ ttl=600 <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_URI} !^/web/ RewriteRule ^/(.*)\.htm$ /web/ $1.htm [PT,L] //xperiencentral versions r35 and lower RewriteRule ^/(.*)\.htm$ /web/seo/$1.htm [PPT,L] //xperiencentral versions r36 and higher < </IfModule> </VirtualHost> |
...
Code Block | ||
---|---|---|
| ||
<VirtualHost *:80> ServerName www.mywebsite.com DocumentRoot "/vol/www/mywebsite/web-docs/" ErrorLog logs/www.mywebsite.com_error.log CustomLog logs/www.mywebsite.com_custom.log common <Directory "/vol/www/mywebsite/web-docs/"> Options +FollowSymLinks +includesnoexec AllowOverride All Require all granted </Directory> ProxyPass /web/ ajp://localhost:8009/web/ ttl=600 <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_URI} !^RewriteRule ^/(.*)\.htm$ /web/ $1.htm [PT,L] //xperiencentral versions r35 and lower RewriteRule ^/(.*)\.htm$ /web/seo/$1.htm [PT,L] //xperiencentral versions r36 and higher < </IfModule> # Rewrite external requests to https <IfModule mod_rewrite.c> RewriteEngine On LogLevel emerg RewriteCond %{HTTPS} off RewriteCond %{REMOTE_HOST} !###\###\###\###$ (substitute the #s with the IP address of the backend server) RewriteCond %{REMOTE_HOST} !127\.0\.0\.1$ RewriteCond %{REMOTE_HOST} !localhost$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] RewriteRule ^/wm.* - [L] RewriteCond %{REQUEST_URI} !^/web/ RewriteRule ^/(.*)\.htm$ /web/$1.htm [PT,L] //xperiencentral versions r35 and lower RewriteRule ^/(.*)\.htm$ /web/seo/$1.htm [PT,L] //xperiencentral versions r36 and higher < </IfModule> </VirtualHost> |
...
Code Block | ||
---|---|---|
| ||
<VirtualHost *:80> ServerName www.mywebsite.com DocumentRoot "/vol/www/mywebsite/web-docs/" ErrorLog logs/www.mywebsite.com_error.log CustomLog logs/www.mywebsite.com_custom.log common <Directory "/vol/www/mywebsite/web-docs/"> Options +FollowSymLinks +includesnoexec AllowOverride All Require all granted </Directory> ProxyPass /web/ ajp://localhost:8009/web/ ttl=600 <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_URI} !^/web/ RewriteRule ^/(.*)\.htm$ /web/$1.htm [PT,L] //xperiencentral versions </IfModule> # Rewrite external r35 and lower RewriteRule ^/(.*)\.htm$ /web/seo/$1.htm [PT,L] //xperiencentral versions r36 and higher </IfModule> # Rewrite external requests to https <IfModule mod_rewrite.c> RewriteEngine On LogLevel emerg RewriteCond %{HTTPS} off RewriteCond %{REMOTE_HOST} !###\###\###\###$ (substitute the #s with the IP address of the frontend server) RewriteCond %{REMOTE_HOST} !127\.0\.0\.1$ RewriteCond %{REMOTE_HOST} !localhost$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] RewriteCond %{REQUEST_URI} !^/web/ RewriteRule ^/(.*)\.htm$ /web/$1.htm [PT,L] //xperiencentral versions r35 and lower RewriteRule ^/(.*)\.htm$ /web/seo/$1.htm [PT,L] //xperiencentral versions r36 and higher < </IfModule> </VirtualHost> |
...
Code Block | ||
---|---|---|
| ||
<VirtualHost *:443> ServerName <server name> ServerAdmin <admin e-mail address> DocumentRoot /vol/webmanager/webmanager-webapps/webmanager-static-webapp/target/webmanager-static-webapp-10.x.x ErrorLog /vol/httpd/logs/errors-edit-ssl CustomLog /vol//httpd/logs/access-edit-ssl combined ############# # SSL SSLEngine On SSLProxyEngine On SSLProtocol +TLSv1 ## See https://mozilla.github.io/server-side-tls/ssl-config-generator ## for information on other rules you should add here for the version ## of Apache you are using. SSLCertificateFile /vol/httpd/ssl/nolaa.crt SSLCertificateKeyFile /vol/httpd/ssl/nolaa.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 # CustomLog /vol/www/server/logs/ssl/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <Directory /vol/webmanager/webmanager-webapps/webmanager-static-webapp/target/webmanager-static-webapp-10.x.x> Options +FollowSymLinks +includesnoexec AllowOverride All Require all granted </Directory> <Directory /vol/webmanager/webmanager-webapps/webmanager-static-webapp/target/webmanager-static-webapp-10.x.x/wm/b/toolbar/> ExpiresActive ON ExpiresDefault "now plus 10 minutes" Header set Cache-Control "max-age=600" </Directory> <Directory /vol/webmanager/webmanager-webapps/webmanager-static-webapp/target/webmanager-static-webapp-10.x.x/wm/b/domapi/> ExpiresActive ON ExpiresDefault "now plus 10 minutes" Header set Cache-Control "max-age=600" </Directory> ProxyPass /web/ ajp://localhost:19200/web/ttl=600 ProxyPassReverse /web/ ajp://localhost:19200/web/ <IfModule mod_rewrite.c> RewriteEngine On RewriteLogLevel 0 RewriteCond %{REQUEST_URI} !^/web/ RewriteRule ^/(.*)\.htm$ /web/$1.htm [PT,L] //xperiencentral versions r35 and lower RewriteRule ^/(.*)\.htm$ /web/seo/$1.htm [PPT,L] < //xperiencentral versions r36 and higher </IfModule> Alias /systemlogs /vol/webmanager/apache-tomcat-8.5.31/logs <Location /systemlogs> <IfModule mod_deflate.c> SetOutputFilter DEFLATE </IfModule> AuthUserFile /vol/httpd/htpasswd AuthName "" AuthType Basic Options +Indexes IndexOptions FancyIndexing Order Deny,Allow Allow from all Allow from localhost Allow from <IP address> </Location> ScriptAlias /cgi-bin "/vol/www/server/cgi-bin" </VirtualHost> </IfDefine> |
...
Code Block | ||
---|---|---|
| ||
<VirtualHost *:443> ServerName <server name> ServerAdmin <admin e-mail address> DocumentRoot /vol/webmanager/webmanager-webapps/webmanager-static-webapp/target/webmanager-static-webapp-10.x.x ErrorLog /vol/httpd/logs/errors-frontend-ssl CustomLog /vol/httpd/logs/access-frontend-ssl combined ################# # SSL SSLEngine On SSLProxyEngine On SSLProtocol +TLSv1 ## See https://mozilla.github.io/server-side-tls/ssl-config-generator ## for information on other rules you should add here for the version ## of Apache you are using. SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /vol/httpd/ssl/<certificate>.crt SSLCertificateKeyFile /vol/httpd/ssl/<certificate>.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 ### CustomLog /vol/www/server/logs/ssl/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # Test: Recognize this VirtualHost Alias /systemlogs2 /vol/webmanager/apache-tomcat-8.5.31/logs <Location /systemlogs2> <IfModule mod_deflate.c> SetOutputFilter DEFLATE </IfModule> AuthUserFile /vol/httpd/htpasswd AuthName "" AuthType Basic Options +Indexes IndexOptions FancyIndexing Order Deny,Allow Allow from all Allow from localhost Allow from <IP address> </Location> <Directory /vol/webmanager/webmanager-webapps/webmanager-static-webapp/target/webmanager-static-webapp-10.x.x> Options +FollowSymLinks +includesnoexec AllowOverride All Require all granted </Directory> ProxyPass /web/ajp://localhost:19200/web/ ttl=600 ProxyPassReverse /web/ajp://localhost:19200/web/ <IfModule mod_rewrite.c> RewriteEngine On RewriteLogLevel 0 # Give not found on /web/admin/* on frontend url. RewriteCond %{REQUEST_URI}^/web/admin RewriteRule ^/web/admin - [R=404] RewriteRule ^/(.*)\.htm$ /web/$1.htm [PT,L] //xperiencentral versions r35 and lower RewriteRule ^/(.*)\.htm$ /web/seo/$1.htm [PT,L] //xperiencentral versions r36 RewriteCond %{REQUEST_URI} !^/web/ RewriteRule ^/(.*)\.htm$ /web/$1.htm [P,L] </IfModule> </VirtualHost> and higher </IfModule> </VirtualHost> |
The .htaccess File
The .htaccess file is needed to also set a CSP policy on static assets that are typically served from disk by Apache httpd. Configure the .htaccess file (if your deployment requires it). See https://httpd.apache.org/docs/2.4/howto/htaccess.html for complete information.
Remove Server Header Configuration
...
Note |
---|
If you want to include an additional rule to set the
|
Backend Environment
Add the headers to the backend environment (internal edit environment of XperienCentral) (add in your .conf
file):
...
Note |
---|
If you want to include an additional rule to set the
|
Content-Security-Policy
In order to add extra security to the XperienCentral environment, it is necessary to add the Content-Security-Policy
to the response headers. In the two virtual host (backend and frontend) lists previously mentioned, the header is already added. The value of the header is not a general value, but rather site specific. The value of the Content-Security-Header can be used, but it might block content from the client website be careful when implementing it. There will be a add-on for XperienCentral in the future where the header's value can be generated and altered within XperienCentral itself.
...
Oracle: jdbc:oracle:thin:@mydomain:1521:xe
Disable the Default Welcome Root Web (Undertow) Application
In standalone.xml
, delete the following two lines in the jboss:domain:undertow
subsystem to disable the default welcome content:
...
Enable the AJP Connector
Code Block | ||
---|---|---|
| ||
<server name="default-server"> <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/> <ajp-listener name="ajp" socket-binding="ajp" scheme="http"/> </server> |
Enable the wmadmin Login
In standalone.xml
, add the XperienCentral security domain. This is necessary because the XperienCentral file jboss-web.xml
references the XperienCentral security domain
...