From e88c54b9fff4778bc1fdcfbf9ac51a629ee73219 Mon Sep 17 00:00:00 2001 From: Stefan Seifert Date: Fri, 12 Jan 2024 12:36:26 +0100 Subject: [PATCH 1/2] prepare changelog --- changes.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/changes.xml b/changes.xml index 17ef0ec..ebe2e5f 100644 --- a/changes.xml +++ b/changes.xml @@ -23,6 +23,12 @@ xsi:schemaLocation="http://maven.apache.org/changes/1.0.0 http://maven.apache.org/plugins/maven-changes-plugin/xsd/changes-1.0.0.xsd"> + + + Role aem-dispatcher-cloud: Sync with default dispatcher configuration from Adobe AEM project archetype 40 to 47. + + + Role aem-dispatcher-cloud: Use https in rewriteHomepageRedirect to avoid unnecessary http redirect. From 18b683bf2739d6e80d13a41904e28505c6e05471 Mon Sep 17 00:00:00 2001 From: Stefan Seifert Date: Fri, 12 Jan 2024 12:51:33 +0100 Subject: [PATCH 2/2] latest files from archetype 47 --- changes.xml | 2 +- .../src/conf.d/available_vhosts/default.vhost | 8 +- .../src/conf.d/dispatcher_vhost.conf | 107 +++++++++++++----- .../src/conf.d/includes/.keep | 0 .../src/conf.d/rewrites/default_rewrite.rules | 4 +- .../src/conf.d/rewrites/rewrite.rules | 1 + .../src/conf.d/variables/global.vars | 9 +- .../available_farms/default.farm | 8 +- .../filters/default_filters.any | 5 +- 9 files changed, 97 insertions(+), 47 deletions(-) create mode 100644 conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/includes/.keep diff --git a/changes.xml b/changes.xml index ebe2e5f..f88526c 100644 --- a/changes.xml +++ b/changes.xml @@ -24,7 +24,7 @@ - + Role aem-dispatcher-cloud: Sync with default dispatcher configuration from Adobe AEM project archetype 40 to 47. diff --git a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/available_vhosts/default.vhost b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/available_vhosts/default.vhost index f54fc8c..e284b20 100644 --- a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/available_vhosts/default.vhost +++ b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/available_vhosts/default.vhost @@ -60,12 +60,6 @@ Include conf.d/variables/custom.vars # Rewrite index page internally, pass through (PT) RewriteRule "^(/?)$" "/index.html" [PT] - - # Content Services/Sling Model Exporter: Cache for 5min with background refresh 1h on browser and 12h on CDN to avoid MISS - - Header set Cache-Control "max-age=300,stale-while-revalidate=3600" "expr=%{REQUEST_STATUS} < 400" - Header set Surrogate-Control "stale-while-revalidate=43200,stale-if-error=43200" "expr=%{REQUEST_STATUS} < 400" - Header set Age 0 - + diff --git a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/dispatcher_vhost.conf b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/dispatcher_vhost.conf index 744fe9b..3e48cfb 100644 --- a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/dispatcher_vhost.conf +++ b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/dispatcher_vhost.conf @@ -14,11 +14,11 @@ Include conf.d/variables/global.vars # WARNING!!! The probe paths below are INTERNAL and RESERVED - please DO NOT USE them in your virtual host configurations! # Liveness probe URL -Alias "/system/probes/live" /etc/httpd/probes/live-status.json +Alias "/system/probes/live" probes/live-status.json # Readiness probe URL -Alias "/system/probes/ready" /etc/httpd/probes/ready-status.json +Alias "/system/probes/ready" probes/ready-status.json # Startup probe URL -Alias "/system/probes/start" /etc/httpd/probes/startup-status.json +Alias "/system/probes/start" probes/startup-status.json # internal probes endpoint @@ -54,31 +54,18 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json -# SITES-5185 - Ensure all GraphQL Queries to production publisher are using Persistent Queries and not direct query requests - - SSLProxyEngine on - - RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^$ [OR] - RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^false$ - RewriteRule ^/(.*)$ - [R=404,L] - - - - SSLProxyEngine on - - RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^$ [OR] - RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^false$ - RewriteRule ^/(.*)$ - [R=404,L] - - - # If the module loads correctly then apply base settings for the module # location of the configuration file. eg: 'conf/dispatcher.any' DispatcherConfig conf.dispatcher.d/dispatcher.any # Format for the dispatcher log file - LogFormat "%t \"%m %{dispatcher:uri}e%q %H\" %{dispatcher:status}e %{dispatcher:cache}e [%{dispatcher:backend}e] %{ms}Tms \"%{Host}i\"" dispatcher + + LogFormat "%t \"%m %{dispatcher:uri}e%q %H\" %{dispatcher:status}e %{dispatcher:cache}e [%{dispatcher:backend}e] %{ms}Tms \"%{Host}i\"" dispatcher + + + LogFormat "%t \"%m %{dispatcher:uri}e%q %H\" %{dispatcher:status}e %{dispatcher:cache}e [%{dispatcher:backend}e] %{ms}Tms \"%{Host}i\" \"%{x-request-id}i\"" dispatcher + CustomLog "| /usr/sbin/rotatelogs -e -f -t logs/dispatcher.log 86400" dispatcher "expr=%{HANDLER} == 'dispatcher-handler'" # Log level for the dispatcher module @@ -116,20 +103,23 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json Header unset Age -# SITES-3659 Prevent re-encodes of URLs sent to GraphQL Persisted Queries API endpoint - - ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} nocanon - +# SITES-11040 Do ProxyPassMatch, if caching for GraphQL Persisted Queries is not enabled + + # SITES-3659 Prevent re-encodes of URLs sent to GraphQL Persisted Queries API endpoint + + ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} nocanon + + -# (legacy) Allow ingressroute checks through on /systemready (regardless of dispatcher filters) +# Legacy /systemready mapped to new Health probe URL /system/probes/health in AEM - ProxyPass http://${AEM_HOST}:${AEM_PORT}/systemready + ProxyPass http://${AEM_HOST}:${AEM_PORT}/system/probes/health RewriteEngine Off -# new Health probe URL to legacy /systemready URL mapping +# Allow ingressroute checks through on /system/probes/health (regardless of dispatcher filters) - ProxyPass http://${AEM_HOST}:${AEM_PORT}/systemready + ProxyPass http://${AEM_HOST}:${AEM_PORT}/system/probes/health RewriteEngine Off @@ -154,6 +144,9 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json ProxyPassMatch ${COMMERCE_ENDPOINT}$2 ProxyPassReverse ${COMMERCE_ENDPOINT} RewriteEngine Off + # CIF-2971: Experience Platform Connector cookie to header forwarding + SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2 + RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP @@ -165,6 +158,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json ProxyPassMatch ${AEM_COMMERCE_ENDPOINT_2}$2 ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_2} RewriteEngine Off + SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2 + RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP @@ -176,6 +171,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json ProxyPassMatch ${AEM_COMMERCE_ENDPOINT_3}$2 ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_3} RewriteEngine Off + SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2 + RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP @@ -187,6 +184,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json ProxyPassMatch ${AEM_COMMERCE_ENDPOINT_4}$2 ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_4} RewriteEngine Off + SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2 + RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP @@ -198,6 +197,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json ProxyPassMatch ${AEM_COMMERCE_ENDPOINT_5}$2 ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_5} RewriteEngine Off + SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2 + RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP @@ -215,7 +216,7 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json # internal metadata endpoint -Alias "/gitinit-status" /etc/httpd/metadata/gitinit-status.json +Alias "/gitinit-status" metadata/gitinit-status.json RewriteEngine Off @@ -227,6 +228,50 @@ Alias "/gitinit-status" /etc/httpd/metadata/gitinit-status.json Require expr "%{HTTP_HOST} == '${POD_NAME}'" +# Dedicated vhost for EaaS: +# (currently disabled, but customers can expect it to be enabled in future versions - CQ-4349728) +# +# ServerName "test.eaas" +# # possibility to make overrides before directives in this vhost +# IncludeOptional conf.d/includes/first-listed-vhost.pre.includes +# # since this vhost is first-listed one, this setting influences other vhosts - see https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize +# LimitRequestFieldSize 32768 +# DocumentRoot /var/www/localhost/htdocs +# AllowEncodedSlashes NoDecode +# +# Header add X-Vhost "test.eaas" +# +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# +# +# # SKYOPS-49434: Allow EaaS to access publish instance directly for dev and stage environments when test.eaas vhost is requested +# +# +# ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} +# RewriteEngine Off +# +# +# +# +# ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} +# RewriteEngine Off +# +# +# # 403 Forbidden on prod +# +# +# RewriteEngine on +# RewriteRule ^ - [F] +# +# +# # possibility to make overrides after directives in this vhost +# IncludeOptional conf.d/includes/first-listed-vhost.post.includes +# + +# Customer's vhosts: Include conf.d/enabled_vhosts/*.vhost # Create a catch-all vhost diff --git a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/includes/.keep b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/includes/.keep new file mode 100644 index 0000000..e69de29 diff --git a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/default_rewrite.rules b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/default_rewrite.rules index 72387e8..f62be1b 100644 --- a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/default_rewrite.rules +++ b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/default_rewrite.rules @@ -38,6 +38,6 @@ RewriteRule .* - [F] # Block wp-login RewriteRule ^.*wp-login - [F,NC,L] -# Allow caching of persisted queries +# Allow the dispatcher to be able to cache persisted queries - they need an extension for the cache file RewriteCond %{REQUEST_URI} ^/graphql/execute.json -RewriteRule ^/(.*)$ /$1;.json [PT,L] \ No newline at end of file +RewriteRule ^/(.*)$ /$1;.json [PT] \ No newline at end of file diff --git a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/rewrite.rules b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/rewrite.rules index 57952e1..f365904 100644 --- a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/rewrite.rules +++ b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/rewrites/rewrite.rules @@ -20,5 +20,6 @@ RewriteCond %{REQUEST_URI} !^/saml_login RewriteCond %{REQUEST_URI} !^/system RewriteCond %{REQUEST_URI} !^/tmp RewriteCond %{REQUEST_URI} !^/var +RewriteCond %{REQUEST_URI} !^/conf/(.+\.jpe?g|.+\.png|.+\.svg)$ RewriteCond %{REQUEST_URI} (.html|.jpe?g|.png|.svg)$ RewriteRule ^/(.*)$ /content/${CONTENT_FOLDER_NAME}/$1 [PT,L] diff --git a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/variables/global.vars b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/variables/global.vars index 6bef338..5a19221 100644 --- a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/variables/global.vars +++ b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.d/variables/global.vars @@ -22,7 +22,6 @@ # # Define REWRITE_LOG_LEVEL Warn - # Disable default caching headers # # The following headers are set by default dispatcher configuration Expires, Cache-Control, Age. @@ -30,3 +29,11 @@ # and you can fully customize the caching behavior. # # Define DISABLE_DEFAULT_CACHING + +# Enable caching for GraphQL persisted queries +# +# By default, GraphQL persisted query responses are not cached in dispatcher. +# If you uncomment and define CACHE_GRAPHQL_PERSISTED_QUERIES variable, then persisted query results +# will be cached in dispatcher. Using CORS, in that case, will require additional dispatcher configuration. +# +# Define CACHE_GRAPHQL_PERSISTED_QUERIES diff --git a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/available_farms/default.farm b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/available_farms/default.farm index 172ad60..a6bfbee 100644 --- a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/available_farms/default.farm +++ b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/available_farms/default.farm @@ -91,11 +91,11 @@ # well as general marketing related parameters such as e.g. utm_campaign. # Marketing parameters can normally be ignored on most websites as they are tracked # through different means. - /ignoreUrlParams { - /0001 { /glob "*" /type "deny" } + # /ignoreUrlParams { + # /0001 { /glob "*" /type "deny" } # /0002 { /glob "q" /type "allow" } - # $include "../cache/marketing_query_parameters.any" - } + # $include "../cache/marketing_query_parameters.any" + # } # Cache response headers next to a cached file. On the first request to # an uncached resource, all headers matching one of the values found here diff --git a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/filters/default_filters.any b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/filters/default_filters.any index 43af2ce..ae35ff0 100644 --- a/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/filters/default_filters.any +++ b/conga-aem-definitions/src/main/resources/aem-sdk-dispatcher/src/conf.dispatcher.d/filters/default_filters.any @@ -97,4 +97,7 @@ /0061 { /type "allow" /method '(GET|POST|OPTIONS)' /url "/graphql/execute.json*" } # Allow Forms Document Services requests -/0062 { /type "allow" /method "POST" /url "/adobe/forms/*" } +/0062 { /type "allow" /method '(GET|POST)' /url "/adobe/forms/*" } + +# Allow PUT for Forms DocAssurance Services Decryption API +/0063 { /type "allow" /method "PUT" /url "/adobe/forms/document/assure/encrypt" }