Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Role aem-dispatcher-cloud: Sync with default dispatcher configuration from Adobe AEM project archetype 40 to 47 #91

Merged
merged 2 commits into from
Jan 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions changes.xml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@
xsi:schemaLocation="http://maven.apache.org/changes/1.0.0 http://maven.apache.org/plugins/maven-changes-plugin/xsd/changes-1.0.0.xsd">
<body>

<release version="2.0.4" date="not released">
<action type="update" dev="sseifert" issue="91">
Role aem-dispatcher-cloud: Sync with default dispatcher configuration from Adobe AEM project archetype 40 to 47.
</action>
</release>

<release version="2.0.2" date="2023-09-08">
<action type="fix" dev="trichter" issue="90">
Role aem-dispatcher-cloud: Use https in rewriteHomepageRedirect to avoid unnecessary http redirect.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,12 +60,6 @@ Include conf.d/variables/custom.vars

# Rewrite index page internally, pass through (PT)
RewriteRule "^(/?)$" "/index.html" [PT]
</IfModule>

# Content Services/Sling Model Exporter: Cache for 5min with background refresh 1h on browser and 12h on CDN to avoid MISS
<LocationMatch "^/content/.*\.model\.json$">
Header set Cache-Control "max-age=300,stale-while-revalidate=3600" "expr=%{REQUEST_STATUS} < 400"
Header set Surrogate-Control "stale-while-revalidate=43200,stale-if-error=43200" "expr=%{REQUEST_STATUS} < 400"
Header set Age 0
</LocationMatch>
</IfModule>
</VirtualHost>
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ Include conf.d/variables/global.vars
# WARNING!!! The probe paths below are INTERNAL and RESERVED - please DO NOT USE them in your virtual host configurations!

# Liveness probe URL
Alias "/system/probes/live" /etc/httpd/probes/live-status.json
Alias "/system/probes/live" probes/live-status.json
# Readiness probe URL
Alias "/system/probes/ready" /etc/httpd/probes/ready-status.json
Alias "/system/probes/ready" probes/ready-status.json
# Startup probe URL
Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
Alias "/system/probes/start" probes/startup-status.json

# internal probes endpoint
<LocationMatch "/system/probes">
Expand Down Expand Up @@ -54,31 +54,18 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
</LocationMatch>
</IfDefine>

# SITES-5185 - Ensure all GraphQL Queries to production publisher are using Persistent Queries and not direct query requests
<IfDefine ENVIRONMENT_PROD>
SSLProxyEngine on
<LocationMatch "^/content/_cq_graphql/.*/endpoint.json$">
RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^$ [OR]
RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^false$
RewriteRule ^/(.*)$ - [R=404,L]
</LocationMatch>
</IfDefine>
<IfDefine ENVIRONMENT_STAGE>
SSLProxyEngine on
<LocationMatch "^/content/_cq_graphql/.*/endpoint.json$">
RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^$ [OR]
RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^false$
RewriteRule ^/(.*)$ - [R=404,L]
</LocationMatch>
</IfDefine>

# If the module loads correctly then apply base settings for the module
<IfModule disp_apache2.c>
# location of the configuration file. eg: 'conf/dispatcher.any'
DispatcherConfig conf.dispatcher.d/dispatcher.any

# Format for the dispatcher log file
LogFormat "%t \"%m %{dispatcher:uri}e%q %H\" %{dispatcher:status}e %{dispatcher:cache}e [%{dispatcher:backend}e] %{ms}Tms \"%{Host}i\"" dispatcher
<IfDefine !LOG_X_REQUEST_ID>
LogFormat "%t \"%m %{dispatcher:uri}e%q %H\" %{dispatcher:status}e %{dispatcher:cache}e [%{dispatcher:backend}e] %{ms}Tms \"%{Host}i\"" dispatcher
</IfDefine>
<IfDefine LOG_X_REQUEST_ID>
LogFormat "%t \"%m %{dispatcher:uri}e%q %H\" %{dispatcher:status}e %{dispatcher:cache}e [%{dispatcher:backend}e] %{ms}Tms \"%{Host}i\" \"%{x-request-id}i\"" dispatcher
</IfDefine>
CustomLog "| /usr/sbin/rotatelogs -e -f -t logs/dispatcher.log 86400" dispatcher "expr=%{HANDLER} == 'dispatcher-handler'"

# Log level for the dispatcher module
Expand Down Expand Up @@ -116,20 +103,23 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
Header unset Age
</IfDefine>

# SITES-3659 Prevent re-encodes of URLs sent to GraphQL Persisted Queries API endpoint
<LocationMatch "/graphql/execute.json/.*">
ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} nocanon
</LocationMatch>
# SITES-11040 Do ProxyPassMatch, if caching for GraphQL Persisted Queries is not enabled
<IfDefine !CACHE_GRAPHQL_PERSISTED_QUERIES>
# SITES-3659 Prevent re-encodes of URLs sent to GraphQL Persisted Queries API endpoint
<LocationMatch "/graphql/execute.json/.*">
ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} nocanon
</LocationMatch>
</IfDefine>

# (legacy) Allow ingressroute checks through on /systemready (regardless of dispatcher filters)
# Legacy /systemready mapped to new Health probe URL /system/probes/health in AEM
<Location "/systemready">
ProxyPass http://${AEM_HOST}:${AEM_PORT}/systemready
ProxyPass http://${AEM_HOST}:${AEM_PORT}/system/probes/health
RewriteEngine Off
</Location>

# new Health probe URL to legacy /systemready URL mapping
# Allow ingressroute checks through on /system/probes/health (regardless of dispatcher filters)
<Location "/system/probes/health">
ProxyPass http://${AEM_HOST}:${AEM_PORT}/systemready
ProxyPass http://${AEM_HOST}:${AEM_PORT}/system/probes/health
RewriteEngine Off
</Location>

Expand All @@ -154,6 +144,9 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
ProxyPassMatch ${COMMERCE_ENDPOINT}$2
ProxyPassReverse ${COMMERCE_ENDPOINT}
RewriteEngine Off
# CIF-2971: Experience Platform Connector cookie to header forwarding
SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
</LocationMatch>
</IfDefine>
<IfDefine COMMERCE_ENDPOINT_2>
Expand All @@ -165,6 +158,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
ProxyPassMatch ${AEM_COMMERCE_ENDPOINT_2}$2
ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_2}
RewriteEngine Off
SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
</LocationMatch>
</IfDefine>
<IfDefine COMMERCE_ENDPOINT_3>
Expand All @@ -176,6 +171,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
ProxyPassMatch ${AEM_COMMERCE_ENDPOINT_3}$2
ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_3}
RewriteEngine Off
SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
</LocationMatch>
</IfDefine>
<IfDefine COMMERCE_ENDPOINT_4>
Expand All @@ -187,6 +184,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
ProxyPassMatch ${AEM_COMMERCE_ENDPOINT_4}$2
ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_4}
RewriteEngine Off
SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
</LocationMatch>
</IfDefine>
<IfDefine COMMERCE_ENDPOINT_5>
Expand All @@ -198,6 +197,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
ProxyPassMatch ${AEM_COMMERCE_ENDPOINT_5}$2
ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_5}
RewriteEngine Off
SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
</LocationMatch>
</IfDefine>

Expand All @@ -215,7 +216,7 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
</Directory>

# internal metadata endpoint
Alias "/gitinit-status" /etc/httpd/metadata/gitinit-status.json
Alias "/gitinit-status" metadata/gitinit-status.json

<LocationMatch "/gitinit-status">
RewriteEngine Off
Expand All @@ -227,6 +228,50 @@ Alias "/gitinit-status" /etc/httpd/metadata/gitinit-status.json
Require expr "%{HTTP_HOST} == '${POD_NAME}'"
</Directory>

# Dedicated vhost for EaaS:
# (currently disabled, but customers can expect it to be enabled in future versions - CQ-4349728)
#<VirtualHost *:80>
# ServerName "test.eaas"
# # possibility to make overrides before directives in this vhost
# IncludeOptional conf.d/includes/first-listed-vhost.pre.includes
# # since this vhost is first-listed one, this setting influences other vhosts - see https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize
# LimitRequestFieldSize 32768
# DocumentRoot /var/www/localhost/htdocs
# AllowEncodedSlashes NoDecode
# <IfModule mod_headers.c>
# Header add X-Vhost "test.eaas"
# </IfModule>
# <Directory "/var/www/localhost/htdocs">
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
# </Directory>
#
# # SKYOPS-49434: Allow EaaS to access publish instance directly for dev and stage environments when test.eaas vhost is requested
# <IfDefine ENVIRONMENT_DEV>
# <LocationMatch "/">
# ProxyPassMatch http://${AEM_HOST}:${AEM_PORT}
# RewriteEngine Off
# </LocationMatch>
# </IfDefine>
# <IfDefine ENVIRONMENT_STAGE>
# <LocationMatch "/">
# ProxyPassMatch http://${AEM_HOST}:${AEM_PORT}
# RewriteEngine Off
# </LocationMatch>
# </IfDefine>
# # 403 Forbidden on prod
# <IfDefine ENVIRONMENT_PROD>
# <IfModule mod_rewrite.c>
# RewriteEngine on
# RewriteRule ^ - [F]
# </IfModule>
# </IfDefine>
# # possibility to make overrides after directives in this vhost
# IncludeOptional conf.d/includes/first-listed-vhost.post.includes
#</VirtualHost>

# Customer's vhosts:
Include conf.d/enabled_vhosts/*.vhost

# Create a catch-all vhost
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,6 @@ RewriteRule .* - [F]
# Block wp-login
RewriteRule ^.*wp-login - [F,NC,L]

# Allow caching of persisted queries
# Allow the dispatcher to be able to cache persisted queries - they need an extension for the cache file
RewriteCond %{REQUEST_URI} ^/graphql/execute.json
RewriteRule ^/(.*)$ /$1;.json [PT,L]
RewriteRule ^/(.*)$ /$1;.json [PT]
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,6 @@ RewriteCond %{REQUEST_URI} !^/saml_login
RewriteCond %{REQUEST_URI} !^/system
RewriteCond %{REQUEST_URI} !^/tmp
RewriteCond %{REQUEST_URI} !^/var
RewriteCond %{REQUEST_URI} !^/conf/(.+\.jpe?g|.+\.png|.+\.svg)$
RewriteCond %{REQUEST_URI} (.html|.jpe?g|.png|.svg)$
RewriteRule ^/(.*)$ /content/${CONTENT_FOLDER_NAME}/$1 [PT,L]
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,18 @@
#
# Define REWRITE_LOG_LEVEL Warn


# Disable default caching headers
#
# The following headers are set by default dispatcher configuration Expires, Cache-Control, Age.
# If you uncomment and define DISABLE_DEFAULT_CACHING variable these headers are not set any more
# and you can fully customize the caching behavior.
#
# Define DISABLE_DEFAULT_CACHING

# Enable caching for GraphQL persisted queries
#
# By default, GraphQL persisted query responses are not cached in dispatcher.
# If you uncomment and define CACHE_GRAPHQL_PERSISTED_QUERIES variable, then persisted query results
# will be cached in dispatcher. Using CORS, in that case, will require additional dispatcher configuration.
#
# Define CACHE_GRAPHQL_PERSISTED_QUERIES
Original file line number Diff line number Diff line change
Expand Up @@ -91,11 +91,11 @@
# well as general marketing related parameters such as e.g. utm_campaign.
# Marketing parameters can normally be ignored on most websites as they are tracked
# through different means.
/ignoreUrlParams {
/0001 { /glob "*" /type "deny" }
# /ignoreUrlParams {
# /0001 { /glob "*" /type "deny" }
# /0002 { /glob "q" /type "allow" }
# $include "../cache/marketing_query_parameters.any"
}
# $include "../cache/marketing_query_parameters.any"
# }

# Cache response headers next to a cached file. On the first request to
# an uncached resource, all headers matching one of the values found here
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -97,4 +97,7 @@
/0061 { /type "allow" /method '(GET|POST|OPTIONS)' /url "/graphql/execute.json*" }

# Allow Forms Document Services requests
/0062 { /type "allow" /method "POST" /url "/adobe/forms/*" }
/0062 { /type "allow" /method '(GET|POST)' /url "/adobe/forms/*" }

# Allow PUT for Forms DocAssurance Services Decryption API
/0063 { /type "allow" /method "PUT" /url "/adobe/forms/document/assure/encrypt" }