[AMS][2.6-20]

src/main/archetype/dispatcher.ams/immutable.files

@@ -1,36 +1,46 @@
 src/conf/httpd.conf
-src/conf.d/available_vhosts/aem_author.vhost
-src/conf.d/available_vhosts/aem_publish.vhost
-src/conf.d/available_vhosts/aem_lc.vhost
-src/conf.d/available_vhosts/aem_flush.vhost
-src/conf.d/available_vhosts/aem_health.vhost
-src/conf.d/available_vhosts/000_unhealthy_author.vhost
-src/conf.d/available_vhosts/000_unhealthy_publish.vhost
-src/conf.d/rewrites/base_rewrite.rules
-src/conf.d/rewrites/xforwarded_forcessl_rewrite.rules
-src/conf.d/allowlists/000_base_allowlist.rules
-src/conf.d/dispatcher_vhost.conf
-src/conf.d/logformat.conf
-src/conf.d/security.conf
 src/conf.modules.d/02-dispatcher.conf
-src/conf.dispatcher.d/available_farms/000_ams_author_farm.any
+src/conf.dispatcher.d/available_farms/002_ams_author_farm.any
+src/conf.dispatcher.d/available_farms/001_ams_author_flush_farm.any
+src/conf.dispatcher.d/available_farms/002_ams_publish_farm.any
 src/conf.dispatcher.d/available_farms/999_ams_publish_farm.any
+src/conf.dispatcher.d/available_farms/001_ams_publish_flush_farm.any
+src/conf.dispatcher.d/available_farms/000_ams_catchall_farm.any
 src/conf.dispatcher.d/available_farms/001_ams_lc_farm.any
-src/conf.dispatcher.d/cache/ams_author_cache.any
-src/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any
-src/conf.dispatcher.d/cache/ams_publish_cache.any
-src/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any
-src/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any
-src/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any
-src/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any
-src/conf.dispatcher.d/clientheaders/ams_lc_clientheaders.any
-src/conf.dispatcher.d/filters/ams_author_filters.any
+src/conf.dispatcher.d/available_farms/002_ams_lc_farm.any
 src/conf.dispatcher.d/filters/ams_publish_filters.any
+src/conf.dispatcher.d/filters/ams_author_filters.any
 src/conf.dispatcher.d/filters/ams_lc_filters.any
 src/conf.dispatcher.d/renders/ams_author_renders.any
 src/conf.dispatcher.d/renders/ams_publish_renders.any
 src/conf.dispatcher.d/renders/ams_lc_renders.any
-src/conf.dispatcher.d/vhosts/ams_author_vhosts.any
+src/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any
+src/conf.dispatcher.d/cache/ams_author_cache.any
+src/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any
+src/conf.dispatcher.d/cache/ams_publish_cache.any
+src/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any
+src/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any
+src/conf.dispatcher.d/clientheaders/ams_lc_clientheaders.any
+src/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any
+src/conf.dispatcher.d/dispatcher.any
 src/conf.dispatcher.d/vhosts/ams_publish_vhosts.any
+src/conf.dispatcher.d/vhosts/ams_author_vhosts.any
 src/conf.dispatcher.d/vhosts/ams_lc_vhosts.any
-src/conf.dispatcher.d/dispatcher.any
+src/conf.d/rewrites/xforwarded_forcessl_rewrite.rules
+src/conf.d/rewrites/base_rewrite.rules
+src/conf.d/whitelists/000_base_whitelist.rules
+src/conf.d/000_init_ootb_vars.conf
+src/conf.d/001_init_ams_vars.conf
+src/conf.d/remoteip.conf
+src/conf.d/logformat.conf
+src/conf.d/dispatcher_vhost.conf
+src/conf.d/mimetypes3d.conf
+src/conf.d/security.conf
+src/conf.d/available_vhosts/aem_flush.vhost
+src/conf.d/available_vhosts/aem_flush_author.vhost
+src/conf.d/available_vhosts/aem_author.vhost
+src/conf.d/available_vhosts/aem_publish.vhost
+src/conf.d/available_vhosts/ams_lc.vhost
+src/conf.d/available_vhosts/000_unhealthy_author.vhost
+src/conf.d/available_vhosts/000_unhealthy_publish.vhost
+src/conf.d/variables/ootb.vars

src/main/archetype/dispatcher.ams/pom.xml

@@ -42,7 +42,7 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
                 <executions>
-                    <!-- enforce that immutable files are not touched: https://helpx.adobe.com/experience-manager/kb/ams-dispatcher-manual/immutable-files.html -->
+                    <!-- enforce that immutable files are not touched: https://experienceleague.adobe.com/docs/experience-manager-learn/ams/dispatcher/immutable-files.html -->
                     <execution>
                         <id>enforce-checksum-of-immutable-files</id>
                         <goals>

src/main/archetype/dispatcher.ams/src/conf.d/000_init_ootb_vars.conf

@@ -0,0 +1 @@
+Include /etc/httpd/conf.d/variables/ootb.vars

src/main/archetype/dispatcher.ams/src/conf.d/001_init_ams_vars.conf

@@ -0,0 +1 @@
+Include /etc/httpd/conf.d/variables/ams_*.vars

src/main/archetype/dispatcher.ams/src/conf.d/002_init___appId___vars.conf

@@ -0,0 +1 @@
+IncludeOptional /etc/httpd/conf.d/variables/${appId}_*.vars

src/main/archetype/dispatcher.ams/src/conf.d/available_vhosts/000_unhealthy_author.vhost

@@ -1,18 +1,23 @@
 <VirtualHost *:80>
 	ServerName	unhealthyauthor
 	ServerAlias	${AUTHOR_DEFAULT_HOSTNAME}
-
+	ErrorDocument	503 /error.html
 	DocumentRoot	/mnt/var/www/default
-
-	<Directory "/mnt/var/www/default">
+	
+	<Directory />
 		Options FollowSymLinks
 		AllowOverride None
-		Require all granted
-		# Insert filter
+		##### Insert filter
 		SetOutputFilter DEFLATE
-		# Don't compress images
+		##### Don't compress images
 		SetEnvIfNoCase Request_URI \
 		\.(?:gif|jpe?g|png)$ no-gzip dont-vary
+		##### Make sure proxies don't deliver the wrong content
+		Header append Vary User-Agent env=!dont-vary
+	</Directory>
+	<Directory "/mnt/var/www/default">
+		AllowOverride None
+		Require all granted
 	</Directory>
 	<IfModule mod_headers.c>
 		Header always add X-Dispatcher ${DISP_ID}
@@ -21,6 +26,6 @@
 	<IfModule mod_rewrite.c>
 		ReWriteEngine   on
 		RewriteCond %{REQUEST_URI} !^/error.html$
-		RewriteRule ^/* /error.html [R=301,L,NC]
+		RewriteRule ^/* /error.html [R=503,L,NC]
 	</IfModule>
-</VirtualHost>
+</VirtualHost>

src/main/archetype/dispatcher.ams/src/conf.d/available_vhosts/000_unhealthy_publish.vhost

@@ -1,26 +1,31 @@
 <VirtualHost *:80>
 	ServerName	unhealthypublish
 	ServerAlias	${PUBLISH_DEFAULT_HOSTNAME}
-
+	ErrorDocument	503 /error.html
 	DocumentRoot	/mnt/var/www/default
-
-	<Directory "/mnt/var/www/default">
+	
+	<Directory />
 		Options FollowSymLinks
 		AllowOverride None
-		Require all granted
-		# Insert filter
+		#### Insert filter
 		SetOutputFilter DEFLATE
-		# Don't compress images
+		#### Don't compress images
 		SetEnvIfNoCase Request_URI \
 		\.(?:gif|jpe?g|png)$ no-gzip dont-vary
+		#### Make sure proxies don't deliver the wrong content
+		Header append Vary User-Agent env=!dont-vary
+	</Directory>
+	<Directory "/mnt/var/www/default">
+		AllowOverride None
+		Require all granted
 	</Directory>
 	<IfModule mod_headers.c>
-		Header always add X-Dispatcher ${DISP_ID}
-		Header always add X-Vhost "unhealthy-publish"
+			Header always add X-Dispatcher ${DISP_ID}
+			Header always add X-Vhost "unhealthy-publish"
 	</IfModule>
 	<IfModule mod_rewrite.c>
 		ReWriteEngine   on
 		RewriteCond %{REQUEST_URI} !^/error.html$
-		RewriteRule ^/* /error.html [R=301,L,NC]
+		RewriteRule ^/* /error.html [R=503,L,NC]
 	</IfModule>
-</VirtualHost>
+</VirtualHost>

src/main/archetype/dispatcher.ams/src/conf.d/available_vhosts/__appId___publish.vhost

@@ -1,64 +1,69 @@
-# Collect any enviromental variables that are set in /etc/sysconfig/httpd
-# Collect the dispatchers number
+## Collect any enviromental variables that are set in /etc/sysconfig/httpd
+## Collect the dispatchers number
 PassEnv DISP_ID
 
 <VirtualHost *:80>
-	ServerName	publish
-	# Put names of which domains are used for your published site/content here
-	ServerAlias	${PUBLISH_DEFAULT_HOSTNAME}
-	# Use a doc root that matches what's in the /etc/httpd/conf/publish-farm.any
+	## allowing slashes in the URL to be encoded and still honored
+	AllowEncodedSlashes On
+	ServerName	${appId}-publish
+	## Put names of which domains are used for your published site/content here
+	ServerAlias	${PUBLISH_DEFAULT_HOSTNAME} 
 	DocumentRoot	${PUBLISH_DOCROOT}
-	# Add header breadcrumbs for help in troubleshooting
+	## Add header breadcrumbs for help in troubleshooting
 	<IfModule mod_headers.c>
 		Header always add X-Dispatcher ${DISP_ID}
-		Header always add X-Vhost "publish"
+		Header always add X-Vhost "${appId}-publish"
 		Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'"
 		Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'"
+		#### Make sure proxies don't deliver the wrong content
+		Header append Vary User-Agent env=!dont-vary
+	    ## Force SSL for author
+	    ## Add HSTS for avoiding man in the middle during browser redirect to SSL
+	    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
 	</IfModule>
-	<Directory "${PUBLISH_DOCROOT}">
-		# Update /etc/sysconfig/httpd with setting the PUBLISH_ALLOWLIST_ENABLED from 0 or 1 to enable or disable ip restriction rules
-		<If "${PUBLISH_ALLOWLIST_ENABLED} == 1">
-			Include conf.d/allowlists/*_allowlist.rules
+	<Directory />
+		## Update /etc/sysconfig/httpd with setting the PUBLISH_WHITELIST_ENABLED from 0 or 1 to enable or disable ip restriction rules
+		<If "${PUBLISH_WHITELIST_ENABLED} == 1">
+			Include /etc/httpd/conf.d/whitelists/*_whitelist.rules
 		</If>
 		<IfModule disp_apache2.c>
-			# Some items cache with the wrong mime type
-			# Use this option to use the name to auto-detect mime types when cached improperly
+			## Some items cache with the wrong mime type
+			## Use this option to use the name to auto-detect mime types when cached improperly
 			ModMimeUsePathInfo On
-			# Use this option to avoid cache poisioning
-			# Sling will return /content/image.jpg as well as /content/image.jpg/ but apache can't search /content/image.jpg/ as a file
-			# Apache will treat that like a directory.  This assures the last slash is never stored in cache
+			## Use this option to avoid cache poisioning
+			## Sling will return /content/image.jpg as well as /content/image.jpg/ but apache can't search /content/image.jpg/ as a file
+			## Apache will treat that like a directory.  This assures the last slash is never stored in cache
 			DirectorySlash Off
-			# Enable the dispatcher file handler for apache to fetch files from AEM
+			## Enable the dispatcher file handler for apache to fetch files from AEM
 			SetHandler dispatcher-handler
 		</IfModule>
 		Options FollowSymLinks
 		AllowOverride None
-		Require all granted
-		# Insert filter
+		#### Insert filter
 		SetOutputFilter DEFLATE
-		# Don't compress images
+		#### Don't compress images
 		SetEnvIfNoCase Request_URI \
 		\.(?:gif|jpe?g|png)$ no-gzip dont-vary
 	</Directory>
+	<Directory "${PUBLISH_DOCROOT}">
+		AllowOverride None
+		Require all granted
+	</Directory>
 	<IfModule disp_apache2.c>
-		# Enabled to allow rewrites to take affect and not be ignored by the dispatcher module
+		## Enabled to allow rewrites to take affect and not be ignored by the dispatcher module
 		DispatcherUseProcessedURL	1
-		# Default setting to allow all errors to come from the aem instance
+		## Default setting to allow all errors to come from the aem instance
 		DispatcherPassError		0
 	</IfModule>
 	<IfModule mod_rewrite.c>
 		ReWriteEngine	on
 		LogLevel warn rewrite:info
-		# Global rewrite include
-		Include conf.d/rewrites/base_rewrite.rules
-		Include conf.d/rewrites/${appId}_rewrite.rules
-		# Update /etc/sysconfig/httpd with setting the PUBLISH_FORCE_SSL from 0 or 1 to enable or disable enforcing SSL
+		##Global rewrite include
+		Include /etc/httpd/conf.d/rewrites/base_rewrite.rules
+		IncludeOptional /etc/httpd/conf.d/rewrites/${appId}_rewrite.rules
+		## Update /etc/sysconfig/httpd with setting the PUBLISH_FORCE_SSL from 0 or 1 to enable or disable enforcing SSL
 		<If "${PUBLISH_FORCE_SSL} == 1">
-			Include conf.d/rewrites/xforwarded_forcessl_rewrite.rules
+			Include /etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules
 		</If>
 	</IfModule>
-	<IfModule mod_proxy.c>
-		SSLProxyEngine on
-		Include /etc/httpd/conf.d/proxy/*.proxy
-	</IfModule>
-</VirtualHost>
+</VirtualHost>