I am new to AEM dispatcher configurations
Was going through the configurations and could see the rules as below
/0081 { /type "deny" /glob "GET *.infinity.json*" }
/0082 { /type "deny" /glob "GET *.tidy.json*" }
/0083 { /type "deny" /glob "GET *.sysview.xml*" }
/0084 { /type "deny" /glob "GET *.docview.json*" }
/0085 { /type "deny" /glob "GET *.docview.xml*" }
/0086 { /type "deny" /glob "GET *.*[0-9].json*" }
/0087 { /type "deny" /glob "GET *.feed.xml*" }
Can some one help me understand what this starting /four numbers mean?
**/0087** { /type "deny" /glob "GET *.feed.xml*" }
Do we have any precendence order or can we give some random number if we need to add a new rule?
The rules are evaluated in the order that they appear. Think of those starting 4 numbers as an identifier--an ID. That's about all it is.
More info here:
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/dispatcher-cache-rule-priority/qaq-p/164316?profile.language=en&pageRefresh=true
Related
I'm using HA-Proxy version 1.8.19
I want to restrict access from external or allow access only for specific IP Range to my website https://testxy.com/, but want to allow access from anywhere to subfolder https://testxy.com/tempDownload/.
I tried it already with following:
http-request deny if { path -i -m beg / } !{ src 10.10.20.0/24 }
How can I do that?
http-request allow if { path_dir -i /tempDownload } { src 0.0.0.0/0 }
http-request allow if { path_dir -i /xy1 } { src 10.10.20.0/24 }
http-request allow if { path_dir -i /xy2 } { src 10.10.20.0/24 }
http-request deny if { path_dir -i -m beg / } !{ src 10.10.20.0/24 }
This solved my problem (if anyone else has the same question)
I would use the exact match instead of beg path
The -i is here also useless as there is no lower- or upper-case version of / ACL Flags
http-request deny if { path / } !{ src 10.10.20.0/24 }
We are using AEM 6.2 with Dispatcher 4.2 and after each page refresh the cache is not considered for response.
There are Secure content which are secured by /auth_checker and cached by /allowAuthorized.
The URL of content is as follows,
https://www.securedcontent.com/content/sample.html
On load of above page, it requests via Ajax following request.
https://www.securedcontent.com/content/sample/some.query.json/sample/input.json
Both above URL result gets cached by dispatcher.
But if the page is refreshed (sample.html), only page html (sample.html) will be fetched from cache. input.json will not be fetched from cache but from publish server.
This is consistent and can be reproduced with another Ajax call to another URL like following.
https://www.securedcontent.com/content/sample/some.query.json/sample/another/input.json
But subsequent request to (input.json) would fetch from cache, until the page (sample.html) is refreshed.
Details of our setup is as follows:
Dispatcher configuration:
/aemsecuredcontent
{
/auth_checker
{
/url "/bin/permissioncheck"
/filter
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "/content/securedcontent/*"
/type "allow"
}
}
/headers
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "Set-Cookie:*"
/type "allow"
}
}
}
/clientheaders{ "*" }
/filter
{
/2401 { /type "deny" /glob "*" }
/2417 { /type "allow" /glob "*query.json*" }
}
/cache
{
/statfileslevel "1"
/allowAuthorized "1"
/rules
{
/0000
{
/type "allow" /glob "*"
}
/0001
{
/glob "*.nocache.html*"
/type "deny"
}
}
/invalidate
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "*.html"
/type "allow"
}
}
}
}
Request Header of URLs:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
Connection: keep-alive
Cookie: WT_FPC=id=39823rjfngfeihe9jwe; JSESSIONID=sjerht93qu4fg; login-token=48039qi4ig4joacrx.default
Host: www.securedcontent.com
Pragma: no-cache
Referer: https://www.securedcontent.com/content/sample.query.json/sample/input.json
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36
X-Requested-With: XMLHttpRequest
Response Header of URLs:
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 8303
Content-Type: application/json
Date: Thu, 24 May 2018 06:53:12 GMT
Expires: Sat, 23 Jun 2018 06:53:12 GMT
Keep-Alive: timeout=5, max=98
Proxy-Server: something-proxywcm
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
Dispatcher Log after every page refresh (not from cache):
[D] [pid 23365 (tid 139886375950080)] checking [/cache-dir/content/sample.query.json/sample/input.json]
[D] [pid 23365 (tid 139886375950080)] cachefile does not exist: /cache-dir/content/sample.query.json/sample/input.json
[D] [pid 23365 (tid 139886375950080)] try to create new cachefile: /cache-dir/content/sample.query.json/sample/input.json
[D] [pid 23365 (tid 139886375950080)] cache-action for [/cache-dir/content/sample.query.json/sample/input.json]: CREATE
Dispatcher Log of second Ajax request of the same URL (cached response):
[D] [pid 23365 (tid 139886302521088)] checking [/cache-dir/content/sample.query.json/sample/input.json]
[D] [pid 23365 (tid 139886302521088)] Authorization checker: connected to backend rend01
[D] [pid 23365 (tid 139886302521088)] cache-action for [/cache-dir/content/sample.query.json/sample/input.json]
[I] [pid 23365 (tid 139886302521088)] "GET /cache-dir/content/sample.query.json/sample/input.json" - -
I have two domains website1.com and website2.com linked to my server.
I'm trying to do the following rewrite rules:
http://website1.com/ --> /website1/ (static)
http://website2.com/ --> /website2/ (static)
http://website1.com/app/ --> http://localhost:8080/web-app/web1/
http://website2.com/app/ --> http://localhost:8080/web-app/web2/
The user will be redirected to a static website served by nginx or an application server depending on the url.
Here's what I tried so far:
location / {
root html;
index index.html index.htm;
if ($http_host = website1.com) {
rewrite / /website1/index.html break;
rewrite (.*) /website1/$1;
}
if ($http_host = website2.com) {
#same logic
}
}
location /app/ {
proxy_pass http://localhost:8080/web-app/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if ($http_host = website1.com) {
rewrite /app/(.*) /$1 break;
rewrite /app /index.html;
}
if ($http_host = website2.com) {
#same logic
}
}
The static part seems to work fine, but the redirection web app part seems to serve index.html no matter what the requested file is.
This is not much of a definitive answer, but rather just my explanation of how I get nginx proxies to work.
root html;
index index.html index.htm;
server {
listen 80;
server_name website1.com;
location / {
alias html/website1;
}
location /app/ {
proxy_pass http://localhost:8080/web-app/web1/
}
}
server {
listen 80;
server_name website2.com;
location / {
alias html/website2;
}
location /app/ {
proxy_pass http://localhost:8080/web-app/web2/
}
}
The issue looks like it's being caused by these rewrites:
rewrite /app/(.*) /$1 break;
rewrite /app /index.html;
Using server blocks with server_names and the alias directive, we can do away with needing to use that much logic. Let me know if there's anything that is still not clear.
I think you're doing it wrong. If there is so much difference between the hosts, it would be cleaner and more efficient to have two distinct configurations, one for each host.
On the other hand, if your intention is to have multiple almost-identical configurations, then the correct way to go about it might be map, and not if.
Back to your configuration — I've tried running it just to see how it works, and one thing that you may notice is that the path you specify within the proxy_pass effectively becomes a noop once the $host-specific rewrite within the same context gets involved to change the $uri — this is by design, and is very clearly documented within http://nginx.org/r/proxy_pass ("When the URI is changed inside a proxied location using the rewrite directive").
So, in fact, using the following configuration does appear to adhere to your spec:
%curl -H "Host: host1.example.com" "localhost:4935/app/"
host1.example.com/web-app/web1/
%curl -H "Host: host2.example.com" "localhost:4935/app/"
host2.example.com/web-app/web2/
%curl -H "Host: example.com" "localhost:4935/app/"
example.com/web-app/
Here's the config I've used:
server {
listen [::]:4935;
default_type text/plain;
location / {
return 200 howdy;
}
location /app/ {
proxy_set_header Host $host;
proxy_pass http://localhost:4936/web-app/;#path is NOOP if $uri get changed
if ($host = host1.example.com) {
rewrite /app/(.*) /web-app/web1/$1 break;
rewrite /app /web-app/index.html;
}
if ($host = host2.example.com) {
rewrite /app/(.*) /web-app/web2/$1 break;
rewrite /app /web-app/index.html;
}
}
}
server {
listen [::]:4936;
return 200 $host$request_uri\n;
}
We just moved to another server, we are using Nginx as webservice
and we are using custom admin url for magento 1.9 like admin.domain.com
I can access magento admin through this url: https://admin.domain.com/index.php/admin
so is there anyway I can access it using this url only admin.domain.com
here it's my nginx config
server {
listen 888.888.888.888:80;
server_name domain.com *.domain.com www.domain.com;
root /home/admin/web/domain.com/public_html;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/domain.com.log combined;
access_log /var/log/nginx/domains/domain.com.bytes bytes;
error_log /var/log/nginx/domains/domain.com.error.log error;
location / {
try_files $uri $uri/ #handler;
expires 30d;
}
location /app/ { deny all; }
location /includes/ { deny all; }
location /lib/ { deny all; }
location /media/downloadable/ { deny all; }
location /pkginfo/ { deny all; }
location /report/config.xml { deny all; }
location /var/ { deny all; }
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location #handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ \.php$ {
try_files $uri =404;
expires off;
fastcgi_read_timeout 900s;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9002;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
location /lib/minify/ {
allow all;
}
gzip on;
gzip_comp_level 6;
gzip_min_length 256;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias /home/admin/web/domain.com/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias /home/admin/web/domain.com/stats/;
include /home/admin/web/domain.com/stats/auth.conf*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include /home/admin/conf/web/nginx.domain.com.conf*;
}
Here is what you need to do:
Create two exact servers
Make sure that your files are sync'd (root
/var/www/vhosts/example.com;)
Your admin server will become your master and you can use Lsync to
make sure they are always sync'd
Domain admin.example.com will have one IP and your production server
will have another Ip address
You nginx config files can be identical.
In Magento you will choose custom url for admin and point that URL
To your new admin server
Any files changes and uploads will go to Admin and will get sync'd
to your slave server via the Lsync process.
You can run Redis through ElastiCache or simply run it on the admin
server
You should use RDS for your database server
Store sessions and cache in REDIS
DO NOT SYNC YOUR VAR FOLDER
I'm very new to nginx and hit the wall configuring simple redirection.
Here is my very simple config trying redirection:
server {
listen 80 default_server;
set $mobile "false";
if ($http_user_agent ~* '(phone|droid)') {
set $mobile "true";
}
if ($mobile = true) {
return 301 http://X.X.X.X/mobile$request_uri;
}
location /mobile {
include uwsgi_params;
uwsgi_pass unix:/var/www/video_m/video.sock;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/var/www/video/video.sock;
}
}
When go to site from desktop everything is ok and my request is going to uwsgi.
But from mobile device I get an error from browser ERR_TOO_MANY_REDIRECTS and request url looks like http://X.X.X.X/mobile/mobile/mobile/mobile/mobile/mobile/mobile/mobile
There is obviously something essential and possibly very simple piece that I missing. Please help me out.
You have created a loop. The first time it hits the if/return a /mobile prefix is added. Then the URI is presented again and it hits the same statement adding another /mobile prefix, and this continues to be repeated.
To break the loop, you need to protect the if/return within a path that is not taken once the /mobile prefix is added the first time.
Maybe:
server {
listen 80 default_server;
location /mobile {
include uwsgi_params;
uwsgi_pass unix:/var/www/video_m/video.sock;
}
location / {
if ($http_user_agent ~* '(phone|droid)') {
return 301 $scheme://$host/mobile$request_uri;
}
include uwsgi_params;
uwsgi_pass unix:/var/www/video/video.sock;
}
}