CesarCapillas · May 16, 2017 22:08
diff --git a/Basic apache setup b/Basic apache setup
 $ sudo apt-get install apache2
 $ sudo a2enmod proxy
 $ sudo a2enmod proxy_ajp
 $ sudo a2enmod rewrite
 $ sudo vim /etc/apache2/sites-enabled/default-ssl.conf

 <VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        RewriteEngine On
        RewriteRule ^/$ share [R]

        ProxyPass         /alfresco ajp://localhost:8009/alfresco
        ProxyPassReverse  /alfresco  ajp://localhost:8009/alfresco
        ProxyPass         /share ajp://localhost:8009/share
        ProxyPassReverse  /share ajp://localhost:8009/share
 </VirtualHost>

 $ sudo service apache2 restart
diff --git a/Fake SSO via auth LDAP + add header b/Fake SSO via auth LDAP + add header
 <Location /share>
   AuthType Basic
   AuthBasicAuthoritative Off
   AuthBasicProvider ldap
   AuthName "fake-sso (webgate simulator)"
   AuthLDAPURL ldap://ldap.acme.net:389/ou=People,dc=acme,dc=net?uid?sub

   Require valid-user
   Order allow,deny
   Allow from all

   RewriteEngine On
   RewriteCond %{REMOTE_USER} ^(.*)$
   RewriteRule ^(.*)$ - [E=R_U:%1]
   RequestHeader append X-Remote-User %{R_U}e
 </Location>

 <Location /balancer-manager>
   SetHandler balancer-manager
   Order deny,allow
   Allow from all 
   Satisfy Any
 </Location>
diff --git a/gistfile1.txt b/gistfile1.txt
 $ sudo a2enmod status
 $ sudo vim /etc/apache2/mods-enabled/status.conf

 <Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 ::1
    # Allow zylk
    Allow from 62.99.71.211 
 </Location>

 $ sudo /etc/init.d/apache2 restart
diff --git a/Hot standby for sinaduraCloud b/Hot standby for sinaduraCloud
 <Proxy balancer://sinaduraCloud>
    # the hot standby
    BalancerMember ajp://localhost:8009 status=+H retry=0
    # the hot active
    BalancerMember ajp://localhost:9009 retry=30
 </Proxy>

 ProxyPass /sinaduraCloud balancer://sinaduraCloud/sinaduraCloud lbmethod=byrequests stickysession=JSESSIONID|jsessionid
 ProxyPassReverse /sinaduraCloud balancer://sinaduraCloud/sinaduraCloud

 ProxyPass / balancer://ajpCluster/ stickysession=JSESSIONID|jsessionid
 ProxyPassReverse / balancer://ajpCluster/
 <Proxy balancer://ajpCluster>
  BalancerMember ajp://localhost:8009 route=alf1
  BalancerMember ajp://localhost:9009 route=alf2
  ProxySet lbmethod=byrequests
 </Proxy>

 <Location /balancer-manager>
  SetHandler balancer-manager
  Order deny,allow
  Allow from all 
 </Location>
diff --git a/http to https redirect b/http to https redirect
 RewriteEngine On
 RewriteCond %{SERVER_PORT} 80

 RewriteCond %{REQUEST_URI} alfresco
 RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]

 RewriteCond %{REQUEST_URI} share
 RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]

 #RewriteRule ^/$ share [R]
diff --git a/Securing alfresco locations b/Securing alfresco locations
 https://github.com/ecm4u/alfresco-reverse-proxy/blob/master/etc/apache2/sites-available/alfresco-http.conf

 <LocationMatch "^/alfresco/webdav/.+$">
            <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
                   Order Deny,Allow
                   Allow from all
                   # change this or add your own IP to allow webdav access
                   # Deny from all
                   # Allow from 234.234.234.234
                   # Allow from 127.0.0.1
                        Satisfy Any
            </Limit>           
 </LocationMatch>

 <Location /alfresco/service/*>
  Order allow,deny
  Allow from 1.2.3.4
  Allow from 1.2.3.5
 </Location>

 <Location /share/service/*>
  Order allow,deny
  Allow from 1.2.3.4
  Allow from 1.2.3.5
 </Location>

 <Location /alfresco/proxy>
  Order allow,deny
  Allow from 1.2.3.4
  Allow from 1.2.3.5
 </Location>

 <Location /alfresco/cmisbrowser>
  Order allow,deny
  Allow from 1.2.3.4
  Allow from 1.2.3.5
 </Location>
diff --git a/Using mod_balancer b/Using mod_balancer
 ProxyPass /balancer-manager !

 ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid
 ProxyPassReverse / balancer://mycluster/


 <Proxy balancer://mycluster>
  BalancerMember ajp://localhost:8009 route=alf1
  BalancerMember ajp://localhost:9009 route=alf2
  ProxySet lbmethod=byrequests
 </Proxy>


 <Location /balancer-manager>
  SetHandler balancer-manager
  Order deny,allow
  Allow from all 
 </Location>
	$ sudo apt-get install apache2
	$ sudo a2enmod proxy
	$ sudo a2enmod proxy_ajp
	$ sudo a2enmod rewrite
	$ sudo vim /etc/apache2/sites-enabled/default-ssl.conf

	<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	RewriteEngine On
	RewriteRule ^/$ share [R]

	ProxyPass /alfresco ajp://localhost:8009/alfresco
	ProxyPassReverse /alfresco ajp://localhost:8009/alfresco
	ProxyPass /share ajp://localhost:8009/share
	ProxyPassReverse /share ajp://localhost:8009/share
	</VirtualHost>

	$ sudo service apache2 restart
	$ sudo a2enmod status
	$ sudo vim /etc/apache2/mods-enabled/status.conf

	<Location /server-status>
	SetHandler server-status
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1 ::1
	# Allow zylk
	Allow from 62.99.71.211
	</Location>

	$ sudo /etc/init.d/apache2 restart
	<Proxy balancer://sinaduraCloud>
	# the hot standby
	BalancerMember ajp://localhost:8009 status=+H retry=0
	# the hot active
	BalancerMember ajp://localhost:9009 retry=30
	</Proxy>

	ProxyPass /sinaduraCloud balancer://sinaduraCloud/sinaduraCloud lbmethod=byrequests stickysession=JSESSIONID\|jsessionid
	ProxyPassReverse /sinaduraCloud balancer://sinaduraCloud/sinaduraCloud

	ProxyPass / balancer://ajpCluster/ stickysession=JSESSIONID\|jsessionid
	ProxyPassReverse / balancer://ajpCluster/
	<Proxy balancer://ajpCluster>
	BalancerMember ajp://localhost:8009 route=alf1
	BalancerMember ajp://localhost:9009 route=alf2
	ProxySet lbmethod=byrequests
	</Proxy>

	<Location /balancer-manager>
	SetHandler balancer-manager
	Order deny,allow
	Allow from all
	</Location>
	RewriteEngine On
	RewriteCond %{SERVER_PORT} 80

	RewriteCond %{REQUEST_URI} alfresco
	RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]

	RewriteCond %{REQUEST_URI} share
	RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]

	#RewriteRule ^/$ share [R]
	https://github.com/ecm4u/alfresco-reverse-proxy/blob/master/etc/apache2/sites-available/alfresco-http.conf

	<LocationMatch "^/alfresco/webdav/.+$">
	<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
	Order Deny,Allow
	Allow from all
	# change this or add your own IP to allow webdav access
	# Deny from all
	# Allow from 234.234.234.234
	# Allow from 127.0.0.1
	Satisfy Any
	</Limit>
	</LocationMatch>

	<Location /alfresco/service/*>
	Order allow,deny
	Allow from 1.2.3.4
	Allow from 1.2.3.5
	</Location>

	<Location /share/service/*>
	Order allow,deny
	Allow from 1.2.3.4
	Allow from 1.2.3.5
	</Location>

	<Location /alfresco/proxy>
	Order allow,deny
	Allow from 1.2.3.4
	Allow from 1.2.3.5
	</Location>

	<Location /alfresco/cmisbrowser>
	Order allow,deny
	Allow from 1.2.3.4
	Allow from 1.2.3.5
	</Location>
	ProxyPass /balancer-manager !

	ProxyPass / balancer://mycluster/ stickysession=JSESSIONID\|jsessionid
	ProxyPassReverse / balancer://mycluster/


	<Proxy balancer://mycluster>
	BalancerMember ajp://localhost:8009 route=alf1
	BalancerMember ajp://localhost:9009 route=alf2
	ProxySet lbmethod=byrequests
	</Proxy>


	<Location /balancer-manager>
	SetHandler balancer-manager
	Order deny,allow
	Allow from all
	</Location>