文档将介绍哪些文件被锁定且不能更改,以及如何正确设置所需的配置。
为何要这样?
当 AMS 设置系统时,会推出基线配置,使所有功能都能够正常运行并且安全。 AMS 希望将这些作为功能和安全性的基准。 要完成此操作,某些文件会被标记为只读和不可更改,以避免您进行更改。
布局不会阻止您更改它们的行为和覆盖您需要的任何更改。 您将用自己的文件覆盖原始文件,而不是更改这些文件。
这还可以确保当 AMS 用最新的修补程序和安全增强为调度程序修补补丁时,不会更改您的文件。 然后,您可以继续从这些改进中受益,并仅采用所需的更改。
如上图所示,不可变文件不会妨碍您正常做事。 它们只会防止您拖累工作表现,并使您不脱离正轨。 此方法允许我们使用以下几个非常关键的功能:
- 在独立的安全空间中进行自定义操作
- 自定义更改的覆盖反映了 AEM 中的覆盖方法
- 可以在不更改自定义的情况下对 AMS 配置进行修补
- 测试基本安装与自定义配置可以同时完成,以帮助确定问题是由自定义还是其他原因引起
哪些文件?
以下是与调度程序一起部署的典型文件列表:
/etc/httpd/ ├── conf │ └── httpd.conf ├── conf.d │ ├── available_vhosts │ │ ├── 000_unhealthy_author.vhost │ │ ├── 000_unhealthy_publish.vhost │ │ ├── aem_author.vhost │ │ ├── aem_flush.vhost │ │ ├── aem_health.vhost │ │ ├── ams_lc.vhost │ │ └── aem_publish.vhost │ ├── dispatcher_vhost.conf │ ├── enabled_vhosts │ │ ├── aem_author.vhost -> /etc/httpd/conf.d/available_vhosts/aem_author.vhost │ │ ├── aem_flush.vhost -> /etc/httpd/conf.d/available_vhosts/aem_flush.vhost │ │ ├── aem_health.vhost -> /etc/httpd/conf.d/available_vhosts/aem_health.vhost │ │ └── aem_publish.vhost -> /etc/httpd/conf.d/available_vhosts/aem_publish.vhost │ ├── logformat.conf │ ├── remoteip.conf │ ├── rewrites │ │ ├── base_rewrite.rules │ │ └── xforwarded_forcessl_rewrite.rules │ ├── security.conf │ ├── variables │ │ ├── ootb.vars │ │ └── ams_default.vars │ └── whitelists │ └── 000_base_whitelist.rules ├── conf.dispatcher.d │ ├── available_farms │ │ ├── 000_ams_catchall_farm.any │ │ ├── 001_ams_author_flush_farm.any │ │ ├── 001_ams_publish_flush_farm.any │ │ ├── 002_ams_author_farm.any │ │ ├── 002_ams_lc_farm.any │ │ └── 002_ams_publish_farm.any │ ├── cache │ │ ├── ams_author_cache.any │ │ ├── ams_author_invalidate_allowed.any │ │ ├── ams_publish_cache.any │ │ └── ams_publish_invalidate_allowed.any │ ├── clientheaders │ │ ├── ams_author_clientheaders.any │ │ ├── ams_common_clientheaders.any │ │ ├── ams_lc_clientheaders.any │ │ └── ams_publish_clientheaders.any │ ├── dispatcher.any │ ├── enabled_farms │ │ ├── 000_ams_catchall_farm.any -> /etc/httpd/conf.dispatcher.d/available_farms/000_ams_catchall_farm.any │ │ ├── 001_ams_author_flush_farm.any -> /etc/httpd/conf.dispatcher.d/available_farms/001_ams_author_flush_farm.any │ │ ├── 001_ams_publish_flush_farm.any -> /etc/httpd/conf.dispatcher.d/available_farms/001_ams_publish_flush_farm.any │ │ ├── 002_ams_author_farm.any -> /etc/httpd/conf.dispatcher.d/available_farms/002_ams_author_farm.any │ │ └── 002_ams_publish_farm.any -> /etc/httpd/conf.dispatcher.d/available_farms/002_ams_publish_farm.any │ ├── filters │ │ ├── ams_author_filters.any │ │ ├── ams_lc_filters.any │ │ └── ams_publish_filters.any │ ├── renders │ │ ├── ams_author_renders.any │ │ ├── ams_lc_renders.any │ │ └── ams_publish_renders.any │ └── vhosts │ ├── ams_author_vhosts.any │ ├── ams_lc_vhosts.any │ └── ams_publish_vhosts.any ├── conf.modules.d │ ├── 01-cgi.conf │ └── 02-dispatcher.conf └── modules -> ../../usr/lib64/httpd/modules └── mod_dispatcher.so
要确定哪些文件不可变,您可以在调度程序上运行以下命令以查看:
$ lsattr -Rl /etc/httpd 2>/dev/null | grep Immutable
以下是不可更改文件的示例响应:
/etc/httpd/conf/httpd.conf Immutable /etc/httpd/conf.d/available_vhosts/aem_author.vhost Immutable /etc/httpd/conf.d/available_vhosts/aem_publish.vhost Immutable /etc/httpd/conf.d/available_vhosts/aem_lc.vhost Immutable /etc/httpd/conf.d/available_vhosts/aem_flush.vhost Immutable /etc/httpd/conf.d/available_vhosts/aem_health.vhost Immutable /etc/httpd/conf.d/available_vhosts/000_unhealthy_author.vhost Immutable /etc/httpd/conf.d/available_vhosts/000_unhealthy_publish.vhost Immutable /etc/httpd/conf.d/rewrites/base_rewrite.rules Immutable /etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules Immutable /etc/httpd/conf.d/whitelists/000_base_whitelist.rules Immutable /etc/httpd/conf.d/dispatcher_vhost.conf Immutable /etc/httpd/conf.d/logformat.conf Immutable /etc/httpd/conf.d/security.conf Immutable /etc/httpd/conf.modules.d/02-dispatcher.conf Immutable /etc/httpd/conf.dispatcher.d/available_farms/000_ams_catchall_farm.any Immutable /etc/httpd/conf.dispatcher.d/available_farms/001_ams_author_flush_farm.any Immutable /etc/httpd/conf.dispatcher.d/available_farms/001_ams_publish_flush_farm.any Immutable /etc/httpd/conf.dispatcher.d/available_farms/002_ams_author_farm.any Immutable /etc/httpd/conf.dispatcher.d/available_farms/002_ams_lc_farm.any Immutable /etc/httpd/conf.dispatcher.d/available_farms/002_ams_publish_farm.any Immutable /etc/httpd/conf.dispatcher.d/cache/ams_author_cache.any Immutable /etc/httpd/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any Immutable /etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any Immutable /etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any Immutable /etc/httpd/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any Immutable /etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any Immutable /etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any Immutable /etc/httpd/conf.dispatcher.d/clientheaders/ams_lc_clientheaders.any Immutable /etc/httpd/conf.dispatcher.d/filters/ams_author_filters.any Immutable /etc/httpd/conf.dispatcher.d/filters/ams_publish_filters.any Immutable /etc/httpd/conf.dispatcher.d/filters/ams_lc_filters.any Immutable /etc/httpd/conf.dispatcher.d/renders/ams_author_renders.any Immutable /etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any Immutable /etc/httpd/conf.dispatcher.d/renders/ams_lc_renders.any Immutable /etc/httpd/conf.dispatcher.d/vhosts/ams_author_vhosts.any Immutable /etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any Immutable /etc/httpd/conf.dispatcher.d/vhosts/ams_lc_vhosts.any Immutable /etc/httpd/conf.dispatcher.d/dispatcher.any Immutable
如何进行更改
变量
利用变量,可在不更改配置文件本身的情况下进行功能更改。 可以通过调整变量值来调整某些配置元素。 以文件 /etc/httpd/conf.d/dispatcher_vhost.conf 为例,如下所示:
Include /etc/httpd/conf.d/variables/ams_default.vars <IfModule disp_apache2.c> DispatcherConfig conf.dispatcher.d/dispatcher.any DispatcherLog logs/dispatcher.log DispatcherLogLevel ${DISP_LOG_LEVEL} DispatcherDeclineRoot 0 DispatcherUseProcessedURL 1 </IfModule>
可以看到,DispatcherLogLevel 指令对应的是一个 DISP_LOG_LEVEL 变量,而不是一般的正常值。 在该部分代码的上方,您还将看到一个变量文件的 include 语句。 变量文件 /etc/httpd/conf.d/variables/ams_default.vars 是我们接下来要检查的对象。 以下是该变量文件的内容:
Define DISP_LOG_LEVEL info Define AUTHOR_WHITELIST_ENABLED 0 Define PUBLISH_WHITELIST_ENABLED 0 Define LIVECYCLE_WHITELIST_ENABLED 0 Define AUTHOR_FORCE_SSL 1 Define PUBLISH_FORCE_SSL 0 Define LIVECYCLE_FORCE_SSL 1
可以看到 DISP_LOG_LEVEL 变量的当前值为 info。 我们可以将其调整为 trace、debug,或者选择一个数值/级别。 现在,控制日志级别的每个位置都将自动进行调整。
覆盖方法
请了解顶层 include 文件,因为这将是您进行任何自定义的起点。 首先,举个简单的例子,我们希望在场景中添加一个新域名并将其指向此调度程序。 我们将使用的示例域为 we-retail.adobe.com。 我们首先会将现有配置文件复制到新的配置文件中,以便在那里添加更改:
$ cp /etc/httpd/conf.d/available_vhosts/aem_publish.vhost /etc/httpd/conf.d/available_vhosts/weretail_publish.vhost
我们复制了现有的 aem_publish.vhost 文件,因为它已具备了我们需要的内容,没有必要从头开始。 现在,编辑新的 weretail.vhost 文件,并进行所需更改。
更改前:
<VirtualHost *:80> ServerName publish ServerAlias ${PUBLISH_DEFAULT_HOSTNAME} DocumentRoot ${PUBLISH_DOCROOT} <IfModule mod_headers.c> Header always add X-Dispatcher ${DISP_ID} Header always add X-Vhost "publish" Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'" Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'" Header append Vary User-Agent env=!dont-vary </IfModule> ....... SNIP....... </VirtualHost>
更改后:
<VirtualHost *:80> ServerName weretail-publish ServerAlias we-retail.adobe.com DocumentRoot ${PUBLISH_DOCROOT} <IfModule mod_headers.c> Header always add X-Dispatcher ${DISP_ID} Header always add X-Vhost "werteail-publish" Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'" Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'" Header append Vary User-Agent env=!dont-vary </IfModule> ....... SNIP....... </VirtualHost>
现在,我们更新了 ServerName 和 ServerAlias 以匹配新的域名,并更新了其他痕迹导航标头。 现在启用新文件,以便让 Apache 知道要使用新文件:
$ cd /etc/httpd/conf.d/enabled_vhosts/; ln -s ../available_vhosts/weretail_publish.vhost .
现在,Apache Webserver 知道要为该域产生流量,但我们仍需要将新域名告知调度程序模块。 我们首先要创建一个新 *_vhost.any 文件 /etc/httpd/conf.dispatcher.d/vhosts/weretail_vhosts.any,并在文件中输入要遵循的域名:
"we-retail.adobe.com"
现在需要创建一个新的场文件,该文件将使用新的 vhost 条目文件,并且我们首先会复制一个现有文件,以生成自己的新文件。
$ cp /etc/httpd/conf.dispatcher.d/available_farms/999_ams_publish_farm.any /etc/httpd/conf.dispatcher.d/available_farms/400_weretail_publish_farm.any
我们来看看生成此场文件需要进行的更改
更改前:
/publishfarm { /virtualhosts { $include "/etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any" } ........SNIP......... }
更改后:
/weretailpublishfarm { /virtualhosts { $include "/etc/httpd/conf.dispatcher.d/vhosts/weretail_publish_vhosts.any" } ........SNIP......... }
现在,我们更新了场名称以及在场配置的 /virtualhosts 部分中它要使用的包含内容。 我们需要启用此新场文件,以便能够在运行配置中使用:
$ cd /etc/httpd/conf.dispatcher.d/enabled_farms/; ln -s ../available_farms/400_weretail_publish_farm.any .
现在,只需重新加载 Webserver 服务并使用新域!
请注意,我们仅更改了需要更改的片段,并利用了基线配置文件附带的现有代码。 我们只需要标示出需要改变的元素。 降低处理事情的难度,并减少我们需要维护的代码量