MultiSite configuration instructions
(→Create Access Group for Restricted Workplace Access) |
m (→Add site information to OpenCms's configuration) |
||
(7 intermediate revisions by 7 users not shown) | |||
Line 1: | Line 1: | ||
− | + | '''Please note that there is no reason to connect Tomcat using mod_proxy in the http proxy mode if you have Apache 2.2'''. Use [http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html mod_proxy_ajp] which provides the same functionality as [http://tomcat.apache.org/connectors-doc/ mod_jk] but is a standard module. If you have Apache 2.2, continue to [[MultiSite configuration instructions (apache + mod jk)]]. | |
− | + | If you are running OpenCms (6.0 or greater) in Tomcat using an Apache front end (WITH MOD_PROXY, NOT MOD_JK OR MOD_PROXY_AJP), there are four basic steps to configuring a new site in your implementation: | |
− | + | ||
− | == Add site information to | + | == Create the containing folder for the site in the OpenCms Explorer == |
− | In order to make your new site available within | + | In the OpenCms Explorer view, change to the '/' site, go into the 'sites' folder, and create a new folder. The folder name is case-sensitive, so keep track of exactly what you entered. For the examples that follow, we'll assume the creation of a /sites/MyNewSite folder. |
+ | |||
+ | '''Hint:''' Don't forget to set the permissions on the newly created site folder "/sites/MyNewSite" for "workplace users" correctly. Just clone the "default site's" permissions. Otherwise default users are not able to edit content in this site. | ||
+ | |||
+ | == Add site information to OpenCms's configuration == | ||
+ | In order to make your new site available within OpenCms, we need to modify the opencms-system.xml configuration file, located in {TOMCAT_HOME}/webapps/{opencms_webapp}/WEB-INF/config/. | ||
Find the section of opencms-system.xml that looks like: | Find the section of opencms-system.xml that looks like: | ||
Line 17: | Line 21: | ||
<site server="www.mynewsite.com" uri="/sites/MyNewSite/"/> | <site server="www.mynewsite.com" uri="/sites/MyNewSite/"/> | ||
− | This tells | + | This tells OpenCms that when it receives a request for www.mynewsite.com, it should serve that request out of the MyNewSite container. |
== Add site information to Tomcat's configuration == | == Add site information to Tomcat's configuration == | ||
− | In order for Tomcat to correctly route web requests to the correct site in | + | In order for Tomcat to correctly route web requests to the correct site in OpenCms, we need to modify the server.xml configuration file, located in <tomcatroot>/conf. |
Find the section of server.xml that looks like: | Find the section of server.xml that looks like: | ||
Line 49: | Line 53: | ||
</virtualHost> | </virtualHost> | ||
− | The ServerName is the hostname that'll be matched against any incoming requests -- it doesn't '''have''' to match your Tomcat proxyName and | + | The ServerName is the hostname that'll be matched against any incoming requests -- it doesn't '''have''' to match your Tomcat proxyName and OpenCms site server, but it'll be less confusing to troubleshoot later if it does. The URL used in the ProxyPass and ProxyPassReverse lines should point to the Tomcat connector you configured in the previous step. |
− | + | To add more sites, you need to add ''NameVirtualHost *:80'' before the first <VirtualHost>; otherwise, apache will report ''[warn] _default_ VirtualHost overlap on port 80, the first has precedence''. | |
− | + | == Create Editor Group for Restricted Workplace Access == | |
− | 1) Go to OpenCms account management and create two new groups (e.g. | + | Earlier we created a new site called “/sites/MyNewSite/”. In order to allow the content editors for MyNewSite only edit their own content and not the content under the default site it is possible to create an editor group for MyNewSite and then allow members of this group only access MyNewSite. The steps required to achieve this are listed below:- |
+ | |||
+ | 1) Go to OpenCms account management and create two new groups (e.g. MyNewSiteEditors and MyNewSitePublishers). The editors group must inherit "Users" and publishers group must inherit "None". Leave Group as Role, Project Manager Group and Project Co-Worker unticked for the access group and tick them for the editors group. | ||
2) Make sure that you have overwritten permissions for "Users" group for /sites/ to allow nothing. | 2) Make sure that you have overwritten permissions for "Users" group for /sites/ to allow nothing. | ||
− | 3) Edit permissions for folder “/sites/MyNewSite/” and allow all actions (including inheritance) for groups | + | 3) Edit permissions for folder “/sites/MyNewSite/” and allow all actions (including inheritance) for groups MyNewSiteEditors and MyNewSitePublishers. |
− | Now it is possible to create new users for MyNewSite, just by adding the new user to MyNewSiteEditors group. | + | Now it is possible to create new users for MyNewSite, just by adding the new user to MyNewSiteEditors group (and also to MyNewSitePublishers if they are allowed to publish). |
The above access control can be applied also to other resources e.g. image galleries. | The above access control can be applied also to other resources e.g. image galleries. | ||
+ | |||
+ | '''Please note that above set up defines separate editor and publisher roles. If you want to have single role for everything, you do not need to create the publishers group and just need to make sure that editors group also has publishing rights ticked.''' | ||
+ | |||
+ | |||
+ | '''OpenCms 7''' | ||
+ | |||
+ | In OpenCms 7 you can assign a site to a user inside the ''Create/Edit User Dialog'' of the administration. | ||
+ | |||
+ | [[image:Site_assignment-user_dialog.png]] | ||
== Add New Site to the Search Index == | == Add New Site to the Search Index == |
Latest revision as of 11:42, 27 January 2014
Please note that there is no reason to connect Tomcat using mod_proxy in the http proxy mode if you have Apache 2.2. Use mod_proxy_ajp which provides the same functionality as mod_jk but is a standard module. If you have Apache 2.2, continue to MultiSite configuration instructions (apache + mod jk).
If you are running OpenCms (6.0 or greater) in Tomcat using an Apache front end (WITH MOD_PROXY, NOT MOD_JK OR MOD_PROXY_AJP), there are four basic steps to configuring a new site in your implementation:
Create the containing folder for the site in the OpenCms Explorer
In the OpenCms Explorer view, change to the '/' site, go into the 'sites' folder, and create a new folder. The folder name is case-sensitive, so keep track of exactly what you entered. For the examples that follow, we'll assume the creation of a /sites/MyNewSite folder.
Hint: Don't forget to set the permissions on the newly created site folder "/sites/MyNewSite" for "workplace users" correctly. Just clone the "default site's" permissions. Otherwise default users are not able to edit content in this site.
Add site information to OpenCms's configuration
In order to make your new site available within OpenCms, we need to modify the opencms-system.xml configuration file, located in {TOMCAT_HOME}/webapps/{opencms_webapp}/WEB-INF/config/.
Find the section of opencms-system.xml that looks like:
<sites> <workplace-server>http://www.mysite.com:8080</workplace-server> <default-uri>/sites/default/</default-uri> <site server="www.mysite.com" uri="/sites/default/"/> </sites>
and add another site definition as follows:
<site server="www.mynewsite.com" uri="/sites/MyNewSite/"/>
This tells OpenCms that when it receives a request for www.mynewsite.com, it should serve that request out of the MyNewSite container.
Add site information to Tomcat's configuration
In order for Tomcat to correctly route web requests to the correct site in OpenCms, we need to modify the server.xml configuration file, located in <tomcatroot>/conf.
Find the section of server.xml that looks like:
<Connector port="8080" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />
and add another connector definition as follows:
<Connector port="8081" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" proxyName="www.mynewsite.com" proxyPort="80" connectionTimeout="20000" disableUploadTimeout="true" />
The port attribute (8081 in the example above) should be unique within your server.xml. The proxyName attribute should match the server attribute in your site definition in opencms-system.xml above.
Once you've made this change and restarted Tomcat, you should be able to go to http://YourTomcatServer:8081/opencms/opencms/ and see your MyNewSite content.
Add site information to Apache's configuration
Finally, we need to add a virtual host to Apache to handle requests for your new site. This will be done in httpd.conf (location varies depending on the layout under which you installed Apache -- on my system, it's in /usr/local/etc/apache). In Apache 1.3.x, the virtual host configuration will look something like:
<VirtualHost Server.IPAddress.Goes.Here> DocumentRoot /usr/local/www/htdocs ServerName www.mynewsite.com ProxyPass / http://localhost:8081/opencms/opencms/ ProxyPassReverse / http://localhost:8081/opencms/opencms/ </virtualHost>
The ServerName is the hostname that'll be matched against any incoming requests -- it doesn't have to match your Tomcat proxyName and OpenCms site server, but it'll be less confusing to troubleshoot later if it does. The URL used in the ProxyPass and ProxyPassReverse lines should point to the Tomcat connector you configured in the previous step.
To add more sites, you need to add NameVirtualHost *:80 before the first <VirtualHost>; otherwise, apache will report [warn] _default_ VirtualHost overlap on port 80, the first has precedence.
Create Editor Group for Restricted Workplace Access
Earlier we created a new site called “/sites/MyNewSite/”. In order to allow the content editors for MyNewSite only edit their own content and not the content under the default site it is possible to create an editor group for MyNewSite and then allow members of this group only access MyNewSite. The steps required to achieve this are listed below:-
1) Go to OpenCms account management and create two new groups (e.g. MyNewSiteEditors and MyNewSitePublishers). The editors group must inherit "Users" and publishers group must inherit "None". Leave Group as Role, Project Manager Group and Project Co-Worker unticked for the access group and tick them for the editors group.
2) Make sure that you have overwritten permissions for "Users" group for /sites/ to allow nothing.
3) Edit permissions for folder “/sites/MyNewSite/” and allow all actions (including inheritance) for groups MyNewSiteEditors and MyNewSitePublishers.
Now it is possible to create new users for MyNewSite, just by adding the new user to MyNewSiteEditors group (and also to MyNewSitePublishers if they are allowed to publish).
The above access control can be applied also to other resources e.g. image galleries.
Please note that above set up defines separate editor and publisher roles. If you want to have single role for everything, you do not need to create the publishers group and just need to make sure that editors group also has publishing rights ticked.
OpenCms 7
In OpenCms 7 you can assign a site to a user inside the Create/Edit User Dialog of the administration.
Add New Site to the Search Index
In order to enable search functionality for the new site, the site folder must be added to the search index. This can be achieved as described below:-
1) Go to search management and view index sources.
2) Add /sites/MyNewSite/ folder to the resources at "assign resources".
If you have existing pages under /sites/MyNewSite/ you need to touch the pages and republish in order to include them as part of the search index.