Avoiding /opencms/opencms in the URL (apache + mod proxy)

From OpenCms Wiki
Revision as of 10:29, 16 February 2010 by 80.135.34.230 (Talk)
Jump to: navigation, search

If you are running OpenCms (7.5 or greater) in Tomcat using an Apache front end (WITH MOD_PROXY, NOT MOD_JK), there are four basic steps to configuring your environment for avoiding the /opencms/opencms in the URL:

Contents

Add site information to OpenCMS's configuration

In order to make your new site available within OpenCMS, we need to modify the opencms-system.xml configuration file, located in ${TOMCAT_HOME}\webapps\${OPENCMS_WEBAPP}\WEB-INF\config\.

Find the <sites> node of opencms-system.xml and modify it as follows:

<sites>
  <workplace-server>http://www.example.com</workplace-server>
  <default-uri>/</default-uri>
  <site server="http://www.example.com" uri="/sites/default/" />
</sites>

Defining the tomcat connectors

edit the ${TOMCAT_HOME}/conf/server.xml and define two connectors like:

<Connector port="8009"
 address="127.0.0.1"
 protocol="AJP/1.3"
 redirectPort="8443"
 emptySessionPath="true"
 enableLookups="false"/>
<Connector port="8081"
 maxHttpHeaderSize="8192"
 maxThreads="150"
 minSpareThreads="25"
 maxSpareThreads="75"
 enableLookups="false"
 redirectPort="8443"
 acceptCount="100"
 proxyName="www.example.com"
 proxyPort="80"
 useBodyEncodingForURI="true"
 connectionTimeout="20000"
 disableUploadTimeout="true"
 emptySessionPath="true" />

The port attribute (8081 in the example above) should be unique within your server.xml. The proxyName attribute should match the server attribute in your site definition in opencms-system.xml above.

Once you've made this change and restarted Tomcat, you should be able to go to http://YourTomcatServer:8081/opencms/opencms/ and see your MyNewSite content.

Add site information to Apache's configuration

Finally, we need to add a virtual host to Apache to handle requests for your new site. This will be done in httpd.conf (location varies depending on the layout under which you installed Apache -- on my system, it's in /usr/local/etc/apache). In Apache 1.3.x, the virtual host configuration will look something like:

<VirtualHost *:80>
 ServerName pre.mrmbe.es
 ServerAdmin webmaster@opencms.org
 DocumentRoot "C:\dev\Tomcat6.0\webapps\opencms"
 # Allow accessing the document root directory
 <Directory "C:\dev\Tomcat6.0\webapps\opencms">
   Options FollowSymlinks
   AllowOverride All
   Order allow,deny
   Allow from all
 </Directory>
 ErrorLog C:\dev\Apache2.0\Apache2\logs\errors_demo.opencms.org.log
 CustomLog C:\dev\Apache2.0\Apache2\logs\access_demo.opencms.org.log combined
 RewriteEngine On
 RewriteLog C:\dev\Apache2.0\Apache2\logs\rewrite_demo.opencms.org.log
 RewriteLogLevel 9
 
 RewriteCond       %{REQUEST_URI}                                            ^/opencms/export/(.*)  [NC]
 RewriteCond       "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}"                     !-f
 RewriteCond       "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}/index_export.html"   !-f
 RewriteRule       .*                                                        http://127.0.0.1:8081/opencms/opencms/handle404?exporturi=%{REQUEST_URI}&%{QUERY_STRING} [P]
 # If the request starts with /${WEBAPP_NAME}/resources, delete the /${WEBAPP_NAME} prefix
 RewriteCond %{REQUEST_URI}                           ^/opencms/resources/.*$
 RewriteRule ^/opencms/(.*)$                          /$1 [PT]
 # Also redirect all other 404 errors to OpenCms
 ErrorDocument     404                                /system/shared/handle404.html
 RedirectPermanent /opencms/opencms/                  http://pre.mrmbe.es/
 ProxyPass         /opencms/opencms/                  !
 ProxyPass         /opencms/resources/                !
 ProxyPass         /opencms/export/                   !
 ProxyPass         /                                  http://127.0.0.1:8081/opencms/opencms/
 ProxyPassReverse  /                                  http://127.0.0.1:8081/opencms/opencms/
 
</VirtualHost>

The ServerName is the hostname that'll be matched against any incoming requests -- it doesn't have to match your Tomcat proxyName and OpenCMS site server, but it'll be less confusing to troubleshoot later if it does. The URL used in the ProxyPass and ProxyPassReverse lines should point to the Tomcat connector you configured in the previous step.

To add more sites, you need to add NameVirtualHost *:80 before the first <VirtualHost>; otherwise, apache will report [warn] _default_ VirtualHost overlap on port 80, the first has precedence.

Create Editor Group for Restricted Workplace Access

Earlier we created a new site called “/sites/MyNewSite/”. In order to allow the content editors for MyNewSite only edit their own content and not the content under the default site it is possible to create an editor group for MyNewSite and then allow members of this group only access MyNewSite. The steps required to achieve this are listed below:-

1) Go to OpenCms account management and create two new groups (e.g. MyNewSiteEditors and MyNewSitePublishers). The editors group must inherit "Users" and publishers group must inherit "None". Leave Group as Role, Project Manager Group and Project Co-Worker unticked for the access group and tick them for the editors group.

2) Make sure that you have overwritten permissions for "Users" group for /sites/ to allow nothing.

3) Edit permissions for folder “/sites/MyNewSite/” and allow all actions (including inheritance) for groups MyNewSiteEditors and MyNewSitePublishers.

Now it is possible to create new users for MyNewSite, just by adding the new user to MyNewSiteEditors group (and also to MyNewSitePublishers if they are allowed to publish).

The above access control can be applied also to other resources e.g. image galleries.

Please note that above set up defines separate editor and publisher roles. If you want to have single role for everything, you do not need to create the publishers group and just need to make sure that editors group also has publishing rights ticked.


OpenCms 7

In OpenCms 7 you can assign a site to a user inside the Create/Edit User Dialog of the administration.

Site assignment-user dialog.png

Add New Site to the Search Index

In order to enable search functionality for the new site, the site folder must be added to the search index. This can be achieved as described below:-

1) Go to search management and view index sources.

2) Add /sites/MyNewSite/ folder to the resources at "assign resources".

If you have existing pages under /sites/MyNewSite/ you need to touch the pages and republish in order to include them as part of the search index.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox