AEM中的只读或不可变文件
描述 description
环境
Experience Manager
问题/症状
AdobeManaged Services (AMS)设置系统时,会推出基线配置,使所有功能都能够正常运行并且安全。 AMS希望确保将这些作为功能和安全性的基准。 要完成此操作,某些文件会被标记为只读和不可变,以避免您对其进行更改。
布局不会阻止您更改它们的行为和覆盖您需要的任何更改。 不要更改这些文件,而是覆盖您自己的文件,以取代原始文件。
这还可以确保当AMS使用最新的修复和安全增强为Dispatcher修补补丁时,不会更改您的文件。 然后,您可以继续从这些改进中受益,并仅采用所需的更改。
如上图所示,不可变文件不会阻止您进行游戏。 它们只会防止您拖累工作表现,并使您不脱离正轨。 此方法允许我们使用以下几个非常关键的功能:
- 自定义项在其各自的安全空间中进行处理
- 自定义更改的覆盖反映了AEM中的覆盖方法
- 可以在不更改自定义项的情况下对AMS配置进行修补
- 测试基本安装与自定义配置可以同时完成,以帮助确定问题是由自定义还是其他原因引起。哪些文件?
以下是使用Dispatcher部署的典型文件列表:
/etc/httpd/
├── conf
│ └── httpd.conf
├── conf.d
│ ├── available_vhosts
│ │ ├── 000_unhealthy_author.vhost
│ │ ├── 000_unhealthy_publish.vhost
│ │ ├── aem_author.vhost
│ │ ├── aem_flush.vhost
│ │ ├── aem_health.vhost
│ │ ├── aem_lc.vhost
│ │ └── aem_publish.vhost
│ ├── dispatcher_vhost.conf
│ ├── enabled_vhosts
│ │ ├── aem_author.vhost -> /etc/httpd/conf.d/available_vhosts/aem_author.vhost
│ │ ├── aem_flush.vhost -> /etc/httpd/conf.d/available_vhosts/aem_flush.vhost
│ │ ├── aem_health.vhost -> /etc/httpd/conf.d/available_vhosts/aem_health.vhost
│ │ └── aem_publish.vhost -> /etc/httpd/conf.d/available_vhosts/aem_publish.vhost
│ ├── logformat.conf
│ ├── remoteip.conf
│ ├── rewrites
│ │ ├── base_rewrite.rules
│ │ └── xforwarded_forcessl_rewrite.rules
│ ├── security.conf
│ ├── variables
│ │ └── ams_default.vars
│ └── whitelists
│ └── 000_base_whitelist.rules
├── conf.dispatcher.d
│ ├── available_farms
│ │ ├── 000_ams_author_farm.any
│ │ ├── 001_ams_lc_farm.any
│ │ └── 999_ams_publish_farm.any
│ ├── cache
│ │ ├── ams_author_cache.any
│ │ ├── ams_author_invalidate_allowed.any
│ │ ├── ams_publish_cache.any
│ │ └── ams_publish_invalidate_allowed.any
│ ├── clientheaders
│ │ ├── ams_author_clientheaders.any
│ │ ├── ams_common_clientheaders.any
│ │ ├── ams_lc_clientheaders.any
│ │ └── ams_publish_clientheaders.any
│ ├── dispatcher.any
│ ├── enabled_farms
│ │ ├── 000_ams_author_farm.any -> /etc/httpd/conf.dispatcher.d/available_farms/000_ams_author_farm.any
│ │ └── 999_ams_publish_farm.any -> /etc/httpd/conf.dispatcher.d/available_farms/999_ams_publish_farm.any
│ ├── filters
│ │ ├── ams_author_filters.any
│ │ ├── ams_lc_filters.any
│ │ └── ams_publish_filters.any
│ ├── renders
│ │ ├── ams_author_renders.any
│ │ ├── ams_lc_renders.any
│ │ └── ams_publish_renders.any
│ └── vhosts
│ ├── ams_author_vhosts.any
│ ├── ams_lc_vhosts.any
│ └── ams_publish_vhosts.any
├── conf.modules.d
│ ├── 01-cgi.conf
│ └── 02-dispatcher.conf
└── modules -> ../../usr/lib64/httpd/modules
└── mod_dispatcher.so
要确定哪些文件不可变,您可以在Dispatcher上运行以下命令以查看:
$ lsattr -Rl /etc/httpd 2 > /dev/null | grep Immutable
以下是不可更改文件的示例响应:
/etc/httpd/conf/httpd.conf Immutable
/etc/httpd/conf.d/available_vhosts/aem_author.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_publish.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_lc.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_flush.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_health.vhost Immutable
/etc/httpd/conf.d/available_vhosts/000_unhealthy_author.vhost Immutable
/etc/httpd/conf.d/available_vhosts/000_unhealthy_publish.vhost Immutable
/etc/httpd/conf.d/rewrites/base_rewrite.rules Immutable
/etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules Immutable
/etc/httpd/conf.d/whitelists/000_base_whitelist.rules Immutable
/etc/httpd/conf.d/dispatcher_vhost.conf Immutable
/etc/httpd/conf.d/logformat.conf Immutable
/etc/httpd/conf.d/security.conf Immutable
/etc/httpd/conf.modules.d/02-dispatcher.conf Immutable
/etc/httpd/conf.dispatcher.d/available_farms/000_ams_author_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/999_ams_publish_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/001_ams_lc_farm.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_author_cache.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_lc_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/filters/ams_author_filters.any Immutable
/etc/httpd/conf.dispatcher.d/filters/ams_publish_filters.any Immutable
/etc/httpd/conf.dispatcher.d/filters/ams_lc_filters.any Immutable
/etc/httpd/conf.dispatcher.d/renders/ams_author_renders.any Immutable
/etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any Immutable
/etc/httpd/conf.dispatcher.d/renders/ams_lc_renders.any Immutable
/etc/httpd/conf.dispatcher.d/vhosts/ams_author_vhosts.any Immutable
/etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any Immutable
/etc/httpd/conf.dispatcher.d/vhosts/ams_lc_vhosts.any Immutable
/etc/httpd/conf.dispatcher.d/dispatcher.any Immutable
解决方法 resolution
如何进行更改?
变量
变量允许您在不更改配置文件本身的情况下进行功能更改。 可以通过调整变量的值来调整某些配置元素。 此处显示了一个从文件/etc/httpd/conf.d/dispatcher_vhost.conf中高亮显示的示例:
Include /etc/httpd/conf.d/variables/ams_default.vars
<IfModule disp_apache2.c>
DispatcherConfig conf.dispatcher.d/dispatcher.any
DispatcherLog logs/dispatcher.log
DispatcherLogLevel ${DISP_LOG_LEVEL}
DispatcherDeclineRoot 0
DispatcherUseProcessedURL 1
</IfModule>
查看DispatcherLogLevel指令的变量是DISP_LOG_LEVEL,而不是您会看到的正常值。 在该部分代码的上方,您还将看到变量文件的include语句。 变量文件/etc/httpd/conf.d/variables/ams_default.vars是您接下来要查看的位置。 以下是该variables文件的内容:
Define DISP_LOG_LEVEL info
Define AUTHOR_WHITELIST_ENABLED 0
Define PUBLISH_WHITELIST_ENABLED 0
Define LIVECYCLE_WHITELIST_ENABLED 0
Define AUTHOR_FORCE_SSL 1
Define PUBLISH_FORCE_SSL 0
Define LIVECYCLE_FORCE_SSL 1
您在上面看到DISP_LOG_LEVEL变量的当前值为“info”。 您可以将此项调整为trace或debug,或者调整您选择的数值/级别。 现在,控制日志级别的任何位置都会自动进行调整。
叠加方法
请了解顶层include文件,因为这是您进行任何自定义的起点。 首先,举个简单的例子,您有这样一个方案,您希望添加旨在指向此Dispatcher的新域名。 我们使用的域示例是we-retail.adobe.com.,首先是将现有配置文件复制到新的配置文件中,以便在其中添加更改:
$ cp /etc/httpd/conf.d/available_vhosts/aem_publish.vhost /etc/httpd/conf.d/available_vhosts/weretail_publish.vhost
您复制了现有的aem_publish.vhost文件,因为它已具备了使工作正常进行所需的内容,并且您不希望重新创建已然强劲的开始。 现在,编辑新的weretail.vhost文件并进行所需更改。
之前:
<VirtualHost *:80>
ServerName publish
ServerAlias ${PUBLISH_DEFAULT_HOSTNAME}
DocumentRoot ${PUBLISH_DOCROOT}
<IfModule mod_headers.c>
Header always add X-Dispatcher ${DISP_ID}
Header always add X-Vhost "publish"
Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'"
Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'"
Header append Vary User-Agent env=!dont-vary
</IfModule>
....... SNIP.......
</VirtualHost>
之后:
<VirtualHost *:80>
ServerName weretail-publish
ServerAlias we-retail.adobe.com
DocumentRoot ${PUBLISH_DOCROOT}
<IfModule mod_headers.c>
Header always add X-Dispatcher ${DISP_ID}
Header always add X-Vhost "werteail-publish"
Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'"
Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'"
Header append Vary User-Agent env=!dont-vary
</IfModule>
....... SNIP.......
</VirtualHost>
现在,您已更新我们的ServerName和ServerAlias以匹配新的域名,并更新其他痕迹导航标头。 现在启用新文件,以便Apache知道要使用新文件:
$ cd /etc/httpd/conf.d/enabled_vhosts/; ln -s ../available_vhosts/weretail_publish.vhost .
现在,Apache Webserver知道域应产生流量,但仍需要通知Dispatcher模块它有新域名要遵守。 首先,创建一个新*_vhost.any文件/etc/httpd/conf.dispatcher.d/vhosts/weretail_vhosts.any ,并在文件中输入要遵循的域名:
"we-retail.adobe.com"
现在,您需要创建一个新的场文件,该文件将使用新的vhost条目文件,并且您首先会将一个强启动文件复制到我们自己的新文件中。
$ cp /etc/httpd/conf.dispatcher.d/available_farms/999_ams_publish_farm.any /etc/httpd/conf.dispatcher.d/available_farms/400_weretail_publish_farm.any
让我们来显示您需要对此场文件进行哪些更改
之前:
/publishfarm {
/virtualhosts {
$include "/etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any"
}
........SNIP.........
}
之后:
/weretailpublishfarm {
/virtualhosts {
$include "/etc/httpd/conf.dispatcher.d/vhosts/weretail_publish_vhosts.any"
}
........SNIP.........
}
现在,您已经更新了场名称,以及它在场配置的/virtualhosts部分中使用的包含内容。 您需要启用此新场文件,以便能够在运行配置中使用它:
$ cd /etc/httpd/conf.dispatcher.d/enabled_farms/; ln -s ../available_farms/400_weretail_publish_farm.any .
现在,您只需重新加载Web服务器服务并使用我们的新域即可!
注意:
请注意,您仅更改了需要更改的片段,并利用了基线配置文件附带的现有包含和代码。 您只需描述需要更改的元素。 简化操作并让我们能够维护更少的代码
recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f