AMS中的唯讀或不可變檔案

目錄

< — 上一步:通用記錄檔

說明

本檔案將說明哪些檔案已鎖定且不可變更,以及如何正確進行所需的組態設定。

當AMS布建系統時,會推出基線設定,讓一切運作且安全。  這些是AMS想要確保作為功能與安全性基準的專案。  為了完成此操作,某些檔案會標籤為唯讀且不可變,以避免您變更它們。

配置不會阻止您變更它們的行為和覆寫任何您需要的變更。  您將覆蓋自己的檔案,取代原始檔案,而不是變更這些檔案。

這也讓您放心,當AMS以最新的修正和安全性增強功能修補Dispatcher時,不會變更您的檔案。  接著,您就可以繼續從改良功能中獲益,並僅採用您想要的變更。
顯示保齡球在球道上滾動。 球有箭號,上面有顯示您的文字。 Gutter緩衝器會抬起,上面有不可變的檔案。
如上圖所示,不可變檔案不會妨礙您玩遊戲。  它們只會防止您拖累效能,讓您不脫離正軌。  此方法允許我們使用幾個非常重要的功能:

  • 自訂專案會在各自的安全空間中進行處理
  • 自訂變更的覆蓋反映了AEM中的覆蓋方法
  • 修補AMS設定無需變更自訂即可完成
  • 測試基本安裝與自訂設定可同時完成,以協助確定問題是否由自訂或其他專案造成。哪些檔案?

以下是隨Dispatcher部署的典型檔案清單:

/etc/httpd/
├── conf
│   ├── httpd.conf
│   └── magic
├── conf.d
│   ├── 000_init_ootb_vars.conf
│   ├── 001_init_ams_vars.conf
│   ├── README
│   ├── autoindex.conf
│   ├── available_vhosts
│   │   ├── 000_unhealthy_author.vhost
│   │   ├── 000_unhealthy_publish.vhost
│   │   ├── aem_author.vhost
│   │   ├── aem_flush.vhost
│   │   ├── aem_flush_author.vhost
│   │   ├── aem_health.vhost
│   │   ├── aem_publish.vhost
│   │   └── ams_lc.vhost
│   ├── dispatcher_vhost.conf
│   ├── enabled_vhosts
│   │   ├── aem_author.vhost -> ../available_vhosts/aem_author.vhost
│   │   ├── aem_flush.vhost -> ../available_vhosts/aem_flush.vhost
│   │   ├── aem_health.vhost -> /etc/httpd/conf.d/available_vhosts/aem_health.vhost
│   │   └── aem_publish.vhost -> ../available_vhosts/aem_publish.vhost
│   ├── logformat.conf
│   ├── mimetypes3d.conf
│   ├── remoteip.conf
│   ├── rewrites
│   │   ├── base_rewrite.rules
│   │   └── xforwarded_forcessl_rewrite.rules
│   ├── security.conf
│   ├── userdir.conf
│   ├── variables
│   │   ├── ams_default.vars
│   │   └── ootb.vars
│   ├── welcome.conf
│   └── whitelists
│       └── 000_base_whitelist.rules
├── conf.dispatcher.d
│   ├── available_farms
│   │   ├── 000_ams_catchall_farm.any
│   │   ├── 001_ams_author_flush_farm.any
│   │   ├── 001_ams_publish_flush_farm.any
│   │   ├── 002_ams_author_farm.any
│   │   ├── 002_ams_lc_farm.any
│   │   └── 002_ams_publish_farm.any
│   ├── cache
│   │   ├── ams_author_cache.any
│   │   ├── ams_author_invalidate_allowed.any
│   │   ├── ams_publish_cache.any
│   │   └── ams_publish_invalidate_allowed.any
│   ├── clientheaders
│   │   ├── ams_author_clientheaders.any
│   │   ├── ams_common_clientheaders.any
│   │   ├── ams_lc_clientheaders.any
│   │   └── ams_publish_clientheaders.any
│   ├── dispatcher.any
│   ├── enabled_farms
│   │   ├── 000_ams_catchall_farm.any -> ../available_farms/000_ams_catchall_farm.any
│   │   ├── 001_ams_author_flush_farm.any -> ../available_farms/001_ams_author_flush_farm.any
│   │   ├── 001_ams_publish_flush_farm.any -> ../available_farms/001_ams_publish_flush_farm.any
│   │   ├── 002_ams_author_farm.any -> ../available_farms/002_ams_author_farm.any
│   │   └── 002_ams_publish_farm.any -> ../available_farms/002_ams_publish_farm.any
│   ├── filters
│   │   ├── ams_author_filters.any
│   │   ├── ams_lc_filters.any
│   │   └── ams_publish_filters.any
│   ├── renders
│   │   ├── ams_author_renders.any
│   │   ├── ams_lc_renders.any
│   │   └── ams_publish_renders.any
│   └── vhosts
│       ├── ams_author_vhosts.any
│       ├── ams_lc_vhosts.any
│       └── ams_publish_vhosts.any
├── conf.modules.d
│   ├── 01-cgi.conf
│   └── 02-dispatcher.conf
└── modules - ../../usr/lib64/httpd/modules
    └── mod_dispatcher.so

若要確定哪些檔案不可變,您可以在Dispatcher上執行下列命令以檢視:

$ lsattr -Rl /etc/httpd 2>/dev/null | grep Immutable

以下是不可變檔案的範例回應:

/etc/httpd/conf/httpd.conf   Immutable
/etc/httpd/conf.d/available_vhosts/aem_author.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_publish.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_flush.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_health.vhost Immutable
/etc/httpd/conf.d/available_vhosts/000_unhealthy_author.vhost Immutable
/etc/httpd/conf.d/available_vhosts/000_unhealthy_publish.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_flush_author.vhost Immutable
/etc/httpd/conf.d/available_vhosts/ams_lc.vhost Immutable
/etc/httpd/conf.d/rewrites/base_rewrite.rules Immutable
/etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules Immutable
/etc/httpd/conf.d/whitelists/000_base_whitelist.rules Immutable
/etc/httpd/conf.d/variables/ootb.vars Immutable
/etc/httpd/conf.d/dispatcher_vhost.conf Immutable
/etc/httpd/conf.d/logformat.conf Immutable
/etc/httpd/conf.d/security.conf Immutable
/etc/httpd/conf.d/mimetypes3d.conf Immutable
/etc/httpd/conf.d/remoteip.conf Immutable
/etc/httpd/conf.d/000_init_ootb_vars.conf Immutable
/etc/httpd/conf.d/001_init_ams_vars.conf Immutable
/etc/httpd/conf.modules.d/02-dispatcher.conf Immutable
/etc/httpd/conf.dispatcher.d/available_farms/000_ams_catchall_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/001_ams_author_flush_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/001_ams_publish_flush_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/002_ams_author_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/002_ams_lc_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/002_ams_publish_farm.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_author_cache.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_lc_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/filters/ams_author_filters.any Immutable
/etc/httpd/conf.dispatcher.d/filters/ams_publish_filters.any Immutable
/etc/httpd/conf.dispatcher.d/filters/ams_lc_filters.any Immutable
/etc/httpd/conf.dispatcher.d/renders/ams_author_renders.any Immutable
/etc/httpd/conf.dispatcher.d/renders/ams_lc_renders.any Immutable
/etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any Immutable
/etc/httpd/conf.dispatcher.d/vhosts/ams_author_vhosts.any Immutable
/etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any Immutable
/etc/httpd/conf.dispatcher.d/vhosts/ams_lc_vhosts.any Immutable
/etc/httpd/conf.dispatcher.d/dispatcher.any Immutable

如何進行變更

變數

變數可讓您在不變更組態檔本身的情況下進行功能變更。  某些設定元素可透過調整變數值進行調整。  我們可以從檔案/etc/httpd/conf.d/dispatcher_vhost.conf中反白顯示的一個範例顯示如下:

Include /etc/httpd/conf.d/variables/ams_default.vars
IfModule disp_apache2.c
    DispatcherConfig conf.dispatcher.d/dispatcher.any
    DispatcherLog    logs/dispatcher.log
    DispatcherLogLevel ${DISP_LOG_LEVEL}
    DispatcherDeclineRoot 0
    DispatcherUseProcessedURL 1
/IfModule

瞭解DispatcherLogLevel指示詞的變數是DISP_LOG_LEVEL,而不是您會看到的正常值。  在該區段的程式碼上方,您也會看到變數檔案的include陳述式。  變數檔案/etc/httpd/conf.d/variables/ams_default.vars是我們接下來要檢視的位置。  以下是變數檔案的內容:

Define DISP_LOG_LEVEL info
Define AUTHOR_WHITELIST_ENABLED 0
Define PUBLISH_WHITELIST_ENABLED 0
Define LIVECYCLE_WHITELIST_ENABLED 0
Define AUTHOR_FORCE_SSL 1
Define PUBLISH_FORCE_SSL 0
Define LIVECYCLE_FORCE_SSL 1

您在上面看到DISP_LOG_LEVEL變數的目前值為info。  我們可以將其調整為追蹤或偵錯,或您選擇的數值/層級。  現在,控制記錄層級的每個位置都將自動調整。

覆蓋方法

請瞭解最上層的包含檔案,因為這將是您進行任何自訂的起點。  首先,舉個簡單的範例,我們希望在情境中新增要指向此Dispatcher的新網域名稱。  我們將使用的網域範例為we-retail.adobe.com。  我們會將現有的設定檔複製到新的設定檔,以便在其中新增變更:

$ cp /etc/httpd/conf.d/available_vhosts/aem_publish.vhost /etc/httpd/conf.d/available_vhosts/weretail_publish.vhost

我們複製了現有的aem_publish.vhost檔案,因為它已具備了我們需要的內容,沒有必要從頭開始。  現在編輯新的weretail.vhost檔案,並進行必要的變更。

之前:

VirtualHost *:80
    ServerName    publish
    ServerAlias    ${PUBLISH_DEFAULT_HOSTNAME}
    DocumentRoot    ${PUBLISH_DOCROOT}
    IfModule mod_headers.c
            Header always add X-Dispatcher ${DISP_ID}
            Header always add X-Vhost "publish"
            Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'"
            Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'"
        Header append Vary User-Agent env=!dont-vary
    /IfModule
....... SNIP.......
/VirtualHost

之後:

VirtualHost *:80
    ServerName    weretail-publish
    ServerAlias    we-retail.adobe.com
    DocumentRoot    ${PUBLISH_DOCROOT}
    IfModule mod_headers.c
            Header always add X-Dispatcher ${DISP_ID}
            Header always add X-Vhost "werteail-publish"
            Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'"
            Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'"
        Header append Vary User-Agent env=!dont-vary
    /IfModule
....... SNIP.......
/VirtualHost

現在我們已更新ServerNameServerAlias以符合新的網域名稱,並更新其他階層連結標題。  現在啟用新檔案,讓Apache知道要使用新檔案:

$ cd /etc/httpd/conf.d/enabled_vhosts/; ln -s ../available_vhosts/weretail_publish.vhost .

現在,Apache Webserver知道網域會產生流量,但我們仍需要通知Dispatcher模組它有新的網域名稱要遵守。  我們將從建立新的*_vhost.any檔案/etc/httpd/conf.dispatcher.d/vhosts/weretail_vhosts.any開始,並在該檔案中放入我們要遵循的網域名稱:

"we-retail.adobe.com"

現在,我們需要建立一個新的伺服器陣列檔案,該檔案將使用新的vhost專案檔案,並且我們一開始會複製一個強大的開始檔案到我們自己的新檔案中。

$ cp /etc/httpd/conf.dispatcher.d/available_farms/999_ams_publish_farm.any /etc/httpd/conf.dispatcher.d/available_farms/400_weretail_publish_farm.any

讓我們來顯示這個伺服器陣列檔案需要進行的變更

之前:

/publishfarm {
    /virtualhosts {
        $include "/etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any"
    }
........SNIP.........
}

之後:

/weretailpublishfarm {
    /virtualhosts {
        $include "/etc/httpd/conf.dispatcher.d/vhosts/weretail_publish_vhosts.any"
    }
........SNIP.........
}

現在我們已更新伺服器陣列名稱,及其在伺服器陣列組態/virtualhosts區段中所使用的包含專案。  我們需要啟用這個新的伺服器陣列檔案,以便它可以在執行設定中使用:

$ cd /etc/httpd/conf.dispatcher.d/enabled_farms/; ln -s ../available_farms/400_weretail_publish_farm.any .

現在,我們只需重新載入Web伺服器服務並使用新網域即可!

NOTE
請注意,我們僅變更了需要變更的部分,並運用了基線設定檔案隨附的現有包含和程式碼。  我們只需要標示需要變更的元素。  讓工作變得更輕鬆,並減少我們維護的程式碼

下一步 — > Dispatcher健康狀態檢查

recommendation-more-help
fd0a4cf8-7fa9-4716-b40f-9320d981f47a