AMS中的唯讀或不可變檔案
說明
本檔案將說明哪些檔案已鎖定且不可變更,以及如何正確進行所需的組態設定。
當AMS布建系統時,會推出基線設定,讓一切運作且安全。 這些是AMS想要確保作為功能與安全性基準的專案。 為了完成此操作,某些檔案會標籤為唯讀且不可變,以避免您變更它們。
配置不會阻止您變更它們的行為和覆寫任何您需要的變更。 您將覆蓋自己的檔案,取代原始檔案,而不是變更這些檔案。
這也讓您放心,當AMS以最新的修正和安全性增強功能修補Dispatcher時,不會變更您的檔案。 接著,您就可以繼續從改良功能中獲益,並僅採用您想要的變更。
如上圖所示,不可變檔案不會妨礙您玩遊戲。 它們只會防止您拖累效能,讓您不脫離正軌。 此方法允許我們使用幾個非常重要的功能:
- 自訂專案會在各自的安全空間中進行處理
- 自訂變更的覆蓋反映了AEM中的覆蓋方法
- 修補AMS設定無需變更自訂即可完成
- 測試基本安裝與自訂設定可同時完成,以協助確定問題是否由自訂或其他專案造成。哪些檔案?
以下是隨Dispatcher部署的典型檔案清單:
/etc/httpd/
├── conf
│ ├── httpd.conf
│ └── magic
├── conf.d
│ ├── 000_init_ootb_vars.conf
│ ├── 001_init_ams_vars.conf
│ ├── README
│ ├── autoindex.conf
│ ├── available_vhosts
│ │ ├── 000_unhealthy_author.vhost
│ │ ├── 000_unhealthy_publish.vhost
│ │ ├── aem_author.vhost
│ │ ├── aem_flush.vhost
│ │ ├── aem_flush_author.vhost
│ │ ├── aem_health.vhost
│ │ ├── aem_publish.vhost
│ │ └── ams_lc.vhost
│ ├── dispatcher_vhost.conf
│ ├── enabled_vhosts
│ │ ├── aem_author.vhost -> ../available_vhosts/aem_author.vhost
│ │ ├── aem_flush.vhost -> ../available_vhosts/aem_flush.vhost
│ │ ├── aem_health.vhost -> /etc/httpd/conf.d/available_vhosts/aem_health.vhost
│ │ └── aem_publish.vhost -> ../available_vhosts/aem_publish.vhost
│ ├── logformat.conf
│ ├── mimetypes3d.conf
│ ├── remoteip.conf
│ ├── rewrites
│ │ ├── base_rewrite.rules
│ │ └── xforwarded_forcessl_rewrite.rules
│ ├── security.conf
│ ├── userdir.conf
│ ├── variables
│ │ ├── ams_default.vars
│ │ └── ootb.vars
│ ├── welcome.conf
│ └── whitelists
│ └── 000_base_whitelist.rules
├── conf.dispatcher.d
│ ├── available_farms
│ │ ├── 000_ams_catchall_farm.any
│ │ ├── 001_ams_author_flush_farm.any
│ │ ├── 001_ams_publish_flush_farm.any
│ │ ├── 002_ams_author_farm.any
│ │ ├── 002_ams_lc_farm.any
│ │ └── 002_ams_publish_farm.any
│ ├── cache
│ │ ├── ams_author_cache.any
│ │ ├── ams_author_invalidate_allowed.any
│ │ ├── ams_publish_cache.any
│ │ └── ams_publish_invalidate_allowed.any
│ ├── clientheaders
│ │ ├── ams_author_clientheaders.any
│ │ ├── ams_common_clientheaders.any
│ │ ├── ams_lc_clientheaders.any
│ │ └── ams_publish_clientheaders.any
│ ├── dispatcher.any
│ ├── enabled_farms
│ │ ├── 000_ams_catchall_farm.any -> ../available_farms/000_ams_catchall_farm.any
│ │ ├── 001_ams_author_flush_farm.any -> ../available_farms/001_ams_author_flush_farm.any
│ │ ├── 001_ams_publish_flush_farm.any -> ../available_farms/001_ams_publish_flush_farm.any
│ │ ├── 002_ams_author_farm.any -> ../available_farms/002_ams_author_farm.any
│ │ └── 002_ams_publish_farm.any -> ../available_farms/002_ams_publish_farm.any
│ ├── filters
│ │ ├── ams_author_filters.any
│ │ ├── ams_lc_filters.any
│ │ └── ams_publish_filters.any
│ ├── renders
│ │ ├── ams_author_renders.any
│ │ ├── ams_lc_renders.any
│ │ └── ams_publish_renders.any
│ └── vhosts
│ ├── ams_author_vhosts.any
│ ├── ams_lc_vhosts.any
│ └── ams_publish_vhosts.any
├── conf.modules.d
│ ├── 01-cgi.conf
│ └── 02-dispatcher.conf
└── modules - ../../usr/lib64/httpd/modules
└── mod_dispatcher.so
若要確定哪些檔案不可變,您可以在Dispatcher上執行下列命令以檢視:
$ lsattr -Rl /etc/httpd 2>/dev/null | grep Immutable
以下是不可變檔案的範例回應:
/etc/httpd/conf/httpd.conf Immutable
/etc/httpd/conf.d/available_vhosts/aem_author.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_publish.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_flush.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_health.vhost Immutable
/etc/httpd/conf.d/available_vhosts/000_unhealthy_author.vhost Immutable
/etc/httpd/conf.d/available_vhosts/000_unhealthy_publish.vhost Immutable
/etc/httpd/conf.d/available_vhosts/aem_flush_author.vhost Immutable
/etc/httpd/conf.d/available_vhosts/ams_lc.vhost Immutable
/etc/httpd/conf.d/rewrites/base_rewrite.rules Immutable
/etc/httpd/conf.d/rewrites/xforwarded_forcessl_rewrite.rules Immutable
/etc/httpd/conf.d/whitelists/000_base_whitelist.rules Immutable
/etc/httpd/conf.d/variables/ootb.vars Immutable
/etc/httpd/conf.d/dispatcher_vhost.conf Immutable
/etc/httpd/conf.d/logformat.conf Immutable
/etc/httpd/conf.d/security.conf Immutable
/etc/httpd/conf.d/mimetypes3d.conf Immutable
/etc/httpd/conf.d/remoteip.conf Immutable
/etc/httpd/conf.d/000_init_ootb_vars.conf Immutable
/etc/httpd/conf.d/001_init_ams_vars.conf Immutable
/etc/httpd/conf.modules.d/02-dispatcher.conf Immutable
/etc/httpd/conf.dispatcher.d/available_farms/000_ams_catchall_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/001_ams_author_flush_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/001_ams_publish_flush_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/002_ams_author_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/002_ams_lc_farm.any Immutable
/etc/httpd/conf.dispatcher.d/available_farms/002_ams_publish_farm.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_author_cache.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_author_invalidate_allowed.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_publish_cache.any Immutable
/etc/httpd/conf.dispatcher.d/cache/ams_publish_invalidate_allowed.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_author_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_publish_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_common_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/clientheaders/ams_lc_clientheaders.any Immutable
/etc/httpd/conf.dispatcher.d/filters/ams_author_filters.any Immutable
/etc/httpd/conf.dispatcher.d/filters/ams_publish_filters.any Immutable
/etc/httpd/conf.dispatcher.d/filters/ams_lc_filters.any Immutable
/etc/httpd/conf.dispatcher.d/renders/ams_author_renders.any Immutable
/etc/httpd/conf.dispatcher.d/renders/ams_lc_renders.any Immutable
/etc/httpd/conf.dispatcher.d/renders/ams_publish_renders.any Immutable
/etc/httpd/conf.dispatcher.d/vhosts/ams_author_vhosts.any Immutable
/etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any Immutable
/etc/httpd/conf.dispatcher.d/vhosts/ams_lc_vhosts.any Immutable
/etc/httpd/conf.dispatcher.d/dispatcher.any Immutable
如何進行變更
變數
變數可讓您在不變更組態檔本身的情況下進行功能變更。 某些設定元素可透過調整變數值進行調整。 我們可以從檔案/etc/httpd/conf.d/dispatcher_vhost.conf中反白顯示的一個範例顯示如下:
Include /etc/httpd/conf.d/variables/ams_default.vars
IfModule disp_apache2.c
DispatcherConfig conf.dispatcher.d/dispatcher.any
DispatcherLog logs/dispatcher.log
DispatcherLogLevel ${DISP_LOG_LEVEL}
DispatcherDeclineRoot 0
DispatcherUseProcessedURL 1
/IfModule
瞭解DispatcherLogLevel指示詞的變數是DISP_LOG_LEVEL,而不是您會看到的正常值。 在該區段的程式碼上方,您也會看到變數檔案的include陳述式。 變數檔案/etc/httpd/conf.d/variables/ams_default.vars是我們接下來要檢視的位置。 以下是變數檔案的內容:
Define DISP_LOG_LEVEL info
Define AUTHOR_WHITELIST_ENABLED 0
Define PUBLISH_WHITELIST_ENABLED 0
Define LIVECYCLE_WHITELIST_ENABLED 0
Define AUTHOR_FORCE_SSL 1
Define PUBLISH_FORCE_SSL 0
Define LIVECYCLE_FORCE_SSL 1
您在上面看到DISP_LOG_LEVEL變數的目前值為info。 我們可以將其調整為追蹤或偵錯,或您選擇的數值/層級。 現在,控制記錄層級的每個位置都將自動調整。
覆蓋方法
請瞭解最上層的包含檔案,因為這將是您進行任何自訂的起點。 首先,舉個簡單的範例,我們希望在情境中新增要指向此Dispatcher的新網域名稱。 我們將使用的網域範例為we-retail.adobe.com。 我們會將現有的設定檔複製到新的設定檔,以便在其中新增變更:
$ cp /etc/httpd/conf.d/available_vhosts/aem_publish.vhost /etc/httpd/conf.d/available_vhosts/weretail_publish.vhost
我們複製了現有的aem_publish.vhost檔案,因為它已具備了我們需要的內容,沒有必要從頭開始。 現在編輯新的weretail.vhost檔案,並進行必要的變更。
之前:
VirtualHost *:80
ServerName publish
ServerAlias ${PUBLISH_DEFAULT_HOSTNAME}
DocumentRoot ${PUBLISH_DOCROOT}
IfModule mod_headers.c
Header always add X-Dispatcher ${DISP_ID}
Header always add X-Vhost "publish"
Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'"
Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'"
Header append Vary User-Agent env=!dont-vary
/IfModule
....... SNIP.......
/VirtualHost
之後:
VirtualHost *:80
ServerName weretail-publish
ServerAlias we-retail.adobe.com
DocumentRoot ${PUBLISH_DOCROOT}
IfModule mod_headers.c
Header always add X-Dispatcher ${DISP_ID}
Header always add X-Vhost "werteail-publish"
Header merge X-Frame-Options SAMEORIGIN "expr=%{resp:X-Frame-Options}!='SAMEORIGIN'"
Header merge X-Content-Type-Options nosniff "expr=%{resp:X-Content-Type-Options}!='nosniff'"
Header append Vary User-Agent env=!dont-vary
/IfModule
....... SNIP.......
/VirtualHost
現在我們已更新ServerName和ServerAlias以符合新的網域名稱,並更新其他階層連結標題。 現在啟用新檔案,讓Apache知道要使用新檔案:
$ cd /etc/httpd/conf.d/enabled_vhosts/; ln -s ../available_vhosts/weretail_publish.vhost .
現在,Apache Webserver知道網域會產生流量,但我們仍需要通知Dispatcher模組它有新的網域名稱要遵守。 我們將從建立新的*_vhost.any檔案/etc/httpd/conf.dispatcher.d/vhosts/weretail_vhosts.any開始,並在該檔案中放入我們要遵循的網域名稱:
"we-retail.adobe.com"
現在,我們需要建立一個新的伺服器陣列檔案,該檔案將使用新的vhost專案檔案,並且我們一開始會複製一個強大的開始檔案到我們自己的新檔案中。
$ cp /etc/httpd/conf.dispatcher.d/available_farms/999_ams_publish_farm.any /etc/httpd/conf.dispatcher.d/available_farms/400_weretail_publish_farm.any
讓我們來顯示這個伺服器陣列檔案需要進行的變更
之前:
/publishfarm {
/virtualhosts {
$include "/etc/httpd/conf.dispatcher.d/vhosts/ams_publish_vhosts.any"
}
........SNIP.........
}
之後:
/weretailpublishfarm {
/virtualhosts {
$include "/etc/httpd/conf.dispatcher.d/vhosts/weretail_publish_vhosts.any"
}
........SNIP.........
}
現在我們已更新伺服器陣列名稱,及其在伺服器陣列組態/virtualhosts區段中所使用的包含專案。 我們需要啟用這個新的伺服器陣列檔案,以便它可以在執行設定中使用:
$ cd /etc/httpd/conf.dispatcher.d/enabled_farms/; ln -s ../available_farms/400_weretail_publish_farm.any .
現在,我們只需重新載入Web伺服器服務並使用新網域即可!
NOTE
請注意,我們僅變更了需要變更的部分,並運用了基線設定檔案隨附的現有包含和程式碼。 我們只需要標示需要變更的元素。 讓工作變得更輕鬆,並減少我們維護的程式碼
recommendation-more-help
fd0a4cf8-7fa9-4716-b40f-9320d981f47a