
From Open-Xchange
Revision as of 13:15, 7 January 2020 by Mheiland (talk | contribs)

Configure the mod_proxy_ajp module by creating a new Apache configuration file.

$ vim {{{ajpconf}}}


<IfModule mod_proxy_ajp.c>
   ProxyRequests Off
   ProxyStatus On
   # Please note that the servlet path to the soap API has changed:
   <Location /webservices>
       # restrict access to the soap provisioning API
       Order Deny,Allow
       Deny from all
       Allow from
       # you might add more ip addresses / networks here
       # Allow from 192.168 10 172.16
   # The old path is kept for compatibility reasons
   <Location /servlet/axis2/services>
       Order Deny,Allow
       Deny from all
       Allow from
   # Enable the balancer manager mentioned in
   # http://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster
   <IfModule mod_status.c>
     <Location /balancer-manager>
       SetHandler balancer-manager
       Order Deny,Allow
       Deny from all
       Allow from
   <Proxy balancer://oxcluster>
       Order deny,allow
       Allow from all
       # multiple server setups need to have the hostname inserted instead localhost
       BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1
       # Enable and maybe add additional hosts running OX here
       # BalancerMember ajp://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2
      ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
   # The standalone documentconverter(s) within your setup (if installed)
   # Make sure to restrict access to backends only
   # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos
   #<Proxy balancer://oxcluster_docs>
   #    Order Deny,Allow
   #    Deny from all
   #    Allow from backend1IP
   #    BalancerMember ajp://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3
   #    ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
   #	   SetEnv proxy-initial-not-pooled
   #    SetEnv proxy-sendchunked
   # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of
   # mappings have to be ordered from longest URL to shortest URL.
   # Example:
   #   ProxyPass /ajax      balancer://oxcluster_with_100s_timeout/ajax
   #   ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test
   # Requests to /ajax/test would have a timeout of 100s instead of 200s 
   # See:
   # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives
   # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing
   ProxyPass /ajax balancer://oxcluster/ajax
   ProxyPass /appsuite/api balancer://oxcluster/ajax
   ProxyPass /drive balancer://oxcluster/drive
   ProxyPass /infostore balancer://oxcluster/infostore
   ProxyPass /servlet balancer://oxcluster/servlet
   ProxyPass /webservices balancer://oxcluster/webservices

   #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws
   ProxyPass /usm-json balancer://oxcluster/usm-json
   ProxyPass /Microsoft-Server-ActiveSync balancer://oxcluster/Microsoft-Server-ActiveSync


Modify the default website settings to display the Open-Xchange GUI

$ vim {{{apacheconf}}}
<VirtualHost *:80>
       ServerAdmin webmaster@localhost

       DocumentRoot /var/www
       <Directory /var/www>
               Options -Indexes FollowSymLinks MultiViews
               AllowOverride None
               Order allow,deny
               allow from all
               RedirectMatch ^/$ /appsuite/

       <Directory /var/www/appsuite>
               Options None +SymLinksIfOwnerMatch
               AllowOverride Indexes FileInfo

If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at:

to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.


Parameters used by this template

ajp or http, fallback to ajp if empty
path to the configuration file of the chosen connector, fallback to ajpConf (deprecated)
Loadmodule directive needed for apache on RedHat based distros e.g.: LoadModule proxy_http_module modules/mod_proxy_http.so
path to the config file of the default apache vhost(http)
path to the apache docroot, fallback to /var/www
the proxyName to use for the eas specific proxy container, only when using http for the connector parameter

See also
