0

dotCMS has many ways to handle multiple hosts, permission hosts and force https. But sometimes you just need more… For instance, you want a host to only be visible from certain IP’s or you want to password protect a site before it goes live. All things that could be handled by permissions or plugins if you wanted to, but Apache is there to easily solve these issues for you and give you extra functionality. This post will show you some examples. To start I will show you how you can easily set-up Apache on your server.

Hooking up Apache with dotCMS

Apache will allow you to run multiple web containers on your server. This means that you can have multiple dotCMS instances on your server or, for instance, you can have JBoss running next to dotCMS. And you can have this running within an hour! The only things you need to is download Apache plus mod_jk, configure Apache and set up an AJP13 connector in the dotCMS server.xml file. An example:

workers.properties (Apache)

# Define workers
worker.list=dotcms

#Set properties for worker 'dotcms'
worker.dotcms.type=ajp13
worker.dotcms.host=localhost
worker.dotcms.port=28009

worker.dotcms.cachesize=10
worker.dotcms.cache_timeout=600
worker.dotcms.socket_keepalive=1
worker.dotcms.recycle_timeout=300

The port 28009 in this case is the port of the AJP13 connector that you need to set in the server.xml of dotCMS. Note that since Apache will handle all the incoming HTTP calls, it should run on port 80 and DotCMS shouldn’t. On which port dotCMS runs is up to you (you can set it in the server.xml), as long as you match the AJP13 ports in the Apache workers.properties and the dotCMS server.xml and the port isn’t used already.

server.xml

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="28009" protocol="AJP/1.3" redirectPort="28443" />

Apache config

In Apache you need to configure your sites. You can add the following code in httpd.conf, or when you have many sites you can add it in seperate configuration files using the include command: Include conf/vhosts/*.conf

<VirtualHost *:80>
    ServerName myhost.com
    ServerAlias www.myhost2.com
    ErrorLog "logs/myhost-error.log"
    CustomLog "logs/myhost-access.log" common
	JkMount /* dotcms
</VirtualHost>

The virtualhost mentioned above listens om port 80 for all IP addresses, and matches myhost.com and www.myhost2.com. For those hosts it has its own Apache logs and all the URLs that match /* are sent to the dotcms worker. I have built sites where all traffic is sent to dotCMS except the /service directory, which was sent to a local JBoss. All that is possible. When you have multiple hosts they should all listen on *.80 but have a different ServerName. Note that for SSL you need to set-up another virtualhost with port 443.

mod_jk

Apache needs mod_jk for the connecting. It’s not more than downloading a module and adding it in the httpd.conf. You can find mod_jk and a quick way to install it here.

Example: Password protect a folder/site

In Apache you can put a password on a (part of) a website. This is easily configurable and also easy to remove (no actual restart is needed!). This allows you to give a client access to a website without the entire world seeing it. You only need to add a few lines to your virtualhost in Apache, for instance using ‘location’ (more info, see here):

<location /*>
  AuthType Basic
  AuthName "Please Log In"
  AuthUserFile /password
  require valid-user
</location>

The above code adds a password to /* (everything), and the password file is located in /password. To create a password file, see here.

Example: IP filter

An IP filter can give certain IP’s access to certain sites. This is very useful when you’re working on a test server or when a site isn’t live yet but your client wants to see it. It can also be set-up with ‘location’:

<location /special>
  Order deny,allow
  Deny  from all
  Allow from 1.2.3.4           #our IP
  Allow from 5.6.7.8           #client IP
</location>

Example: Rewrite rules and https

You can use the very powerful rewrite rules of Apache as virtual links, you can force HTTPS on certain files/folders/sites and you can also force HTTP. Furthermore, you only need to set-up SSL in Apache and not in dotCMS which allows you to easily use multiple SSL certificates for multiple sites. You’ll need to download the mod_rewrite module of Apache to make this work.

The following example may be a bit tough, but if you try this out a bit you’ll see it’s quite easy to use. For more info see here.

<VirtualHost 1.2.3.4:443>
  ServerName www.myhost.com
  ServerAlias myhost.com

  # Force all url's into non-SSL, except the ones that must be SSL
  RewriteEngine on
  RewriteCond %{HTTPS} =on
  RewriteCond %{REQUEST_URI} !^/protected
  RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R,L]

  # Force the use of the www. subdomain
  RewriteCond %{HTTP_HOST} ^myhost\.com
  RewriteRule ^(.*)https://www.myhost.com$1 [R]

  SSLEngine on
  SSLCertificateFile "conf\ssl\mycertificate.crt"
  SSLCertificateKeyFile "conf\ssl\mycertificate.key"
  SSLOptions +StdEnvVars +ExportCertData
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
</virtualhost>

Example: Useful redirects

When you migrate a website to dotCMS you lose some of the Google indexing since the names of the pages change (probably). In Apache you can define redirects so users get redirected (301) from .html, .jsp or .php to .dot. When you do that correctly Google moves the indexing data to the new URL, so your SEO doesn’t have to start from scratch.

RewriteRule ^/home.aspx$        /home/index.dot [R=301]

Conclusion

There is a downside in using Apache, even though it is not that big of a deal. You need to configure all the hosts of dotCMS in Apache as well (if you want to differentiate between hosts). But if you want to manage many hosts on one server, Apache is THE tool for you. And I always think that since dotCMS is a content management system, it should only worry about the content. Let other programs do what they’re good at. And the good part is that Apache has many other useful functions that you can use once you have it installed. It brings a lot of extra power and flexibility to using dotCMS.

(This isn’t all, by far. Don’t hesitate to post any other useful Apache functions that you use with dotCMS or comments about my examples)


Photo Credit: Attribution Some rights reserved by igb


No comments yet.

Leave a Reply