...
First of all, let's have a look to api.conf. This VirtualHost configuration file will group SSL access for all Abiquo Appliance Manager webapps and API endpoint: (api.conf)
| Code Block |
|---|
<VirtualHost *:80>
RewriteEngine On
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName api.example.com
RewriteEngine On
ProxyRequests Off
ProxyPreserveHost On
# Avoid CORS when uploading a template from different domains
<IfModule mod_headers.c>
SetEnvIfNoCase Origin "https?://(api\.example\.com|theme1\.example\.com|theme2\.example\.com|dc2rs\.example\.com)(:\d+)?$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
</IfModule>
# Subdomain 1Subdomain1 download rewrite ruleRewriteRule
RewriteCond %{HTTP_REFERER} ^https://theme1\.example\.com/ui/ [NC]
RewriteCond %{REQUEST_URI} ^/(.*)/files/.*$ [NC]
RewriteRule /(.*)/files/(.*) https://theme1.example.com/$1/files/$2 [R,L]
# Subdomain 2Subdomain2 download rewrite ruleRewriteRule
RewriteCond %{HTTP_REFERER} ^https://theme2\.example\.com/ui/ [NC]
RewriteCond %{REQUEST_URI} ^/(.*)/files/.*$ [NC]
RewriteRule /(.*)/files/(.*) https://theme2.example.com/$1/files/$2 [R,L]
<Location /api>
ProxyPass ajp://localhost:8010/api retry=0
ProxyPassReverse ajp://localhost:8010/api
</Location>
# All Abiquo Appliance Managers managed in each datacenter
# Datacenter 1Datacenter1 Appliance Manager
<Location /am>
ProxyPass ajp://localhost192.168.1.100:8010/am retry=0 timeout=1800
ProxyPassReverse ajp://localhost192.168.1.100:8010/am
</Location>
# Datacenter 2Datacenter2 Appliance Manager
<Location /am-barcelona>
ProxyPass ajp://10192.60168.131.57150:8010/am retry=0 keepalive=On timeout=1800
ProxyPassReverse ajp://10192.60168.131.57150:8010/am
</Location>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/ssl/hostexample.com.pem
SSLCertificateKeyFile /etc/httpd/ssl/hostexample.com.key
CustomLog /var/log/httpd/api-access.log combined
ErrorLog /var/log/httpd/api-error.log
</VirtualHost> |
There are few things we need highlight about the api.conf:
<IfModule mod_headers.c> ... </IfModule> section: This section is intended to deal with CORS browser protection when different subdomains interacts together for the Template upload functionality. As you can see, if new Datacenters or subdomains are added to the environment, this section will require to be modified to allow those new subdomains.
Subdomain X download RewriteRule section: This section is intended to deal with CORS browser protection when different subdomains interacts together for the Template download functionality. As you can see, if new subdomains are added to the environment, you will need to create correspondent RewriteCond and RewriteRule to allow the download.
Datacenter X Appliance Manager section: This section is intended to provide the SSL layer to the Appliance Manager webapp on all Datacenters. If Abiquo UI is running SSL, the Appliance Manager endpoint should be accessed also through SSL to avoid browser's Mixed-Content protection. Because of this, is a good practise to proxy all Appliance Manager request through Apache2 front-end which will provide the SSL layer. As you can see, if new Datacenters are added to the environment, you will need to create the correspondent Location section for the new Datacenter Appliance Manager.
There are other sections and parameters such as the certificate configuration, apache log files and ProxyPass extra options such retry, keepalive and timeout that can be modified and customised depending in your environment. Refer to Apache website documentation to further information.
# tree /etc/httpd/conf.d/
/etc/httpd/conf.d/
??? api.conf
??? ssl.conf
??? theme1.conf
??? theme2.conf
...