CesarCapillas/Basic apache setup

## Basic apache setup
$ sudo apt-get install apache2
$ sudo a2enmod proxy
$ sudo a2enmod proxy_ajp
$ sudo a2enmod rewrite
$ sudo vim /etc/apache2/sites-enabled/default-ssl.conf

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        RewriteEngine On
        RewriteRule ^/$ share [R]

        ProxyPass         /alfresco ajp://localhost:8009/alfresco
        ProxyPassReverse  /alfresco  ajp://localhost:8009/alfresco
        ProxyPass         /share ajp://localhost:8009/share
        ProxyPassReverse  /share ajp://localhost:8009/share
</VirtualHost>

$ sudo service apache2 restart

## Fake SSO via auth LDAP + add header
<Location /share>
   AuthType Basic
   AuthBasicAuthoritative Off
   AuthBasicProvider ldap
   AuthName "fake-sso (webgate simulator)"
   AuthLDAPURL ldap://ldap.acme.net:389/ou=People,dc=acme,dc=net?uid?sub

   Require valid-user
   Order allow,deny
   Allow from all

   RewriteEngine On
   RewriteCond %{REMOTE_USER} ^(.*)$
   RewriteRule ^(.*)$ - [E=R_U:%1]
   RequestHeader append X-Remote-User %{R_U}e
</Location>

<Location /balancer-manager>
   SetHandler balancer-manager
   Order deny,allow
   Allow from all
   Satisfy Any
</Location>

## gistfile1.txt
$ sudo a2enmod status
$ sudo vim /etc/apache2/mods-enabled/status.conf

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 ::1
    # Allow zylk
    Allow from 62.99.71.211
</Location>

$ sudo /etc/init.d/apache2 restart

## Hot standby for sinaduraCloud
<Proxy balancer://sinaduraCloud>
    # the hot standby
    BalancerMember ajp://localhost:8009 status=+H retry=0
    # the hot active
    BalancerMember ajp://localhost:9009 retry=30
</Proxy>

ProxyPass /sinaduraCloud balancer://sinaduraCloud/sinaduraCloud lbmethod=byrequests stickysession=JSESSIONID|jsessionid
ProxyPassReverse /sinaduraCloud balancer://sinaduraCloud/sinaduraCloud

ProxyPass / balancer://ajpCluster/ stickysession=JSESSIONID|jsessionid
ProxyPassReverse / balancer://ajpCluster/
<Proxy balancer://ajpCluster>
  BalancerMember ajp://localhost:8009 route=alf1
  BalancerMember ajp://localhost:9009 route=alf2
  ProxySet lbmethod=byrequests
</Proxy>

<Location /balancer-manager>
  SetHandler balancer-manager
  Order deny,allow
  Allow from all
</Location>

## http to https redirect
RewriteEngine On
RewriteCond %{SERVER_PORT} 80

RewriteCond %{REQUEST_URI} alfresco
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]

RewriteCond %{REQUEST_URI} share
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]

#RewriteRule ^/$ share [R]

## Securing alfresco locations
https://github.com/ecm4u/alfresco-reverse-proxy/blob/master/etc/apache2/sites-available/alfresco-http.conf

<LocationMatch "^/alfresco/webdav/.+$">
            <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
                   Order Deny,Allow
                   Allow from all
                   # change this or add your own IP to allow webdav access
                   # Deny from all
                   # Allow from 234.234.234.234
                   # Allow from 127.0.0.1
                        Satisfy Any
            </Limit>
</LocationMatch>

<Location /alfresco/service/*>
  Order allow,deny
  Allow from 1.2.3.4
  Allow from 1.2.3.5
</Location>

<Location /share/service/*>
  Order allow,deny
  Allow from 1.2.3.4
  Allow from 1.2.3.5
</Location>

<Location /alfresco/proxy>
  Order allow,deny
  Allow from 1.2.3.4
  Allow from 1.2.3.5
</Location>

<Location /alfresco/cmisbrowser>
  Order allow,deny
  Allow from 1.2.3.4
  Allow from 1.2.3.5
</Location>

## Using mod_balancer
ProxyPass /balancer-manager !

ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid
ProxyPassReverse / balancer://mycluster/


<Proxy balancer://mycluster>
  BalancerMember ajp://localhost:8009 route=alf1
  BalancerMember ajp://localhost:9009 route=alf2
  ProxySet lbmethod=byrequests
</Proxy>


<Location /balancer-manager>
  SetHandler balancer-manager
  Order deny,allow
  Allow from all
</Location>
	$ sudo apt-get install apache2
	$ sudo a2enmod proxy
	$ sudo a2enmod proxy_ajp
	$ sudo a2enmod rewrite
	$ sudo vim /etc/apache2/sites-enabled/default-ssl.conf

	<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	RewriteEngine On
	RewriteRule ^/$ share [R]

	ProxyPass /alfresco ajp://localhost:8009/alfresco
	ProxyPassReverse /alfresco ajp://localhost:8009/alfresco
	ProxyPass /share ajp://localhost:8009/share
	ProxyPassReverse /share ajp://localhost:8009/share
	</VirtualHost>

	$ sudo service apache2 restart
	$ sudo a2enmod status
	$ sudo vim /etc/apache2/mods-enabled/status.conf

	<Location /server-status>
	SetHandler server-status
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1 ::1
	# Allow zylk
	Allow from 62.99.71.211
	</Location>

	$ sudo /etc/init.d/apache2 restart
	<Proxy balancer://sinaduraCloud>
	# the hot standby
	BalancerMember ajp://localhost:8009 status=+H retry=0
	# the hot active
	BalancerMember ajp://localhost:9009 retry=30
	</Proxy>

	ProxyPass /sinaduraCloud balancer://sinaduraCloud/sinaduraCloud lbmethod=byrequests stickysession=JSESSIONID\|jsessionid
	ProxyPassReverse /sinaduraCloud balancer://sinaduraCloud/sinaduraCloud

	ProxyPass / balancer://ajpCluster/ stickysession=JSESSIONID\|jsessionid
	ProxyPassReverse / balancer://ajpCluster/
	<Proxy balancer://ajpCluster>
	BalancerMember ajp://localhost:8009 route=alf1
	BalancerMember ajp://localhost:9009 route=alf2
	ProxySet lbmethod=byrequests
	</Proxy>

	<Location /balancer-manager>
	SetHandler balancer-manager
	Order deny,allow
	Allow from all
	</Location>
	RewriteEngine On
	RewriteCond %{SERVER_PORT} 80

	RewriteCond %{REQUEST_URI} alfresco
	RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]

	RewriteCond %{REQUEST_URI} share
	RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]

	#RewriteRule ^/$ share [R]
	https://github.com/ecm4u/alfresco-reverse-proxy/blob/master/etc/apache2/sites-available/alfresco-http.conf

	<LocationMatch "^/alfresco/webdav/.+$">
	<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
	Order Deny,Allow
	Allow from all
	# change this or add your own IP to allow webdav access
	# Deny from all
	# Allow from 234.234.234.234
	# Allow from 127.0.0.1
	Satisfy Any
	</Limit>
	</LocationMatch>

	<Location /alfresco/service/*>
	Order allow,deny
	Allow from 1.2.3.4
	Allow from 1.2.3.5
	</Location>

	<Location /share/service/*>
	Order allow,deny
	Allow from 1.2.3.4
	Allow from 1.2.3.5
	</Location>

	<Location /alfresco/proxy>
	Order allow,deny
	Allow from 1.2.3.4
	Allow from 1.2.3.5
	</Location>

	<Location /alfresco/cmisbrowser>
	Order allow,deny
	Allow from 1.2.3.4
	Allow from 1.2.3.5
	</Location>
	ProxyPass /balancer-manager !

	ProxyPass / balancer://mycluster/ stickysession=JSESSIONID\|jsessionid
	ProxyPassReverse / balancer://mycluster/


	<Proxy balancer://mycluster>
	BalancerMember ajp://localhost:8009 route=alf1
	BalancerMember ajp://localhost:9009 route=alf2
	ProxySet lbmethod=byrequests
	</Proxy>


	<Location /balancer-manager>
	SetHandler balancer-manager
	Order deny,allow
	Allow from all
	</Location>