Running Lenya Behind Apache with mod_proxy
Configuring the Apache Web Server
First we'll declare the virtual hosts for the Apache web server. This is done in
a file called httpd-vhosts.conf. On Mac OS X, it is located in the directory
/opt/local/apache2/conf/extra. If you're using Jetty on port 8888, the
contents of the file should look like this:
NameVirtualHost *:80
NameVirtualHost *:443
# This is the non-SSL host for the authoring environment.
<VirtualHost *:80>
ServerAdmin webmaster@cms.example.com
ServerName cms.example.com
ServerAlias cms
# Turn proxy requests off for security reasons
ProxyRequests Off
RewriteEngine On
RewriteLog /home/john/src/www/logs/cms.example.com-rewrite_log
RewriteLogLevel 4
# First we match everything which is not mapped to /default/{area}
RewriteRule ^/lenya/(.*) http://cms.example.com:8888/lenya/$1 [P,L]
RewriteRule ^/modules/(.*) http://cms.example.com.com:8888/modules/$1 [P,L]
RewriteRule ^/default/modules/(.*) http://cms.example.com:8888/default/modules/$1 [P,L]
# Redirect the login usecase to https
RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# Forward the areas to the proxy
RewriteRule ^/(.*) http://cms.example.com:8888/default/$1 [P,L]
ProxyPassReverse / http://cms.example.com:8888/default/
ErrorLog /home/john/src/www/logs/cms.example.com-error_log
CustomLog /home/john/src/www/logs/cms.example.com-access_log common
</VirtualHost>
# This is the SSL host for the authoring environment.
<VirtualHost *:443>
ServerAdmin webmaster@cms.example.com
ServerName cms.example.com
ServerAlias cms
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /home/john/pki/server.crt
SSLCertificateKeyFile /home/john/pki/server.key
ProxyRequests Off
RewriteEngine On
RewriteLog /home/john/src/www/logs/cms.example.com-rewrite_log
RewriteLogLevel 4
RewriteRule ^/lenya/(.*) http://cms.example.com:8888/lenya/$1 [P,L]
RewriteRule ^/modules/(.*) http://cms.example.com.com:8888/modules/$1 [P,L]
RewriteRule ^/default/modules/(.*) http://cms.example.com:8888/default/modules/$1 [P,L]
RewriteRule ^/(.*) http://cms.example.com:8888/default/$1 [P,L]
ProxyPassReverse / http://cms.example.com:8888/default/
ErrorLog /home/john/src/www/logs/cms.example.com-error_log
CustomLog /home/john/src/www/logs/cms.example.com-access_log common
</VirtualHost>
# This is the non-SSL host for the live area.
<VirtualHost *:80>
ServerAdmin webmaster@www.example.com
ServerName www.example.com
ServerAlias lenya
ProxyRequests Off
RewriteEngine On
RewriteLog /Users/john/src/www/logs/www.example.com-rewrite_log
RewriteLogLevel 4
RewriteRule ^/([^/\.]+)$ $1/ [R]
RewriteRule ^/(.*) http://www.example.com:8888/default/live/$1 [P,L]
ProxyPassReverse / http://www.example.com:8888/default/live/
ErrorLog /Users/john/src/www/logs/www.example.com-error_log
CustomLog /Users/john/src/www/logs/www.example.com-access_log common
</VirtualHost>
If you're using Tomcat on port 8080 with Lenya in the context path lenya14, you have to change the port and add the context path accordingly:
RewriteRule ^/(.*) http://cms.example.com:8080/lenya14/default/authoring/$1 [P,L]
ProxyPassReverse / http://cms.example.com:8080/lenya14/default/authoring/
With this setup, your browser might show error messages like "You have requested an
encrypted page that contains some unencrypted information" when accessing a page
with the https protocol. This is because Apache always connects to Lenya
with the http protocol, so Lenya doesn't know that it should use https
links to include images etc. on this page. This problem won't occur if you use the
mod_proxy_ajp approach.