sirona-aem - SIRONABUG-83 + SIRONAADFR-784

diff --git a/customer/sirona-aem/production.yaml b/customer/sirona-aem/production.yaml
index 464a46cd5c6863db140d190be5447811c9444933..dfb82844413ebef05bfc35e276fea9c5b4ec548e 100644 (file)
--- a/customer/sirona-aem/production.yaml
+++ b/customer/sirona-aem/production.yaml
@@ -150,6 +150,9 @@ aem::domain_mappings:
   www.cerec.com:  # 29.09.2016 DNS noch nicht auf AEM
     aem_path: '/content/cerec'
     create_sling_mapping: true
+  assets.dentsplysirona.com:
+    aem_path: '/content/dam'
+    create_sling_mapping: true
 
 site::profile::apache::htdigest:
   server:
@@ -689,6 +692,13 @@ site::profile::aem::publish::pp_vhosts:
         comment: 'lanugage Rewrite use Env Vars'
         rewrite_rule:
           - '^/$ %%{ich-trickse}{REQUEST_SCHEME}://www.exzellenzgruender.de/%%{ich-trickse}{ENV:language}.html [R=301,L]'
+      - regel_1:
+        comment: 'Migration'
+        rewrite_rule:
+          - '^/de/vorteile$ %%{ich-trickse}{REQUEST_SCHEME}://www.exzellenzgruender.de/de-de/vorteile.html [R=301,L]'
+          - '^/de/information$ %%{ich-trickse}{REQUEST_SCHEME}://www.exzellenzgruender.de/de-de/information.html [R=301,L]'
+          - '^/de/produkte$ %%{ich-trickse}{REQUEST_SCHEME}://www.exzellenzgruender.de/de-de/produkte.html [R=301,L]'
+          - '^/de/ %%{ich-trickse}{REQUEST_SCHEME}://www.exzellenzgruender.de/de-de.html [R=301,L]'
 # Sirona www.see-more-with-sirona.com
   see-more-with-sirona:
     serveraliases:
@@ -778,6 +788,20 @@ site::profile::aem::publish::pp_vhosts:
         comment: 'lanugage Rewrite use Env Vars'
         rewrite_rule:
           - '^/$ %%{ich-trickse}{REQUEST_SCHEME}://www.cerec.com/%%{ich-trickse}{ENV:language}.html [R=301,L]'
+  assets:
+    servername: assets.dentsplysirona.com
+    docroot: '/var/www/html/cache/content/dam'
+    ssl_cert: '/etc/pki/tls/certs/cerec.com-cert.pem'
+    ssl_key: '/etc/pki/tls/private/cerec.com-key.pem'
+    ssl_chain: '/etc/pki/tls/certs/cerec.com-cert.pem'
+    docroot_owner: apache
+    directories:
+      - docroot:
+        provider: directory
+        path: '/var/www/html/cache/content/dam'
+        sethandler: dispatcher-handler
+        options:
+          - FollowSymLinks
 
 # Apache Author
 site::profile::aem::author::enable_apache: true
@@ -1896,3 +1920,78 @@ aem::dispatcher::publish_farm:
       - 'Expires'
       - 'Content-Type'
       - 'Access-Control-Allow-Origin'
+  dam:
+    virtualhosts:
+      - 'assets.dentsplysirona.com'
+    clientheaders:
+      - '*'
+    renders:
+      - { hostname: "127.0.0.1", port: '4503' }
+    filter:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', url: '/' }
+      - { type: 'allow', url: '*.html' }
+      - { type: 'allow', url: '*.css'   }  # enable css
+      - { type: 'allow', url: '*.gif'   }  # enable gifs
+      - { type: 'allow', url: '*.ico'   }  # enable icos
+      - { type: 'allow', url: '*.js'    }  # enable javascript
+      - { type: 'allow', url: '*.png'   }  # enable png
+      - { type: 'allow', url: '*.swf'   }  # enable flash
+      - { type: 'allow', url: '*.jpg'   }  # enable jpg
+      - { type: 'allow', url: '*.jpeg'  }  # enable jpeg
+      - { type: 'allow', url: '*.svg'  }  # enable svg
+      - { type: 'allow', url: '*.ttf'  }  # enable ttf
+      - { type: 'allow', url: '*.woff'  }  # enable woff
+      - { type: 'allow', url: '*.woff2'  }  # enable woff2
+      - { type: 'allow', url: '*.eot'  }  # enable eot
+      - { type: 'allow', url: '*.pdf'  }  # enable pdf
+      - { type: 'allow', url: '*.wmv'  }  # enable wmv
+      - { type: 'allow', url: '*.psd'  }  # enable psd (Adobe Photoshop Dokument)
+      - { type: 'allow', url: '*.tif'  }  # enable tif
+      - { type: 'allow', url: '*.indd'  }  # enable indd (Adobe Indesign Dokument)
+      # Enable features
+      - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization
+      - { type: 'allow', url: '/content/dam/api.json' } # enable generic asset JSON API
+      - { type: 'allow', url: '*.assetlibrary.json' } # enable asset library JSON API
+      # Security Rules
+      - { type: 'deny', url: '/etc/'  }
+      - { type: 'deny', url: '/libs/'  }
+      - { type: 'allow', url: '/etc/designs/*'  }
+      - { type: 'allow', url: '/etc/clientlibs/*'  }
+      - { type: 'allow', url: '/etc/segmentation.segment.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json'  }
+      - { type: 'allow', url: '/libs/wcm/stats/tracker.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/*'  }  #  (JS, CSS and JSON)
+      - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
+      - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
+      - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
+      # CSRF
+      - { type: 'allow', url: '/libs/granite/csrf/token.json'  }
+      # Deny content grabbing
+      - { type: 'deny', url: '*.infinity.json' }
+      - { type: 'deny', url: '*.tidy.json'     }
+      - { type: 'deny', url: '*.sysview.xml'   }
+      - { type: 'deny', url: '*.docview.json'  }
+      - { type: 'deny', url: '*.docview.xml'   }
+      - { type: 'deny', url: '*.*[0-9].json'   }
+      # Deny query
+      - { type: 'deny', url: '*.query.json' }
+    cache_docroot: '/var/www/html/cache/content/dam'
+    cache_rules:
+      - { type: 'allow', glob: '*' }
+    cache_invalidate:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '*.html' }
+      - { type: 'allow', glob: '/etc/segmentation.segment.js' }
+      - { type: 'allow', glob: '*/analytics.sitecatalyst.js' }
+    cache_allowed_clients:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '127.0.0.1' }
+    cache_headers:
+      - 'X-Content-Type-Options'
+      - 'X-Frame-Options'
+      - 'X-XSS-Protection'
+      - 'Last-Modified'
+      - 'Expires'
+      - 'Content-Type'
+      - 'Access-Control-Allow-Origin'