From: Philipp Dallig <philipp.dallig@pixelpark.com>
Date: Thu, 8 Jun 2017 13:22:52 +0000 (+0200)
Subject: mobile-aem - add domainmapping
X-Git-Tag: v0.1.0~2830^2~2
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=73a1b594415859011b6e09bc9fc66590c3845d24;p=pixelpark%2Fhiera.git

mobile-aem - add domainmapping
---

diff --git a/customer/mobile-aem/production.yaml b/customer/mobile-aem/production.yaml
index 3dfe84b0..09dc2aea 100644
--- a/customer/mobile-aem/production.yaml
+++ b/customer/mobile-aem/production.yaml
@@ -82,6 +82,15 @@ aem::packages:
     artifactid: 'mobile-initialcontent'
     version: 'LATEST'
 
+aem::enable_https_mapping: true
+aem::domain_mappings:
+  motortalk-de.pixelpark.net:
+    aem_path: '/content/motor-talk'
+    create_sling_mapping: true
+  microsite-motortalk-de.pixelpark.net:
+    aem_path: '/content/microsite'
+    create_sling_mapping: true
+
 # Apache Author
 infra::profile::aem::author::enable_apache: true
 infra::profile::aem::author::pp_vhosts:
@@ -140,6 +149,62 @@ infra::profile::aem::publish::pp_vhosts:
         sethandler: dispatcher-handler
         options:
           - FollowSymLinks
+  motortalk:
+    serveraliases:
+      - motortalk-de.pixelpark.net
+    docroot: '/opt/adobe/www/cache/content/motor-talk'
+    cert_servername: 'wildcard.pixelpark.net'
+    cert_customer: 'pixelpark'
+    ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+    ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    docroot_owner: apache
+    setenvifnocase:
+      - 'Accept-Language ^.*$ language=de'
+    directories:
+      # docroot:
+      - provider: directory
+        path: '/opt/adobe/www/cache/content/motor-talk'
+        sethandler: dispatcher-handler
+        options:
+          - FollowSymLinks
+    rewrites:
+      - comment: 'http to https'
+        rewrite_cond:
+          - '%%{ich-trickse}{HTTPS} !=on'
+        rewrite_rule:
+          - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+      - comment: 'lanugage Rewrite use Env Vars'
+        rewrite_rule:
+          - '^/$ %%{ich-trickse}{REQUEST_SCHEME}://%%{ich-trickse}{HTTP_HOST}/%%{ich-trickse}{ENV:language}.html [R=301,L]'
+  microsite-motortalk:
+    serveraliases:
+      - microsite-motortalk-de.pixelpark.net
+    docroot: '/opt/adobe/www/cache/content/microsite'
+    cert_servername: 'wildcard.pixelpark.net'
+    cert_customer: 'pixelpark'
+    ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+    ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    docroot_owner: apache
+    setenvifnocase:
+      - 'Accept-Language ^.*$ language=de'
+    directories:
+      # docroot:
+      - provider: directory
+        path: '/opt/adobe/www/cache/content/microsite'
+        sethandler: dispatcher-handler
+        options:
+          - FollowSymLinks
+    rewrites:
+      - comment: 'http to https'
+        rewrite_cond:
+          - '%%{ich-trickse}{HTTPS} !=on'
+        rewrite_rule:
+          - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+      - comment: 'lanugage Rewrite use Env Vars'
+        rewrite_rule:
+          - '^/$ %%{ich-trickse}{REQUEST_SCHEME}://%%{ich-trickse}{HTTP_HOST}/%%{ich-trickse}{ENV:language}.html [R=301,L]'
 
 # Use Alias function if updated to Puppet 4
 aem::dispatcher::publish_farm:
@@ -245,3 +310,165 @@ aem::dispatcher::publish_farm:
       - 'Expires'
       - 'Content-Type'
       - 'Access-Control-Allow-Origin'
+  motortalk:
+    virtualhosts:
+      - 'motortalk-de.pixelpark.net'
+    clientheaders:
+      - '*'
+    renders:
+      - { hostname: "127.0.0.1", port: '4503' }
+    filter:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', url: '/' }
+      - { type: 'allow', url: '*.html' }
+      - { type: 'allow', url: '*.css'   }  # enable css
+      - { type: 'allow', url: '*.gif'   }  # enable gifs
+      - { type: 'allow', url: '*.ico'   }  # enable icos
+      - { type: 'allow', url: '*.js'    }  # enable javascript
+      - { type: 'allow', url: '*.png'   }  # enable png
+      - { type: 'allow', url: '*.swf'   }  # enable flash
+      - { type: 'allow', url: '*.jpg'   }  # enable jpg
+      - { type: 'allow', url: '*.jpeg'  }  # enable jpeg
+      - { type: 'allow', url: '*.svg'  }  # enable svg
+      - { type: 'allow', url: '*.ttf'  }  # enable ttf
+      - { type: 'allow', url: '*.woff'  }  # enable woff
+      - { type: 'allow', url: '*.woff2'  }  # enable woff2
+      - { type: 'allow', url: '*.eot'  }  # enable eot
+      - { type: 'allow', url: '*.pdf'  }  # enable pdf
+      - { type: 'allow', url: '*.wmv'  }  # enable wmv
+      - { type: 'allow', url: '*.psd'  }  # enable psd (Adobe Photoshop Dokument)
+      - { type: 'allow', url: '*.tif'  }  # enable tif
+      - { type: 'allow', url: '*.zip'  }  # enable zip
+      - { type: 'allow', url: '*.exe'  }  # enable exe
+      - { type: 'allow', url: '*.msi'  }  # enable msi
+      - { type: 'allow', url: '*.indd'  }  # enable indd (Adobe Indesign Dokument)
+      # Enable features
+      - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization
+      - { type: 'allow', url: '/content/dam/api.json' } # enable generic asset JSON API
+      - { type: 'allow', url: '*.assetlibrary.json' } # enable asset library JSON API
+      - { type: 'allow', url: '*.articlelibrary.json' } # enable article library JSON API
+      - { type: 'allow', url: '*.assetdata.json' } # enable download basket JSON API
+      - { type: 'allow', method: 'post', url: '*.forms.html' } # enable forms
+      # Security Rules
+      - { type: 'deny', url: '/etc/'  }
+      - { type: 'deny', url: '/libs/'  }
+      - { type: 'allow', url: '/etc/designs/*'  }
+      - { type: 'allow', url: '/etc/clientlibs/*'  }
+      - { type: 'allow', url: '/etc/segmentation.segment.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json'  }
+      - { type: 'allow', url: '/libs/wcm/stats/tracker.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/*'  }  #  (JS, CSS and JSON)
+      - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
+      - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
+      - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
+      # CSRF
+      - { type: 'allow', url: '/libs/granite/csrf/token.json' } # enable CSRF token
+      # Deny content grabbing
+      - { type: 'deny', url: '*.infinity.json' }
+      - { type: 'deny', url: '*.tidy.json'     }
+      - { type: 'deny', url: '*.sysview.xml'   }
+      - { type: 'deny', url: '*.docview.json'  }
+      - { type: 'deny', url: '*.docview.xml'   }
+      - { type: 'deny', url: '*.*[0-9].json'   }
+      # Deny query
+      - { type: 'deny', url: '*.query.json' }
+    cache_docroot: '/opt/adobe/www/cache/content/motor-talk'
+    cache_rules:
+      - { type: 'allow', glob: '*' }
+    cache_invalidate:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '*.html' }
+      - { type: 'allow', glob: '/etc/segmentation.segment.js' }
+      - { type: 'allow', glob: '*/analytics.sitecatalyst.js' }
+    cache_allowed_clients:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '127.0.0.1' }
+    cache_headers:
+      - 'X-Content-Type-Options'
+      - 'X-Frame-Options'
+      - 'X-XSS-Protection'
+      - 'Last-Modified'
+      - 'Expires'
+      - 'Content-Type'
+      - 'Access-Control-Allow-Origin'
+  microsite-motortalk:
+    virtualhosts:
+      - 'prod-mobile-publish.pixelpark.net'
+    clientheaders:
+      - '*'
+    renders:
+      - { hostname: "127.0.0.1", port: '4503' }
+    filter:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', url: '/' }
+      - { type: 'allow', url: '*.html' }
+      - { type: 'allow', url: '*.css'   }  # enable css
+      - { type: 'allow', url: '*.gif'   }  # enable gifs
+      - { type: 'allow', url: '*.ico'   }  # enable icos
+      - { type: 'allow', url: '*.js'    }  # enable javascript
+      - { type: 'allow', url: '*.png'   }  # enable png
+      - { type: 'allow', url: '*.swf'   }  # enable flash
+      - { type: 'allow', url: '*.jpg'   }  # enable jpg
+      - { type: 'allow', url: '*.jpeg'  }  # enable jpeg
+      - { type: 'allow', url: '*.svg'  }  # enable svg
+      - { type: 'allow', url: '*.ttf'  }  # enable ttf
+      - { type: 'allow', url: '*.woff'  }  # enable woff
+      - { type: 'allow', url: '*.woff2'  }  # enable woff2
+      - { type: 'allow', url: '*.eot'  }  # enable eot
+      - { type: 'allow', url: '*.pdf'  }  # enable pdf
+      - { type: 'allow', url: '*.wmv'  }  # enable wmv
+      - { type: 'allow', url: '*.psd'  }  # enable psd (Adobe Photoshop Dokument)
+      - { type: 'allow', url: '*.tif'  }  # enable tif
+      - { type: 'allow', url: '*.zip'  }  # enable zip
+      - { type: 'allow', url: '*.exe'  }  # enable exe
+      - { type: 'allow', url: '*.msi'  }  # enable msi
+      - { type: 'allow', url: '*.indd'  }  # enable indd (Adobe Indesign Dokument)
+      # Enable features
+      - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization
+      - { type: 'allow', url: '/content/dam/api.json' } # enable generic asset JSON API
+      - { type: 'allow', url: '*.assetlibrary.json' } # enable asset library JSON API
+      - { type: 'allow', url: '*.articlelibrary.json' } # enable article library JSON API
+      - { type: 'allow', url: '*.assetdata.json' } # enable download basket JSON API
+      - { type: 'allow', method: 'post', url: '*.forms.html' } # enable forms
+      # Security Rules
+      - { type: 'deny', url: '/etc/'  }
+      - { type: 'deny', url: '/libs/'  }
+      - { type: 'allow', url: '/etc/designs/*'  }
+      - { type: 'allow', url: '/etc/clientlibs/*'  }
+      - { type: 'allow', url: '/etc/segmentation.segment.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json'  }
+      - { type: 'allow', url: '/libs/wcm/stats/tracker.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/*'  }  #  (JS, CSS and JSON)
+      - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
+      - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
+      - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
+      # CSRF
+      - { type: 'allow', url: '/libs/granite/csrf/token.json' } # enable CSRF token
+      # Deny content grabbing
+      - { type: 'deny', url: '*.infinity.json' }
+      - { type: 'deny', url: '*.tidy.json'     }
+      - { type: 'deny', url: '*.sysview.xml'   }
+      - { type: 'deny', url: '*.docview.json'  }
+      - { type: 'deny', url: '*.docview.xml'   }
+      - { type: 'deny', url: '*.*[0-9].json'   }
+      # Deny query
+      - { type: 'deny', url: '*.query.json' }
+    cache_docroot: '/opt/adobe/www/cache/content/microsite'
+    cache_rules:
+      - { type: 'allow', glob: '*' }
+    cache_invalidate:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '*.html' }
+      - { type: 'allow', glob: '/etc/segmentation.segment.js' }
+      - { type: 'allow', glob: '*/analytics.sitecatalyst.js' }
+    cache_allowed_clients:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '127.0.0.1' }
+    cache_headers:
+      - 'X-Content-Type-Options'
+      - 'X-Frame-Options'
+      - 'X-XSS-Protection'
+      - 'Last-Modified'
+      - 'Expires'
+      - 'Content-Type'
+      - 'Access-Control-Allow-Origin'