From: Philipp Dallig <philipp.dallig@pixelpark.com>
Date: Thu, 29 Sep 2016 09:41:06 +0000 (+0200)
Subject: Add cerec-com on AEM
X-Git-Tag: v0.1.0~4084
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=933817c214ad4c2bf159bcb450a146ed8f0176f8;p=pixelpark%2Fhiera.git

Add cerec-com on AEM
---

diff --git a/customer/sirona-aem/production.yaml b/customer/sirona-aem/production.yaml
index 22cecbba..d96c3149 100644
--- a/customer/sirona-aem/production.yaml
+++ b/customer/sirona-aem/production.yaml
@@ -159,6 +159,10 @@ aem::domain_mappings:
     aem_path: '/content/see-more-with-sirona'
     default_lang: de-de
     create_sling_mapping: true
+  www.cerec.com:
+    aem_path: '/content/cerec'
+    default_lang: en-us
+    create_sling_mapping: true
 
 site::profile::apache::htdigest:
   server:
@@ -718,6 +722,27 @@ site::profile::aem::publish::pp_vhosts:
         sethandler: dispatcher-handler
         options:
           - FollowSymLinks
+# Sirona www.cerec-com
+  cerec-com:
+    serveraliases:
+      - www.cerec.com
+      - cerec.com
+    docroot: '/var/www/html/cache/cerec-com'
+    ssl_cert: '/etc/pki/tls/certs/cerec.com-cert.pem'
+    ssl_key: '/etc/pki/tls/private/cerec.com-key.pem'
+    ssl_chain: '/etc/pki/tls/certs/cerec.com-cert.pem'
+    docroot_owner: apache
+    setenvif:
+      - 'Origin "http(s)?://(www\.)?(sirona-cerec-test.azurewebsites.net|sirona-cerec-stage.azurewebsites.net|cerec.com|sirona-cerec-de.local:3000)$" AccessControlAllowOrigin=$0$1'
+    headers:
+      - 'add Access-Control-Allow-Origin %%{ich-trickse}{AccessControlAllowOrigin}e env=AccessControlAllowOrigin'
+    directories:
+      - docroot:
+        provider: directory
+        path: '/var/www/html/cache/cerec-com'
+        sethandler: dispatcher-handler
+        options:
+          - FollowSymLinks
 
 # Apache Author
 site::profile::aem::author::enable_apache: true
@@ -1759,4 +1784,80 @@ aem::dispatcher::publish_farm:
       - 'Last-Modified'
       - 'Expires'
       - 'Content-Type'
-      - 'Access-Control-Allow-Origin'
\ No newline at end of file
+      - 'Access-Control-Allow-Origin'
+  cerec-com:
+    virtualhosts:
+      - 'www.cerec.com'
+      - 'cerec.com'
+    clientheaders:
+      - '*'
+    renders:
+      - { hostname: "127.0.0.1", port: '4503' }
+    filter:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', url: '/' }
+      - { type: 'allow', url: '*.html' }
+      - { type: 'allow', url: '*.css'   }  # enable css
+      - { type: 'allow', url: '*.gif'   }  # enable gifs
+      - { type: 'allow', url: '*.ico'   }  # enable icos
+      - { type: 'allow', url: '*.js'    }  # enable javascript
+      - { type: 'allow', url: '*.png'   }  # enable png
+      - { type: 'allow', url: '*.swf'   }  # enable flash
+      - { type: 'allow', url: '*.jpg'   }  # enable jpg
+      - { type: 'allow', url: '*.jpeg'  }  # enable jpeg
+      - { type: 'allow', url: '*.svg'  }  # enable svg
+      - { type: 'allow', url: '*.ttf'  }  # enable ttf
+      - { type: 'allow', url: '*.woff'  }  # enable woff
+      - { type: 'allow', url: '*.woff2'  }  # enable woff2
+      - { type: 'allow', url: '*.eot'  }  # enable eot
+      - { type: 'allow', url: '*.pdf'  }  # enable pdf
+      - { type: 'allow', url: '*.wmv'  }  # enable wmv
+      - { type: 'allow', url: '*.psd'  }  # enable psd (Adobe Photoshop Dokument)
+      - { type: 'allow', url: '*.tif'  }  # enable tif
+      - { type: 'allow', url: '*.indd'  }  # enable indd (Adobe Indesign Dokument)
+      # Enable features
+      - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization
+      - { type: 'allow', url: '/content/dam/api.json' } # enable generic asset JSON API
+      - { type: 'allow', url: '*.assetlibrary.json' } # enable asset library JSON API
+      # Security Rules
+      - { type: 'deny', url: '/etc/'  }
+      - { type: 'deny', url: '/libs/'  }
+      - { type: 'allow', url: '/etc/designs/*'  }
+      - { type: 'allow', url: '/etc/clientlibs/*'  }
+      - { type: 'allow', url: '/etc/segmentation.segment.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json'  }
+      - { type: 'allow', url: '/libs/wcm/stats/tracker.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/*'  }  #  (JS, CSS and JSON)
+      - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
+      - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
+      - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
+      # CSRF
+      - { type: 'allow', url: '/libs/granite/csrf/token.json'  }
+      # Deny content grabbing
+      - { type: 'deny', url: '*.infinity.json' }
+      - { type: 'deny', url: '*.tidy.json'     }
+      - { type: 'deny', url: '*.sysview.xml'   }
+      - { type: 'deny', url: '*.docview.json'  }
+      - { type: 'deny', url: '*.docview.xml'   }
+      - { type: 'deny', url: '*.*[0-9].json'   }
+      # Deny query
+      - { type: 'deny', url: '*.query.json' }
+    cache_docroot: '/var/www/html/cache/cerec-com'
+    cache_rules:
+      - { type: 'allow', glob: '*' }
+    cache_invalidate:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '*.html' }
+      - { type: 'allow', glob: '/etc/segmentation.segment.js' }
+      - { type: 'allow', glob: '*/analytics.sitecatalyst.js' }
+    cache_allowedClients:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '127.0.0.1' }
+    cache_headers:
+      - 'X-Content-Type-Options'
+      - 'X-Frame-Options'
+      - 'X-XSS-Protection'
+      - 'Last-Modified'
+      - 'Expires'
+      - 'Content-Type'
+      - 'Access-Control-Allow-Origin'