Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:czechidm_installation [2019/03/13 10:20]
urbanl [Deploy the CzechIdM]
+++ tutorial:adm:czechidm_installation [2020/03/12 14:43]
urbanl old revision restored (2020/03/11 11:55)
@@ Line 35: / Line 35: @@
 and restart PostgreSQL.
 </note>
-==== 2. JDBC driver installation - CentOS7 ====
+==== 2. JDBC driver installation - CentOS7 ====
+**CentOS**
 Install the package with PostgreSQL JDBC driver:
@@ Line 50: / Line 50: @@
 </code>
-==== 3. JDBC driver installation - Debian ====
+==== 3. JDBC driver installation - Debian ====
 Install the package with PostgreSQL JDBC driver:
@@ Line 74: / Line 73: @@
 </note>
-Change the following line:
+Change the following line:
 <code bash>
 Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8'
@@ Line 80: / Line 79: @@
 into:
 <code bash>
-Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dspring.profiles.active=production -Djava.util.Arrays.useLegacyMergeSort=true -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8'
+Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Dspring.profiles.active=production -Djava.util.Arrays.useLegacyMergeSort=true'
 </code>
-Reload systemd after the changes:
+Reload systemd after the changes:
 <code bash>
 systemctl daemon-reload
 </code>
 ==== 5. Create CzechIdM configuration folders ====
 In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments.
@@ Line 94: / Line 92: @@
   * The **backup** directory stored Groovy scripts backups.
   * The **data** directory stores various user-attached files.
+  *
 Create the directory structure:
 <code>
 mkdir -p /opt/czechidm/{etc,lib,backup,data}
 </code>
 ==== 6. Create CzechIdM configuration ====
@@ Line 276: / Line 276: @@
 # System.getProperty("user.home")/idm_data will be used if no path is given
 idm.sec.core.attachment.storagePath=/opt/czechidm/data
+# Max file size of uploaded file. Values can use the suffixed "MB" or "KB" to indicate a Megabyte or Kilobyte size.
+spring.servlet.multipart.max-file-size=100MB
+spring.servlet.multipart.max-request-size=100MB
 </file>
@@ Line 328: / Line 332: @@
 </code>
-==== Set correct permissions on CzechIdM files ====
+==== 7. Set correct permissions on CzechIdM files ====
+**CentOS**
 <code>
 chown tomcat:tomcat /opt/czechidm
@@ Line 335: / Line 342: @@
 chmod 640 /opt/czechidm/etc/*
 </code>
-==== Adjust Tomcat's classpath ====
+==== 8. Adjust Tomcat's classpath ====
 Apache Tomcat has to know where the new configuration is. Because CzechIdM uses SpringBoot project, we simply add the **/opt/czechidm/etc** directory (and others) on the classpath.
-Create new file **/opt/tomcat/current/bin/setenv.sh** with following content:<code bash>
+Create new file **/opt/tomcat/current/bin/setenv.sh** with following content:
+<code bash:>
 CLASSPATH=/opt/czechidm/etc:/opt/czechidm/lib/*
 </code>
-And change owner of the file to tomcat:<code>
+And change owner of the file to tomcat:
+<code>
 chown root:tomcat /opt/tomcat/current/bin/setenv.sh
 </code>
-==== Create dedicated Java truststore ====
+==== 9. Create dedicated Java truststore ====
 Java truststore is a file which contains SSL certificates which we consider trusted. Usually this means some certificates of end systems or their respective certificate authorities.
 When we need CzechIdM to communicate with some new system with SSL-encrypted way, we need to import particular certificate here and restart the Tomcat container.
@@ Line 372: / Line 384: @@
 systemctl restart tomcat.service
 </code>
-==== Deploy the CzechIdM ====
+==== 10. Deploy the CzechIdM ====
-Download the latest CzechIdM version. Currently it is idm-app-7.6.1.war.
+Download the latest CzechIdM version. Currently it is idm-app-9.4.0.war.
-Ensure Tomcat is stopped:<code>
+Ensure Tomcat is stopped:
+<code>
 systemctl stop tomcat.service
 </code>
-Copy the identity manager WAR into webapps folder in Tomcat and name it **idm.war**:<code>
+Copy the identity manager WAR into webapps folder in Tomcat and name it **idm.war**:
-cp idm-app-7.6.1.war /opt/tomcat/current/webapps/idm.war
+<code>
+cp idm-app-9.4.0.war /opt/tomcat/current/webapps/idm.war
 chown tomcat:tomcat /opt/tomcat/current/webapps/idm.war
 </code>
@@ Line 384: / Line 399: @@
 systemctl start tomcat.service
 </code>
+If everything is set up right, the CzechIdM will deploy. Default log is **/opt/tomcat/current/logs/catalina.out**.
-If everything is set up right, the CzechIdM will deploy. Default log is **/opt/tomcat/current/logs/catalina.out**.
-===== Allow network services =====
+==== 11. Final Steps ====
+=== Allow network services ===
 Firewall may restrict the access to all port except ssh (22/tcp). To be able to use CzechIdM, allow port 443/tcp and reload firewalld:
@@ Line 394: / Line 412: @@
 </code>
-===== Change default admin password =====
+=== Change default admin password ===
 In the fresh CzechIdM installation, there is one user identity - **admin** with password **admin**. Right after you install the application, go to https://yourserver.tld/idm and change the default password.
-===== Configure IdM =====
+=== Configure IdM ===
 Follow some final configuration steps: [[tutorial:adm:czechidm_installation_finalize|]].