Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:czechidm_installation [2021/10/07 13:10]
fiserp [5. Create CzechIdM configuration] 		tutorial:adm:czechidm_installation [2021/12/14 08:52]
fiserp [3. Configure environment properties. Select application profile]
Line 52: Line 52:
 ==== 3. Configure environment properties. Select application profile ==== ==== 3. Configure environment properties. Select application profile ====
  
-Edit the configuration file ''/etc/systemd/system/tomcat.service'' - edit the line with environment variable choosing the appropriate application profile. We use **production** profile in our example, which enables you to configure production-ready instace of the identity manager. +Edit the configuration file ''/etc/systemd/system/tomcat.service'' - edit the line with environment variable choosing the appropriate application profile. We use **production** profile in our example, which enables you to configure production-ready instace of the identity manager. <note>The **dev** profile is for development and testing environments and as such it has debug logging enabled. For production deployment, use a profile named **production** as is shown in the example. The profile naming convention is mandatory because other CzechIdM configuration depends on it.</note>
-<note>The **dev** profile is for development and testing environments and as such it has debug logging enabled. For production deployment, use a profile named **production** as is shown in the example. The profile naming convention is mandatory because other CzechIdM configuration depends on it.</note> +
  
 Change ​the following line: Change ​the following line:
 +
 <code bash> <code bash>
 Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8' Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8'
 +
 </code> </code>
 +
 into: into:
 +
 <code bash> <code bash>
-Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Dspring.profiles.active=production' +Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true -Dspring.profiles.active=production' 
 </code> </code>
  
 Reload ​systemd after the changes: Reload ​systemd after the changes:
 +
 <code bash> <code bash>
 systemctl daemon-reload systemctl daemon-reload
 +
 </code> </code>
 +
 +
 ==== 4. Create CzechIdM configuration folders ==== ==== 4. Create CzechIdM configuration folders ====
 In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments. In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments.
Line 90: Line 97:
  
 <code> <code>
-cat /dev/urandom | tr -dc 'a-z0-9' | head -c 32> /opt/czechidm/etc/secret.key+cat /dev/urandom | tr -dc 'a-z0-9' | head -c 32 > /opt/czechidm/etc/secret.key
  
 </code> </code>
Line 108: Line 115:
 org.quartz.jobStore.misfireThreshold=60000 org.quartz.jobStore.misfireThreshold=60000
 org.quartz.jobStore.tablePrefix=qrtz_ org.quartz.jobStore.tablePrefix=qrtz_
 +
  
 </file> </file>
Line 132: Line 140:
         <logger name="org.hibernate.SQL" level="INFO"/>         <logger name="org.hibernate.SQL" level="INFO"/>
         <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="INFO"/>         <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="INFO"/>
-        <logger name="AUDIT" level="ERROR"/>+        <logger name="AUDIT" level="INFO"/>
     </springProfile>     </springProfile>
  
Line 167: Line 175:
  
 </configuration> </configuration>
 +
  
 </file> </file>
Line 233: Line 242:
 spring.servlet.multipart.max-file-size=100MB spring.servlet.multipart.max-file-size=100MB
 spring.servlet.multipart.max-request-size=100MB spring.servlet.multipart.max-request-size=100MB
 +
  
 </file> </file>
Line 247: Line 257:
 spring.datasource.validationQuery=SELECT 1 spring.datasource.validationQuery=SELECT 1
 spring.datasource.test-on-borrow=true spring.datasource.test-on-borrow=true
 +
  
 </code> </code>
Line 258: Line 269:
 # We recommend the VALUE to be at least 25. # We recommend the VALUE to be at least 25.
 idm.sec.security.jwt.secret.token=********** TODO ********* idm.sec.security.jwt.secret.token=********** TODO *********
 +
  
 </code> </code>
Line 288: Line 300:
 # System.getProperty("user.home")/idm_data will be used if no path is given # System.getProperty("user.home")/idm_data will be used if no path is given
 idm.sec.core.attachment.storagePath=/opt/czechidm/data idm.sec.core.attachment.storagePath=/opt/czechidm/data
 +
  
 </code> </code>
Line 298: Line 311:
 # Application stage (development, test, production (default)) # Application stage (development, test, production (default))
 idm.pub.app.stage=production idm.pub.app.stage=production
 +
  
 </code> </code>
  • by kralikf