Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:czechidm_installation [2019/06/04 11:44] urbanl odebrany known issues, problem se selinuxem byl dan do navodu server preparation linux |
tutorial:adm:czechidm_installation [2019/11/26 09:26] fiserp [3. Configure environment properties. Select application profile] |
||
---|---|---|---|
Line 79: | Line 79: | ||
into: | into: | ||
<code bash> | <code bash> | ||
- | Environment=' | + | Environment=' |
</ | </ | ||
Line 383: | Line 383: | ||
</ | </ | ||
- | Edit the Tomcat service file ''/ | + | Edit the Tomcat service file (systemctl edit tomcat.service) and add path to the truststore '' |
< | < | ||
systemctl daemon-reload | systemctl daemon-reload | ||
Line 439: | Line 439: | ||
Follow some final configuration steps: [[tutorial: | Follow some final configuration steps: [[tutorial: | ||
+ | === On CentOS set permisive mod on Tomcat === | ||
+ | SELinux will deny acces to the database for tomcat and won't allow create files by him. The tomcat will write error to the ''/ | ||
+ | |||
+ | To fix this we need set the permissive mode for tomcat: | ||
+ | < | ||
+ | semanage permissive -a tomcat_t | ||
+ | </ | ||
+ | |||
+ | <note warning> | ||
+ | Evaluate impact of SELinux adjustments **before** you implement them. Proper mitigation heavily depends on habits and security policies of your organization. | ||
+ | |||
+ | There are some possibilities: | ||
+ | * Set permissive mode for logrotate as above. | ||
+ | * Set permissive mode for whole SELinux. (This will drop the SELinux' | ||
+ | * Adjust particular SELinux labels. Example ([[https:// | ||
+ | </ |